hxxps://kiddion[.]net/download-menu/

Analysis

max time kernel
1438s
max time network
1442s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2023, 19:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://kiddion.net/download-menu/

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 14 IoCs

pid	Process
3736	Kiddions Modest Menu.exe
4500	Kiddions Modest Menu.exe
3752	Kiddions Modest Menu.exe
1404	Kiddions Modest Menu.exe
5032	Kiddions Modest Menu.exe
540	Kiddions Modest Menu.exe
4504	Kiddions Modest Menu.exe
4800	Kiddions Modest Menu.exe
5496	Kiddions Modest Menu.exe
5556	Kiddions Modest Menu.exe
5576	Kiddions Modest Menu.exe
2168	Kiddions Modest Menu.exe
2228	Kiddions Modest Menu.exe
5136	Kiddions Modest Menu.exe

Loads dropped DLL 18 IoCs

pid	Process
3736	Kiddions Modest Menu.exe
3752	Kiddions Modest Menu.exe
4500	Kiddions Modest Menu.exe
1404	Kiddions Modest Menu.exe
4500	Kiddions Modest Menu.exe
4500	Kiddions Modest Menu.exe
4500	Kiddions Modest Menu.exe
4500	Kiddions Modest Menu.exe
5032	Kiddions Modest Menu.exe
4800	Kiddions Modest Menu.exe
5556	Kiddions Modest Menu.exe
5496	Kiddions Modest Menu.exe
5576	Kiddions Modest Menu.exe
5496	Kiddions Modest Menu.exe
5496	Kiddions Modest Menu.exe
5496	Kiddions Modest Menu.exe
5496	Kiddions Modest Menu.exe
2168	Kiddions Modest Menu.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kiddion's Modest Menu = "C:\\Users\\Admin\\AppData\\Roaming\\Kiddion's Modest Menu\\Kiddions Modest Menu.exe"	Kiddion's Modest Menu.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133354773026338022"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings	chrome.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	Kiddions Modest Menu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Kiddions Modest Menu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Kiddions Modest Menu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Kiddions Modest Menu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Kiddions Modest Menu.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
512	chrome.exe
512	chrome.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2724	msedge.exe
2724	msedge.exe
4052	msedge.exe
4052	msedge.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
4772	identity_helper.exe
4772	identity_helper.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
748	chrome.exe
748	chrome.exe
748	chrome.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
5692	msedge.exe
5692	msedge.exe
5692	msedge.exe
5692	msedge.exe
5692	msedge.exe
5692	msedge.exe
5692	msedge.exe
5692	msedge.exe
5692	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 748 wrote to memory of 2744	748	chrome.exe	45
PID 748 wrote to memory of 2744	748	chrome.exe	45
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 624	748	chrome.exe	86
PID 748 wrote to memory of 4092	748	chrome.exe	87
PID 748 wrote to memory of 4092	748	chrome.exe	87
PID 748 wrote to memory of 1004	748	chrome.exe	88
PID 748 wrote to memory of 1004	748	chrome.exe	88
PID 748 wrote to memory of 1004	748	chrome.exe	88
PID 748 wrote to memory of 1004	748	chrome.exe	88
PID 748 wrote to memory of 1004	748	chrome.exe	88
PID 748 wrote to memory of 1004	748	chrome.exe	88
PID 748 wrote to memory of 1004	748	chrome.exe	88
PID 748 wrote to memory of 1004	748	chrome.exe	88
PID 748 wrote to memory of 1004	748	chrome.exe	88
PID 748 wrote to memory of 1004	748	chrome.exe	88
PID 748 wrote to memory of 1004	748	chrome.exe	88
PID 748 wrote to memory of 1004	748	chrome.exe	88
PID 748 wrote to memory of 1004	748	chrome.exe	88
PID 748 wrote to memory of 1004	748	chrome.exe	88
PID 748 wrote to memory of 1004	748	chrome.exe	88
PID 748 wrote to memory of 1004	748	chrome.exe	88
PID 748 wrote to memory of 1004	748	chrome.exe	88
PID 748 wrote to memory of 1004	748	chrome.exe	88
PID 748 wrote to memory of 1004	748	chrome.exe	88
PID 748 wrote to memory of 1004	748	chrome.exe	88
PID 748 wrote to memory of 1004	748	chrome.exe	88
PID 748 wrote to memory of 1004	748	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://kiddion.net/download-menu/
1⤵
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd2ff79758,0x7ffd2ff79768,0x7ffd2ff79778
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1908,i,15404770449457719293,3883906529583901791,131072 /prefetch:2
  2⤵
  PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1908,i,15404770449457719293,3883906529583901791,131072 /prefetch:8
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1908,i,15404770449457719293,3883906529583901791,131072 /prefetch:8
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1908,i,15404770449457719293,3883906529583901791,131072 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1908,i,15404770449457719293,3883906529583901791,131072 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1908,i,15404770449457719293,3883906529583901791,131072 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1908,i,15404770449457719293,3883906529583901791,131072 /prefetch:8
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1908,i,15404770449457719293,3883906529583901791,131072 /prefetch:8
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1908,i,15404770449457719293,3883906529583901791,131072 /prefetch:8
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3632 --field-trial-handle=1908,i,15404770449457719293,3883906529583901791,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5320 --field-trial-handle=1908,i,15404770449457719293,3883906529583901791,131072 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 --field-trial-handle=1908,i,15404770449457719293,3883906529583901791,131072 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 --field-trial-handle=1908,i,15404770449457719293,3883906529583901791,131072 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 --field-trial-handle=1908,i,15404770449457719293,3883906529583901791,131072 /prefetch:8
  2⤵
  PID:3752

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3108

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4788

C:\Users\Admin\Desktop\Kiddion's Modest Menu.exe
"C:\Users\Admin\Desktop\Kiddion's Modest Menu.exe"
1⤵
- Adds Run key to start application
PID:4856
- C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe
  "C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  PID:3736
- - C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe
    "C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\kiddions-modest-menu-nativefier-db65e4" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1696,i,607699053834552650,14806980168750346481,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4500
- - C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe
    "C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\kiddions-modest-menu-nativefier-db65e4" --app-user-model-id=kiddions-modest-menu-nativefier-db65e4 --app-path="C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2216 --field-trial-handle=1696,i,607699053834552650,14806980168750346481,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1404
- - C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe
    "C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\kiddions-modest-menu-nativefier-db65e4" --mojo-platform-channel-handle=1992 --field-trial-handle=1696,i,607699053834552650,14806980168750346481,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3752
- - C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe
    "C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\kiddions-modest-menu-nativefier-db65e4" --app-user-model-id=kiddions-modest-menu-nativefier-db65e4 --app-path="C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3272 --field-trial-handle=1696,i,607699053834552650,14806980168750346481,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5032
- - C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe
    "C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\kiddions-modest-menu-nativefier-db65e4" --app-user-model-id=kiddions-modest-menu-nativefier-db65e4 --app-path="C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3360 --field-trial-handle=1696,i,607699053834552650,14806980168750346481,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d1zs0ox623nh3t.cloudfront.net/public/dynamo/lockerClick.php?offer=53241792&offer_position=1&it=3847177&m=0&visitor_id=Vdbbe2734106e1&cpguid=b7c5r5vwr&hash=fe08c0cfc855c24c59ae6b6444cd41f9
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:4052
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd213e46f8,0x7ffd213e4708,0x7ffd213e4718
      4⤵
      PID:4944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2256,11532736906811099803,6734322774423735065,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
      4⤵
      PID:1872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2256,11532736906811099803,6734322774423735065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,11532736906811099803,6734322774423735065,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2
      4⤵
      PID:452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,11532736906811099803,6734322774423735065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
      4⤵
      PID:2572
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,11532736906811099803,6734322774423735065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
      4⤵
      PID:2244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,11532736906811099803,6734322774423735065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
      4⤵
      PID:3052
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,11532736906811099803,6734322774423735065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
      4⤵
      PID:1316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,11532736906811099803,6734322774423735065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
      4⤵
      PID:4740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,11532736906811099803,6734322774423735065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,11532736906811099803,6734322774423735065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
      4⤵
      PID:4688
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,11532736906811099803,6734322774423735065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2288 /prefetch:1
      4⤵
      PID:648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,11532736906811099803,6734322774423735065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
      4⤵
      PID:540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,11532736906811099803,6734322774423735065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
      4⤵
      PID:5328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,11532736906811099803,6734322774423735065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
      4⤵
      PID:5320
- - C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe
    "C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\kiddions-modest-menu-nativefier-db65e4" --app-user-model-id=kiddions-modest-menu-nativefier-db65e4 --app-path="C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3416 --field-trial-handle=1696,i,607699053834552650,14806980168750346481,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:4504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d1zs0ox623nh3t.cloudfront.net/public/dynamo/lockerClick.php?offer=53241792&offer_position=1&it=3847177&m=0&visitor_id=Vdbbe2734106e1&cpguid=b7c5r5vwr&hash=fe08c0cfc855c24c59ae6b6444cd41f9
    3⤵
    PID:4168
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd213e46f8,0x7ffd213e4708,0x7ffd213e4718
      4⤵
      PID:4456

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:2716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4984

C:\Users\Admin\Desktop\Kiddion's Modest Menu.exe
"C:\Users\Admin\Desktop\Kiddion's Modest Menu.exe"
1⤵
PID:2088

C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe
"C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4800
- C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe
  "C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\kiddions-modest-menu-nativefier-db65e4" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1684,i,683331996511044251,12370761783829250873,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5496
- C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe
  "C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\kiddions-modest-menu-nativefier-db65e4" --mojo-platform-channel-handle=1892 --field-trial-handle=1684,i,683331996511044251,12370761783829250873,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5556
- C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe
  "C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\kiddions-modest-menu-nativefier-db65e4" --app-user-model-id=kiddions-modest-menu-nativefier-db65e4 --app-path="C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2248 --field-trial-handle=1684,i,683331996511044251,12370761783829250873,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5576
- C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe
  "C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\kiddions-modest-menu-nativefier-db65e4" --app-user-model-id=kiddions-modest-menu-nativefier-db65e4 --app-path="C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3364 --field-trial-handle=1684,i,683331996511044251,12370761783829250873,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2168
- C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe
  "C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\kiddions-modest-menu-nativefier-db65e4" --app-user-model-id=kiddions-modest-menu-nativefier-db65e4 --app-path="C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3584 --field-trial-handle=1684,i,683331996511044251,12370761783829250873,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d1ph51qsmnjpvt.cloudfront.net/public/dynamo/lockerClick.php?offer=53241792&offer_position=1&it=3847177&m=0&visitor_id=Vdb15e66d892fc&cpguid=b7c5r5vwr&hash=09655dca88004c53654ec2aa8f2ee90a
  2⤵
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:5692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd213e46f8,0x7ffd213e4708,0x7ffd213e4718
    3⤵
    PID:3692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,16271171708324951337,14731575348608558100,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
    3⤵
    PID:4384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,16271171708324951337,14731575348608558100,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
    3⤵
    PID:3348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,16271171708324951337,14731575348608558100,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 /prefetch:3
    3⤵
    PID:5824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16271171708324951337,14731575348608558100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
    3⤵
    PID:5856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16271171708324951337,14731575348608558100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
    3⤵
    PID:4796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16271171708324951337,14731575348608558100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
    3⤵
    PID:6056
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,16271171708324951337,14731575348608558100,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
    3⤵
    PID:4196
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,16271171708324951337,14731575348608558100,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
    3⤵
    PID:1968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16271171708324951337,14731575348608558100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
    3⤵
    PID:1812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16271171708324951337,14731575348608558100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
    3⤵
    PID:3636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16271171708324951337,14731575348608558100,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
    3⤵
    PID:4244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16271171708324951337,14731575348608558100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
    3⤵
    PID:5936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16271171708324951337,14731575348608558100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
    3⤵
    PID:5352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16271171708324951337,14731575348608558100,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
    3⤵
    PID:4192
- C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe
  "C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\kiddions-modest-menu-nativefier-db65e4" --app-user-model-id=kiddions-modest-menu-nativefier-db65e4 --app-path="C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2272 --field-trial-handle=1684,i,683331996511044251,12370761783829250873,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d1ph51qsmnjpvt.cloudfront.net/public/dynamo/lockerClick.php?offer=53177516&offer_position=2&it=3847177&m=0&visitor_id=Vdb15e66d892fc&cpguid=b7c5r5vwr&hash=b2fa269f79de14d4f8ac0b36a74e1a33
  2⤵
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:5152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd213e46f8,0x7ffd213e4708,0x7ffd213e4718
    3⤵
    PID:5620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,5735657986097427256,1500208545041610647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
    3⤵
    PID:3032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,5735657986097427256,1500208545041610647,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
    3⤵
    PID:5812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,5735657986097427256,1500208545041610647,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3020 /prefetch:8
    3⤵
    PID:4012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,5735657986097427256,1500208545041610647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
    3⤵
    PID:4488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,5735657986097427256,1500208545041610647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
    3⤵
    PID:6064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,5735657986097427256,1500208545041610647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
    3⤵
    PID:5728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,5735657986097427256,1500208545041610647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
    3⤵
    PID:4940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,5735657986097427256,1500208545041610647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
    3⤵
    PID:1360
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,5735657986097427256,1500208545041610647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
    3⤵
    PID:4672
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,5735657986097427256,1500208545041610647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
    3⤵
    PID:5404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,5735657986097427256,1500208545041610647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
    3⤵
    PID:4128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,5735657986097427256,1500208545041610647,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
    3⤵
    PID:5052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\4919b5ef-5755-437e-90c0-b954c4bcfcb5.tmp

Filesize
110KB

MD5
e5b4f48521d3cbe8fbb822ec943bccba

SHA1
912fe9246e7dd6dc320c3af40298df48ba069f4c

SHA256
1ccfbaefe4ee8b7c394b973b6091c9594ed5ebc6cafa18c471b91d077d610850

SHA512
8b21311a1a94f5861a451d7e7d6922f75aeb217a433ecf3deb5c38dbb99d521a1d4f93bd9b713161770069e14335449b6c1c9f763f0d3021016598dd364f1c99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
39ee7b2fbff6807b4ec911b6b805f92d

SHA1
02528437f0d70ed21503bde64e1e89e8821d53f5

SHA256
bd7c02a122a21e4551b9ef3904001ee8c7cf86135791617a379495b7b5a2cffd

SHA512
40e0056affcb5512213f2fc26e4705f015533a618a923fd4102ea4d9509e3579536d2af55abeb6281c28ac0b590adec069cb3c94834f736a3172001d79b1a6c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
b3c839bf24361a64e73376182b4ddcf0

SHA1
8b0575a8e8bc208c517776f567a77a9f2fb64316

SHA256
855a469b3fb1d8cf79e1f5246deac244ff74933e2c55551da3f37ba92bd9db0e

SHA512
4ded68653556afeba211afabe1732eda10e4af47c253271fc3506457d8504576f238fea7b035d108582940aafd3130193f873b818855e6ec82f414420c00d798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d54cdad7c8135e5d52fb592129e3c892

SHA1
ba36071acf2f80d17d4a1d63ec732f8a36561cdd

SHA256
69ab926290c3250e6376a72bbf116d7dff81f119bb4d1b32fd3160e84d9ed334

SHA512
87bc7dbd6262696fdb8075fbb66c49e86022229b139a165c79aeb1a27d1ace9c46d3b0b881c3e11ad7d496a43a6a4927184821f73eb654fb3e072fb9f89d5a71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d518d1abd41cc67fb96806b81e7af954

SHA1
cc3221cd053b483447774edd9a40d4de842071f3

SHA256
3319a07456c5f0ce746a938fb21b6b603d12af042e2dd033bd9cbe7680c00fb5

SHA512
5dbe740736b00642b029c3d94825e6043edb9776d7f3231b3df3b710a4805738bc96ca8e42fb4d4853c6cc77321367078ac0cf4e7444ef1748f6652cd2e743d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
216ce5e4310b240f24ff80cd46b5633e

SHA1
3d42423724bfeb83a00c68eb5d97950a369729a2

SHA256
3d48b93e4002955153ab99bfd223995105d6699a88f9b942354cda5e6025c74e

SHA512
23092fc92b66de17f0f01af62f00ea1c564172a8515cc0bf8565498ef415c08981ea207ae02c0cdba0f7b832a98a45c314c68d94738c7060ecfdfcd3dc71485a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
0204969a38c0d7fe17299feb7084bc73

SHA1
18618fd548c800bdb084ef1b93fc299d4a012467

SHA256
5a9b310afa41d1f784315a55bce3296b3593dd24c7a947e3f67c35d0f1767176

SHA512
b8faab4d3e2e1915ea4f4e8851e9291879d677439e9bc66ecbc9bf61003890e165d6ddb67f765cbd949efad783cb7c468a350c6328dda407a558238c25fcbe3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
d0bd0effe76beb384bae3252f087a481

SHA1
1027f2f7897142ee34d2f4860766fae75323a968

SHA256
2e115ad3c8e07509894a4cfa6e3da3090a2fe0118f4f218d64e176977d520fb4

SHA512
0c8432cd826a54bd8c81b11a091878b908ae9a438708ed3d20ae64f3255c18d8c5cc50ef50d3fb9bb30fc1e5f980d0903e9c0222417e53ee8635df9cb0ec5809

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
25bb3a6b7488125721f4f1f72b908c64

SHA1
78cbe61f25af4b1c64cdcc6623abf5f4b3825ec6

SHA256
8049f0dfe5edf44f1810f1eb319c656901fc4181166106f89c66b1c41e390fb4

SHA512
b838ae9855a184c0671d92aca56e0ae2c4c915d012f181fe5f7cbf07b3880f39eed1779f2062871809548277d383492a97dff763b63ba305c7c2676d752f49f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ef473f757dfb04015567fa8002968164

SHA1
34f9b18e7bc4734ced43308611e9ae17d5a1bb30

SHA256
ddc19631dac22e5b60fb3dfaf896a89f9fe4f278ea02a484b130602f77f1823f

SHA512
2afbb2432f0e163345d5d6fdb030950f34c566c5764f8a1cb90af678e76830afa25818fd25fd89b082f99fe2d678364c0dc5d6ba5f98e1ca3c6c357c6672b9e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f02ceb3ec30082ee00025eecd3625d83

SHA1
7e955c0e7da9898ace0db7312838821eef173c64

SHA256
2b7e60d3ac9422b1a9d4cda2f1bf7648df0c9725b7ea8026572f0452defef1f7

SHA512
3d8cec65554c1687fc8218c79c19da3c4ccc0f74b6c5432ed61ac3195e9c450824ce8a8456305d3a09e92783e96bfa6eb7e21468804145ecddb6d80c68b625ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7adbea57b4571c74f1739e1fb0502e75

SHA1
08b0c7b2d2578bdb0bfee1a46f549784f7528039

SHA256
c9dace9e8c18641fddc57fd41b1c7afb30f323d9a63fed8980d48594d8f05349

SHA512
11be4c68478dfe1dc672ee18c12bd8306c06b0c03d54dda945f029152f9dd218b39daba576260e1faa0ffc2a173edec70471d8f8795df6e5cd8ec572dcda8b88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
99c553ed7acce5fe4c98a665c97135f4

SHA1
c22e865db74b0459392071e763ce653236124923

SHA256
c570de74b960511f68d3ca27413c3afc8eb713b6125bfa471f545e40a3f8d629

SHA512
dcdc1d27908980d0abdae941928b70647c96c6b6feb27a46bcb5b31550bf76b1f26954174b08c61439f98c98a71d172ca4c1bcc8a6009d603ddf25d889810942

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
c04fb6196198d76ee16b6ba8eaebefb8

SHA1
c57a76c1206f9ab352bb4f7118b149c1a2ffff8a

SHA256
fdaa6a92357430e776353941e912563929da28662b337386d942c98bf00a620d

SHA512
d0b2ce1827932fe622d68be963bb4a9f9298c718ffb51e1d3f41e8a1bb461a816ad2a122b94d0d4edec38ada51160821a9d393cab5934c3d1bb6b2ce8c1981bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
46267df3627874599ec60cf963b5e2a2

SHA1
a42e64a7baf7f656fabb8bc516b35c548ed76b37

SHA256
38f54395848e7648385d16287082ac5eeb32af1649a8ad9118aab3cd2b68bda5

SHA512
0fd7ca084778083896d50ad1c7ea51f1eac6823cfa72a792e1cd70bc88d02b667ed79ef0cc9bb0b3a4db0a09adf478b48ee8f83c18983311c6c3e31114e4e68e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
95d2e4a87833c1d4806552890e5cd597

SHA1
1f8e8b8e9045a35a90ed231acedcf88348254527

SHA256
ab079ac97148d36d72a6cb7ea5cdb02aff4064332ae96c6bee689eabd60822f8

SHA512
2b6958beaa2ee94ab808bc84933d1729c7e8f2732b807fc7059e6255ff5e83ed9f8d2279f1323031eb0f8bcce2d02ca1e1dbe6795dfb94afc18ffb0505967761

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
d5585d466f26eac04ae2260730a99a38

SHA1
2c794ecfd7cf194d6d841cd55feaa7d41fa372aa

SHA256
686abc29dec254c796355ec6d5402a7b8880b264ec2e194df8b6689b603a9c7f

SHA512
dfbc4bbe45d414030c73812793d72d0f74de331398c16408929a8788d5b0149af42521d0b9aaf884b8b806df2069ae79dac3651e3258ce3a0336b62115df8e21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
db44fb83d65683fbc8340b2573d658ad

SHA1
8f3d719e1d8b4f6e988d7da4147801fd9b719703

SHA256
ebd6842822b3a48e1598a2000e2d5a7534a330c634413e5ff5511352b0afa10d

SHA512
a94175b0904d704eab6c5e156630354c8ea963e751762d853ca86e8e7c4c1254b999decaa023f111e1d26a992eccdbf3d1f9e7a855e6fc7d8c0f8726a1196904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
105KB

MD5
b80740876f6aeee6937213ea90254dc3

SHA1
002081e1ebd0432fc5c3d56ae3c110f0211a2b18

SHA256
24519a337d17635c461931e71aefceb237e39663cf3d37cb1fc5bda8e228a11c

SHA512
257fbb6437aed042a6a5c7955ac37db5562fcfc9dd9024efe38535eec0d41547d381a865c9d9cf521ada753f0fbc09a664a00fb8425d73725841a6e0d77c9c6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
108KB

MD5
b29ea6a081aff04532a4ab22c3164344

SHA1
ef222bac9ca7648eff15410764160f84322d6481

SHA256
be720a1d55a6034b96779851078db7404af311a95d1f1bfd3a9c353404fde0eb

SHA512
53022d5d85603af0272bc831e5c6bc28033266199d1bcded1109444380d7cc7daf82ad07eecf1f82388d6a9bc8f26bdab32a5baf0957535075c52e089cd6e6ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
b8d583531b0338f946da97aa6ffaee8f

SHA1
56935263a27c23e2f959d1997e735d1959943186

SHA256
8cfe3a737303a92a5c8d1d26f950c5b35be64f5e4d8d0dfee0a4cb0bee703c7d

SHA512
e03d635f4d88d792c41cd884f191c40ce7f6b8dbeb7082536c202d50c7878bd2ccb0e8991a56bf6cd2f7557a32aba6aee1bd0ad32fe7a8e281096d80e75d89ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe694a21.TMP

Filesize
101KB

MD5
c32a40a3e807b7b457cc2d5eb9f9254c

SHA1
28848c555b2175f09cdb699147512bcf677860f5

SHA256
5efab3521a542bcdbf6d0d6da6f5cebd75c10237d494b425656de14e03892897

SHA512
95aa9fb1074ac21ff1ad298f2103d75292795e38308dd0d0ce42859d550774a36afa80086fa5a21f2813ee78bec6b2d62ba8996e818782590d062bf8c5f2c586

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1bc4b99ce415daf2d765b91fbaa3c45f

SHA1
028e9814ca3dc7166c445af8d155326c73243097

SHA256
713222990792d11f4c3508a2085b82c5f04526e6a2e3f2c9fc7db620172977e7

SHA512
626de840de0f3fc3b160ee49c012c5b34d480854047e684f97afd23bd4396c5b96b5293d8421bd0876072e5a6db87c9f9e28d23811b63a1a55b5b7086d048134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
51b75ee8ff5d2696cc8735d35233f82b

SHA1
0457369aceec6675b464ab010197588335170c13

SHA256
8c45be025d774e7c57148d62665dbd664bb9cef2eca9cf403ef1a9baa99ff75c

SHA512
2f43cdfd02efe4913fedaa505fdc828c634281504e8e2c6628d5902b2d3c7836710926025ba690f4fd0279eb692e94b1e92145832ac8aa585b3b06ade5587ea7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
82d3e8e49903c129b56e36a75f015d49

SHA1
2b6c9c361882913156bff5e617c3cf7741bb195a

SHA256
6df75a7eab9b948ed914a3412cf4181ecfe30747c33a74fa764e316474c91821

SHA512
409b401f51eb84a2e222c0b47ec4f21c0669aa3541f7ca70729e2c980991a1876e0cbdf1f0e42e71398f2dfad450d49ff0599f5a718cff11e789090cd21afb48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc99b0086d7714fd471ed4acc862ccc0

SHA1
39a3c43c97f778d67413a023d66e8e930d0e2314

SHA256
45ef01f81605bfd96126d5520c5aa0304c7fa7d5fdb3e4d5b2dd2bf84e2afd96

SHA512
c308fa3eda9235d67a506a5f058fefb9a769ec01d7b0d4f5a2397892cc4f8155301c55c1fac23bebacdd087ab3f47f1eacc9ff88eff4115a7d67aa7b1d6581a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc99b0086d7714fd471ed4acc862ccc0

SHA1
39a3c43c97f778d67413a023d66e8e930d0e2314

SHA256
45ef01f81605bfd96126d5520c5aa0304c7fa7d5fdb3e4d5b2dd2bf84e2afd96

SHA512
c308fa3eda9235d67a506a5f058fefb9a769ec01d7b0d4f5a2397892cc4f8155301c55c1fac23bebacdd087ab3f47f1eacc9ff88eff4115a7d67aa7b1d6581a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc99b0086d7714fd471ed4acc862ccc0

SHA1
39a3c43c97f778d67413a023d66e8e930d0e2314

SHA256
45ef01f81605bfd96126d5520c5aa0304c7fa7d5fdb3e4d5b2dd2bf84e2afd96

SHA512
c308fa3eda9235d67a506a5f058fefb9a769ec01d7b0d4f5a2397892cc4f8155301c55c1fac23bebacdd087ab3f47f1eacc9ff88eff4115a7d67aa7b1d6581a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc99b0086d7714fd471ed4acc862ccc0

SHA1
39a3c43c97f778d67413a023d66e8e930d0e2314

SHA256
45ef01f81605bfd96126d5520c5aa0304c7fa7d5fdb3e4d5b2dd2bf84e2afd96

SHA512
c308fa3eda9235d67a506a5f058fefb9a769ec01d7b0d4f5a2397892cc4f8155301c55c1fac23bebacdd087ab3f47f1eacc9ff88eff4115a7d67aa7b1d6581a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\28ca9d5e-1fb2-426e-b0d7-b88d486dffb5.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
269723ba754394cdf353f30c95fccf82

SHA1
9e8b33e7586bd89172cdf5398f315a5388a147ad

SHA256
72920b75fe5e32b1a8e4f83c116c9695c4d27b1924e5b5d60410a3adfe92055e

SHA512
aa44171e39a07492fb86c19184472b0fc62e3d05c593e4d80f2b606e3ea5fd2d71f3912421bb031b33f689a482206681149c6ea58ec438d5aee4d095dc7d70c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
61b57ab580e020fdfdba07d33ff955b9

SHA1
858c99ffb6ad652bdbaa9a0f8dc5f45041a16dc5

SHA256
9ea7bb44780d9ce84f19c7818115b06070fc87ab9f6fa612347170e5d06af1ed

SHA512
be338d495c9f9820d4dac74e9be19fc652e10fe81b44a03c52ee665d76354028b29d6c0bae8c8715a29a9ada00c2584ea0b63da804400729b240f12c01e39036

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8cd462071407fead657dfa20d872a1be

SHA1
34e7456607543b1b3783936d6ab0ba871ea9c17c

SHA256
863897be69af5cae5c5f4fa670f53e72b88c5ae39128eea49f6a075591821e2d

SHA512
2887f45d5f67ec01d084e5ed955301156b8577f2d2f6b80e0122906c1cd5ef228d1142f083599a829dfb836f23db9e8d9fa2adc9dd95768c8c1d31301aa55ca4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3b3596552cba6cb7f9dc630f8e6682d9

SHA1
03b6d4bf2e08f9f89c0806f15542db57f4befd99

SHA256
ecb6af9caf80edd584e36daa4eadb56dfa3fc0f9471705940c9447e19b13ec4a

SHA512
cc6b7b590286bcd68ae78928356126ba03c9fbbdc7599479fa297cbe67405f9933601fbaf2c65f22da3d8bde2bbdaab350483e7f47155a6b8d77cbf09f5bfdff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8855bd3215725add719acf94034fdf5a

SHA1
2792e8e44b5808555eb0e6b2a74304bcf2cc1c4c

SHA256
411f361de07a3f6c091d8a1b6f3b8a989750a4a932a917629ede284f6f5d6636

SHA512
657a5bd7d49ad9cc41eb5ef2db042da42b10d560384a39a95c26454fc38314d57969499e358dab40f0a8abf24a10c1983c0ffe8f0c65deadaba76fc48a1aaf9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
359783f68efcb49e33bc57ab911fa085

SHA1
174c080269e4240feff31fe347b4f89f1a2341b9

SHA256
096f162ef20f245e84cca3ee8c1eb6fc38771e9cf65dc8b3056c86a984de6445

SHA512
8e13d2ea2e0c437231ca202dafaa9710a2f9263ee9681bf712c6c7daa703cb02410d9d76a50c5daedf1f7183b39b0cf683f77c8c36e85e263a0556b5b8b1238d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
77a9dfdf04fde9a645c5df4f7f475cd6

SHA1
971a2291b44e87fc255986315f46bccec30705e1

SHA256
6bc9db8bf71f2f30e4a3e2502f0dc84b7a9f112c585ff7964c93dd87013b63d8

SHA512
4f4df61aa07d696fb83991bfb014a23db1ca3cdfac2880f57ad101a2bd242c6db9d096b23eed277f683ad9be8fda7a17e8a161d47554da09d43b97e88e7b631c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
412ebe022a8dc9a9fadc02e85698145b

SHA1
3626c3393e8f1533fdda4ebdfe4108ebfc6d52fb

SHA256
f3eea6fc019fa711fe2c664b94160a4548de3e75c7e2b52a6fb18bd1769185fe

SHA512
ce8adc2e4f79f4f696884f67c88e45662a919611bf198371877eb0fa2a34a3642c24464335d6cbe0cc3a6a89800c16a28cf9d097651bd5b30e72be7fe2ba6ff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bc04cdfbbe219d11b410f5e471a121e4

SHA1
6fe42bada026e50f892672fcef9b166791e3c0fc

SHA256
d219bf20302b32844d5c4a75c19e87de7da1e1d03bd27b2b3af9cd8eaf691f8f

SHA512
62ff1152e565a5397939eb42291be33ec98475342b764a46249e1430662ed1b5684676e254877ff2abf65a63a8da10e62ef0d2d9b99b0c8f75ec1a58a5bced72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6f3484897acd8eac59fff2a3be8d3428

SHA1
2703b29a89076386920d22df29d8391f8e6d0a8c

SHA256
b1d4b79b0d1b7364e554010ff4f8b277354b2a47f765ef30abefaf5ff6464412

SHA512
afa1b881da2a77f1d2208e106946ecf255541ec8944f88fab3f18a5b4f1e5dfaabfcc17096ce2cd7aa7616d5f00a879d151964406bce03e3b574a16b073baf13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
284660977b86d9c7d780349a9d533982

SHA1
4401272a323da5da8d8561acf60a73da40eb3a5a

SHA256
c0a2a01896d7bc5c626820ffc6ecba892ebdccc75642097e0fed9d0759596aee

SHA512
516e6c7ace4e453a298db3336dd3370e329ab0d8d746a2928ac3559797f3ee90eefdba032979dad474bdf272eeea16f8597e8306f5869b40c0a2261f12d02de3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e9968876b55d2a1b3d4162397aceb32e

SHA1
7fbea48819acc8cdc60697ea7c25a54ced865854

SHA256
15fb0e3a26eec1b063b4908d6abb98a820af0de64a161dfdf8db00255b83c4d7

SHA512
843be783f2afde9554c41cd94e10ca66900c9eb2b4b5f589bb35e8ace0cdd72cdaa9b327cc2686ed84ea61cd1b420bf49885b6edf403ff2c2c0a5a76494a3c89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
a3a042994539068f716eeeee6283bc58

SHA1
ebff56374e6c344632a06bc06bdf089b177a4cd8

SHA256
f71eb03fc06645084fe96831239755888dc0b12ae1b5261f257578accf396e33

SHA512
6918e875c4e143de4cb2dd84875acad96e3d9533f0a73889e3d45d47726b8c06962be664e0296a6e4e1976e7e95c31ae2dafcc42ebf21a386e5cd21d7766df86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
bd006e31a4189e8ac54cabdaff9e093f

SHA1
a323d2c610096cf6efa33dbb30114843946e71f3

SHA256
17b8037390179fcd9eb64edbb99f44e73b4c3e7858cb81be51bd9d63497e9ebb

SHA512
225e50f45c64a991046d314dd45056c22ac2717ade3b45fa6025a662f6e1ca9c6ed3c1c9b41252082545104b45d2a05731674e0dd5d21061de31ec18bb11f39b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
15f55fcb5d1cb51e723f62401cb6eef1

SHA1
482c706bf36dc0e28a051ba261726b03b4eb6969

SHA256
59bdaf1a9a1b53909eac37ac1b333657d4f32b22c2ac64a38a3b5ec8bb57746e

SHA512
1628d2832140204fde4efae5cf4f21f3aa807f7770d9b2ae50cd2194b78349d89e5bdfd8cc937b47c1431f75f52cd16f95d017feb2cf63edd524da56a5418ba5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
1af53f901f6a06848dc1cbabf4e02c2c

SHA1
428c9c15ef644213dc5c5f3a6c07949f53958fab

SHA256
03f1e9562ecec612df7557c01fc22f45fb17bea2473357ba5ed98aa47087dc72

SHA512
242f6e03755e8b6918e261d4752604acc8b1025baa553b7c579eceadbb3c21f4e5a36cf6b8049f381efe8c47a00f8e35852a03de226a326d7587e8c6c557e70c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
b8430949acd9e992004bf2b2cd0730f9

SHA1
ff718708a841f39f89ee0dd8f583deddc5fac69c

SHA256
497c364dd34697a65b7d8eee34abc253effa620579c5468794715e9c8710d0f7

SHA512
42e4a3870694af5ce7d25967c8b1c087c1cf8f1698528b8f762ab1153c0f2513c05bf5ecba857d787548018fca8145a8cff5d1f1a66264b74cad2478ec3049e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\D3DCompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe

Filesize
142.1MB

MD5
39736e403a1038d681ca19e7026316b4

SHA1
74bb43419da76bbe3ca6893e02f5fee72ada0b6f

SHA256
aedbe87bc67e3b1e4e7ca9ba082361c3cf9523e317b8754ceec752607a800ce1

SHA512
ff60035f73810fd5e1d6913dd97c04aae6dbdb90f4233f8b6670bd5ecefcab9b054205a694a587ff9044263d0ddc41ef5ad7446ee506b9a5e5b0f9eec7e3e672

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe

Filesize
142.1MB

MD5
39736e403a1038d681ca19e7026316b4

SHA1
74bb43419da76bbe3ca6893e02f5fee72ada0b6f

SHA256
aedbe87bc67e3b1e4e7ca9ba082361c3cf9523e317b8754ceec752607a800ce1

SHA512
ff60035f73810fd5e1d6913dd97c04aae6dbdb90f4233f8b6670bd5ecefcab9b054205a694a587ff9044263d0ddc41ef5ad7446ee506b9a5e5b0f9eec7e3e672

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe

Filesize
142.1MB

MD5
39736e403a1038d681ca19e7026316b4

SHA1
74bb43419da76bbe3ca6893e02f5fee72ada0b6f

SHA256
aedbe87bc67e3b1e4e7ca9ba082361c3cf9523e317b8754ceec752607a800ce1

SHA512
ff60035f73810fd5e1d6913dd97c04aae6dbdb90f4233f8b6670bd5ecefcab9b054205a694a587ff9044263d0ddc41ef5ad7446ee506b9a5e5b0f9eec7e3e672

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe

Filesize
142.1MB

MD5
39736e403a1038d681ca19e7026316b4

SHA1
74bb43419da76bbe3ca6893e02f5fee72ada0b6f

SHA256
aedbe87bc67e3b1e4e7ca9ba082361c3cf9523e317b8754ceec752607a800ce1

SHA512
ff60035f73810fd5e1d6913dd97c04aae6dbdb90f4233f8b6670bd5ecefcab9b054205a694a587ff9044263d0ddc41ef5ad7446ee506b9a5e5b0f9eec7e3e672

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe

Filesize
142.1MB

MD5
39736e403a1038d681ca19e7026316b4

SHA1
74bb43419da76bbe3ca6893e02f5fee72ada0b6f

SHA256
aedbe87bc67e3b1e4e7ca9ba082361c3cf9523e317b8754ceec752607a800ce1

SHA512
ff60035f73810fd5e1d6913dd97c04aae6dbdb90f4233f8b6670bd5ecefcab9b054205a694a587ff9044263d0ddc41ef5ad7446ee506b9a5e5b0f9eec7e3e672

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe

Filesize
142.1MB

MD5
39736e403a1038d681ca19e7026316b4

SHA1
74bb43419da76bbe3ca6893e02f5fee72ada0b6f

SHA256
aedbe87bc67e3b1e4e7ca9ba082361c3cf9523e317b8754ceec752607a800ce1

SHA512
ff60035f73810fd5e1d6913dd97c04aae6dbdb90f4233f8b6670bd5ecefcab9b054205a694a587ff9044263d0ddc41ef5ad7446ee506b9a5e5b0f9eec7e3e672

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe

Filesize
142.1MB

MD5
39736e403a1038d681ca19e7026316b4

SHA1
74bb43419da76bbe3ca6893e02f5fee72ada0b6f

SHA256
aedbe87bc67e3b1e4e7ca9ba082361c3cf9523e317b8754ceec752607a800ce1

SHA512
ff60035f73810fd5e1d6913dd97c04aae6dbdb90f4233f8b6670bd5ecefcab9b054205a694a587ff9044263d0ddc41ef5ad7446ee506b9a5e5b0f9eec7e3e672

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe

Filesize
142.1MB

MD5
39736e403a1038d681ca19e7026316b4

SHA1
74bb43419da76bbe3ca6893e02f5fee72ada0b6f

SHA256
aedbe87bc67e3b1e4e7ca9ba082361c3cf9523e317b8754ceec752607a800ce1

SHA512
ff60035f73810fd5e1d6913dd97c04aae6dbdb90f4233f8b6670bd5ecefcab9b054205a694a587ff9044263d0ddc41ef5ad7446ee506b9a5e5b0f9eec7e3e672

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\Kiddions Modest Menu.exe

Filesize
142.1MB

MD5
39736e403a1038d681ca19e7026316b4

SHA1
74bb43419da76bbe3ca6893e02f5fee72ada0b6f

SHA256
aedbe87bc67e3b1e4e7ca9ba082361c3cf9523e317b8754ceec752607a800ce1

SHA512
ff60035f73810fd5e1d6913dd97c04aae6dbdb90f4233f8b6670bd5ecefcab9b054205a694a587ff9044263d0ddc41ef5ad7446ee506b9a5e5b0f9eec7e3e672

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\chrome_100_percent.pak

Filesize
125KB

MD5
0cf9de69dcfd8227665e08c644b9499c

SHA1
a27941acce0101627304e06533ba24f13e650e43

SHA256
d2c299095dbbd3a3cb2b4639e5b3bd389c691397ffd1a681e586f2cfe0e2ab88

SHA512
bb5d340009cef2bcb604ef38fdd7171fed0423c2dc6a01e590f8d15c4f6bc860606547550218db41fba554609e8395c9e3c3508dfa2d8b202e5059e7646bdcef

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\chrome_200_percent.pak

Filesize
174KB

MD5
d88936315a5bd83c1550e5b8093eb1e6

SHA1
6445d97ceb89635f6459bc2fb237324d66e6a4ee

SHA256
f49abd81e93a05c1e53c1201a5d3a12f2724f52b6971806c8306b512bf66aa25

SHA512
75142f03df6187fb75f887e4c8b9d5162902ba6aac86351186c85e5f0a2d3825ca312a36cf9f4bd656cdfc23a20cd38d4580ca1b41560d23ebaa0d41e4cf1dd2

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\icudtl.dat

Filesize
9.9MB

MD5
c6ae43f9d596f3dd0d86fb3e62a5b5de

SHA1
198b3b4abc0f128398d25c66455c531a7af34a6d

SHA256
00f755664926fda5fda14b87af41097f6ea4b20154f90be65d73717580db26ee

SHA512
3c43e2dcdf037726a94319a147a8bc41a4c0fd66e6b18b3c7c95449912bf875382dde5ec0525dcad6a52e8820b0859caf8fa73cb287283334ec8d06eb3227ec4

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\libEGL.dll

Filesize
460KB

MD5
961c060f241a7ae22e962c82d7803ef1

SHA1
0060b167e55db981c1588ca2074b8ca38b9a8153

SHA256
c8e8007d746df73edbf73cdff18c09bb756f43814978c84a28a72f95d0ac5dc9

SHA512
79539e0d0036124b59f94c6fec0c596e64c41626b9994ff7457f2f6b26e8f2648f93f63f6422c444eb3c8b803079f6ef1f52191980ea88de9d25c40b30547599

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\libGLESv2.dll

Filesize
6.8MB

MD5
18d62249e5bd4fa1f66c95a9ee9eb275

SHA1
4ea5d8344a8fc09ed2bda4d3034c3c8410c85e91

SHA256
3299de173b3e5ce2f69476b77d96f6a758b2ccfdf3ad811902e5cd511c6888ff

SHA512
fa29557836e56f981249ee8500a8271a7795cbe2a4afb6abbbd57e4aa26c6b731d151258f093643bbfa18cd9adf706a9e4d532481c62d713b7f1a1045301dc07

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\libegl.dll

Filesize
460KB

MD5
961c060f241a7ae22e962c82d7803ef1

SHA1
0060b167e55db981c1588ca2074b8ca38b9a8153

SHA256
c8e8007d746df73edbf73cdff18c09bb756f43814978c84a28a72f95d0ac5dc9

SHA512
79539e0d0036124b59f94c6fec0c596e64c41626b9994ff7457f2f6b26e8f2648f93f63f6422c444eb3c8b803079f6ef1f52191980ea88de9d25c40b30547599

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\libglesv2.dll

Filesize
6.8MB

MD5
18d62249e5bd4fa1f66c95a9ee9eb275

SHA1
4ea5d8344a8fc09ed2bda4d3034c3c8410c85e91

SHA256
3299de173b3e5ce2f69476b77d96f6a758b2ccfdf3ad811902e5cd511c6888ff

SHA512
fa29557836e56f981249ee8500a8271a7795cbe2a4afb6abbbd57e4aa26c6b731d151258f093643bbfa18cd9adf706a9e4d532481c62d713b7f1a1045301dc07

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\locales\en-US.pak

Filesize
115KB

MD5
f982582f05ea5adf95d9258aa99c2aa5

SHA1
2f3168b09d812c6b9b6defc54390b7a833009abf

SHA256
4221cf9bae4ebea0edc1b0872c24ec708492d4fe13f051d1f806a77fe84ca94d

SHA512
75636f4d6aa1bcf0a573a061a55077106fbde059e293d095557cddfe73522aa5f55fe55a48158bf2cfc74e9edb74cae776369a8ac9123dc6f1f6afa805d0cc78

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\resources.pak

Filesize
4.9MB

MD5
c7b17b0c9e6e6aad4ffd1d61c9200123

SHA1
63a46fc028304de3920252c0dab5aa0a8095ed7d

SHA256
574c67ecd1d07f863343c2ea2854b2d9b2def23f04ba97b67938e72c67799f66

SHA512
96d72485598a6f104e148a8384739939bf4b65054ddde015dd075d357bcc156130690e70f5f50ec915c22df3d0383b0f2fbac73f5de629d5ff8dab5a7533d12b

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\resources\app\icon.ico

Filesize
62KB

MD5
cf93f7edece775f0ab0e8619d6e68107

SHA1
330ae8bc7ba87993e8466d3582b2119d06c78fd6

SHA256
69325b9e9024022a47fef8ea46fb56f42680a98d95f0f228deae2293e03e37bc

SHA512
115c49e0bc32234e29abbee8341ca7df1b1c7b9cf41210ff52b4ee899101842671ea79bce2282bb584c41936e9e61dfbc26cf375523d63a8fe0b64270a270096

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\resources\app\lib\main.js

Filesize
495KB

MD5
d1bbee38f184cd44322a0bbae13d6b7d

SHA1
900c2362ed581436a7e0b5210ae1cc2fba769ca0

SHA256
3bc4df185354269c757e4c31414ded23866a6e5bb880b07e2ba22e1314281863

SHA512
6ca51132ff3e88c97005c626d913d263a9ed383e64803f66a980ce57e92e3bba16b3008b87480818476cde5979efea6bc2c1edb1472517a93d26d1bccb75d0a2

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\resources\app\lib\preload.js

Filesize
4KB

MD5
fa55c68c5f0b5a560604becb9df601fe

SHA1
0eeb7a10a9574238d6360ab895c78ddfdbca61ed

SHA256
317ea36e9119cd2024689687aaf927287213b5ec2909bb98c1ae87a01b49106e

SHA512
709da44b05879e4c1e8121e8c818e364bd6167d873529274d9ed63ea1b25a1ff4e9f501f11668a01677f9f610950a44b9fcbef99356d4c3cd9db51619d2dd9bd

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\resources\app\nativefier.json

Filesize
995B

MD5
d60b8e7548d52722b92e1d32b9580215

SHA1
252b22c8a556953f26a8d2350703373e9da0cdd7

SHA256
3ce3b77d3a474500b194fb82c4188b0adc5e76aa7fb34906c667c04f9dc2fb2d

SHA512
f001db4b66016ad12010ec60132c4d67cbda76278c8fc4c26935defaa7604e42a0812f0b4551cd05e866100c612139d2583bb1fe3a17c2e3c87ea57605fe6cba

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\resources\app\package.json

Filesize
607B

MD5
bfe25e2020ff1be485d83c4de49123e2

SHA1
bf6f3968358f409c4588ca7ab2fda9615c030489

SHA256
20f9805a86c558c6c5113c2d5518df7b4956262eca5b2b4b306d804615f7e64d

SHA512
9df4038d1806daeb8cdf1273b5f0e43dac6e3e252272859c70cb9a4acde7977a6ee89d743f7ca39aedc96e8473bad103800e815592e9953825825927f5389d05

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\v8_context_snapshot.bin

Filesize
713KB

MD5
1270ddd6641f34d158ea05531a319ec9

SHA1
7d688b21acadb252ad8f175f64f5a3e44b483b0b

SHA256
47a8d799b55ba4c7a55498e0876521ad11cc2fa349665b11c715334a77f72b29

SHA512
710c18ef4e21aa6f666fa4f8d123b388c751e061b2197dae0332091fbef5bd216400c0f3bca8622f89e88733f23c66571a431eb3330dba87de1fc16979589e97

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\vk_swiftshader.dll

Filesize
4.5MB

MD5
fcec6c6fbc34cfd9a449af66364da381

SHA1
f6016b721dec138d75e9d542f3e2210a673ad52b

SHA256
738fe97f7fbafa6524f11cf0cf0999ca3aef752bed44e1179d589aae92937ed2

SHA512
26527975979e58870c3c365b9ab432b4b3af88ed606673971fba009489db4482a5ace0e122b8cf67de075c37174c7c423ee8e219cfb4c9a331be66bb8af9edf9

Download Submit
C:\Users\Admin\AppData\Roaming\Kiddion's Modest Menu\vk_swiftshader.dll

Filesize
4.5MB

MD5
fcec6c6fbc34cfd9a449af66364da381

SHA1
f6016b721dec138d75e9d542f3e2210a673ad52b

SHA256
738fe97f7fbafa6524f11cf0cf0999ca3aef752bed44e1179d589aae92937ed2

SHA512
26527975979e58870c3c365b9ab432b4b3af88ed606673971fba009489db4482a5ace0e122b8cf67de075c37174c7c423ee8e219cfb4c9a331be66bb8af9edf9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\kiddions-modest-menu-nativefier-db65e4\4660b63a-22bb-4a57-b683-b036903682f5.tmp

Filesize
86B

MD5
d11dedf80b85d8d9be3fec6bb292f64b

SHA1
aab8783454819cd66ddf7871e887abdba138aef3

SHA256
8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67

SHA512
6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

Download Submit
C:\Users\Admin\AppData\Roaming\kiddions-modest-menu-nativefier-db65e4\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
66e085a27961fddd2af353de2b9f54a1

SHA1
600bb1289e708e3d13f1de4b5540dad7860b09d2

SHA256
093a8a93ab8ca64b642cf3e3579e6a39f4f67e68d2518f5a63e2e52f00ddf5ca

SHA512
8cc1e4991764a320721f49dcbb58413ac157c997e7a8addb90b14300e00c8f12387b6b41c742dcba81c0d7322a674f28b4166e518de9991ff966c2f80666e2d1

Download Submit
C:\Users\Admin\AppData\Roaming\kiddions-modest-menu-nativefier-db65e4\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
a2275082bc5499520a5db346e7a967ec

SHA1
f50bc6d7aaf0b67ad10e18dbc71a37027e936fdd

SHA256
1506e085ca0eb9d8a87d5dc32bbfa5879dfc52420106b8f4903828e9922f3d33

SHA512
89faa2d93307c3fb8f9b9c3ee6039854626379bfe0121cfd58e60f70e9ee41047f1007a247947ef9b006148d513754e751cb2efa0208d40da05c27c7215a4288

Download Submit
C:\Users\Admin\AppData\Roaming\kiddions-modest-menu-nativefier-db65e4\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
2740e1af772a08cdcadb1244cffc3459

SHA1
0413348b2a2aba2d7cc4d169fb777f48df87d8a7

SHA256
b297afb23ac8a097b832bf9d37f001a890e57c5b07e8d22b902c3f679f4f7ef8

SHA512
252e05c79880c20c6acc7dd8ffc2ef1fd9a07e38c7a14a6fd005df7e8f350d6989bb91c4b67fd8684c323a909817a41ba600494a553497de9802d7b95d3ae199

Download Submit
C:\Users\Admin\AppData\Roaming\kiddions-modest-menu-nativefier-db65e4\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\kiddions-modest-menu-nativefier-db65e4\Network\Network Persistent State

Filesize
1KB

MD5
f14f34099c47ac2434fd52b1d41d6732

SHA1
0c2753e9fae6afd1ad8dc6aac2750a13cffed247

SHA256
0ecb1ccea94f9f2d7ef4c6bc98496c46eac8a952594889e9c9fcfa570cb99888

SHA512
f62e613e57070dc7e45183def030060634f46f2afdc858b0e9cf254690ef5e8cb6872eeeab893627d3a75264d1224be50d0ea320d1b2a3d6c71cfaa9aa725a7b

Download Submit
C:\Users\Admin\AppData\Roaming\kiddions-modest-menu-nativefier-db65e4\Network\Network Persistent State

Filesize
1KB

MD5
88da14d4a0c4cfd78301ddebe0931721

SHA1
c8e1237d83c260dd699e17184d3b827b6bb4690a

SHA256
363ff6d11bbf058dabf38bd678403ee2c965d08b39f4dbee653cace1bd663536

SHA512
33f0931991724a8033677282cb06dc5547a6776ced50181a30a3a09e7df9dbbaf2f651875d4ebc64b0430388022b9a156126aa29f7a8ede406f8f63acdaa656b

Download Submit
C:\Users\Admin\AppData\Roaming\kiddions-modest-menu-nativefier-db65e4\Network\Network Persistent State~RFe6c2370.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\kiddions-modest-menu-nativefier-db65e4\Network\TransportSecurity

Filesize
539B

MD5
d2a1c27a4cacdb18407801723468890c

SHA1
6b70dda79a3451923c88ff3265012b60ae22094f

SHA256
68b5917de3f447a94bf3e12d2b5ae441394ee54ceed495bdf7dd922ba7ad9b2c

SHA512
e34c37eb781d6e647382ba07611881ef95cab013566816729fa2ac17fa533d137b1ad7f5767a6441697db15ea1f395f92bcc961eb27714571a1d69e863738739

Download Submit
C:\Users\Admin\AppData\Roaming\kiddions-modest-menu-nativefier-db65e4\Network\TransportSecurity

Filesize
539B

MD5
1bdfbabeb29ea2786a7266ea608df646

SHA1
371c0ea54ec504cc2866b22aac592924344f7ffc

SHA256
77865f5e4655256566c0697e3dc7f6491ae56789733aef2306261a6a61a63b49

SHA512
e76bdf988ed74ed463ea0d58ef57be4f3a3ce96c60ae48d819d5b5ad17594c54f011c1e3954d052a364e2cb5eecb7ec22e097dc00bb6b6f3d351a1823827d5e2

Download Submit
C:\Users\Admin\AppData\Roaming\kiddions-modest-menu-nativefier-db65e4\Network\TransportSecurity

Filesize
539B

MD5
f441ad4fad961856a05cb3b273d604b6

SHA1
25cd9962fc6b0196b45f3b1f7fa8ddaa2544de92

SHA256
54194fa82d7e758f1023fa33bcca323325b1d371bf3dbf2a71a0bc99513d6b7c

SHA512
88ac1181a8cfd475f4724798bdcd7b3d707485a0360c211a22e7f03e851c250454f04c5c86b05bab23a825eecdc45d12d67462ce8b2b1f19adec947f2ade17ea

Download Submit
C:\Users\Admin\AppData\Roaming\kiddions-modest-menu-nativefier-db65e4\Network\TransportSecurity~RFe6b9132.TMP

Filesize
203B

MD5
dd4a24b8bb43f70d0167e960ee14b194

SHA1
30ceb39625d83413c18aa54d989406528a7a4828

SHA256
37894097684f33b61fbe1e1a8939722fd7160eeefa2d0314e5391ae101d3f478

SHA512
c24e235ab8cc360d078ec21772b947221e643589f1b06e4fded2539600bc5bbadce6cdd88c054f5f9e9ac780e6d1520e0bb765e4fcabf64602befb94cc0954d4

Download Submit
C:\Users\Admin\AppData\Roaming\kiddions-modest-menu-nativefier-db65e4\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\Desktop\Kiddion's Modest Menu.lnk

Filesize
1KB

MD5
165c399ae475c7c5eaabc9591ce08343

SHA1
6007479b9f6eec69c9f18909e5244169bf98ca6d

SHA256
d425d88641c36c2caa947e91377e133b82e59f918195e6bd582051665c289612

SHA512
154b4553fd585c8c0ff78f92ce1f895113769804397c05acae71fb760e5451dc3cce47778554365b34230d1359060b78b909803ed838cafb444babe80ca243d5

Download Submit
C:\Users\Admin\Downloads\Kiddions.Modest.Menu.zip

Filesize
84.9MB

MD5
4d5fb7ef8bff2fdce96e7da1bdd35e72

SHA1
cffb6bb5b270dd159bae06324af79efb70d74bc0

SHA256
a09fed97a802b343643d27b239fcc976e89e93599c37468fbcc4d53a30c87600

SHA512
2440f9e19a55a3ace527ef0e156533cd101ea949b39e8eb2bab6f13acab8bf06d86bee6e91fe38e5801ec7c90ee96837b896de13ab25011bc9aa4b3e43bec67d

Download Submit
memory/2088-1295-0x0000000000350000-0x000000000063B000-memory.dmp

Filesize
2.9MB

Download
memory/2088-1296-0x0000000003320000-0x0000000003321000-memory.dmp

Filesize
4KB

Download
memory/2088-1227-0x0000000003320000-0x0000000003321000-memory.dmp

Filesize
4KB

Download
memory/2168-1479-0x0000021AC6880000-0x0000021AC692C000-memory.dmp

Filesize
688KB

Download
memory/2168-1480-0x0000021AC6EB0000-0x0000021AC6F5D000-memory.dmp

Filesize
692KB

Download
memory/2716-682-0x000002D5D5EE0000-0x000002D5D5EE1000-memory.dmp

Filesize
4KB

Download
memory/2716-673-0x000002D5D5EE0000-0x000002D5D5EE1000-memory.dmp

Filesize
4KB

Download
memory/2716-671-0x000002D5D5EE0000-0x000002D5D5EE1000-memory.dmp

Filesize
4KB

Download
memory/2716-672-0x000002D5D5EE0000-0x000002D5D5EE1000-memory.dmp

Filesize
4KB

Download
memory/2716-685-0x000002D5D5EE0000-0x000002D5D5EE1000-memory.dmp

Filesize
4KB

Download
memory/2716-684-0x000002D5D5EE0000-0x000002D5D5EE1000-memory.dmp

Filesize
4KB

Download
memory/2716-683-0x000002D5D5EE0000-0x000002D5D5EE1000-memory.dmp

Filesize
4KB

Download
memory/2716-681-0x000002D5D5EE0000-0x000002D5D5EE1000-memory.dmp

Filesize
4KB

Download
memory/2716-680-0x000002D5D5EE0000-0x000002D5D5EE1000-memory.dmp

Filesize
4KB

Download
memory/2716-679-0x000002D5D5EE0000-0x000002D5D5EE1000-memory.dmp

Filesize
4KB

Download
memory/4500-597-0x00007FFD3E320000-0x00007FFD3E321000-memory.dmp

Filesize
4KB

Download
memory/4500-1065-0x00000189B13A0000-0x00000189B144C000-memory.dmp

Filesize
688KB

Download
memory/4500-705-0x00000189B13A0000-0x00000189B144C000-memory.dmp

Filesize
688KB

Download
memory/4856-356-0x0000000000E10000-0x0000000000E11000-memory.dmp

Filesize
4KB

Download
memory/4856-549-0x0000000000350000-0x000000000063B000-memory.dmp

Filesize
2.9MB

Download
memory/4856-375-0x0000000000E10000-0x0000000000E11000-memory.dmp

Filesize
4KB

Download
memory/4856-585-0x0000000000350000-0x000000000063B000-memory.dmp

Filesize
2.9MB

Download
memory/4856-365-0x0000000000350000-0x000000000063B000-memory.dmp

Filesize
2.9MB

Download
memory/5032-714-0x00007FFD3E400000-0x00007FFD3E401000-memory.dmp

Filesize
4KB

Download
memory/5032-715-0x00007FFD3D0A0000-0x00007FFD3D0A1000-memory.dmp

Filesize
4KB

Download
memory/5032-730-0x0000024744E70000-0x0000024744F1C000-memory.dmp

Filesize
688KB

Download
memory/5032-735-0x0000024744F30000-0x0000024744FDD000-memory.dmp

Filesize
692KB

Download
memory/5032-918-0x0000024744E70000-0x0000024744F1C000-memory.dmp

Filesize
688KB

Download
memory/5496-1343-0x000002835F0A0000-0x000002835F14C000-memory.dmp

Filesize
688KB

Download