pandastealer | hxxps://drive[.]google[.]com/file/d/15SC86gG8AepffXhD7HKVHz5hQgZLoMQs/view

Analysis

max time kernel
146s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24-02-2024 19:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/15SC86gG8AepffXhD7HKVHz5hQgZLoMQs/view

Score

10^/10

pandastealer stealer

Malware Config

Signatures

PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
stealer pandastealer

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
16	drive.google.com
7	drive.google.com
15	drive.google.com

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70e028305467da01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 600c30305467da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{5B6017DE-D347-11EE-8F59-5651773DBBEF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000754ff45c13fc19439e038a497576789e000000000200000000001066000000010000200000008d4d9d5b592610fac268fa0ae3530c57677e2e323e22e9481489435ea5bf8af8000000000e8000000002000020000000fc034311253a424ba369ad8e2a77d962a1eba64022c3b6de9cd7c78b0a0a6c39200000002f653875e9fe0bd11d66bfbe7ccb0df5f6ec8fe9c250aaa731d63403f7a65594400000007cc7de8a7822cbec452c26ed692c4d026cc5c00856957ede54d5a26a6a7ec3c46ee03c04590ed1127e7953de103b58062f54b115e79b07ad59621859037f271d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000754ff45c13fc19439e038a497576789e0000000002000000000010660000000100002000000031c1f48848a3bfb3d15411e5004563fe14bd71732fc249892a2d15f84a8b3de9000000000e80000000020000200000008d2ab082667b034ab2660e92aa22a7b3825dfcfe92c9a860a50ab6efba085e1a20000000cd00f104b93b561b0302ae524b84b30cc3c05fd26b5b1f2131ba4b9259ab288240000000b63a6116f5a6f6a8708edede715f63f06f6542e5499a9164b8adb2fbabcb4f86ebbb606c59b9972553018a678c9a7591026dd5a89c61ac56c1b0078f776a4599	iexplore.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4696	WINWORD.EXE
4696	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
1920	msedge.exe
1920	msedge.exe
5220	msedge.exe
5220	msedge.exe
5132	identity_helper.exe
5132	identity_helper.exe
60	msedge.exe
60	msedge.exe
5332	Discord Nitro Generator + Checker.exe
5332	Discord Nitro Generator + Checker.exe
4124	Discord Nitro Generator + Checker.exe
4124	Discord Nitro Generator + Checker.exe
5608	Discord Nitro Generator + Checker.exe
5608	Discord Nitro Generator + Checker.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
656	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
2676	iexplore.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
4696	WINWORD.EXE
4696	WINWORD.EXE
4696	WINWORD.EXE
4696	WINWORD.EXE
4696	WINWORD.EXE
4696	WINWORD.EXE
4696	WINWORD.EXE
4696	WINWORD.EXE
4696	WINWORD.EXE
4696	WINWORD.EXE
4696	WINWORD.EXE
4696	WINWORD.EXE
4696	WINWORD.EXE
2676	iexplore.exe
2676	iexplore.exe
2712	IEXPLORE.EXE
2712	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5220 wrote to memory of 664	5220	msedge.exe	30
PID 5220 wrote to memory of 664	5220	msedge.exe	30
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1928	5220	msedge.exe	93
PID 5220 wrote to memory of 1920	5220	msedge.exe	89
PID 5220 wrote to memory of 1920	5220	msedge.exe	89
PID 5220 wrote to memory of 2076	5220	msedge.exe	90
PID 5220 wrote to memory of 2076	5220	msedge.exe	90
PID 5220 wrote to memory of 2076	5220	msedge.exe	90
PID 5220 wrote to memory of 2076	5220	msedge.exe	90
PID 5220 wrote to memory of 2076	5220	msedge.exe	90
PID 5220 wrote to memory of 2076	5220	msedge.exe	90
PID 5220 wrote to memory of 2076	5220	msedge.exe	90
PID 5220 wrote to memory of 2076	5220	msedge.exe	90
PID 5220 wrote to memory of 2076	5220	msedge.exe	90
PID 5220 wrote to memory of 2076	5220	msedge.exe	90
PID 5220 wrote to memory of 2076	5220	msedge.exe	90
PID 5220 wrote to memory of 2076	5220	msedge.exe	90
PID 5220 wrote to memory of 2076	5220	msedge.exe	90
PID 5220 wrote to memory of 2076	5220	msedge.exe	90
PID 5220 wrote to memory of 2076	5220	msedge.exe	90
PID 5220 wrote to memory of 2076	5220	msedge.exe	90
PID 5220 wrote to memory of 2076	5220	msedge.exe	90
PID 5220 wrote to memory of 2076	5220	msedge.exe	90
PID 5220 wrote to memory of 2076	5220	msedge.exe	90
PID 5220 wrote to memory of 2076	5220	msedge.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/15SC86gG8AepffXhD7HKVHz5hQgZLoMQs/view
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ab5646f8,0x7ff8ab564708,0x7ff8ab564718
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3728 /prefetch:8
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5244 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5500

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\Temp1_Discord Nitro Generator + Checker.zip\Discord Nitro Generator + Checker.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Discord Nitro Generator + Checker.zip\Discord Nitro Generator + Checker.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:5332

C:\Users\Admin\AppData\Local\Temp\Temp1_Discord Nitro Generator + Checker.zip\Discord Nitro Generator + Checker.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Discord Nitro Generator + Checker.zip\Discord Nitro Generator + Checker.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4124

C:\Users\Admin\AppData\Local\Temp\Temp1_Discord Nitro Generator + Checker.zip\Discord Nitro Generator + Checker.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Discord Nitro Generator + Checker.zip\Discord Nitro Generator + Checker.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:5608

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\GrantClose.odt"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4696

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\DisableSkip.xhtml
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2676
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2676 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2712

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:4632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
343e73b39eb89ceab25618efc0cd8c8c

SHA1
6a5c7dcfd4cd4088793de6a3966aa914a07faf4c

SHA256
6ea83db86f592a3416738a1f1de5db00cd0408b0de820256d09d9bee9e291223

SHA512
54f321405b91fe397b50597b80564cff3a4b7ccb9aaf47cdf832a0932f30a82ed034ca75a422506c7b609a95b2ed97db58d517089cd85e38187112525ca499cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4c957a0a66b47d997435ead0940becf

SHA1
1aed2765dd971764b96455003851f8965e3ae07d

SHA256
53fa86fbddf4cdddab1f884c7937ba334fce81ddc59e9b2522fec2d19c7fc163

SHA512
19cd43e9756829911685916ce9ac8f0375f2f686bfffdf95a6259d8ee767d487151fc938e88b8aada5777364a313ad6b2af8bc1aa601c59f0163cbca7c108fbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
065d07afe3df9faac0cfddeeb9d69b8a

SHA1
f0d1d09db7045f8e1d8fd48ebc39947e7ac2456b

SHA256
7444ab6e28843922edd051de41e81f3c2bf82742de1d001c6fb76a78f949629d

SHA512
2c53ed328d8e03e440dcf268544b5e583d93f66d44f058c15fc4c7c9c76a5316df45fb5d8b1a0473f297460fb692a4eb5551bc3c0ad708e499beab5a5b8001ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
6419e6d24cffe5b121a3c27353cde1e4

SHA1
4a5d43bc35d0604799ace310b8d2c1374fd5a807

SHA256
b99e536e489598fa97e6c6721ad60da1e7c7742589383dcc5f521642d35b38b3

SHA512
b82540dd4f322a2813feb2a240f0dc09879cfd7cbc962afb9fc1c8cb222da0b7b68e95c2da3453a3f5d6cf71078822727d696116de57cf108968930e921bded1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1967341df5d551b55ae8f7c7885893e3

SHA1
3a142a6f77a0044b34e996051bdb48a818c1eb56

SHA256
c24c4a95cff8cab3d43de0dec206dc722a88452566f14a085a34f99daacf353c

SHA512
ceb855d029620ec24ab5fb05831f32828d419830d1093e26439cc1365a1a50c85969361f230fb21e1cb0e2b45b63f2281aab9f313abf98e4c17998bdc70fd42a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3fe9b704197848fe9233fe65a680041c

SHA1
1627ab66d409e21a06761b1f3f726fcc1799501b

SHA256
ab90a59e2b624f6c3f870f0d8514803a5407ea584141299c251a2c62b9d8e0b6

SHA512
c310cc02301b8bdffacd8aac9fd769a798008fe34a829c45c266b321c1844fd30c984d47757b2334651421a010984296c3e7585853d37e0dcdf3181954454cd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e12cdb36a7669228634a886b748833f0

SHA1
cc46f1c2c8037b209435219581ff0108e908abd6

SHA256
da33b2cd54a2b76c1d4a2cb3729b98017b4f956565ae688ba1746bee1d69949e

SHA512
b4933da5a54f93a1f192a8e1b60c4a717ddc1e621476689cca6165abcb78090aa1d26f4d59a5cd4de737d9e356fa69c31fb8b78345662ce38e3db1d71148ffc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dadaa317cf22e4bcaf3d6ba94a4aebea

SHA1
cfbf9ff382114ed7a32e5c5c27b1af4926a1321c

SHA256
ff14fa5f0caaa8f5f1ac2cad627c573663eaa380c47517a3c4d512e1217c7977

SHA512
9e619f8b071479d54549726d3d21e9b2b768739edec691f89b266654ea1842c1cdce376abc7a4cb1855685b81467e311cc5951b7da94e7290ebbd8b5a2afcc2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c225198a-1ee0-4fe5-8d07-1a9ec387dd61.tmp

Filesize
7KB

MD5
99cdd7534c3ed2e08f2fd6a6556a70c4

SHA1
6446838da2e108792a1abc3b1aa007d84115684f

SHA256
0ec30881d3351f3ebcb3948ed1f4e5fdcef93ab7be0dcfb83e7848cff2bc5ab1

SHA512
6024306221a61200792732bd68c2143ca2b0bdac0f3111ab1693afe28316aa180704e50eac67c832ba17a99e9ddb9dca703535d3e72153c2905d83e29ba90011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
70c76e255a578cd678ea20a18b755817

SHA1
251d7671f2b35a9062f9490beaa2ec4c12784719

SHA256
08c8ae4bd5bf3dc133f5b43182760cda9e61023c2e811eb570ca32bded24727b

SHA512
8f0ed32e11a09708410c5aa0e38894d038944e1d46d18c6178b1730c14ba4d024f90180f9f9fedbe3523e7a4dbfdcc94dabf168e46ac7f9c35ee7598c5ae5275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6c71ebe09a5d1ca05335f2a6c918f359

SHA1
067b9a2c3db3cb472bfecc4520d64b12528279dd

SHA256
64b38b2b9894a194fcb88173c7158a581f5dbaaf86c6335442d3acf1b8e2fb35

SHA512
bb2a3f7109c22177b9d3ef38dddc84bd777a9576170dc63739dd1d8bd2886af1bac555ce2c1fe2094bba0577dcc349c7b1c0ff3f5626379b5ab6f5d4eb320061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
85fb61e313d459e88d666cb48e2b1f06

SHA1
db12aa54a1f928eebe79b581d0fc676182fbd4a3

SHA256
c58cea3bffc5f9a67f1c5e9577c17a56b176aa1bf86cc0c15f77378dd60060e6

SHA512
96777c4a60bbbe832c1165764d2edad3d9daaf5009be80ec5dad23c699b2af49404e9e241a53450e0427b9e69b8f0b003517f3a5036ae550595c09e1a71c2fac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
3925fef38ef0a74552dde9999936b848

SHA1
8bbeddd0e2a184910c36fb877dd2d77dd7562851

SHA256
eb1437a72da979f8118bd70e28b8633080d9c5000b0c0a86eda014093f3c1e33

SHA512
7cebce7040eeffa2c14640c06f2247c6bac36914b95d1d038140990bd9f258211283a2e1ece7f8f0182d31e128b98fa2f8a1dec5a9f3a6c9087a8ef19c314ff6

Download Submit
C:\Users\Admin\AppData\Local\Temp\BOFUPMJWUSFVSNIBDJEE\NEXEWRILCY.NYTJFQMCR

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Temp\BOFUPMJWUSFVSNIBDJEE\NEXEWRILCY.NYTJFQMCR

Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\BOFUPMJWUSFVSNIBDJEE\NEXEWRILCY.NYTJFQMCR

Filesize
48KB

MD5
349e6eb110e34a08924d92f6b334801d

SHA1
bdfb289daff51890cc71697b6322aa4b35ec9169

SHA256
c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a

SHA512
2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

Download Submit
C:\Users\Admin\AppData\Local\Temp\BOFUPMJWUSFVSNIBDJEE\NEXEWRILCY.NYTJFQMCR

Filesize
92KB

MD5
eeb59aae5d729b4a4a76dd9026b44160

SHA1
aaef198c6b0985039ad7ef282c6b8d264dbf7c11

SHA256
2f7b41687bbe97b66ef5c4045e6a071585616fe9e10056c1a699ca362d4c1688

SHA512
a8c19a942dfc1f8580f1ab72f298ecd7d120c3aa70059aa1df29f9c5b22a461e1c6765347080d1d96419836534fe70617832b75b47bb540581e7d1c3546cad69

Download Submit
C:\Users\Admin\AppData\Local\Temp\BOFUPMJWUSFVSNIBDJEE\NEXEWRILCY.NYTJFQMCR

Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\BOFUPMJWUSFVSNIBDJEE\NSKHOR.REWUOFFUME

Filesize
685B

MD5
b5441fe5a23327d64edc743d0b08ce27

SHA1
4c74c4a30aeb44f1c111cc063accaf58cbd06629

SHA256
5a4390abf24feac5ebbf727734982078d2d44016ed5c06e6ab8a8139211dfb10

SHA512
601e73b4fdc63c930df2e548a7b63c45233ed0f7e2e82d711d4e73d12834ecda7a075fb848a3522d63f86364a950dd6e77f49233bf68e084a8a34405d6376481

Download Submit
C:\Users\Admin\AppData\Local\Temp\BOFUPMJWUSFVSNIBDJEE\PKSPOJEGLU.SMFSMLXSD

Filesize
96KB

MD5
72145b626f40a517e1eaeb6da867bcfc

SHA1
128bff473a3c27309cf214b500b66c07f573dc92

SHA256
51f32a627b5e47ac5a8a869b2371e75175c1c0dda577db6468eb6d60f26a4c92

SHA512
20a22c87114fb59cd818e15818e7e361691a82eb54e762df15738f041f3e126914fa698cead1308f0a6fc566a8bc67c00e53f0e426693db59aeb09cbc2efc4a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\BOFUPMJWUSFVSNIBDJEE\QXSJVNXXOJXIDDWLXJDSO.OLJWSOPLSUYGOGTWPTP

Filesize
616B

MD5
eb8c851f62cd4e5845825cad262c85d6

SHA1
03979d3e532e673a158b39910d53d1d4ddeeb499

SHA256
8afb18cd681eace9f4db5c4a97836a567a82c09a0cc69f0c31334555f2002100

SHA512
3615c182469a2abb2baff1d9ad5f4c12eef870b30c15c6d9209561fd5a1fcf8532c20c6c3763006351983c5c41a14c2bb4a65fea86f0719610363cf5ef694532

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 668836.crdownload

Filesize
367KB

MD5
6d037001b224adbafb9203e28412528a

SHA1
060162104120846e031a246cf7d602e2803c4e94

SHA256
11509d1c300588a8176d444e1d9971db236ec3a040d57706e54a6eb8a58271ed

SHA512
4c8d2972e875414527566bc64d407dcc59974c513dd996f3f43df052d6daa9cf8531a6b1b1014978863bc80c7d273ad6bffbdec3888193eacc7749a47fa1d4b5

Download Submit
C:\vcredist2010_x64.log-MSI_vc_red.msi.txt

Filesize
380KB

MD5
a05506a7cb3f469014f80fc863cc0256

SHA1
7db78a9af94798da45d645bc5a2e32b2a4d2458b

SHA256
c4dbf4386bf533677a75c02df882dd7ef59db047863709899740d88efbcbd324

SHA512
50e70e78d57f3193046172ce27df17c3f32b10f8a21ec15e9e12aa061fe9f886a328fba00b2bc1f444cf9e07435de23b01092492db32eef57abaf11275064b79

Download Submit
C:\vcredist2010_x64.log.html

Filesize
86KB

MD5
43024d49fa948752267fe671633fed7c

SHA1
b2ff13c5ae8ec98d0306dd2ff8342646f2d07a11

SHA256
0eeb0536ad7542dac9140a41441f6d6857480b51d986a610175dcf10bf47e713

SHA512
ed1de12c38bfcf79efa928db106e4dba8c46b2a76af6a2a00e36ec01f2ed8d100eb0b283bc26b9977f1e8f14e522ae92ebaa98f9f712adb1bd4113894c698b2a

Download Submit
C:\vcredist2010_x86.log-MSI_vc_red.msi.txt

Filesize
396KB

MD5
080f56eb3d4c35b3b410ad599c001373

SHA1
c5d0c36aae490d8e6cee6bc2929eb508d4918a62

SHA256
2fd58149afa9ef0159f167db7f65002f1513ec4d7d4e2e2f54a66fb7cf880d5b

SHA512
a98d6c01891bcfe201d9c08b4ee58ab6044c24ca0734eb7cebf77a5cb797e3e3e5caba10ced088c22c41d76daa8bb01ecdf7b6db517e6ec8edc33f0487bee61c

Download Submit
C:\vcredist2010_x86.log.html

Filesize
81KB

MD5
5da5a3376ed064b6318e05e2f30b3bd5

SHA1
8082e0fd9a0a9a37c7ef6bfac65ad3b728c7c7fb

SHA256
f7809858e32d21d6cdc165a6070550fbe5edf8c6d75cf3ccc411ba3e023e4ea2

SHA512
a465fb6104b9a670c64d768d775deb5826e2d6d59025845171a3a7e909146561e1b818983d4ee344c61f80931467cee8e090e172649d1c52125a0e2b617478e6

Download Submit
C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log

Filesize
168KB

MD5
c6423e869522fc1f095c69335c7aad60

SHA1
5c0472e15642c36ba3a2fe2a0ce3a8bb1c43bbed

SHA256
587e21162879f1a1f15042f0d14c57b3ef98ba16ed2fe4c2dfdac1ade2f91517

SHA512
3e49987e64e3b9e4f33a2fd244c1053cb2172ec0974906d56f900b4d50bfa99dba62a7f1248a5c6335e35821ce114bc8a739f71dabeaafc0d1516897f873916f

Download Submit
C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log

Filesize
195KB

MD5
aef783ff172efd6470c20af8f35843d0

SHA1
0ad1c3d12faf46cb4e8923c9c914ec93530315db

SHA256
9f5e21adf2f0be437c6135cd856c57e7ad69d29923b31dfca2fbd7f766249f91

SHA512
cfe9bcbc45d26925876f8bf01c384e10875640f1ce9d015ed99928ab70badb608577909f86d0559b1e6d211dedad460ad700abae03a2eb1a6262ca26433b51ff

Download Submit
C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log

Filesize
171KB

MD5
e7cc72cad72f1aa24a0b4492f400707d

SHA1
2cc8917f6d00c9f07a9bf76da7ec959632e73b68

SHA256
31581c80a57ef42f9a527fcdb48276ab9be946ac90027bfa97c10392eb521c34

SHA512
63eb6f5a8da2cf5e6e6cc0c384ab700c0c65483ee33232ab2aeeded086fd2cfc98bb3be208f086a1a5ca39581fb443a533627b90f0aaac05158278be87c4a560

Download Submit
C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log

Filesize
208KB

MD5
4ffef47f06dd7668580043147e20bb54

SHA1
c8d39728be1199f8d15a0d975702ef92fde51ae1

SHA256
5dbb5de852dac098b736a16c0f0dace46049310653b7c615f55d8b023179d5a4

SHA512
f42d08c007d6803089f6b0c7f2959f389a692d83c9adaed34fd131675e1d04673885b8c2e2dfe010d43b646ae16359e1f7f3b634c7031278fe2114b1ce8c10f8

Download Submit
C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log

Filesize
170KB

MD5
1e9b52af6bdd1db6634d4c206b605812

SHA1
59eef438af5740b5c67789eb22b27238a017ecc5

SHA256
cbe9031229076f9ee1546d8ca681cb675216a0d8b3a2e2b5ff41a2ab7f9e8c6f

SHA512
6c7f8e2d5070690d5d91819bc8e649f95be7211e9a19e1d5d707f07c53e6f9580f6692e04920af4debdbb15a6b9694dadc292417a7b50a7a784e7a114636995d

Download Submit
C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log

Filesize
191KB

MD5
b9ce1f054e230609b22b162eafae55ff

SHA1
95395b742a90f951df702f68c58f0acf14c2ab7a

SHA256
4a641451f2714116ccbef763369fec32c623de01e957169c22bbb8cef3da1f07

SHA512
3e295227f9bf874f115f2de61fc98c82a7d59e2ea7c6df8c7ad0648d53e1b0e80caa85b2497c110937cf0fd1173fbef88c48c4d5741ac7d516e8ca226f430593

Download Submit
C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log

Filesize
170KB

MD5
0a4dbaeeee2c723da7ded96f0b15c1e6

SHA1
a2dcaf38336c6e53e30a7e48ffc4aa0dbd2d9fe4

SHA256
80e8737e51914831e035f4911b145b5c111f2e252cdc36e988e36566c1f4fb47

SHA512
cae4b84935f20aa2506dd1bff3d31f5256d7c255937d49cd0c0661fc7a114494fee0e12862797f743399ac1ff9d99484cbe3d97af8a554dc92e4d5bbaa3ada96

Download Submit
C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log

Filesize
198KB

MD5
db409a324e351811838749106390b3b6

SHA1
48b048e9ef5fd2b96c03a062339e45bdf90f968e

SHA256
72da53d1411b36d5530ff76ed095ac2f85ff3e81db7d0427e17125d2fa34f10c

SHA512
3fa005682c9a2725f95427dc80ec001441b08127926bedc43194f7e75d678df37e9169427705f238f5460ea8dfaf99a2a7ba9b7033dd3c09caa3db0d29195d29

Download Submit
C:\vcredist2022_x64_000_vcRuntimeMinimum_x64.log

Filesize
123KB

MD5
9d2898481f1beee33891a97078bf93f4

SHA1
29003161b2a675edc2e91ebbbd902288f10c3d6f

SHA256
dd53da01045c50c58068756bb1a4fe103e4b20acf17e8c5a2e5a6186dff98e5c

SHA512
4d1914ecd98eff0e1e6ec92c74db825bba3b3598823f300d51cc53a9b92fb746980cc016b4fcbca3376440e7d0336766b8ebacebb46cf0d6f7d88560a75d81ae

Download Submit
C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log

Filesize
129KB

MD5
151dd8739a7dcc234dbe478f7d6993ab

SHA1
7d55528fcde199760541728137f94ef33bab21dc

SHA256
968e10f09d86c2b92d6133587d168aef7c922435727e56f885a70603dce674c6

SHA512
d57fe8b7211df1592c544b85f705c79ff0cf0a55d95e014309c7d77f384d0ef813a7d0fd1811e7f5f1e4e8e077b28e73ab566a6831fc904aad3830486f6a11a9

Download Submit
memory/4696-284-0x00007FF8BA330000-0x00007FF8BA525000-memory.dmp

Filesize
2.0MB

Download
memory/4696-292-0x00007FF8BA330000-0x00007FF8BA525000-memory.dmp

Filesize
2.0MB

Download
memory/4696-290-0x00007FF877B00000-0x00007FF877B10000-memory.dmp

Filesize
64KB

Download
memory/4696-327-0x00007FF87A3B0000-0x00007FF87A3C0000-memory.dmp

Filesize
64KB

Download
memory/4696-328-0x00007FF87A3B0000-0x00007FF87A3C0000-memory.dmp

Filesize
64KB

Download
memory/4696-329-0x00007FF87A3B0000-0x00007FF87A3C0000-memory.dmp

Filesize
64KB

Download
memory/4696-330-0x00007FF87A3B0000-0x00007FF87A3C0000-memory.dmp

Filesize
64KB

Download
memory/4696-331-0x00007FF8BA330000-0x00007FF8BA525000-memory.dmp

Filesize
2.0MB

Download
memory/4696-332-0x00007FF8BA330000-0x00007FF8BA525000-memory.dmp

Filesize
2.0MB

Download
memory/4696-291-0x00007FF8BA330000-0x00007FF8BA525000-memory.dmp

Filesize
2.0MB

Download
memory/4696-289-0x00007FF8BA330000-0x00007FF8BA525000-memory.dmp

Filesize
2.0MB

Download
memory/4696-287-0x00007FF877B00000-0x00007FF877B10000-memory.dmp

Filesize
64KB

Download
memory/4696-288-0x00007FF8BA330000-0x00007FF8BA525000-memory.dmp

Filesize
2.0MB

Download
memory/4696-286-0x00007FF8BA330000-0x00007FF8BA525000-memory.dmp

Filesize
2.0MB

Download
memory/4696-285-0x00007FF8BA330000-0x00007FF8BA525000-memory.dmp

Filesize
2.0MB

Download
memory/4696-283-0x00007FF8BA330000-0x00007FF8BA525000-memory.dmp

Filesize
2.0MB

Download
memory/4696-282-0x00007FF87A3B0000-0x00007FF87A3C0000-memory.dmp

Filesize
64KB

Download
memory/4696-281-0x00007FF8BA330000-0x00007FF8BA525000-memory.dmp

Filesize
2.0MB

Download
memory/4696-276-0x00007FF87A3B0000-0x00007FF87A3C0000-memory.dmp

Filesize
64KB

Download
memory/4696-280-0x00007FF87A3B0000-0x00007FF87A3C0000-memory.dmp

Filesize
64KB

Download
memory/4696-278-0x00007FF87A3B0000-0x00007FF87A3C0000-memory.dmp

Filesize
64KB

Download
memory/4696-279-0x00007FF8BA330000-0x00007FF8BA525000-memory.dmp

Filesize
2.0MB

Download
memory/4696-277-0x00007FF8BA330000-0x00007FF8BA525000-memory.dmp

Filesize
2.0MB

Download
memory/4696-275-0x00007FF87A3B0000-0x00007FF87A3C0000-memory.dmp

Filesize
64KB

Download