Overview

overview

10

Static

static

1

ytmp3free....rg.mp3

windows7-x64

1

ytmp3free....rg.mp3

windows10-2004-x64

10

Analysis

  • max time kernel
    870s
  • max time network
    850s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-06-2024 18:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ytmp3free.cc_lil-darkie-la-la-underbelly-prod-triplesixdelete-music-video-youtubemp3free.org.mp3

  • Size

    1.5MB

  • MD5

    a4a61077b8c3a995405bb1c4ec71bd07

  • SHA1

    d634654e44648d952403f10ffd7b947f7312896c

  • SHA256

    40aa5358f0d279ebbb2632d3efc3ca315beb94a62329c61a4f6330dc4b1b30b3

  • SHA512

    0685989564b01b0423f768b42d50b6ea4287287584158b2fd58912e057dccf02247dfc78d89f6c2f16cd0e638e225c2f997592164ec418e894646a52f35c8b55

  • SSDEEP

    24576:4YLjBF00JPBO7lg7cXqp01YcUBxGrUsjv8oSfDjYIXlX40PnbLRthC7jjVNd+EQ3:bMQ2lg7+a01LmDjnXlocbXAVGwuH

Score
10/10
adwarebootkitdiscoveryevasionpersistenceprivilege_escalationransomwarestealertrojanupx

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 2 IoCs
    persistence
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 64 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Event Triggered Execution: AppInit DLLs 1 TTPs

    Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    persistenceprivilege_escalation
  • Manipulates Digital Signatures 1 TTPs 64 IoCs

    Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

  • Modifies Windows Firewall 2 TTPs 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 2 IoCs
  • Executes dropped EXE 21 IoCs
  • UPX packed file 27 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Installs/modifies Browser Helper Object 2 TTPs 6 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Maps connected drives based on registry 3 TTPs 1 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Modifies WinLogon 2 TTPs 64 IoCs
    persistence
  • Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • AutoIT Executable 9 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 5 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 2 IoCs
    ransomware
  • Suspicious use of SetThreadContext 7 IoCs
  • Drops file in Program Files directory 52 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 7 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • Program crash 5 IoCs
  • Detects application with GUI, possible interaction required
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 5 IoCs
  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies Control Panel 64 IoCs
    evasion
  • Modifies Internet Explorer Protected Mode 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 2 IoCs
    stealer
  • Modifies registry class 64 IoCs
  • Runs net.exe
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 7 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 44 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 11 IoCs
    evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\System32\spoolsv.exe
    C:\Windows\System32\spoolsv.exe
    1⤵
      PID:1376
    • C:\Windows\Explorer.EXE
      C:\Windows\Explorer.EXE
      1⤵
        PID:3516
        • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
          "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\ytmp3free.cc_lil-darkie-la-la-underbelly-prod-triplesixdelete-music-video-youtubemp3free.org.mp3"
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:3396
          • C:\Program Files (x86)\Windows Media Player\setup_wm.exe
            "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\ytmp3free.cc_lil-darkie-la-la-underbelly-prod-triplesixdelete-music-video-youtubemp3free.org.mp3"
            3⤵
              PID:1080
            • C:\Windows\SysWOW64\unregmp2.exe
              "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
              3⤵
              • Suspicious use of WriteProcessMemory
              PID:1252
              • C:\Windows\system32\unregmp2.exe
                "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
                4⤵
                • Enumerates connected drives
                • Suspicious use of AdjustPrivilegeToken
                PID:3484
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
            2⤵
            • Enumerates system info in registry
            • Modifies registry class
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of WriteProcessMemory
            PID:1788
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffdd4ec46f8,0x7ffdd4ec4708,0x7ffdd4ec4718
              3⤵
                PID:4764
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
                3⤵
                  PID:748
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
                  3⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1592
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
                  3⤵
                    PID:2312
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
                    3⤵
                      PID:4280
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
                      3⤵
                        PID:4348
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
                        3⤵
                          PID:4632
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
                          3⤵
                            PID:4488
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3632 /prefetch:8
                            3⤵
                              PID:3996
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3632 /prefetch:8
                              3⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:1080
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
                              3⤵
                                PID:4752
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
                                3⤵
                                  PID:4760
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4956 /prefetch:8
                                  3⤵
                                    PID:3540
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3372 /prefetch:8
                                    3⤵
                                    • Modifies registry class
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:5112
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
                                    3⤵
                                      PID:4688
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
                                      3⤵
                                        PID:4280
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
                                        3⤵
                                          PID:4328
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
                                          3⤵
                                            PID:2712
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
                                            3⤵
                                              PID:3996
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
                                              3⤵
                                                PID:2876
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:1
                                                3⤵
                                                  PID:4340
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5992 /prefetch:8
                                                  3⤵
                                                    PID:1536
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
                                                    3⤵
                                                      PID:5068
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1048 /prefetch:8
                                                      3⤵
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:4768
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
                                                      3⤵
                                                        PID:996
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6956 /prefetch:8
                                                        3⤵
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:4152
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5472 /prefetch:2
                                                        3⤵
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:3312
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
                                                        3⤵
                                                          PID:656
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
                                                          3⤵
                                                            PID:4708
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
                                                            3⤵
                                                              PID:3908
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
                                                              3⤵
                                                                PID:1540
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
                                                                3⤵
                                                                  PID:5008
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3924903718192309403,4824375153052423263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
                                                                  3⤵
                                                                    PID:3356
                                                                • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\Alerta.exe
                                                                  "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\Alerta.exe"
                                                                  2⤵
                                                                    PID:1884
                                                                  • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\ClassicShell.exe
                                                                    "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\ClassicShell.exe"
                                                                    2⤵
                                                                    • Writes to the Master Boot Record (MBR)
                                                                    PID:1540
                                                                  • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\ClassicShell.exe
                                                                    "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\ClassicShell.exe"
                                                                    2⤵
                                                                    • Writes to the Master Boot Record (MBR)
                                                                    PID:1048
                                                                  • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\ArcticBomb.exe
                                                                    "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\ArcticBomb.exe"
                                                                    2⤵
                                                                      PID:4032
                                                                    • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\BlueScreen.exe
                                                                      "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\BlueScreen.exe"
                                                                      2⤵
                                                                        PID:1584
                                                                      • C:\Windows\system32\cmd.exe
                                                                        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\DudleyTrojan.bat" "
                                                                        2⤵
                                                                          PID:5108
                                                                        • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\FlashKiller.exe
                                                                          "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\FlashKiller.exe"
                                                                          2⤵
                                                                            PID:4192
                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                              C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 244
                                                                              3⤵
                                                                              • Program crash
                                                                              PID:2532
                                                                          • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\LoveYou.exe
                                                                            "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\LoveYou.exe"
                                                                            2⤵
                                                                              PID:2736
                                                                            • C:\Windows\system32\cmd.exe
                                                                              C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\L0Lz.bat" "
                                                                              2⤵
                                                                                PID:4980
                                                                                • C:\Windows\system32\net.exe
                                                                                  net session
                                                                                  3⤵
                                                                                    PID:4080
                                                                                    • C:\Windows\system32\net1.exe
                                                                                      C:\Windows\system32\net1 session
                                                                                      4⤵
                                                                                        PID:3144
                                                                                    • C:\Windows\system32\net.exe
                                                                                      net stop "SDRSVC"
                                                                                      3⤵
                                                                                        PID:2484
                                                                                        • C:\Windows\system32\net1.exe
                                                                                          C:\Windows\system32\net1 stop "SDRSVC"
                                                                                          4⤵
                                                                                            PID:5056
                                                                                        • C:\Windows\system32\net.exe
                                                                                          net stop "WinDefend"
                                                                                          3⤵
                                                                                            PID:4560
                                                                                            • C:\Windows\system32\net1.exe
                                                                                              C:\Windows\system32\net1 stop "WinDefend"
                                                                                              4⤵
                                                                                                PID:2792
                                                                                            • C:\Windows\system32\taskkill.exe
                                                                                              taskkill /f /t /im "MSASCui.exe"
                                                                                              3⤵
                                                                                              • Kills process with taskkill
                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                              PID:640
                                                                                            • C:\Windows\system32\net.exe
                                                                                              net stop "security center"
                                                                                              3⤵
                                                                                                PID:3452
                                                                                                • C:\Windows\system32\net1.exe
                                                                                                  C:\Windows\system32\net1 stop "security center"
                                                                                                  4⤵
                                                                                                    PID:1400
                                                                                                • C:\Windows\system32\net.exe
                                                                                                  net stop sharedaccess
                                                                                                  3⤵
                                                                                                    PID:3192
                                                                                                    • C:\Windows\system32\net1.exe
                                                                                                      C:\Windows\system32\net1 stop sharedaccess
                                                                                                      4⤵
                                                                                                        PID:2296
                                                                                                    • C:\Windows\system32\netsh.exe
                                                                                                      netsh firewall set opmode mode-disable
                                                                                                      3⤵
                                                                                                      • Modifies Windows Firewall
                                                                                                      • Event Triggered Execution: Netsh Helper DLL
                                                                                                      PID:5008
                                                                                                    • C:\Windows\system32\net.exe
                                                                                                      net stop "wuauserv"
                                                                                                      3⤵
                                                                                                        PID:1472
                                                                                                        • C:\Windows\system32\net1.exe
                                                                                                          C:\Windows\system32\net1 stop "wuauserv"
                                                                                                          4⤵
                                                                                                            PID:3356
                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                          C:\Windows\system32\cmd.exe /S /D /c" echo tasklist "
                                                                                                          3⤵
                                                                                                            PID:4344
                                                                                                          • C:\Windows\system32\find.exe
                                                                                                            find /I "L0Lz"
                                                                                                            3⤵
                                                                                                              PID:4960
                                                                                                            • C:\Windows\system32\xcopy.exe
                                                                                                              XCOPY "BitcoinMiner.bat" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
                                                                                                              3⤵
                                                                                                              • Drops startup file
                                                                                                              PID:2248
                                                                                                            • C:\Windows\system32\xcopy.exe
                                                                                                              XCOPY "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitcoinMiner.bat"
                                                                                                              3⤵
                                                                                                                PID:4608
                                                                                                            • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\Gas.exe
                                                                                                              "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\Gas.exe"
                                                                                                              2⤵
                                                                                                                PID:1848
                                                                                                              • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\MEMZ.exe
                                                                                                                "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\MEMZ.exe"
                                                                                                                2⤵
                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                PID:3752
                                                                                                                • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\MEMZ.exe
                                                                                                                  "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog
                                                                                                                  3⤵
                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                  PID:4516
                                                                                                                • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\MEMZ.exe
                                                                                                                  "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog
                                                                                                                  3⤵
                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                  PID:3232
                                                                                                                • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\MEMZ.exe
                                                                                                                  "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog
                                                                                                                  3⤵
                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                  PID:3116
                                                                                                                • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\MEMZ.exe
                                                                                                                  "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog
                                                                                                                  3⤵
                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                  PID:4924
                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 376
                                                                                                                    4⤵
                                                                                                                    • Program crash
                                                                                                                    PID:5664
                                                                                                                • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\MEMZ.exe
                                                                                                                  "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog
                                                                                                                  3⤵
                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                  PID:2528
                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 284
                                                                                                                    4⤵
                                                                                                                    • Program crash
                                                                                                                    PID:5648
                                                                                                                • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\MEMZ.exe
                                                                                                                  "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /main
                                                                                                                  3⤵
                                                                                                                  • Writes to the Master Boot Record (MBR)
                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                  PID:1104
                                                                                                                  • C:\Windows\SysWOW64\notepad.exe
                                                                                                                    "C:\Windows\System32\notepad.exe" \note.txt
                                                                                                                    4⤵
                                                                                                                      PID:2544
                                                                                                                    • C:\Windows\SysWOW64\control.exe
                                                                                                                      "C:\Windows\System32\control.exe"
                                                                                                                      4⤵
                                                                                                                        PID:4708
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
                                                                                                                        4⤵
                                                                                                                          PID:2536
                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffdd4ec46f8,0x7ffdd4ec4708,0x7ffdd4ec4718
                                                                                                                            5⤵
                                                                                                                              PID:1968
                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
                                                                                                                            4⤵
                                                                                                                              PID:3316
                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdd4ec46f8,0x7ffdd4ec4708,0x7ffdd4ec4718
                                                                                                                                5⤵
                                                                                                                                  PID:556
                                                                                                                              • C:\Windows\SysWOW64\calc.exe
                                                                                                                                "C:\Windows\System32\calc.exe"
                                                                                                                                4⤵
                                                                                                                                • Modifies registry class
                                                                                                                                PID:5076
                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                "C:\Windows\System32\notepad.exe"
                                                                                                                                4⤵
                                                                                                                                  PID:5460
                                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 1028
                                                                                                                                    5⤵
                                                                                                                                    • Program crash
                                                                                                                                    PID:392
                                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 1416
                                                                                                                                  4⤵
                                                                                                                                  • Program crash
                                                                                                                                  PID:5552
                                                                                                                            • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\Zika.exe
                                                                                                                              "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\Zika.exe"
                                                                                                                              2⤵
                                                                                                                              • Drops file in Program Files directory
                                                                                                                              • Drops file in Windows directory
                                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                                              PID:1548
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.exe" -extract C:\Program Files\7-Zip\7z.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.rc, icongroup,,
                                                                                                                                3⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                PID:3144
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\taskhost.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.rc, C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.res
                                                                                                                                3⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                PID:3936
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.exe" -extract C:\Program Files\7-Zip\7zFM.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.rc, icongroup,,
                                                                                                                                3⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                PID:3512
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\taskhost.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.rc, C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.res
                                                                                                                                3⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                PID:1884
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.exe" -extract C:\Program Files\7-Zip\7zG.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.rc, icongroup,,
                                                                                                                                3⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                PID:3220
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\taskhost.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.rc, C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.res
                                                                                                                                3⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                PID:1848
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.exe" -extract C:\Program Files\7-Zip\Uninstall.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.rc, icongroup,,
                                                                                                                                3⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                PID:2152
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\taskhost.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.rc, C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.res
                                                                                                                                3⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                PID:1780
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.exe" -addoverwrite C:\Program Files\7-Zip\Uninstall.exe", "C:\Program Files\7-Zip\Uninstall.exe, C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.res, icongroup,,
                                                                                                                                3⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Drops file in Program Files directory
                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                PID:2776
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.exe" -extract C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.rc, icongroup,,
                                                                                                                                3⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                PID:3164
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\taskhost.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.rc, C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.res
                                                                                                                                3⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                PID:4796
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.exe" -extract C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.rc, icongroup,,
                                                                                                                                3⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                PID:5008
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\taskhost.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.rc, C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.res
                                                                                                                                3⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                PID:3764
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.exe" -extract C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.rc, icongroup,,
                                                                                                                                3⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                PID:3600
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\taskhost.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.rc, C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.res
                                                                                                                                3⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                PID:3192
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.exe" -extract C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.rc, icongroup,,
                                                                                                                                3⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                PID:3196
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\taskhost.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.rc, C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.res
                                                                                                                                3⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                PID:2192
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.exe" -extract C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.rc, icongroup,,
                                                                                                                                3⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                PID:4576
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\taskhost.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.rc, C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.res
                                                                                                                                3⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                PID:4004
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.exe" -extract C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.rc, icongroup,,
                                                                                                                                3⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                PID:5016
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\taskhost.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.rc, C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.res
                                                                                                                                3⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                PID:3152
                                                                                                                            • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\Nostart.exe
                                                                                                                              "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\Nostart.exe"
                                                                                                                              2⤵
                                                                                                                                PID:1472
                                                                                                                              • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\Sevgi.a.exe
                                                                                                                                "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\Sevgi.a.exe"
                                                                                                                                2⤵
                                                                                                                                • Adds Run key to start application
                                                                                                                                • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                PID:692
                                                                                                                              • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\VeryFun.exe
                                                                                                                                "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\VeryFun.exe"
                                                                                                                                2⤵
                                                                                                                                • Suspicious use of SetThreadContext
                                                                                                                                • Drops file in Windows directory
                                                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                PID:944
                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                  "C:\Windows\system32\cmd.exe"
                                                                                                                                  3⤵
                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                  PID:2864
                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                  "C:\Windows\system32\cmd.exe"
                                                                                                                                  3⤵
                                                                                                                                  • Adds autorun key to be loaded by Explorer.exe on startup
                                                                                                                                  • Modifies WinLogon for persistence
                                                                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                                                                  • Manipulates Digital Signatures
                                                                                                                                  • Checks computer location settings
                                                                                                                                  • Adds Run key to start application
                                                                                                                                  • Checks whether UAC is enabled
                                                                                                                                  • Installs/modifies Browser Helper Object
                                                                                                                                  • Maps connected drives based on registry
                                                                                                                                  • Modifies WinLogon
                                                                                                                                  • Sets desktop wallpaper using registry
                                                                                                                                  • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                  • Checks SCSI registry key(s)
                                                                                                                                  • Modifies Control Panel
                                                                                                                                  • Modifies Internet Explorer settings
                                                                                                                                  • Modifies Internet Explorer start page
                                                                                                                                  • Suspicious use of SendNotifyMessage
                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                  • System policy modification
                                                                                                                                  PID:3332
                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                  "C:\Windows\system32\cmd.exe"
                                                                                                                                  3⤵
                                                                                                                                  • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                  PID:2324
                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                  "C:\Windows\system32\cmd.exe"
                                                                                                                                  3⤵
                                                                                                                                  • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                  PID:3908
                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                  "C:\Windows\system32\cmd.exe"
                                                                                                                                  3⤵
                                                                                                                                  • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                  PID:2432
                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                  "C:\Windows\system32\cmd.exe"
                                                                                                                                  3⤵
                                                                                                                                  • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                  PID:2296
                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                  "C:\Windows\system32\cmd.exe"
                                                                                                                                  3⤵
                                                                                                                                  • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                  PID:4388
                                                                                                                              • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\Whiter.a.exe
                                                                                                                                "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\Whiter.a.exe"
                                                                                                                                2⤵
                                                                                                                                • Adds Run key to start application
                                                                                                                                • Drops file in System32 directory
                                                                                                                                PID:1276
                                                                                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                  notepad.exe C:\Users\Admin\AppData\Local\Temp\~sn4398.tmp
                                                                                                                                  3⤵
                                                                                                                                    PID:4252
                                                                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                1⤵
                                                                                                                                  PID:2000
                                                                                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                  1⤵
                                                                                                                                    PID:5004
                                                                                                                                  • C:\Windows\System32\rundll32.exe
                                                                                                                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                    1⤵
                                                                                                                                      PID:3032
                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4192 -ip 4192
                                                                                                                                      1⤵
                                                                                                                                        PID:1416
                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                        C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
                                                                                                                                        1⤵
                                                                                                                                        • Modifies registry class
                                                                                                                                        • Suspicious behavior: AddClipboardFormatListener
                                                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                                                        PID:3628
                                                                                                                                      • C:\Windows\SysWOW64\DllHost.exe
                                                                                                                                        C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                                                                                                                                        1⤵
                                                                                                                                          PID:4420
                                                                                                                                        • C:\Windows\system32\AUDIODG.EXE
                                                                                                                                          C:\Windows\system32\AUDIODG.EXE 0x244 0x2f4
                                                                                                                                          1⤵
                                                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                                                          PID:4156
                                                                                                                                        • C:\Windows\system32\OpenWith.exe
                                                                                                                                          C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                          1⤵
                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                          PID:4776
                                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                                          explorer.exe
                                                                                                                                          1⤵
                                                                                                                                          • Boot or Logon Autostart Execution: Active Setup
                                                                                                                                          • Drops file in System32 directory
                                                                                                                                          • Sets desktop wallpaper using registry
                                                                                                                                          • Checks SCSI registry key(s)
                                                                                                                                          • Modifies registry class
                                                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                                                          PID:5312
                                                                                                                                          • C:\Windows\System32\ie4uinit.exe
                                                                                                                                            "C:\Windows\System32\ie4uinit.exe" -UserConfig
                                                                                                                                            2⤵
                                                                                                                                            • Drops file in Program Files directory
                                                                                                                                            • Drops file in Windows directory
                                                                                                                                            • Modifies Internet Explorer Protected Mode
                                                                                                                                            PID:5416
                                                                                                                                            • C:\Windows\System32\ie4uinit.exe
                                                                                                                                              C:\Windows\System32\ie4uinit.exe -ClearIconCache
                                                                                                                                              3⤵
                                                                                                                                                PID:5520
                                                                                                                                                • C:\Windows\system32\RunDll32.exe
                                                                                                                                                  C:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0
                                                                                                                                                  4⤵
                                                                                                                                                    PID:4504
                                                                                                                                                  • C:\Windows\system32\RunDll32.exe
                                                                                                                                                    C:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0
                                                                                                                                                    4⤵
                                                                                                                                                      PID:4620
                                                                                                                                                • C:\Windows\System32\unregmp2.exe
                                                                                                                                                  "C:\Windows\System32\unregmp2.exe" /FirstLogon
                                                                                                                                                  2⤵
                                                                                                                                                    PID:5672
                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
                                                                                                                                                    2⤵
                                                                                                                                                      PID:5696
                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x240,0x244,0x248,0x21c,0x24c,0x7ff668b6ae48,0x7ff668b6ae58,0x7ff668b6ae68
                                                                                                                                                        3⤵
                                                                                                                                                          PID:5712
                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=2 --install-level=0
                                                                                                                                                          3⤵
                                                                                                                                                            PID:5752
                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff668b6ae48,0x7ff668b6ae58,0x7ff668b6ae68
                                                                                                                                                              4⤵
                                                                                                                                                                PID:5768
                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge
                                                                                                                                                            2⤵
                                                                                                                                                            • Drops file in Program Files directory
                                                                                                                                                            PID:5872
                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff609e65460,0x7ff609e65470,0x7ff609e65480
                                                                                                                                                              3⤵
                                                                                                                                                                PID:5888
                                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --migrate-edgeuwp-taskbar-shortcut
                                                                                                                                                                3⤵
                                                                                                                                                                  PID:5948
                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdd4ec46f8,0x7ffdd4ec4708,0x7ffdd4ec4718
                                                                                                                                                                    4⤵
                                                                                                                                                                    • Checks processor information in registry
                                                                                                                                                                    • Enumerates system info in registry
                                                                                                                                                                    PID:5992
                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                              explorer.exe
                                                                                                                                                              1⤵
                                                                                                                                                              • Boot or Logon Autostart Execution: Active Setup
                                                                                                                                                              • Drops file in System32 directory
                                                                                                                                                              • Checks SCSI registry key(s)
                                                                                                                                                              • Modifies registry class
                                                                                                                                                              • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                                                                              PID:5764
                                                                                                                                                              • C:\Windows\system32\WerFault.exe
                                                                                                                                                                C:\Windows\system32\WerFault.exe -u -p 5764 -s 1292
                                                                                                                                                                2⤵
                                                                                                                                                                  PID:312
                                                                                                                                                              • C:\Windows\explorer.exe
                                                                                                                                                                explorer.exe
                                                                                                                                                                1⤵
                                                                                                                                                                • Boot or Logon Autostart Execution: Active Setup
                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                • Checks SCSI registry key(s)
                                                                                                                                                                • Modifies registry class
                                                                                                                                                                PID:1420

                                                                                                                                                              Network

                                                                                                                                                              MITRE ATT&CK Matrix ATT&CK v13

                                                                                                                                                              Initial Access

                                                                                                                                                              Execution

                                                                                                                                                              Persistence

                                                                                                                                                              Boot or Logon Autostart Execution

                                                                                                                                                              5
                                                                                                                                                              T1547

                                                                                                                                                              Registry Run Keys / Startup Folder

                                                                                                                                                              2
                                                                                                                                                              T1547.001

                                                                                                                                                              Winlogon Helper DLL

                                                                                                                                                              2
                                                                                                                                                              T1547.004

                                                                                                                                                              Active Setup

                                                                                                                                                              1
                                                                                                                                                              T1547.014

                                                                                                                                                              Event Triggered Execution

                                                                                                                                                              2
                                                                                                                                                              T1546

                                                                                                                                                              Netsh Helper DLL

                                                                                                                                                              1
                                                                                                                                                              T1546.007

                                                                                                                                                              AppInit DLLs

                                                                                                                                                              1
                                                                                                                                                              T1546.010

                                                                                                                                                              Create or Modify System Process

                                                                                                                                                              1
                                                                                                                                                              T1543

                                                                                                                                                              Windows Service

                                                                                                                                                              1
                                                                                                                                                              T1543.003

                                                                                                                                                              Browser Extensions

                                                                                                                                                              1
                                                                                                                                                              T1176

                                                                                                                                                              Pre-OS Boot

                                                                                                                                                              1
                                                                                                                                                              T1542

                                                                                                                                                              Bootkit

                                                                                                                                                              1
                                                                                                                                                              T1542.003

                                                                                                                                                              Privilege Escalation

                                                                                                                                                              Boot or Logon Autostart Execution

                                                                                                                                                              5
                                                                                                                                                              T1547

                                                                                                                                                              Registry Run Keys / Startup Folder

                                                                                                                                                              2
                                                                                                                                                              T1547.001

                                                                                                                                                              Winlogon Helper DLL

                                                                                                                                                              2
                                                                                                                                                              T1547.004

                                                                                                                                                              Active Setup

                                                                                                                                                              1
                                                                                                                                                              T1547.014

                                                                                                                                                              Event Triggered Execution

                                                                                                                                                              2
                                                                                                                                                              T1546

                                                                                                                                                              Netsh Helper DLL

                                                                                                                                                              1
                                                                                                                                                              T1546.007

                                                                                                                                                              AppInit DLLs

                                                                                                                                                              1
                                                                                                                                                              T1546.010

                                                                                                                                                              Create or Modify System Process

                                                                                                                                                              1
                                                                                                                                                              T1543

                                                                                                                                                              Windows Service

                                                                                                                                                              1
                                                                                                                                                              T1543.003

                                                                                                                                                              Defense Evasion

                                                                                                                                                              Modify Registry

                                                                                                                                                              11
                                                                                                                                                              T1112

                                                                                                                                                              Subvert Trust Controls

                                                                                                                                                              1
                                                                                                                                                              T1553

                                                                                                                                                              SIP and Trust Provider Hijacking

                                                                                                                                                              1
                                                                                                                                                              T1553.003

                                                                                                                                                              Impair Defenses

                                                                                                                                                              1
                                                                                                                                                              T1562

                                                                                                                                                              Disable or Modify System Firewall

                                                                                                                                                              1
                                                                                                                                                              T1562.004

                                                                                                                                                              Pre-OS Boot

                                                                                                                                                              1
                                                                                                                                                              T1542

                                                                                                                                                              Bootkit

                                                                                                                                                              1
                                                                                                                                                              T1542.003

                                                                                                                                                              Credential Access

                                                                                                                                                              Discovery

                                                                                                                                                              Query Registry

                                                                                                                                                              8
                                                                                                                                                              T1012

                                                                                                                                                              System Information Discovery

                                                                                                                                                              8
                                                                                                                                                              T1082

                                                                                                                                                              Peripheral Device Discovery

                                                                                                                                                              3
                                                                                                                                                              T1120

                                                                                                                                                              Lateral Movement

                                                                                                                                                              Collection

                                                                                                                                                              Exfiltration

                                                                                                                                                              Command and Control

                                                                                                                                                              Impact

                                                                                                                                                              Defacement

                                                                                                                                                              1
                                                                                                                                                              T1491

                                                                                                                                                              Resource Development

                                                                                                                                                              Reconnaissance

                                                                                                                                                              Replay Monitor

                                                                                                                                                              Loading Replay Monitor...

                                                                                                                                                              Downloads

                                                                                                                                                              • C:\Program Files\7-Zip\7z.dll.sys.exe
                                                                                                                                                                Filesize

                                                                                                                                                                544KB

                                                                                                                                                                MD5

                                                                                                                                                                9a1dd1d96481d61934dcc2d568971d06

                                                                                                                                                                SHA1

                                                                                                                                                                f136ef9bf8bd2fc753292fb5b7cf173a22675fb3

                                                                                                                                                                SHA256

                                                                                                                                                                8cebb25e240db3b6986fcaed6bc0b900fa09dad763a56fb71273529266c5c525

                                                                                                                                                                SHA512

                                                                                                                                                                7ac1581f8a29e778ba1a1220670796c47fa5b838417f8f635e2cb1998a01515cff3ee57045dacb78a8ec70d43754b970743aba600379fe6d9481958d32d8a5aa

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Program Files\7-Zip\7zFM.dll.sys.exe
                                                                                                                                                                Filesize

                                                                                                                                                                930KB

                                                                                                                                                                MD5

                                                                                                                                                                30ac0b832d75598fb3ec37b6f2a8c86a

                                                                                                                                                                SHA1

                                                                                                                                                                6f47dbfd6ff36df7ba581a4cef024da527dc3046

                                                                                                                                                                SHA256

                                                                                                                                                                1ea0839c8dc95ad2c060af7d042c40c0daed58ce8e4524c0fba12fd73e4afb74

                                                                                                                                                                SHA512

                                                                                                                                                                505870601a4389b7ed2c8fecf85835adfd2944cbc10801f74bc4e08f5a0d6ecc9a52052fc37e216304cd1655129021862294a698ed36b3b43d428698f7263057

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Program Files\7-Zip\7zG.dll.sys.exe
                                                                                                                                                                Filesize

                                                                                                                                                                684KB

                                                                                                                                                                MD5

                                                                                                                                                                50f289df0c19484e970849aac4e6f977

                                                                                                                                                                SHA1

                                                                                                                                                                3dc77c8830836ab844975eb002149b66da2e10be

                                                                                                                                                                SHA256

                                                                                                                                                                b9b179b305c5268ad428b6ae59de10b4fe99cf0199bbc89b7017181905e97305

                                                                                                                                                                SHA512

                                                                                                                                                                877d852ea1062b90e2fd2f3c4dc7d05d9697e9a9b2929c830a770b62741f6a11e06de73275eb871113f11143faf1cb40d99f7c247862ffb778d26833ed5d7e38

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                Filesize

                                                                                                                                                                5.6MB

                                                                                                                                                                MD5

                                                                                                                                                                40228458ca455d28e33951a2f3844209

                                                                                                                                                                SHA1

                                                                                                                                                                86165eb8eb3e99b6efa25426508a323be0e68a44

                                                                                                                                                                SHA256

                                                                                                                                                                1a904494bb7a21512af6013fe65745e7898cdd6fadac8cb58be04e02346ed95f

                                                                                                                                                                SHA512

                                                                                                                                                                da62cc244f9924444c7cb4fdbd46017c65e6130d639f6696f7930d867017c211df8b18601bfdaaee65438cee03977848513d7f08987b9b945f3f05241f55ec39

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Program Files\7-Zip\Uninstall.dll.sys.exe
                                                                                                                                                                Filesize

                                                                                                                                                                14KB

                                                                                                                                                                MD5

                                                                                                                                                                ad782ffac62e14e2269bf1379bccbaae

                                                                                                                                                                SHA1

                                                                                                                                                                9539773b550e902a35764574a2be2d05bc0d8afc

                                                                                                                                                                SHA256

                                                                                                                                                                1c8a77db924ebeb952052334dc95add388700c02b073b07973cd8fe0a0a360b8

                                                                                                                                                                SHA512

                                                                                                                                                                a1e9d6316ffc55f4751090961733e98c93b2a391666ff50b50e9dea39783746e501d14127e7ee9343926976d7e3cd224f13736530354d8466ea995dab35c8dc2

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Program Files\7-Zip\Uninstall.exe
                                                                                                                                                                Filesize

                                                                                                                                                                5.6MB

                                                                                                                                                                MD5

                                                                                                                                                                28cab2224580a30e19000b0148499752

                                                                                                                                                                SHA1

                                                                                                                                                                c7a717b2c014cf16333a74fafa77ad9f2a459198

                                                                                                                                                                SHA256

                                                                                                                                                                497fb02861144fb4abeec83f3dab727675ea91c827b6492e5633992ad2db61c7

                                                                                                                                                                SHA512

                                                                                                                                                                7d26a529a321f764bcdc269223dab89e71e2034b7f06e7700255c3c48a8f7eb0248c96f61524811e5631d16b18a51eb98e496977cd8ed9eac1f136c0f811ae1d

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.dll.sys.exe
                                                                                                                                                                Filesize

                                                                                                                                                                2.1MB

                                                                                                                                                                MD5

                                                                                                                                                                b8d69fa2755c3ab1f12f8866a8e2a4f7

                                                                                                                                                                SHA1

                                                                                                                                                                8e3cdfb20e158c2906323ba0094a18c7dd2aaf2d

                                                                                                                                                                SHA256

                                                                                                                                                                7e0976036431640ae1d9f1c0b52bcea5dd37ef86cd3f5304dc8a96459d9483cd

                                                                                                                                                                SHA512

                                                                                                                                                                5acac46068b331216978500f67a7fa5257bc5b05133fab6d88280b670ae4885ef2d5d1f531169b66bf1952e082f56b1ad2bc3901479b740f96c53ea405adda18

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\SetupMetrics\a02cb32b-00e3-4ca7-aa5f-543f98f626d4.tmp
                                                                                                                                                                Filesize

                                                                                                                                                                488B

                                                                                                                                                                MD5

                                                                                                                                                                6d971ce11af4a6a93a4311841da1a178

                                                                                                                                                                SHA1

                                                                                                                                                                cbfdbc9b184f340cbad764abc4d8a31b9c250176

                                                                                                                                                                SHA256

                                                                                                                                                                338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

                                                                                                                                                                SHA512

                                                                                                                                                                c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
                                                                                                                                                                Filesize

                                                                                                                                                                150B

                                                                                                                                                                MD5

                                                                                                                                                                ec908e9421d150beaaf89cbe7737d112

                                                                                                                                                                SHA1

                                                                                                                                                                4fb9aad0a4c5d317f83cb520018facee37e4b24f

                                                                                                                                                                SHA256

                                                                                                                                                                d98a9046f3ee7459abc0baf84dc75358c6d228467fe460b6572a83b6181ade32

                                                                                                                                                                SHA512

                                                                                                                                                                6114b5058e575da9ea5b17b5e80287da429793b72f05d29b503d8291eab1bb279c7067e3399934cc0eb8624c52b4c20be951806b3a7feb6a45af19984d5a77b9

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\957a6f44-6b04-4487-abd2-b779c1089c96.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                4.9MB

                                                                                                                                                                MD5

                                                                                                                                                                edffc0007a2d34acca243efa2f9fc16f

                                                                                                                                                                SHA1

                                                                                                                                                                d08b9811a1355aa2566d12a5902a396a082a5bfa

                                                                                                                                                                SHA256

                                                                                                                                                                45614472c2cf52e61e9aa985e731036cecd155067162e360c7a09b5e1ae48951

                                                                                                                                                                SHA512

                                                                                                                                                                996486a24257d7aa702a6bcbf16be7bef981a49741501be11dae9858a420c2cbd7a3be20f91d7eca753f2ee3c651e2ab47e598da2a7d425c7887d9ea7b74ffb7

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                Filesize

                                                                                                                                                                152B

                                                                                                                                                                MD5

                                                                                                                                                                dbe2de29cd1b28411ee709f960244b02

                                                                                                                                                                SHA1

                                                                                                                                                                087128db492a209746387e108abf175ff465bab3

                                                                                                                                                                SHA256

                                                                                                                                                                d22af10a75d9eb043d91bb3657b16b85d4e6ec09531de1d51223d9fd84bf361b

                                                                                                                                                                SHA512

                                                                                                                                                                962fd8ef1309cb7d8de209069ab249bfa9becb3bf44d576821a5601f3e2c27a6328f7338c659587d73eafe6351b8862ea2d0020625269197cd8d266b8b4ad00d

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                Filesize

                                                                                                                                                                152B

                                                                                                                                                                MD5

                                                                                                                                                                87f7abeb82600e1e640b843ad50fe0a1

                                                                                                                                                                SHA1

                                                                                                                                                                045bbada3f23fc59941bf7d0210fb160cb78ae87

                                                                                                                                                                SHA256

                                                                                                                                                                b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

                                                                                                                                                                SHA512

                                                                                                                                                                ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                Filesize

                                                                                                                                                                152B

                                                                                                                                                                MD5

                                                                                                                                                                f61fa5143fe872d1d8f1e9f8dc6544f9

                                                                                                                                                                SHA1

                                                                                                                                                                df44bab94d7388fb38c63085ec4db80cfc5eb009

                                                                                                                                                                SHA256

                                                                                                                                                                284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

                                                                                                                                                                SHA512

                                                                                                                                                                971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
                                                                                                                                                                Filesize

                                                                                                                                                                67KB

                                                                                                                                                                MD5

                                                                                                                                                                9e3f75f0eac6a6d237054f7b98301754

                                                                                                                                                                SHA1

                                                                                                                                                                80a6cb454163c3c11449e3988ad04d6ad6d2b432

                                                                                                                                                                SHA256

                                                                                                                                                                33a84dec02c65acb6918a1ae82afa05664ee27ad2f07760e8b008636510fd5bf

                                                                                                                                                                SHA512

                                                                                                                                                                5cea53f27a4fdbd32355235c90ce3d9b39f550a1b070574cbc4ea892e9901ab0acace0f8eeb5814515ca6ff2970bc3cc0559a0c87075ac4bb3251bc8eaee6236

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
                                                                                                                                                                Filesize

                                                                                                                                                                62KB

                                                                                                                                                                MD5

                                                                                                                                                                c3c0eb5e044497577bec91b5970f6d30

                                                                                                                                                                SHA1

                                                                                                                                                                d833f81cf21f68d43ba64a6c28892945adc317a6

                                                                                                                                                                SHA256

                                                                                                                                                                eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

                                                                                                                                                                SHA512

                                                                                                                                                                83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
                                                                                                                                                                Filesize

                                                                                                                                                                41KB

                                                                                                                                                                MD5

                                                                                                                                                                b15016a51bd29539b8dcbb0ce3c70a1b

                                                                                                                                                                SHA1

                                                                                                                                                                4eab6d31dea4a783aae6cabe29babe070bd6f6f0

                                                                                                                                                                SHA256

                                                                                                                                                                e72c68736ce86ec9e3785a89f0d547b4993d5a2522a33104eeb7954eff7f488a

                                                                                                                                                                SHA512

                                                                                                                                                                1c74e4d2895651b9ab86158396bcce27a04acfb5655a32a28c37ee0ebd66cd044c3c895db7e14acc41a93db55463310425c188a7c503f0308ce894cf93df219f

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
                                                                                                                                                                Filesize

                                                                                                                                                                19KB

                                                                                                                                                                MD5

                                                                                                                                                                76a3f1e9a452564e0f8dce6c0ee111e8

                                                                                                                                                                SHA1

                                                                                                                                                                11c3d925cbc1a52d53584fd8606f8f713aa59114

                                                                                                                                                                SHA256

                                                                                                                                                                381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

                                                                                                                                                                SHA512

                                                                                                                                                                a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
                                                                                                                                                                Filesize

                                                                                                                                                                65KB

                                                                                                                                                                MD5

                                                                                                                                                                56d57bc655526551f217536f19195495

                                                                                                                                                                SHA1

                                                                                                                                                                28b430886d1220855a805d78dc5d6414aeee6995

                                                                                                                                                                SHA256

                                                                                                                                                                f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

                                                                                                                                                                SHA512

                                                                                                                                                                7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
                                                                                                                                                                Filesize

                                                                                                                                                                88KB

                                                                                                                                                                MD5

                                                                                                                                                                b38fbbd0b5c8e8b4452b33d6f85df7dc

                                                                                                                                                                SHA1

                                                                                                                                                                386ba241790252df01a6a028b3238de2f995a559

                                                                                                                                                                SHA256

                                                                                                                                                                b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

                                                                                                                                                                SHA512

                                                                                                                                                                546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
                                                                                                                                                                Filesize

                                                                                                                                                                1.2MB

                                                                                                                                                                MD5

                                                                                                                                                                620dd00003f691e6bda9ff44e1fc313f

                                                                                                                                                                SHA1

                                                                                                                                                                aaf106bb2767308c1056dee17ab2e92b9374fb00

                                                                                                                                                                SHA256

                                                                                                                                                                eea7813cba41e7062794087d5d4c820d7b30b699af3ec37cb545665940725586

                                                                                                                                                                SHA512

                                                                                                                                                                3e245851bfa901632ea796ddd5c64b86eda217ec5cd0587406f5c28328b5cb98c5d8089d868e409e40560c279332ba85dd8ce1159ae98e8588e35ed61da2f006

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
                                                                                                                                                                Filesize

                                                                                                                                                                32KB

                                                                                                                                                                MD5

                                                                                                                                                                2448f641fbbbdd88f0606efa966b052e

                                                                                                                                                                SHA1

                                                                                                                                                                25825aef444654fdc036bb425f79fd1c6fc6916e

                                                                                                                                                                SHA256

                                                                                                                                                                03f060bf37ba360360d6a7413d98e485e7d8e6f69e6a1de300c788d439b78d02

                                                                                                                                                                SHA512

                                                                                                                                                                d56e3b19d3f4c6d6663117000b99071cc453b6fd93f708bb8cb92d5adfa0eaab749d8d6cef4f19fbba548d31edaecfd0a74ca55dbca7d5f5f1fe66879b27b9d0

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
                                                                                                                                                                Filesize

                                                                                                                                                                261KB

                                                                                                                                                                MD5

                                                                                                                                                                f52acfd2430b4cedd65f99b8f21b1676

                                                                                                                                                                SHA1

                                                                                                                                                                64f019049e45aac47706cc33d90b9058154512ff

                                                                                                                                                                SHA256

                                                                                                                                                                7eaf4f599cd97991a9e108bfa9abd1536ce11b8a31c4a056590d359966956a64

                                                                                                                                                                SHA512

                                                                                                                                                                03ef4223b349ff52fc162fe024da0a0c25db8fe0e31c37a79ceb1f7ea0ad252c0c90bf2f971060d2686f61a00c495a4a96fbe44cf6c7c2f8596b71c959c93bc1

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
                                                                                                                                                                Filesize

                                                                                                                                                                20KB

                                                                                                                                                                MD5

                                                                                                                                                                628ba8d31375849e0943894669cd033c

                                                                                                                                                                SHA1

                                                                                                                                                                4fa6d50a37fa2dadec892474d3e713ef9de2d8a1

                                                                                                                                                                SHA256

                                                                                                                                                                80e3440c312f921afe33a7d4a3d11d1d2dc7162f8f50b748b796f424441d10d6

                                                                                                                                                                SHA512

                                                                                                                                                                d4406493dc8767c479460f3039b038866549feebf392280384da08adbcad2e871720d046220cb67ebe3ab75c14e06a31df2fa7c0f2c17f91eda26ba0a709d27f

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
                                                                                                                                                                Filesize

                                                                                                                                                                37KB

                                                                                                                                                                MD5

                                                                                                                                                                f9d7c9aef654e1e17a11be30db91ca01

                                                                                                                                                                SHA1

                                                                                                                                                                33b723c11219afca1a29848fd8d704f30f7393c0

                                                                                                                                                                SHA256

                                                                                                                                                                33c33ea60091eb455c214a4db497629538bd6fa9501948469982513da0277e87

                                                                                                                                                                SHA512

                                                                                                                                                                fde2b9fa466bb082b0359902282f90688c61bbd0f364c1e60bcb923b7c7397e7b3f6c64fdef14fa1a54787c12dda9724688e86526e579954c30efef782a6e8aa

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
                                                                                                                                                                Filesize

                                                                                                                                                                37KB

                                                                                                                                                                MD5

                                                                                                                                                                669b1563b95fce26d9ddc3c7e9bdc538

                                                                                                                                                                SHA1

                                                                                                                                                                275e4ae2606a0da908003b77ea06b24ea8b66214

                                                                                                                                                                SHA256

                                                                                                                                                                d46765072d87d9892a0f6f8f9849eafe0abecee9d662e99f8b45d8c5b22ac667

                                                                                                                                                                SHA512

                                                                                                                                                                09e066f5a1974927b2cb607a8b953f2732928c7347f65cdfcdb573170840562de6eae091a61108827b3ae0799c16bfbd41d858ee1a8bc57d9bb1fac814438302

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
                                                                                                                                                                Filesize

                                                                                                                                                                21KB

                                                                                                                                                                MD5

                                                                                                                                                                0e52c094a93d5bcd8875cce575d7da9a

                                                                                                                                                                SHA1

                                                                                                                                                                de9ecbf399f77a497c96c1a4b3509153ad9751a2

                                                                                                                                                                SHA256

                                                                                                                                                                abafb66ae53e45e075a02ab40e19bc2dbb0126d83f4da5f1fbd3bed1a4b4fdce

                                                                                                                                                                SHA512

                                                                                                                                                                b2cbb5075eb1cf84b9b24c2a2f3165675496d506d5e98a8868c18514c5740c366b5a29a925dcf6f6cacdb8ce6e39eb8673b15ebb55c5e9078e0d7eff631905cb

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029
                                                                                                                                                                Filesize

                                                                                                                                                                18KB

                                                                                                                                                                MD5

                                                                                                                                                                5e0431228c8cbdebb623d836e9474b1f

                                                                                                                                                                SHA1

                                                                                                                                                                deab0d4ff23a430f60af5c201d3d11a2b141f3af

                                                                                                                                                                SHA256

                                                                                                                                                                c39adc3e3ecd6e595d6ac334f4abcaeeeae67c53b715d82c837e9a6e81d750f1

                                                                                                                                                                SHA512

                                                                                                                                                                abbd90205c4f89056ea4ba6e162ac23633be62300de8f16a4607aee265a8c504d7b6f00cfa2c1aef887dd62c34a88f45cedc648f8b42928ad54e21e39059e7f5

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
                                                                                                                                                                Filesize

                                                                                                                                                                211KB

                                                                                                                                                                MD5

                                                                                                                                                                151fb811968eaf8efb840908b89dc9d4

                                                                                                                                                                SHA1

                                                                                                                                                                7ec811009fd9b0e6d92d12d78b002275f2f1bee1

                                                                                                                                                                SHA256

                                                                                                                                                                043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

                                                                                                                                                                SHA512

                                                                                                                                                                83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                Filesize

                                                                                                                                                                1KB

                                                                                                                                                                MD5

                                                                                                                                                                ff06576daa53a754fb46abfbdd1aef04

                                                                                                                                                                SHA1

                                                                                                                                                                eb44f1b50e6453413d6e1b2169dba0d426c02ca3

                                                                                                                                                                SHA256

                                                                                                                                                                c5b61398c9e8eb5ba9c18c4200ccf87115feb7104aa0fadc4d3d3ec22c6e1c54

                                                                                                                                                                SHA512

                                                                                                                                                                3b5a4dc36699d5b366fc30743df86d4cf8eb568c2529b382bd90ec7d21162c0d307fd157445380e835511414c55443d8a4c3baf2b8b22e9390dcfe6fa64cbf55

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                Filesize

                                                                                                                                                                3KB

                                                                                                                                                                MD5

                                                                                                                                                                8eaccf72a9fd3f35e2ed0548f8d9742d

                                                                                                                                                                SHA1

                                                                                                                                                                531496bf71b46fd3491b2125810faeed8db1bc4d

                                                                                                                                                                SHA256

                                                                                                                                                                ec0d2beec2949386ebe47d0e01c85a7d9adc088d285438e7b9df3c79eff46e8c

                                                                                                                                                                SHA512

                                                                                                                                                                2d5531dde8fe175269a881b611a838f4d831d81c5c135108209722708a13152b2b38e4b5a1b2c2d2820deaed1d24bb073aa7c51a54d0296dd64b584e214af9a4

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                Filesize

                                                                                                                                                                4KB

                                                                                                                                                                MD5

                                                                                                                                                                f06f4a2788a3a42e532117174573f1d5

                                                                                                                                                                SHA1

                                                                                                                                                                232987c426578688c9ddc106da8229f568e42e14

                                                                                                                                                                SHA256

                                                                                                                                                                4c3199fbd29cadcc16b6c4d43448d6794b86ca143bc26718989d4e51b9cc24a1

                                                                                                                                                                SHA512

                                                                                                                                                                4c8c996c65cb2a95f415d515ba3b972769ffb24397464a0bb304ece6c9d24a9bcf8fb714b70533a38366d6ef64eaf6b5d315fe8a137c27b3b400437a4ae453e3

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                Filesize

                                                                                                                                                                4KB

                                                                                                                                                                MD5

                                                                                                                                                                c321d0c9b836258117f93aad07d0b24f

                                                                                                                                                                SHA1

                                                                                                                                                                ae15a7e2d0b632e0afe56ae89a5072d387a57f28

                                                                                                                                                                SHA256

                                                                                                                                                                84434a0fcf56e6b5e639648b9bbca633efc5276a908205ae5ee615d53b0c574b

                                                                                                                                                                SHA512

                                                                                                                                                                565d59b0518dd807b6d46e0f51ffdcb302197f21a902986067d1f45864c2e1e39afcc287b3d7c38e67ba2eed889528aea3480c8d5bef0be0263c743e9ca282a1

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                Filesize

                                                                                                                                                                1KB

                                                                                                                                                                MD5

                                                                                                                                                                be55e17456d31b1fcd84d721238f5b0d

                                                                                                                                                                SHA1

                                                                                                                                                                b21f68268b63e48328cd57c5edeb4c8b27ab7548

                                                                                                                                                                SHA256

                                                                                                                                                                ff582779711f31add95f2aced75c850ed4004feb0d7be2cf5667ba384f0b8176

                                                                                                                                                                SHA512

                                                                                                                                                                08daf434d909281e2d825e056b4dc9cb63f16af758a5b2ac4975c93aae7d68c1d9393347e81fd0305191597dc820d411edb780702c2f335e82dd2cc399468ff8

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                Filesize

                                                                                                                                                                1KB

                                                                                                                                                                MD5

                                                                                                                                                                2a304fd0e002578d9590817b5949a707

                                                                                                                                                                SHA1

                                                                                                                                                                b304d27fda76e28de8e445e62a034f678d19abc9

                                                                                                                                                                SHA256

                                                                                                                                                                70591f7a8abb927fdb727d48c7755b961956fc81376ebc98c533ec1a777c21e9

                                                                                                                                                                SHA512

                                                                                                                                                                15bac60cd5d142dea7ebfa64c8e484ce56a7a4dbc180074fa6b266846d70f412e978384aff019fbddce6647a4842b3fdab73eaf96d9c8ea8adb9bd348804f017

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                Filesize

                                                                                                                                                                1KB

                                                                                                                                                                MD5

                                                                                                                                                                d5d48821c5ffad69e76d78deb67e4b72

                                                                                                                                                                SHA1

                                                                                                                                                                b87a02cd54e0e68a8ff27a42ebc78901f52b3118

                                                                                                                                                                SHA256

                                                                                                                                                                826cf96a18415c77e21eb13cca69c9e4c574784808d712b7a2ed884712bef109

                                                                                                                                                                SHA512

                                                                                                                                                                c8c81080a5f850932dba13947e99f80fce98fe7ce01cb3053ac7fd3c1aaa2d5a5b555cc7892f8d26e1bb67d6c581da059872ee5cbda0e20dbf23e37c49f7ca4c

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                Filesize

                                                                                                                                                                7KB

                                                                                                                                                                MD5

                                                                                                                                                                5ee39573b93222b0d7f4acfe811189af

                                                                                                                                                                SHA1

                                                                                                                                                                a2d26ec88889d9483cff12ffa9d6be406deda62b

                                                                                                                                                                SHA256

                                                                                                                                                                a326bb4b5982d36ba9dcd0cce21c495bf6f66711a86dd1342e62c88d827e66a5

                                                                                                                                                                SHA512

                                                                                                                                                                3f27388c9c71b633cbece6a82e52aea8904525c7a6cc42cc44af1a6d7094083648b16a2ae8ff52920eb64222dc7fbc40d22a3dcb633fcc0aac25baea911d7579

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                Filesize

                                                                                                                                                                5KB

                                                                                                                                                                MD5

                                                                                                                                                                c60fb313a0e0889111f1ef560fee3f8a

                                                                                                                                                                SHA1

                                                                                                                                                                2ab5d100d63f40a58dfc3040ec59f095e71fad8d

                                                                                                                                                                SHA256

                                                                                                                                                                6bcaca37a61ee279bddfd279d50b88b49aab33bfa4427e273c50127aeb2c7c12

                                                                                                                                                                SHA512

                                                                                                                                                                1fcf3c86dc03b0b8e23324d2ad8451d6e83a32d679f170c637604ed2172e6dcdb8a2d95266ccea6274ebe48988888513ef5d55ef0a0699ec46a0b2a4c810ace9

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                Filesize

                                                                                                                                                                6KB

                                                                                                                                                                MD5

                                                                                                                                                                2c2b471bd93fc42a408fc293ade74e72

                                                                                                                                                                SHA1

                                                                                                                                                                132babb1f2b737c7f7fc048ce381bc6b2b9f2686

                                                                                                                                                                SHA256

                                                                                                                                                                0f38299030726a095bc5581a3c1c68a914480bfbb9edc28be68e785fdf879df4

                                                                                                                                                                SHA512

                                                                                                                                                                196917ebfb64c58e3a304da6efcb611e03988f9a5bd214b3e7e1b01d4669da69e09f919ad72c601aaef723522d18afa90be12da5dfd3e528656ae28a03a53acc

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                Filesize

                                                                                                                                                                6KB

                                                                                                                                                                MD5

                                                                                                                                                                92030c10e4c80db1af182e4e66bdd59a

                                                                                                                                                                SHA1

                                                                                                                                                                4ccc662c79579961b45fb87f5293d5a21ef3cda1

                                                                                                                                                                SHA256

                                                                                                                                                                b98229d5e7e7d2b29663c7f0b6ffdda2852f39a348c4336c224a62940e8b36f3

                                                                                                                                                                SHA512

                                                                                                                                                                054dd102256f37cc34cfed2c32b48b9a6b28ec1bcda99af56039ed94325950fba208af473e53140fd6e53bcbd9d230665634d4be957c80fb8297a082bf6771bf

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                Filesize

                                                                                                                                                                6KB

                                                                                                                                                                MD5

                                                                                                                                                                0dae39bfecdef82dbc2dd152fd7ca219

                                                                                                                                                                SHA1

                                                                                                                                                                d41130cdf1d2cf1e61a117e39a3fa497c99cfc79

                                                                                                                                                                SHA256

                                                                                                                                                                2dbd79ce32c5e10c622dbf13c1dee34d34075581bc46419af83c3eaac9fc7bf9

                                                                                                                                                                SHA512

                                                                                                                                                                c9181700f38be20dfae82f6aa1be55416e8a921ff5214eb334c72c63b1420eff5273ea614b3a733b0a386b0e4e4404bca6bea1aaf52a8eccf1ec8330e06c932e

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                Filesize

                                                                                                                                                                7KB

                                                                                                                                                                MD5

                                                                                                                                                                b86abe8b4146b9e5bea2f01bf10eb676

                                                                                                                                                                SHA1

                                                                                                                                                                6c02793c98d90ecda1730c90109f31f91545830b

                                                                                                                                                                SHA256

                                                                                                                                                                db2ad428ce65cb5b9b66772c1d003e9752ce9450ca5c5633fb73a43436052767

                                                                                                                                                                SHA512

                                                                                                                                                                93a7fef4721b20acd60df22e900f3f732cf687840125d6ad73d76633c36eec7cffb3e7f98c4d011977cf05e9dcb7eedfa1bf46e172a4edacc2db6527af3425db

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                Filesize

                                                                                                                                                                7KB

                                                                                                                                                                MD5

                                                                                                                                                                41aea13025bc42bcae77bc5e3cb5b2da

                                                                                                                                                                SHA1

                                                                                                                                                                0872baab71769fc8fc586873f23e8b890afab742

                                                                                                                                                                SHA256

                                                                                                                                                                715b8c2aee3957555abd2566b7eca71bfd9f86c3c1a03c0da6c337048adefb3e

                                                                                                                                                                SHA512

                                                                                                                                                                091d47f89f45fed051681bf63056be8f1de71d78a62af821ff4dfb7af9d0418452f0dd6d56ff50ce0558babaa1f5589202337de2e2c2cb371e65a8cd5c059cc5

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                Filesize

                                                                                                                                                                6KB

                                                                                                                                                                MD5

                                                                                                                                                                a555e8b58a23e5c99f91b11dd8f11093

                                                                                                                                                                SHA1

                                                                                                                                                                7f92285955ce3815b893c79b4156badec743f135

                                                                                                                                                                SHA256

                                                                                                                                                                2d9ef2f64b770ec9323a5e3df4ea5a2b853142c17769dc88c25d1ebc4bb2ba8e

                                                                                                                                                                SHA512

                                                                                                                                                                1f87d1a3506ee66294e6e7c7fe33f8343c3dd1831d8985dd1aeaff4277ba28517f40e5bd025ae719879c7279723799783e37f5fa525221fa6d619f02f04e37aa

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                Filesize

                                                                                                                                                                7KB

                                                                                                                                                                MD5

                                                                                                                                                                df57390ccb1e6e93f940d563dde745da

                                                                                                                                                                SHA1

                                                                                                                                                                5a43ebaeca306099777f89b0bd9db3e46f4fe187

                                                                                                                                                                SHA256

                                                                                                                                                                fcefabccb7cf74f64a0d75846d331cdcb7edcc92fd1fa42388973ef984251331

                                                                                                                                                                SHA512

                                                                                                                                                                22b17b98f7e030d82b5a34ea5fc3e4ae387ca4e011fec79ebcc692a60af150f6cec2fce3271e81718714548fb25fae16ca0450faaf13b0f08c93fc7faafd67da

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                Filesize

                                                                                                                                                                1KB

                                                                                                                                                                MD5

                                                                                                                                                                45f6d4f7494a2569caf6a3d1caa35cdc

                                                                                                                                                                SHA1

                                                                                                                                                                00e3ff8180d4a0f0cc3a8e9fb53727a683c20abc

                                                                                                                                                                SHA256

                                                                                                                                                                09828ef85597594f932d8a278b3e02e819ac02d0ee984cedee75dab2e5e92d80

                                                                                                                                                                SHA512

                                                                                                                                                                a33ba178db1bd83aa274c17e73c37654ff47039a79ee506abb1a3a803356d9b646f28f5a74a9b61fc84b5cb97389976930dae3a8bfca9debbae19fa1d2d7fab3

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                Filesize

                                                                                                                                                                1KB

                                                                                                                                                                MD5

                                                                                                                                                                f28a7725ae12472e3dfcc77c04230cd8

                                                                                                                                                                SHA1

                                                                                                                                                                ade28cc0cc247b0876701b4893329ea571495a64

                                                                                                                                                                SHA256

                                                                                                                                                                3a59d53dd6cbcd7f218e1eda38ab4ff183f4c8d8f5033749acafd7717a4b9388

                                                                                                                                                                SHA512

                                                                                                                                                                315d3095471785fd8615db466a79ce0cd0fba681b5990aeb2978989b409730b135207f7ee504efa92ae03193e636f8a1731c12f0c76235f0dd587f29fec1bf61

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                Filesize

                                                                                                                                                                1KB

                                                                                                                                                                MD5

                                                                                                                                                                351baeda93755007ae6cb4eec58e420e

                                                                                                                                                                SHA1

                                                                                                                                                                02252a7b0782e6a040c548fc7181ce79b37b72e6

                                                                                                                                                                SHA256

                                                                                                                                                                248f51305d10749df57b74b728c1f9e8e04fc8fa3c104b56d9bdb7b091a61b04

                                                                                                                                                                SHA512

                                                                                                                                                                da56212e2a1b6958d045a6d51e2f84761eda3b697f4c6458fa5e1e37e6350ec3fc6b7837f93247822c5932dc8372e13374e5959662a44818eb1a81f37bd2f34c

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                Filesize

                                                                                                                                                                1KB

                                                                                                                                                                MD5

                                                                                                                                                                36c09bc021d3796157f31cddcf3c997f

                                                                                                                                                                SHA1

                                                                                                                                                                93e13e65f23f07e8e79b22f71826ab6240951611

                                                                                                                                                                SHA256

                                                                                                                                                                5e4bdfcd7a8e16d890d0c30c7754c9c756e4795a544dfb68dc06ba5f1bb1406b

                                                                                                                                                                SHA512

                                                                                                                                                                04988dfe39d39205c2d0a8983bf108247084450b68a585bcfc138d81a4505493bad37fbb8040424d67810f8317196fc30b50f639633c11444bf4f2ebb07af9ec

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                Filesize

                                                                                                                                                                1KB

                                                                                                                                                                MD5

                                                                                                                                                                b6240b239e67a8c9a9f20689264c91dc

                                                                                                                                                                SHA1

                                                                                                                                                                6df24f694de9006073b90043caca74623683a7af

                                                                                                                                                                SHA256

                                                                                                                                                                64acbe974b899c583c99f913141bff71325577ed47ca72199856d92b5cbc6354

                                                                                                                                                                SHA512

                                                                                                                                                                831faa1cdd93eba3b847b61232469562bef673c15263d072b9140dff7750e178b3304d9d7959764e0858ca37289d7d861cc5dc51183a382440cbe80ac85e53bd

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                Filesize

                                                                                                                                                                1KB

                                                                                                                                                                MD5

                                                                                                                                                                92c2d33b398495f7c9d0b8607cb38584

                                                                                                                                                                SHA1

                                                                                                                                                                18d8b27e409b4185fea5d3801ae83d55f815333e

                                                                                                                                                                SHA256

                                                                                                                                                                b036fdf1f61b60061f33bdf3508b481608fd5493189d99b1aa720b30162f25e9

                                                                                                                                                                SHA512

                                                                                                                                                                e177e20620a525a7f67849a4c7cd4d66b45fbec340b26ed5d704540733e6d80207fb0465721fdfdd9bd3853c53137606b654718ec8e11e85d98e9515f7e7a78d

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f9f0.TMP
                                                                                                                                                                Filesize

                                                                                                                                                                536B

                                                                                                                                                                MD5

                                                                                                                                                                e22a09feb47cf6c6c77234b56993b541

                                                                                                                                                                SHA1

                                                                                                                                                                91a309e36462e5ab50d7ae3be270389963b1d3f7

                                                                                                                                                                SHA256

                                                                                                                                                                6ca6ec48edb1d11e2489cd625bc39e3129d26c7147c1180eda7b018674ab093d

                                                                                                                                                                SHA512

                                                                                                                                                                e42b63d00e24222f1ff1201a108786fc332628f4fd9ab824e5a5c4e66f69fc0a2c687d389a15f352942df1c6f2ff6184379e55d95ac393409113093b4de999b8

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                                                Filesize

                                                                                                                                                                16B

                                                                                                                                                                MD5

                                                                                                                                                                6752a1d65b201c13b62ea44016eb221f

                                                                                                                                                                SHA1

                                                                                                                                                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                                                                SHA256

                                                                                                                                                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                                                                SHA512

                                                                                                                                                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                Filesize

                                                                                                                                                                12KB

                                                                                                                                                                MD5

                                                                                                                                                                58c840737623654504aa45773f80db72

                                                                                                                                                                SHA1

                                                                                                                                                                fabaab1ef4a3e4f4e4c3969305036f5a96e86f01

                                                                                                                                                                SHA256

                                                                                                                                                                2e2a8667eb640460d7bad1e46f8de4fee311955b5a524d1af7bf2a06b83f4480

                                                                                                                                                                SHA512

                                                                                                                                                                5ea21a74701d28ba5dedc8018fa46a1d1f5c2c0133eef1e590debcbd21594f5814811af3d3219383777a7410dd8975d4c20c8f84102a490b1e4acc7d644bc90a

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                Filesize

                                                                                                                                                                12KB

                                                                                                                                                                MD5

                                                                                                                                                                41a9e7cafdf9d23193916a741de3cc18

                                                                                                                                                                SHA1

                                                                                                                                                                ba2f08fc58e0a1d83d578db5cbac37c9d734855e

                                                                                                                                                                SHA256

                                                                                                                                                                010b7f15135e7b4f72e2105dbb717dcff4abe8e51499e56da3bbba2d6414a81e

                                                                                                                                                                SHA512

                                                                                                                                                                1d224c5cc05c86f8425c7953b1256b5b1416c8f96d22f4157a082a3cf5343d1abbd7873c466b590f7c67673a1026dcf31848d3c9c3b76af06744bbe0ef640707

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                Filesize

                                                                                                                                                                10KB

                                                                                                                                                                MD5

                                                                                                                                                                f81e4aea58ebe02a615d4375a5b43274

                                                                                                                                                                SHA1

                                                                                                                                                                5c05bbe118b3793c8e80b9470d81ce86f7a34926

                                                                                                                                                                SHA256

                                                                                                                                                                870059d58955436a4d1e5053760b53fb4e27ad2911e6b81414d42468c6faaa6d

                                                                                                                                                                SHA512

                                                                                                                                                                1dba50ee0b743ba1706d3894a31b44a8d9a68c838bf83e6136651578e12b101a468839239441eb9e9a1e982c3b0cc13f0969352288e082f7fa498f0550032989

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                Filesize

                                                                                                                                                                12KB

                                                                                                                                                                MD5

                                                                                                                                                                2c80dc6f02e450d145cac5e9fa9fae07

                                                                                                                                                                SHA1

                                                                                                                                                                09077a100ec4ab28adebe69eacee022814f07fdb

                                                                                                                                                                SHA256

                                                                                                                                                                854eb8e5fde71061636a30abac179748dcf6ae1dd30545cb2a013d2f968ad023

                                                                                                                                                                SHA512

                                                                                                                                                                2012f54476f52d1a075eb5d08b012359a7a7969cd7aa397aee60a76e536f3c60464da1d81cf3f81833a33ee8c79d7310c5e32469bdba7128843c059bdab5122c

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                Filesize

                                                                                                                                                                12KB

                                                                                                                                                                MD5

                                                                                                                                                                902d198cfc1d5278753c348361a174c8

                                                                                                                                                                SHA1

                                                                                                                                                                056db6f94fadabb1dae9ad714ea5d62cae42b9f2

                                                                                                                                                                SHA256

                                                                                                                                                                7779f92a97dd3ffc5e8b175501de91da184e9c630c13a4a32781e3351f8777ad

                                                                                                                                                                SHA512

                                                                                                                                                                9e33d700ae2e796b78b21be11d23b32ffc43e1b94e7718d1877592b00afeb3e0a9924b066f8cc3015e2d6b2e8c4a1cd5c410f96543926842bbedc426ab21d302

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                Filesize

                                                                                                                                                                12KB

                                                                                                                                                                MD5

                                                                                                                                                                3fe50f8d3179c4ec4c62dbaa5e77765d

                                                                                                                                                                SHA1

                                                                                                                                                                aa5f2a056ad5a7cef05151f4c110531c9863dc5a

                                                                                                                                                                SHA256

                                                                                                                                                                c437d5f3872c3766379fb8ca2bb506779a187c4541070fea32009f5d02c11ee3

                                                                                                                                                                SHA512

                                                                                                                                                                a00f3d4e9b10e589a6f4008b8c99ebb5ba2443d2556940247fc207dbc6d08a71c066020bddecc0bfb1a1c43f80c43d26536d4724c290ad9ad07883a981c2bd33

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
                                                                                                                                                                Filesize

                                                                                                                                                                64KB

                                                                                                                                                                MD5

                                                                                                                                                                987a07b978cfe12e4ce45e513ef86619

                                                                                                                                                                SHA1

                                                                                                                                                                22eec9a9b2e83ad33bedc59e3205f86590b7d40c

                                                                                                                                                                SHA256

                                                                                                                                                                f1a4a978ce1c4731df1594043135cf58d084fdf129dd1c8e4507c9e06eac5ea8

                                                                                                                                                                SHA512

                                                                                                                                                                39b86540e4d35c84609ef66537b5aa02058e3d4293f902127c7d4eac8ffc65920cb5c69a77552fc085687eed66e38367f83c177046d0ecb8e6d135463cc142aa

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
                                                                                                                                                                Filesize

                                                                                                                                                                9KB

                                                                                                                                                                MD5

                                                                                                                                                                7050d5ae8acfbe560fa11073fef8185d

                                                                                                                                                                SHA1

                                                                                                                                                                5bc38e77ff06785fe0aec5a345c4ccd15752560e

                                                                                                                                                                SHA256

                                                                                                                                                                cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

                                                                                                                                                                SHA512

                                                                                                                                                                a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\Icon_1.ico
                                                                                                                                                                Filesize

                                                                                                                                                                1KB

                                                                                                                                                                MD5

                                                                                                                                                                0e581dbc510cb867773d322c22275703

                                                                                                                                                                SHA1

                                                                                                                                                                e77c65e5afa7147740b9153a536ac6e7fcb8a6e0

                                                                                                                                                                SHA256

                                                                                                                                                                498446f91da7facd85ec64a4b009ebd3b37df82ed8ea72634f853887689cf6d9

                                                                                                                                                                SHA512

                                                                                                                                                                ce16d74e3b90bd68f407b9269c755c53960d74b6234a775e05960ebfc3655098972bde2f2c6786060bb421de2e5fec889c1b3b3493215000e2e4af5fda6918e8

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.rc
                                                                                                                                                                Filesize

                                                                                                                                                                23B

                                                                                                                                                                MD5

                                                                                                                                                                0242dcc2276a78bad128831c3658e05d

                                                                                                                                                                SHA1

                                                                                                                                                                7f1cbfe2bbe0a88839b5bb988d83aab24b6af559

                                                                                                                                                                SHA256

                                                                                                                                                                efd2129c933ee2233bf7fc74e640c0b01d9aee82a9bd08088528fe366c2d77c8

                                                                                                                                                                SHA512

                                                                                                                                                                ac308ec35d4b9e3c3b4e3ce57c1459158f2f82cf0999f4a7b99c58f2431c9e096c59f493285e4f0331430ab3cc22e4d17c35791e21b177384d0f770ab053eb79

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.res
                                                                                                                                                                Filesize

                                                                                                                                                                32B

                                                                                                                                                                MD5

                                                                                                                                                                45d02203801ec5cae86ed0a68727b0fa

                                                                                                                                                                SHA1

                                                                                                                                                                1b22a6df3fc0ef23c6c5312c937db7c8c0df6703

                                                                                                                                                                SHA256

                                                                                                                                                                5e743f477333066c29c3742cc8f9f64a8cb9c54b71dbc8c69af5025d31f8c121

                                                                                                                                                                SHA512

                                                                                                                                                                8da0bf59066223aab96595c9fbf8532baa34f1f9c2c0dee674d310a82677b6c7d6a1cc0bbaa75262b986d2b805b049ec3a2bfb25a9ae30fe6d02e32660f15e83

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\icons.res
                                                                                                                                                                Filesize

                                                                                                                                                                1KB

                                                                                                                                                                MD5

                                                                                                                                                                2283046ca6c89d23349a4ed76964e188

                                                                                                                                                                SHA1

                                                                                                                                                                786a12ad143db960a78ee4e926c6db0153da4245

                                                                                                                                                                SHA256

                                                                                                                                                                ed680a08263dbb1e2a66f9d41e6f2bba9a5a6805ce178326d9af1d3316c9e135

                                                                                                                                                                SHA512

                                                                                                                                                                f5fb87e4fc3d75471a31302f2c68fb6ac82d5fe691b81dafe3a11a17fcd9ca5cb5ee68b96d61ee306cded4ee371df4024fcc2beac882111825053ca3c2d8ab02

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.exe
                                                                                                                                                                Filesize

                                                                                                                                                                861KB

                                                                                                                                                                MD5

                                                                                                                                                                66064dbdb70a5eb15ebf3bf65aba254b

                                                                                                                                                                SHA1

                                                                                                                                                                0284fd320f99f62aca800fb1251eff4c31ec4ed7

                                                                                                                                                                SHA256

                                                                                                                                                                6a94dbda2dd1edcff2331061d65e1baf09d4861cc7ba590c5ec754f3ac96a795

                                                                                                                                                                SHA512

                                                                                                                                                                b05c6c09ae7372c381fba591c3cb13a69a2451b9d38da1a95aac89413d7438083475d06796acb5440cd6ec65b030c9fa6cbdaa0d2fe91a926bae6499c360f17f

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.ini
                                                                                                                                                                Filesize

                                                                                                                                                                291B

                                                                                                                                                                MD5

                                                                                                                                                                a4b2f7b9b22de64af6f23dfbf6c17b3d

                                                                                                                                                                SHA1

                                                                                                                                                                e887f6639e7246aff18b1178dbe5a6192198395e

                                                                                                                                                                SHA256

                                                                                                                                                                2b520f2ad4d97486ceda159e25110b23b13be7b635a21376c31f72f5f1e73122

                                                                                                                                                                SHA512

                                                                                                                                                                4a15176727b862ff4d631e0565017d527acdae3fff01f60c0575f4aba06ed5b03bbcfd0c81eef6b5e61c6820776ee650c55bc2787e24fae7755375e11616985c

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.ini
                                                                                                                                                                Filesize

                                                                                                                                                                330B

                                                                                                                                                                MD5

                                                                                                                                                                505a58977f0bd5542fcf8f73810d584b

                                                                                                                                                                SHA1

                                                                                                                                                                f1fb32f008bfb1de1108af9a4949b84880c12949

                                                                                                                                                                SHA256

                                                                                                                                                                3fa1bff72495582f12cb343f78c091d0d0ddf116dca25875c448c05c392b1b96

                                                                                                                                                                SHA512

                                                                                                                                                                9d56e8e82d61e7e79f4f30ac2ac7aee084877406d7463f789a66a58d3e47f21c7fa4a3aa43ae54fff98828f425afea6a87b99560a3724129e513d3f604bc5cb3

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.ini
                                                                                                                                                                Filesize

                                                                                                                                                                368B

                                                                                                                                                                MD5

                                                                                                                                                                8c2bc5be121f832a27462fc8fcaff47c

                                                                                                                                                                SHA1

                                                                                                                                                                ab4e41c0ff82ab19c186bbc3f71d4ef8342b98dc

                                                                                                                                                                SHA256

                                                                                                                                                                6b510d3a47c6aa9f0b258d5c01e4e1a25662d5f2ba65305b9c4c0968adc37967

                                                                                                                                                                SHA512

                                                                                                                                                                ac70446384567fd1bb45c6d7da7fb5bb871ef7c80dc78472533b98fecf3ac0cf9e1b4ff2aeb634dc8c410d7d2437d51e60818c68342fd678df86f5183a8e73bc

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.ini
                                                                                                                                                                Filesize

                                                                                                                                                                412B

                                                                                                                                                                MD5

                                                                                                                                                                c23d7206b436557a5e6b38987e91ebcb

                                                                                                                                                                SHA1

                                                                                                                                                                a9424ed7541094d430f41c7e4d26df98c7180a9a

                                                                                                                                                                SHA256

                                                                                                                                                                633a6fbaaa13036b445decdc727efbfb89812d45689a3dc9d3890cb8bd47226b

                                                                                                                                                                SHA512

                                                                                                                                                                169091f32e8f51a993995b186f10184173cd9e76993e26ab50da64c481d4868824b97f673044588d1dcff8aa1d896d97ede6ff214857f8e00e2f0e759939c70f

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.ini
                                                                                                                                                                Filesize

                                                                                                                                                                411B

                                                                                                                                                                MD5

                                                                                                                                                                97ea09a08d3a0af5e956bee7b206431d

                                                                                                                                                                SHA1

                                                                                                                                                                7f5981536ee1d9e127cc30e0d084e6d81f27f0d9

                                                                                                                                                                SHA256

                                                                                                                                                                76c53cd9e4b76e73aa3b8a1caaa25be0a4c64646b770921bc1721916c4cdc109

                                                                                                                                                                SHA512

                                                                                                                                                                1987a36ef878d79da41e83a00683737fe9db475f02560f60519c03e2c8aa1df5ff2e5595a50b797ce1bb0a7f170e5a1357f85b5b27c3616e0828fadf4b8509f0

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.log
                                                                                                                                                                Filesize

                                                                                                                                                                246B

                                                                                                                                                                MD5

                                                                                                                                                                e5e25d5845ba4dd1ccfad0e6e2ad9713

                                                                                                                                                                SHA1

                                                                                                                                                                b1bf43f1063edad63484976fbeef841291b02f5b

                                                                                                                                                                SHA256

                                                                                                                                                                02cedb56642f85d77aa56e15af3b3b327060038e56485288387905c9eb94c3c3

                                                                                                                                                                SHA512

                                                                                                                                                                ea8d47b86f6bfa60e75b54cdb4a6891b19ea0d68ac50bd2190555c5ae1ab1ea96a60ebeb04e97c461f856bc0f863197feb21250e5980cc1bf6552cd02d113ea3

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.log
                                                                                                                                                                Filesize

                                                                                                                                                                245B

                                                                                                                                                                MD5

                                                                                                                                                                9929b69f0e1ba3eb685b55bb98067c33

                                                                                                                                                                SHA1

                                                                                                                                                                d3cbee803341a5144b3702bd2f5942beb5098aba

                                                                                                                                                                SHA256

                                                                                                                                                                60a1068ff41511b0b83ca21a83eec86906ee7d0708cea2eced909b88ae6e5af4

                                                                                                                                                                SHA512

                                                                                                                                                                c4200b49b160c8ded5853ed4d08d6abb2e34535d326bcdfcc700872cf976f3b15390195d7c65db920835eded3f25610e3180e66b2c8cec7fcd0b2c97609e4a06

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.log
                                                                                                                                                                Filesize

                                                                                                                                                                251B

                                                                                                                                                                MD5

                                                                                                                                                                ab4806209c945d3c4a34819a757c2d5d

                                                                                                                                                                SHA1

                                                                                                                                                                2684b98dc0ed8699665cb9664b55b9bfdc5dc7ca

                                                                                                                                                                SHA256

                                                                                                                                                                5c9363b8a8dc801cce4935e3ce38aa4ce0baa54baac9c3a40c4f9a9154d041bf

                                                                                                                                                                SHA512

                                                                                                                                                                dd339e1500378ff4a65a45bc1919bd37c10159864d3d302dc40a8ea1ff6f444c05410412246f21213392e467f236850cceaf7d997190fdc97654d434dea3a000

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.log
                                                                                                                                                                Filesize

                                                                                                                                                                289B

                                                                                                                                                                MD5

                                                                                                                                                                48824c0277deafd9e18c42848ce9eae6

                                                                                                                                                                SHA1

                                                                                                                                                                3bb7d678e8198a70352097a84969db2573d1d0c7

                                                                                                                                                                SHA256

                                                                                                                                                                cc4fe3d5819fc4776eea7002bd56c69b3f78739c5e6b1ce2dc9087467d846af1

                                                                                                                                                                SHA512

                                                                                                                                                                ed0231f08a7b66aa1cec1f6ee1086c934dc4c2b6c426b367a34a1269d49feaa7f020eaa6f0a8e0fef8a6a9a7f2560a52d5376551885bc078953c59f9755f6262

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\svchost.log
                                                                                                                                                                Filesize

                                                                                                                                                                288B

                                                                                                                                                                MD5

                                                                                                                                                                7cd7eb859516af412a47b156bc7ff242

                                                                                                                                                                SHA1

                                                                                                                                                                3d3eaa9a5c1090edfacea98ff1631a8c53ecd758

                                                                                                                                                                SHA256

                                                                                                                                                                78c320db429f8d3c4fdc591153c6f03aed3469252416aefb6f08ef12c9ebd538

                                                                                                                                                                SHA512

                                                                                                                                                                25e5e1753cc30ec1c1d97629ec67915dc46794ef0f1428bcf7db55c7ab2e1b0b02e39c07cf90d7598829e0ec5b2d2408b8a66d35b657746121df73aa01556f0d

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\taskhost.exe
                                                                                                                                                                Filesize

                                                                                                                                                                4.1MB

                                                                                                                                                                MD5

                                                                                                                                                                c6391727ae405fb9812a8ad2a7729402

                                                                                                                                                                SHA1

                                                                                                                                                                83693dc297392c6a28f7f16d23414c6d62921711

                                                                                                                                                                SHA256

                                                                                                                                                                d98fbfca17f194400d19111e4813340e6666b254b99f833739b661a4d2d0217c

                                                                                                                                                                SHA512

                                                                                                                                                                7a4e2ff93d853415d433f5e90b36959c78b77590aa1fa00753831eb4d01cb1a972bb9e39eb8dee5b216005e7709eacda51c0c410aacfe37fcdb163603fd36570

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\taskhost.ini
                                                                                                                                                                Filesize

                                                                                                                                                                44B

                                                                                                                                                                MD5

                                                                                                                                                                dbfea325d1e00a904309a682051778ad

                                                                                                                                                                SHA1

                                                                                                                                                                525562934d0866f2ba90b3c25ea005c8c5f1e9fb

                                                                                                                                                                SHA256

                                                                                                                                                                15a3a3303b4a77272ddb04454333a4c06aa2a113f210ba4a03314026e0821e6d

                                                                                                                                                                SHA512

                                                                                                                                                                cd853c67c2b1a44c3f592ff42d207b2251e8b9bc1eb22fc12cd710329069ef75abffccd169418c4f9bd008a40f2fbbfc6904519f27fd658f316309f94b8ff59c

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\taskhost.log
                                                                                                                                                                Filesize

                                                                                                                                                                716B

                                                                                                                                                                MD5

                                                                                                                                                                3cd225e3c91b22674006fbb071f3b4f8

                                                                                                                                                                SHA1

                                                                                                                                                                8a897ae75a7085621edba5fef30e040830b75109

                                                                                                                                                                SHA256

                                                                                                                                                                2f5da2bc0f4d0532ae69ae2879662dd72d933338640c06aef8b824fe7bfb897d

                                                                                                                                                                SHA512

                                                                                                                                                                9ee3cfe21209b86f8437c9b83ba2b41bd569f708e54597f08a299ae8a24af6fef485ae2afd4f365ab66d08f745cbce47dda2ca416914ea425454175e7d0c6da4

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\8b35f0c0dadb4ba78ff951307992a5ec\taskhost.log
                                                                                                                                                                Filesize

                                                                                                                                                                716B

                                                                                                                                                                MD5

                                                                                                                                                                a7a07ab148fff491f4b12b06c880c8fc

                                                                                                                                                                SHA1

                                                                                                                                                                efd1112e6d08b22e244cd6a5cd3ebd226ae69ea5

                                                                                                                                                                SHA256

                                                                                                                                                                9605b7f16934db69823b82a6ac860eff44860559640eaee2a36f24d945951f54

                                                                                                                                                                SHA512

                                                                                                                                                                dae8a602b489e080cad61e1306898c671cd0d5e26480e604ac3b8892c4cf1fac37286b16810c9d136edb47c4d73d39ec8aaca20456eabe73c9a2584e4136d103

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\RGIA4C3.tmp
                                                                                                                                                                Filesize

                                                                                                                                                                24KB

                                                                                                                                                                MD5

                                                                                                                                                                dd4f5026aa316d4aec4a9d789e63e67b

                                                                                                                                                                SHA1

                                                                                                                                                                fe41b70acbcba7aa0b8a606fe82bcfde9a7bf153

                                                                                                                                                                SHA256

                                                                                                                                                                8d7e6cee70d6035c066b93143461d5f636e144373f5c46bc10a8935d306e0737

                                                                                                                                                                SHA512

                                                                                                                                                                3f18e86d8d5119df6df0d914ebf43c1a6dadb3fdeff8002940a02d0a3d763e779068a682ee6bafe650b6c371d4be2e51e01759ec5b950eef99db5499e3a6c568

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\RGIA4F6.tmp
                                                                                                                                                                Filesize

                                                                                                                                                                3KB

                                                                                                                                                                MD5

                                                                                                                                                                a828b8c496779bdb61fce06ba0d57c39

                                                                                                                                                                SHA1

                                                                                                                                                                2c0c1f9bc98e29bf7df8117be2acaf9fd6640eda

                                                                                                                                                                SHA256

                                                                                                                                                                c952f470a428d5d61ed52fb05c0143258687081e1ad13cfe6ff58037b375364d

                                                                                                                                                                SHA512

                                                                                                                                                                effc846e66548bd914ad530e9074afbd104fea885237e9b0f0f566bd535996041ec49fb97f4c326d12d9c896390b0e76c019b3ace5ffeb29d71d1b48e83cbaea

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
                                                                                                                                                                Filesize

                                                                                                                                                                1KB

                                                                                                                                                                MD5

                                                                                                                                                                c8b78bb29b57daa9a16cd0814a31bd81

                                                                                                                                                                SHA1

                                                                                                                                                                280c8d2c905ba36a5c282824418b4edd5bfe1904

                                                                                                                                                                SHA256

                                                                                                                                                                efcca0593661425f880cf39f2bb928ec7bee59c894a27ea81bf118d76b450fce

                                                                                                                                                                SHA512

                                                                                                                                                                a294014f756002e78a575c995987bf427a4de5201e754a85106db19db1ca81a10bf5b40c7da44f2d60d52f2be19673c575a92e13e2d31d74f9fa2e67f291e8e8

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip
                                                                                                                                                                Filesize

                                                                                                                                                                12KB

                                                                                                                                                                MD5

                                                                                                                                                                8ce8fc61248ec439225bdd3a71ad4be9

                                                                                                                                                                SHA1

                                                                                                                                                                881d4c3f400b74fdde172df440a2eddb22eb90f6

                                                                                                                                                                SHA256

                                                                                                                                                                15ef265d305f4a1eac11fc0e65515b94b115cf6cbb498597125fa3a8a1af44f5

                                                                                                                                                                SHA512

                                                                                                                                                                fe66db34bde67304091281872510354c8381f2d1cf053b91dcd2ff16839e6e58969b2c4cb8f70544f5ddef2e7898af18aaaacb074fb2d51883687034ec18cdd9

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\BitcoinMiner.bat
                                                                                                                                                                Filesize

                                                                                                                                                                317B

                                                                                                                                                                MD5

                                                                                                                                                                6ce70b2d287754512649d503249d4c56

                                                                                                                                                                SHA1

                                                                                                                                                                d758e05638dc3482fb0c7dcc4e58bc650ce1d802

                                                                                                                                                                SHA256

                                                                                                                                                                22c4d5abeb6c20727c9514cedb2b004606ccd0fcb6b3b9306d8e06c8f3c03722

                                                                                                                                                                SHA512

                                                                                                                                                                34ac5988a1ae6ccc4510cf62e160b9d154a68f923819ce7e6c05b5db9a88fd72c58b6e455347395d918f1169139c4a7e49ec2ddcee74dbc9dbece652b91d8af8

                                                                                                                                                                Download Submit
                                                                                                                                                              • C:\note.txt
                                                                                                                                                                Filesize

                                                                                                                                                                218B

                                                                                                                                                                MD5

                                                                                                                                                                afa6955439b8d516721231029fb9ca1b

                                                                                                                                                                SHA1

                                                                                                                                                                087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

                                                                                                                                                                SHA256

                                                                                                                                                                8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

                                                                                                                                                                SHA512

                                                                                                                                                                5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

                                                                                                                                                                Download Submit
                                                                                                                                                              • \??\pipe\LOCAL\crashpad_1788_FXVEKKPMFKKKAAIY
                                                                                                                                                                MD5

                                                                                                                                                                d41d8cd98f00b204e9800998ecf8427e

                                                                                                                                                                SHA1

                                                                                                                                                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                                                                SHA256

                                                                                                                                                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                                                                SHA512

                                                                                                                                                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                                                                Download Submit
                                                                                                                                                              • memory/692-1414-0x0000000000400000-0x000000000046D000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                436KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/692-1394-0x0000000000400000-0x000000000046D000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                436KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/692-1469-0x0000000000400000-0x000000000046D000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                436KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/692-1498-0x0000000000400000-0x000000000046D000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                436KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/692-1436-0x0000000000400000-0x000000000046D000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                436KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/692-1388-0x0000000000400000-0x000000000046D000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                436KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/692-1509-0x0000000000400000-0x000000000046D000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                436KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/944-1510-0x0000000000D40000-0x000000000137D000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                6.2MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/944-1485-0x0000000000D40000-0x000000000137D000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                6.2MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/944-1456-0x0000000000D40000-0x000000000137D000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                6.2MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/944-1505-0x0000000000D40000-0x000000000137D000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                6.2MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/1048-1135-0x0000000000400000-0x0000000000AD8000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                6.8MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/1472-1484-0x0000000000400000-0x0000000000440000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                256KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/1472-1504-0x0000000000400000-0x0000000000440000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                256KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/1472-1387-0x0000000000400000-0x0000000000440000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                256KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/1540-1134-0x0000000000400000-0x0000000000AD8000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                6.8MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/1548-1169-0x0000000005860000-0x00000000058F2000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                584KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/1548-1168-0x0000000005F10000-0x00000000064B4000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                5.6MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/1548-1167-0x0000000000A10000-0x0000000000FBC000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                5.7MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/1584-1138-0x0000000000400000-0x0000000000409000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                36KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/1584-1140-0x0000000000400000-0x0000000000409000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                36KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/1780-1266-0x0000000000400000-0x000000000084A000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                4.3MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/1848-1243-0x0000000000400000-0x000000000084A000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                4.3MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/1884-1224-0x0000000000400000-0x000000000084A000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                4.3MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/2152-1258-0x0000000000400000-0x00000000004DD000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                884KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/2192-1332-0x0000000000400000-0x000000000084A000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                4.3MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/2296-1506-0x0000000000900000-0x0000000000A0C000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                1.0MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/2296-1508-0x0000000000900000-0x0000000000A0C000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                1.0MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/2296-1507-0x0000000000900000-0x0000000000A0C000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                1.0MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/2324-1471-0x0000000000B00000-0x0000000000C0C000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                1.0MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/2324-1472-0x0000000000B00000-0x0000000000C0C000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                1.0MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/2324-1470-0x0000000000B00000-0x0000000000C0C000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                1.0MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/2432-1500-0x0000000000D00000-0x0000000000E0C000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                1.0MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/2432-1501-0x0000000000D00000-0x0000000000E0C000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                1.0MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/2432-1499-0x0000000000D00000-0x0000000000E0C000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                1.0MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/2776-1277-0x0000000000400000-0x00000000004DD000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                884KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/2864-1457-0x0000000000B90000-0x0000000000D2C000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                1.6MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/2864-1462-0x0000000010000000-0x0000000010013000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                76KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/2864-1460-0x0000000010000000-0x0000000010013000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                76KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/2864-1463-0x0000000010000000-0x0000000010013000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                76KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/2864-1459-0x0000000000B90000-0x0000000000D2C000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                1.6MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/2864-1458-0x0000000000B90000-0x0000000000D2C000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                1.6MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/3144-1190-0x0000000000400000-0x00000000004DD000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                884KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/3152-1356-0x0000000000400000-0x000000000084A000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                4.3MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/3164-1290-0x0000000000400000-0x00000000004DD000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                884KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/3192-1320-0x0000000000400000-0x000000000084A000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                4.3MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/3196-1329-0x0000000000400000-0x00000000004DD000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                884KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/3220-1237-0x0000000000400000-0x00000000004DD000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                884KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/3332-1464-0x0000000000D50000-0x0000000000E44000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                976KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/3332-1466-0x0000000000D50000-0x0000000000E44000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                976KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/3332-1465-0x0000000000D50000-0x0000000000E44000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                976KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/3512-1217-0x0000000000400000-0x00000000004DD000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                884KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/3600-1317-0x0000000000400000-0x00000000004DD000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                884KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/3764-1308-0x0000000000400000-0x000000000084A000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                4.3MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/3908-1488-0x00000000013A0000-0x00000000014AC000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                1.0MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/3908-1487-0x00000000013A0000-0x00000000014AC000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                1.0MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/3908-1486-0x00000000013A0000-0x00000000014AC000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                1.0MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/3936-1204-0x0000000000400000-0x000000000084A000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                4.3MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/4004-1344-0x0000000000400000-0x000000000084A000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                4.3MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/4032-1137-0x0000000000400000-0x0000000000454000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                336KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/4032-1136-0x0000000000400000-0x0000000000454000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                336KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/4192-1146-0x0000000000400000-0x0000000000404000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                16KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/4388-1511-0x0000000000700000-0x000000000080C000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                1.0MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/4576-1341-0x0000000000400000-0x00000000004DD000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                884KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/4796-1296-0x0000000000400000-0x000000000084A000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                4.3MB

                                                                                                                                                                Download
                                                                                                                                                              • memory/5008-1305-0x0000000000400000-0x00000000004DD000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                884KB

                                                                                                                                                                Download
                                                                                                                                                              • memory/5016-1353-0x0000000000400000-0x00000000004DD000-memory.dmp
                                                                                                                                                                Filesize

                                                                                                                                                                884KB

                                                                                                                                                                Download