8248e415d71e8eeabb7f4b651a88f2ad3cb17332055079ac6b4d717b7f735c00

Analysis

max time kernel
2699s
max time network
2702s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
12-03-2024 20:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Download (1).mp4
Size

452KB
MD5

9bbe26eb2991c0abaede76f092483dd5
SHA1

89cc62b3451e86010fa047fb91df598ade3eecc9
SHA256

8248e415d71e8eeabb7f4b651a88f2ad3cb17332055079ac6b4d717b7f735c00
SHA512

ab0caa21cdf88e2f930ceaeac95c4d0760d2a50b69058c2dfe285ba82f344119e6fbe8544fd42ca5f217947c7f055c1012256569ad33e18b04557d0892017c7f
SSDEEP

12288:TyjzW8aL7/nyXI+xCvT9y77bRSjhs5U+MuP:7X/n5+gvJJj4RD

Score

8^/10

discovery evasion

Malware Config

Signatures

Downloads MZ/PE file
Stops running service(s) 3 TTPs
evasion

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Executes dropped EXE 10 IoCs

pid	Process
3732	dismhost.exe
5720	CheatEngine75.exe
5696	CheatEngine75.tmp
4916	CheatEngine75.exe
5460	CheatEngine75.tmp
3508	_setup64.tmp
3856	Kernelmoduleunloader.exe
5336	windowsrepair.exe
5212	Cheat Engine.exe
2344	cheatengine-x86_64-SSE4-AVX2.exe

Loads dropped DLL 13 IoCs

pid	Process
3732	dismhost.exe
3732	dismhost.exe
3732	dismhost.exe
3732	dismhost.exe
3732	dismhost.exe
5696	CheatEngine75.tmp
2344	cheatengine-x86_64-SSE4-AVX2.exe
2344	cheatengine-x86_64-SSE4-AVX2.exe
2344	cheatengine-x86_64-SSE4-AVX2.exe
2344	cheatengine-x86_64-SSE4-AVX2.exe
2344	cheatengine-x86_64-SSE4-AVX2.exe
2344	cheatengine-x86_64-SSE4-AVX2.exe
2344	cheatengine-x86_64-SSE4-AVX2.exe

Modifies file permissions 1 TTPs 2 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4784	icacls.exe
5540	icacls.exe

Checks for any installed AV software in registry 1 TTPs 6 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000\SOFTWARE\AVAST Software\Avast	CheatEngine75.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir	CheatEngine75.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir	CheatEngine75.tmp
Key opened	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000\SOFTWARE\AVG\AV\Dir	CheatEngine75.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	CheatEngine75.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	CheatEngine75.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe

Drops file in System32 directory 46 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\LogFiles\setupcln\setuperr.log	cleanmgr.exe
File opened for modification	C:\Windows\System32\oleaut32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\combase.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\ws2_32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\bcryptPrimitives.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\system32\explorerframe.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\KERNELBASE.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SYSTEM32\apphelp.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\gdi32full.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\imm32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SYSTEM32\winmm.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SYSTEM32\PROPSYS.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\psapi.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\sechost.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\shcore.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SYSTEM32\msimg32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\system32\LogFiles\setupcln\diagerr.xml	cleanmgr.exe
File opened for modification	C:\Windows\system32\LogFiles\setupcln\setupact.log	cleanmgr.exe
File opened for modification	C:\Windows\System32\ucrtbase.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SYSTEM32\uxtheme.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SYSTEM32\wsock32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SYSTEM32\opengl32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SYSTEM32\wintypes.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\msvcp_win.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\RPCRT4.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\user32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\advapi32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\msvcrt.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\shell32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\MSCTF.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\system32\LogFiles\setupcln\diagwrn.xml	cleanmgr.exe
File opened for modification	C:\Windows\System32\KERNEL32.DLL	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\ole32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\comdlg32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SYSTEM32\hhctrl.ocx	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SYSTEM32\GLU32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SYSTEM32\dxcore.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\clbcatq.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SYSTEM32\ntdll.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\win32u.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\GDI32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SYSTEM32\version.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\SHLWAPI.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SYSTEM32\wininet.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SYSTEM32\kernel.appcore.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SYSTEM32\windows.storage.dll	cheatengine-x86_64-SSE4-AVX2.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Cheat Engine 7.5\fwpuclnt.pdb	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Program Files\Cheat Engine 7.5\ced3d11hook.dll	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\badassets\is-0TPCR.tmp	CheatEngine75.tmp
File opened for modification	C:\Program Files\Cheat Engine 7.5\symbols\dll\shlwapi.pdb	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Program Files\Cheat Engine 7.5\dll\oleaut32.pdb	cheatengine-x86_64-SSE4-AVX2.exe
File created	C:\Program Files\Cheat Engine 7.5\is-LAPO3.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\include\is-933F8.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-Q51GC.tmp	CheatEngine75.tmp
File opened for modification	C:\Program Files\Cheat Engine 7.5\symbols\DLL\dhcpcsvc.pdb	cheatengine-x86_64-SSE4-AVX2.exe
File created	C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-LILJO.tmp	CheatEngine75.tmp
File opened for modification	C:\Program Files\Cheat Engine 7.5\user32.pdb	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Program Files\Cheat Engine 7.5\symbols\dll\version.pdb	cheatengine-x86_64-SSE4-AVX2.exe
File created	C:\Program Files\Cheat Engine 7.5\is-9EG32.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\include\is-SR6UD.tmp	CheatEngine75.tmp
File opened for modification	C:\Program Files\Cheat Engine 7.5\dll\shell32.pdb	cheatengine-x86_64-SSE4-AVX2.exe
File created	C:\Program Files\Cheat Engine 7.5\plugins\is-BCDTQ.tmp	CheatEngine75.tmp
File opened for modification	C:\Program Files\Cheat Engine 7.5\rsaenh.pdb	cheatengine-x86_64-SSE4-AVX2.exe
File created	C:\Program Files\Cheat Engine 7.5\include\sec_api\is-16RBN.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\is-SBKM1.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-53S9A.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-32I67.tmp	CheatEngine75.tmp
File opened for modification	C:\Program Files\Cheat Engine 7.5\version.pdb	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Program Files\Cheat Engine 7.5\dll\cryptnet.pdb	cheatengine-x86_64-SSE4-AVX2.exe
File created	C:\Program Files\Cheat Engine 7.5\include\sec_api\is-92J95.tmp	CheatEngine75.tmp
File opened for modification	C:\Program Files\Cheat Engine 7.5\profapi.pdb	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Program Files\Cheat Engine 7.5\symbols\dll\psapi.pdb	cheatengine-x86_64-SSE4-AVX2.exe
File created	C:\Program Files\Cheat Engine 7.5\is-UOE9E.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\is-88DSD.tmp	CheatEngine75.tmp
File opened for modification	C:\Program Files\Cheat Engine 7.5\WinTypes.pdb	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Program Files\Cheat Engine 7.5\symbols\dll\crypt32.pdb	cheatengine-x86_64-SSE4-AVX2.exe
File created	C:\Program Files\Cheat Engine 7.5\is-32J0N.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\is-Q1QQG.tmp	CheatEngine75.tmp
File opened for modification	C:\Program Files\Cheat Engine 7.5\symbols\dll\rasadhlp.pdb	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Program Files\Cheat Engine 7.5\cryptnet.pdb	cheatengine-x86_64-SSE4-AVX2.exe
File created	C:\Program Files\Cheat Engine 7.5\plugins\is-L1FL2.tmp	CheatEngine75.tmp
File opened for modification	C:\Program Files\Cheat Engine 7.5\symbols\ocx\hhctrl.pdb	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Program Files\Cheat Engine 7.5\dll\OnDemandConnRouteHelper.pdb	cheatengine-x86_64-SSE4-AVX2.exe
File created	C:\Program Files\Cheat Engine 7.5\include\is-GINFS.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\include\is-58VAB.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\include\sys\is-E45LR.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\badassets\is-825C4.tmp	CheatEngine75.tmp
File opened for modification	C:\Program Files\Cheat Engine 7.5\libipt-64.dll	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\win32\is-FC9RP.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\include\is-UTDKG.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-Q89CN.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-5SJ5V.tmp	CheatEngine75.tmp
File opened for modification	C:\Program Files\Cheat Engine 7.5\dll\psapi.pdb	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Program Files\Cheat Engine 7.5\dll\msimg32.pdb	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Program Files\Cheat Engine 7.5\tcc64-32.pdb	cheatengine-x86_64-SSE4-AVX2.exe
File created	C:\Program Files\Cheat Engine 7.5\win64\is-SUHQ5.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-3OIS5.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-23AC7.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-00C6H.tmp	CheatEngine75.tmp
File opened for modification	C:\Program Files\Cheat Engine 7.5\dll\combase.pdb	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Program Files\Cheat Engine 7.5\dll\glu32.pdb	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Program Files\Cheat Engine 7.5\d3dhook64.dll	CheatEngine75.tmp
File opened for modification	C:\Program Files\Cheat Engine 7.5\gtutorial-i386.exe	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common\is-L896O.tmp	CheatEngine75.tmp
File opened for modification	C:\Program Files\Cheat Engine 7.5\wininet.pdb	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Program Files\Cheat Engine 7.5\webio.pdb	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Program Files\Cheat Engine 7.5\dll\webio.pdb	cheatengine-x86_64-SSE4-AVX2.exe
File created	C:\Program Files\Cheat Engine 7.5\include\is-S9PCC.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\autorun\forms\is-H9M2V.tmp	CheatEngine75.tmp
File opened for modification	C:\Program Files\Cheat Engine 7.5\symbols\dll\uxtheme.pdb	cheatengine-x86_64-SSE4-AVX2.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Logs\DISM\dism.log	cleanmgr.exe
File opened for modification	C:\Windows\Logs\DISM\dism.log	dismhost.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	cleanmgr.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll	cheatengine-x86_64-SSE4-AVX2.exe

Launches sc.exe 2 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
2728	sc.exe
5848	sc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 40 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0067	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0067	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0067\	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0067\	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	cleanmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	CheatEngine75.tmp
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	CheatEngine75.tmp

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133547501208134740"	chrome.exe

Modifies registry class 13 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\DefaultIcon\ = "C:\\Program Files\\Cheat Engine 7.5\\Cheat Engine.exe,0"	CheatEngine75.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-160263616-143223877-1356318919-1000\{380C2A9D-EC14-4EF0-8463-F24B57A9A61E}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine	CheatEngine75.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\DefaultIcon	CheatEngine75.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.CETRAINER	CheatEngine75.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\ = "Cheat Engine"	CheatEngine75.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open\command	CheatEngine75.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open	CheatEngine75.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open\command\ = "\"C:\\Program Files\\Cheat Engine 7.5\\Cheat Engine.exe\" \"%1\""	CheatEngine75.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell	CheatEngine75.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.CETRAINER\ = "CheatEngine"	CheatEngine75.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.CT	CheatEngine75.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.CT\ = "CheatEngine"	CheatEngine75.tmp

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 734001.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\CheatEngine75.exe:Zone.Identifier	msedge.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 44 IoCs

pid	Process
3600	chrome.exe
3600	chrome.exe
4236	chrome.exe
4236	chrome.exe
3000	msedge.exe
3000	msedge.exe
2120	msedge.exe
2120	msedge.exe
3584	msedge.exe
3584	msedge.exe
2616	identity_helper.exe
2616	identity_helper.exe
2952	msedge.exe
2952	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
6088	msedge.exe
6088	msedge.exe
5696	CheatEngine75.tmp
5696	CheatEngine75.tmp
5696	CheatEngine75.tmp
5696	CheatEngine75.tmp
5696	CheatEngine75.tmp
5696	CheatEngine75.tmp
5696	CheatEngine75.tmp
5696	CheatEngine75.tmp
5696	CheatEngine75.tmp
5696	CheatEngine75.tmp
5696	CheatEngine75.tmp
5696	CheatEngine75.tmp
5696	CheatEngine75.tmp
5696	CheatEngine75.tmp
5696	CheatEngine75.tmp
5696	CheatEngine75.tmp
5696	CheatEngine75.tmp
5696	CheatEngine75.tmp
5696	CheatEngine75.tmp
5696	CheatEngine75.tmp
5696	CheatEngine75.tmp
5696	CheatEngine75.tmp
5460	CheatEngine75.tmp
5460	CheatEngine75.tmp

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2344	cheatengine-x86_64-SSE4-AVX2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 51 IoCs

pid	Process
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4776	unregmp2.exe
Token: SeCreatePagefilePrivilege	4776	unregmp2.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 240	3000	wmplayer.exe	81
PID 3000 wrote to memory of 240	3000	wmplayer.exe	81
PID 3000 wrote to memory of 240	3000	wmplayer.exe	81
PID 3000 wrote to memory of 1592	3000	wmplayer.exe	82
PID 3000 wrote to memory of 1592	3000	wmplayer.exe	82
PID 3000 wrote to memory of 1592	3000	wmplayer.exe	82
PID 1592 wrote to memory of 4776	1592	unregmp2.exe	83
PID 1592 wrote to memory of 4776	1592	unregmp2.exe	83
PID 3600 wrote to memory of 3620	3600	chrome.exe	88
PID 3600 wrote to memory of 3620	3600	chrome.exe	88
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 4948	3600	chrome.exe	90
PID 3600 wrote to memory of 1476	3600	chrome.exe	91
PID 3600 wrote to memory of 1476	3600	chrome.exe	91
PID 3600 wrote to memory of 1052	3600	chrome.exe	92
PID 3600 wrote to memory of 1052	3600	chrome.exe	92
PID 3600 wrote to memory of 1052	3600	chrome.exe	92
PID 3600 wrote to memory of 1052	3600	chrome.exe	92
PID 3600 wrote to memory of 1052	3600	chrome.exe	92
PID 3600 wrote to memory of 1052	3600	chrome.exe	92
PID 3600 wrote to memory of 1052	3600	chrome.exe	92
PID 3600 wrote to memory of 1052	3600	chrome.exe	92
PID 3600 wrote to memory of 1052	3600	chrome.exe	92
PID 3600 wrote to memory of 1052	3600	chrome.exe	92
PID 3600 wrote to memory of 1052	3600	chrome.exe	92
PID 3600 wrote to memory of 1052	3600	chrome.exe	92
PID 3600 wrote to memory of 1052	3600	chrome.exe	92
PID 3600 wrote to memory of 1052	3600	chrome.exe	92

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Download (1).mp4"
1⤵
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Download (1).mp4"
  2⤵
  PID:240
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1592
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:4776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffc71749758,0x7ffc71749768,0x7ffc71749778
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1808,i,1092656401250339410,226561472915487469,131072 /prefetch:2
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1808,i,1092656401250339410,226561472915487469,131072 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1808,i,1092656401250339410,226561472915487469,131072 /prefetch:8
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3176 --field-trial-handle=1808,i,1092656401250339410,226561472915487469,131072 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1808,i,1092656401250339410,226561472915487469,131072 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4516 --field-trial-handle=1808,i,1092656401250339410,226561472915487469,131072 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1808,i,1092656401250339410,226561472915487469,131072 /prefetch:8
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1808,i,1092656401250339410,226561472915487469,131072 /prefetch:8
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5064 --field-trial-handle=1808,i,1092656401250339410,226561472915487469,131072 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2400 --field-trial-handle=1808,i,1092656401250339410,226561472915487469,131072 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1116 --field-trial-handle=1808,i,1092656401250339410,226561472915487469,131072 /prefetch:1
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2384 --field-trial-handle=1808,i,1092656401250339410,226561472915487469,131072 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2308 --field-trial-handle=1808,i,1092656401250339410,226561472915487469,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4236

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4680

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:4640

C:\Windows\System32\cleanmgr.exe
"C:\Windows\System32\cleanmgr.exe" /D C
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:2892
- C:\Users\Admin\AppData\Local\Temp\885C2B10-8321-4581-ABC9-E2A92D2F45AC\dismhost.exe
  C:\Users\Admin\AppData\Local\Temp\885C2B10-8321-4581-ABC9-E2A92D2F45AC\dismhost.exe {1DD75783-8734-4B03-A7D8-2A9856DDBBAD}
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  PID:3732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc601a3cb8,0x7ffc601a3cc8,0x7ffc601a3cd8
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6076 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7544 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7548 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:6088
- C:\Users\Admin\Downloads\CheatEngine75.exe
  "C:\Users\Admin\Downloads\CheatEngine75.exe"
  2⤵
  - Executes dropped EXE
  PID:5720
- - C:\Users\Admin\AppData\Local\Temp\is-DUAG4.tmp\CheatEngine75.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-DUAG4.tmp\CheatEngine75.tmp" /SL5="$502EE,29019897,780800,C:\Users\Admin\Downloads\CheatEngine75.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks for any installed AV software in registry
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\is-AH2PD.tmp\CheatEngine75.exe
      "C:\Users\Admin\AppData\Local\Temp\is-AH2PD.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
      4⤵
      Executes dropped EXE
      PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\is-63VV4.tmp\CheatEngine75.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-63VV4.tmp\CheatEngine75.tmp" /SL5="$D030E,26511452,832512,C:\Users\Admin\AppData\Local\Temp\is-AH2PD.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
        5⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:5460
      - C:\Windows\SYSTEM32\net.exe
        
        "net" stop BadlionAntic
        6⤵
        
        PID:5516
        
        C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 stop BadlionAntic
        7⤵
        
        PID:5552
      - C:\Windows\SYSTEM32\net.exe
        
        "net" stop BadlionAnticheat
        6⤵
        
        PID:5748
        
        C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 stop BadlionAnticheat
        7⤵
        
        PID:5816
      - C:\Windows\SYSTEM32\sc.exe
        
        "sc" delete BadlionAntic
        6⤵
        Launches sc.exe
        
        PID:5848
      - C:\Windows\SYSTEM32\sc.exe
        
        "sc" delete BadlionAnticheat
        6⤵
        Launches sc.exe
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\is-HN31S.tmp\_isetup\_setup64.tmp
        
        helper 105 0x90
        6⤵
        Executes dropped EXE
        
        PID:3508
      - C:\Windows\system32\icacls.exe
        
        "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
        6⤵
        Modifies file permissions
        
        PID:4784
      - C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe
        
        "C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe" /SETUP
        6⤵
        Executes dropped EXE
        
        PID:3856
      - C:\Program Files\Cheat Engine 7.5\windowsrepair.exe
        
        "C:\Program Files\Cheat Engine 7.5\windowsrepair.exe" /s
        6⤵
        Executes dropped EXE
        
        PID:5336
      - C:\Windows\system32\icacls.exe
        
        "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
        6⤵
        Modifies file permissions
        
        PID:5540
  - - C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe
      "C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"
      4⤵
      Executes dropped EXE
      PID:5212
    - - C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe
        
        "C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Drops file in Program Files directory
        Drops file in Windows directory
        Suspicious behavior: GetForegroundWindowSpam
        
        PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7944 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8024 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5187847876943862229,5836845227191792835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8336 /prefetch:1
  2⤵
  PID:5808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4060

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2376

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004DC
1⤵
PID:2004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

File and Directory Permissions Modification

T1222

Impair Defenses

T1562

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe

Filesize
389KB

MD5
f921416197c2ae407d53ba5712c3930a

SHA1
6a7daa7372e93c48758b9752c8a5a673b525632b

SHA256
e31b233ddf070798cc0381cc6285f6f79ea0c17b99737f7547618dcfd36cdc0e

SHA512
0139efb76c2107d0497be9910836d7c19329e4399aa8d46bbe17ae63d56ab73004c51b650ce38d79681c22c2d1b77078a7d7185431882baf3e7bef473ac95dce

Download Submit
C:\Program Files\Cheat Engine 7.5\badassets\scoreboard.png

Filesize
5KB

MD5
5cff22e5655d267b559261c37a423871

SHA1
b60ae22dfd7843dd1522663a3f46b3e505744b0f

SHA256
a8d8227b8e97a713e0f1f5db5286b3db786b7148c1c8eb3d4bbfe683dc940db9

SHA512
e00f5b4a7fa1989382df800d168871530917fcd99efcfe4418ef1b7e8473caea015f0b252cac6a982be93b5d873f4e9acdb460c8e03ae1c6eea9c37f84105e50

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
22d47fde80501801656894bc91506aa6

SHA1
c5550f5450eca9b24416c56d722b7a6d7d63bfb4

SHA256
326410334921c9a003ca819820b2f26e6a31201d54a4b7dec0cf621756e46a94

SHA512
8abc97b035bc4a660184b1fd51ef190fc620d4017821d5e9ced6aee82fdc720be05eb412b606c4dcf2edbe354c370609bfc6ea8b5e14b6a26122f37ea5ffc6d2

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2a6d1977bf43433e8e40be9ab86fc402

SHA1
67ec255ae425b4504d77df29235ed3c7ef56e34c

SHA256
68c2eea66c8532e94c0a98a571438248937f218a68f42aefd8864081f2bb1737

SHA512
f262a55bc3247f5daeed08596f1040645841d07f8f84a2150547f65ef13b4fc662ab9481d3d68dbb716d439d66fca2a552489d5263e085415dbaf1716427ca73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
601ec12aa9008ee694d9d0232ec52347

SHA1
b6ac6b85ff47ac00b4f7e857371d546f1edeabbf

SHA256
c90ed0407c8db5f0b3a6e58dc3561e04add2ff5a0511478201c2780af0b194a7

SHA512
1fb30f906a42db90ae1d4bff0f01141aacf51f54fd80b567ea5c8f3966ea7bbc7b6b6af0220bafb7584c4fd19121b0ffcbfa60bb2dc48a65989b314d107d86f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e93e14ba1c83d479a9e56c13e3aa997e

SHA1
945a796b5a8a0aa053626bfbcfba2a5a145c0bc9

SHA256
a19033032235968f24eb783102e79a1a98103a92339f3918ba336761d3b5ca4a

SHA512
1e2d809eb6a65fda7bb4cdd1eff95fddfcd9e933838769dd070316d6d2fdf3842b33cb997252e7539ef3deb0a5eb4f2f61e4c91be20eef396948c9864ea33cba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
b5d2d735cc9e851e013a5353a3e82fb3

SHA1
4681db4a5584dc2994029f36b786990647fd199f

SHA256
2cbf08d279d789cfab86395671a1e71e6bcf6569b9767688e177f67c7cb66dc2

SHA512
f34156e59a8055561a1dcccff712bac1b671960923b1fb4e917425b19c02e6ece5bd123f1080af55ca6a7d9ffae93cb0adfd36026dce80492033f39f081b4a90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
9ec24d6f5e311c4841ef8f9529b6b0a1

SHA1
f8ee2947e3593034eb870dca2d73c119f8387eda

SHA256
89432f33292465c884dcb6588c00b1422f5cac994ed08787ba330bb1f006c234

SHA512
e987ba72b5df7e88caed7551b93253bc37fec2a88eaade1e5d3075143bb27781f8e510ee6afd49321258dcbc8feea6a221aa643a84a6c08a4cdf53fb59f8186e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
44139b933bb17ecb2191a92013f587c3

SHA1
795c354d844e2219754abfedb42e0a9ae1621645

SHA256
e8d11a6005b28daab0205e337b1d70730bf0aae608a8594a8374045f54c871a6

SHA512
4e1dea5c6d523df59481bbfdaa7ecb40144d63075fdff437c71c5b2ebf732c201876ce19cd1ada54e14b36f8f560c844975a1f96d6cbaad089b77c5f3664a316

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c4a9e9b87dfbecbbb13e39407b71cea6

SHA1
b54fa91a29cbbf9bb2dcf342a6a5e4f42453656e

SHA256
727e699f656beccd4aa09ea5b0fca358e2dcb012104d3549e8c79e2f0f7192bb

SHA512
a0cf294b0f13f58b3fd3b52359c96d4c4186cf0b3af69ebf17464dd59a3940c00a60b9d457125142eb7192bc06c1bd1d749648362c6f9d27ea129e4ec0319ba4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3db6701a597657f9fbb285afcaf8d100

SHA1
98a50ec76613681887301c39c6c6fb5874412d29

SHA256
741175dcf465476a3987c3b4707764f7f032c530f36ddd5842c4978a8815537b

SHA512
4ec006b98a1ab9efa88d292b5e5d162a55f07308e40585fc96f1228f4f6a996cbeec6b17584f3e19eab9947865311a08a2635fe807e8817f552dc7f1f054682d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4137f52d2829df15bb7003b5165e6a0c

SHA1
906b1379628d90c74a45f738e4d8078582870780

SHA256
466ae5884ec94175d19ce41ee6e3643f42bed763e80446c95bb0fd2c67110641

SHA512
959615234252a7457f976eef294795ecc56d90ea846bbbae049ffec41a692f1e2f7aa4f0ee95d37cdf1564d122408e9749ea07ad1ee739d78210fe0427139c6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
7efc4d1a8600ecb5b3ec6c434c411957

SHA1
0723d246625f7e8293654e80e9b21ce94489eec8

SHA256
0bff2750fe818c42a21e3aad046802e97167ae5c661615e8d8ebdd9c90b8e8bc

SHA512
aae604549b98d0e48abe19d5fcbfaa884a0a3a10cd557090ad2db0868bae09ac686fb0bd81bb5c8f816904005092492d946d65d8b60ec775ea8ee05603a2e9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
8704b67ef324313d2fdebe1f0bd41cf8

SHA1
4d22a8f96ab383f3c0676e4d8916feaf2c264e41

SHA256
b8c2f5319b30399e5d089802c765b63f8c5800a09d78c7f582d2d35f4c4cd3a2

SHA512
23e32d44970cb518b265904c05e3277a6e90f60405ce95744486994d33d8fde822fd6483bf4be5bb632c97264cb78d9e7e63b0b10123b1ff8c2cf17930e5fc83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
ba5e8d108153c8af0b5e2131efc2cb62

SHA1
574dd5db474a91b341b474d6686b4c10ad00c1da

SHA256
d4511899464a4bc9f371ada44ff63436ef208bbf2e1885652ed0c10b6f581e7e

SHA512
1c9bc3c702db16b4b667bb3aee6e74cc31729a118a31324d99c461de5a794f80fe392d2249ba79107dfed9186b18585660ad2d501a643fc4036b427ff477f8bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
4112400c380bac18a0687b5cbea43d0b

SHA1
f6c6dbe7621418cb12e3175c50790cd0ad7059f4

SHA256
a971e4b6a843bc0ecd31a39f0f40a77d681fd643ad29e9f24e45ec656968aff8

SHA512
5373da9906430f63634f25a09fc7f7ef76f8f114876ff298f77239504ceb65fdef07c3dcfef19b3918f30a22a69de7be24580a9db996683f0969bf1ae6b11741

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f2dc80f5403feb8461b7ffa09890d6a0

SHA1
d5b61e6d672e7e71571e0132e21cead181da8805

SHA256
eadeadba37eed18e5acba408d7e076270b00403fed372b77164577232232428a

SHA512
5e2119529b99b76be105c43714e4b9977ee2147172c1c44e92bd9b41fa7a66f55d4073c864aac668a912aff2898bd216fb38f2fe34ef65de69ad12965218caf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c48e8b68231fb5b2d7f1188b930bc0e

SHA1
1822aef5da8fdd47626fb91afcf79a2be175a325

SHA256
c3b287c29eaa57166b2ab1ba9bd0aaced13cc2f946a04b8d708ac429187fe944

SHA512
2bd09b83e44e0104fbe080a8573690217dc9fbf7fd59ff25a1a9e9ebd2d87ac533f9b99350773d081a7e748b39657115a13e94538b153bceb13ecdfc4672a0f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\630f8837-92dd-4f79-b10a-69f528e147ea.tmp

Filesize
10KB

MD5
6f1229254624b2adc1048f4013841818

SHA1
400c6f9e62a2dbe187470e5353ff7e462e529ddf

SHA256
1e188eee04534b7f9ca974249c8fa60c2b5680a6b9cf51d25f1cd61b10b5fcaf

SHA512
7beef5ba48541f986c5465794702507f171e82dd396af47b56f9d47253f2fad107e315a2841ec3a92f6b52e0f3d6ee39615a73220220d845171924a867061ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
67KB

MD5
88a552e6be1ac3978c49143983276b3a

SHA1
dbf4f4dc62a3da564b1a87b5191dc9a72a9b9423

SHA256
927121d8118a41fa3460b9ad84daeae59ea60dc9607e462b7e1341bea60da8d5

SHA512
125b13be3d209ff5cc12d8f9f12d01d271cd50c2800059241ebb419167c21adfa9d979ff6b8d88052f5d302e98090b7c8ceff4894b397168d8ba6d8a6204fb9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
32KB

MD5
e51d5a73c3611bb52db26942a6cd26fd

SHA1
8a750003a6fd6321eca6624012d638eb71edb5f3

SHA256
8a35d9b6767a86e337309319ca907cb0837e4b836f82143c58a02ccc94a11e7a

SHA512
597043744a4afab83b63ed43db92bbe813e6003844d5f8beb4d4e7f52cc4e40e3af08621da4eca9407d4ec5db114f03964c4d35bf3b94dac8225bbf007659670

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
1.1MB

MD5
e211d6f9c73674cf3acd9381f2583e64

SHA1
906822d2ff32de7a218342784a6eca9277324096

SHA256
3ddda4dac80d8779a3ce8697cc8132b717bcaf58417936c68a24c5f4b34baa60

SHA512
f4cc5d4b277f489ba93cc3b9f926d567da229f5ca3cf1d0b722f33c031e01fada39052f35de592b6eb655efb223abd769d2108f31150358277339d0b02ac4e50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
33KB

MD5
3cd0f2f60ab620c7be0c2c3dbf2cda97

SHA1
47fad82bfa9a32d578c0c84aed2840c55bd27bfb

SHA256
29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b

SHA512
ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008d

Filesize
19KB

MD5
3063a7e62c0b62d1df750848304a77c0

SHA1
2e93091ad21938d525b69cbacb1072cab03281e8

SHA256
bafc3557a30f9a45ae9feef34f3bf71d46d5c23c462ea584b131384adb712d35

SHA512
359be0ff7f43d7a2d21dbb49c58734e8c2d659c29b1e45b8392fe1adecd2c26e6b49e8783cf0449cb802dc5ec68ee3d3d822fa57c8f078df2b49a3bcb4e29475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
69ae9502423a6523b53a46e08fb55c0c

SHA1
039fbc04eb42e63f05395cc5802e212183914b1c

SHA256
2b4f7171e07dcd6af66b1fa39dccaec9804e9632a4cc66fd6618b584811e5cd2

SHA512
0783eff18bd3ba2a0326a991cef7e4ccf04374f9f94a591270be900b7321ac3d3fe151dfef6f8205b99759df1edb50e5bb2603f046ae0e244dac2d5e6f4fc337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
abfcdd2c8f223ae870e855158a5af78f

SHA1
dfa0e25bcee5c9e1da220b2e5c76c79e5d44ee99

SHA256
46111578c5c3ff2921d5a4ac8004b7f373313fbfcd94d37a9fb142929a2a9c65

SHA512
614ef9e17f633a4a23f265069c339ce4d9f0355ef23b683bf807f270d462e8bbd964b790273de3a4cde5a11f7ba4faf0d8bca9dd3c43e68ec81bcfa6cb183763

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
87177068b16e32d5ff11818788e73e07

SHA1
e9b82e852b81edfaac0bdbff90d0a17c27446771

SHA256
0583073a2dfcba04af0389acfede5366d1dbe3c5ab270499b8003550f547e474

SHA512
cafd5f2ad15e00e4f967dfb5a79a0e810c4a9a168d4ccb989e1ead92d8f2a550a5147ac1fb83c87a671bc145389b834be274b74df96e9ab712e788fa90d083d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
a3b319cc46bc1644f2b399b1884fed0e

SHA1
41cf0945ba0e7d18aa14c4c754b4d070b6ffe505

SHA256
a9655f09b2fcf13206208060bd358aaf848c40f9f67d3580e59c6d71227a64af

SHA512
c522c0f831959c67129562b143dfd2dae1aa88b77ec1e49fcf9d3ea08c37e30e51613afb09ac55c9b778006297cc027d4b0ed99413a29f2114af6d27311821c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
07ea4950db24d069612289d30d8af0c5

SHA1
ca4d0301adf71dcf7394a99ad587eb2b92feb45d

SHA256
1f6b460a13728638d9c158e24d28b46ca74a350fa47d4eef5269d0aa9f351e24

SHA512
0e2fd0efcc2cfcc41b6cf17cb77aba4890e141b4d0921a1dee66a8f5918d344f47be55d9425eb46607f171cb3904a20e29ec39ac5f9008f6b7edb2c1a66ebf5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
910694d2831064cb3ee5fa9938f32b73

SHA1
db31ecc92cfd454e555ded6032f612a24c568ca2

SHA256
fbf488dee045875ceb81affbe99e013f0c3bff0dbf20aad0c0da850175ba5965

SHA512
e8aa0f488be0c2194d9821440b75e7cc631a46b458e18d48fa19fb0e5eaa753eee62f8c654a3bb56c7dfdc0a75b8999b98464992a336ede9e258b53ad1c8bd45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dbcf13a9edd3805388a4272cfac14f48

SHA1
3d7d4114f8c05648b57bebdb7a7d465def51b276

SHA256
ab16c3d2eefb7c638bb63c3ba7c44f33e055cc1a33daaeda9755527019cc923e

SHA512
fa27b0bad46611e161f5dba3ac6656ab1882dbf369d83520cb2a84612887f19b613385b493fedacda14c056d3de731501a8c38d4736e4e195273b6c3ad51d1cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e3819cfd51c8b582018a868971fea97d

SHA1
60ccdcfe08df46460c231fff19ac4eccb1d0722c

SHA256
2a092d01b243d359a1f81804a6cac3b8998eb51c09cb12f4087ec23772455aec

SHA512
f805742968747622422b1ec96bcfce39e8ac062609f8350cece9c3c5fa84c336faea5b3f21a653ba67a7d2cc0675632fad18434715cfbef5200ea2ca75d78bed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
3fa5986e9d2d811c1258abc4c19e65cc

SHA1
0b4b88f140befe67d668ae82093b37f0227b9e98

SHA256
266cb1772ca1b1d06235e568777905cc61f5eeb3ae484161266ee394df7401dd

SHA512
e220ac78db4f054afebd656bd29e8b976648a3040460e0b3d4d8662cea5acb92f1e958912d0cd6e47c77f94198b0e2be5aad03bdd05ebf7460d9516b5da66664

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8b9ea7eff494e848f9d7ec5f48809846

SHA1
43cf1ed1624dcc0ececb9770497ffb6c95bc5f57

SHA256
380be60c35a3708e069e7e0b1ff67efdd8b81a0046bc68904a9ddcbd336bd3f6

SHA512
23f2532032dc2dd442822644c7d683eb795e88142e47eb9f0893cc7235c0efbf7d42f71d5dcda4c5d72409d3dcd82d9e4848ffe85e320d7a6a9b5c19aa0e08b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0a4b78d762902d4d4dcd994b60a07ccc

SHA1
cbba7271925761ea9c4fa095e302e1d88e2c02c2

SHA256
92eea72669d3aec402a435b9dd0f03e48394ef9eea9f44282c265e992025b05b

SHA512
64e213abd09bf74c162c48467ad45d85ff55ddfa754ef0a5163df89072bfd99637ae96bb721b2619d448a12fa94dfe779395f03b3fc82dd2e01c7673fb7d6483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
692faa5344ad0f8a922dc6bf48feafc7

SHA1
8767e062cd79a771193c9b3045c41adde25e0eb5

SHA256
544ec8e6a83de826d3552f2f4a82bff0d50f1504e9983b40801f5bd9abae55a0

SHA512
a045520f31b471ea53c80649e79a3a0f09d4afa908eaab88dac4ab6923180200e1d27892cf759c25f0e3372cee570e2275cd027d85fe2f73b655150809266dcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e712004e7004fa619a82e9f459b113fc

SHA1
da7c6d7c8565adbc54f1ac405dde00198315008e

SHA256
bf4ff60e14c9ed6e62f852bd25de3cf45605f06fed1ad696b9e0894cc8ed7208

SHA512
a85d86850a6723867b46ba549907d37d040f86f06c88f35e68c7e537ccb611449a68352d0d8d6685a1982c8c58809011dd156d4e0ca0c11c5a0d9328863e79b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0756cf87b38abdcc0d4e613ca3a02953

SHA1
bb42c3635fd965f7d62ebcbc848de39096292114

SHA256
5cea786443af2089ca8ed5dedfc512403e986d3ef690f5ffbd7b62d5c5e83c0c

SHA512
02577ceedf5d8cc74d2b30d2c38faaed78f9f1a6c885cb5c57d10307299eda1721efa4df59cf63da1306d685d720335d5c963eaa04e555695ebf849533d76da0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c776d2639e34122eb784af5e66b2030d

SHA1
3effaba77142822de056188d33a59cdb260e2891

SHA256
a84b08a56190f6962e13903c3dd7bdddf23ecedbcb6febea8c49df7b58c59a67

SHA512
415e367468698b0752629a1be494babcbfbcecb97fb7f2c6a87896ad1fdf8b34f0a59f23187212aae63035f01fd0e77c2b52073f254ea44a3191a136048270b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f2a198caa8de01d5793fadd04f336496

SHA1
1af4bf10258f342bd06519ef1a31e9e4757ee643

SHA256
39ae9ec769839a33117020c93278f2cf3cee4cbb9cfec970d0bb39910f71ff99

SHA512
39a4cb9f4a43636699fce20c485a35513c46296fb24ffcc73b13f9e7f2a9ee2f3b1fcddf5b953b41a289ed40d143812fad695660da52561709082c866fc6031f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9a8ade0883a3c6d79866e8e1d2dc99f9

SHA1
6708be2d1fe5be0ac9f4c44a59dfb42694b508ab

SHA256
1d7c8f3295509f043473562a1b7198938ed53bd4284ed97f07b64078fb034588

SHA512
26047ece330e38bf01eade29857ace37dc43bfa44e2daf25c5f349212423702145a5e19c0d2b63d473b09e9fc89c7267cffb4f8a9d071964f83c4947ab870b1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b11373f80cf34377d82aa39a36073923

SHA1
bbe5efaa9a104f64b300a3f3203d41c0303d1d10

SHA256
79f8f31b98d4ab5dfb43af1038f8d752e4761e9173553107b1c4dfb1afc2505d

SHA512
4fb6aab36696139b3662b7b3b717bf599706fef8952863d7ddcfe5f2518d2d7ac440ebd021d9bba18996727749786e8318313066a0949206c980100e396eaefd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
96b1fa254420888b96c4fa35e6b7eb13

SHA1
ed620976e97b18589e9bb50e9ab9b20995c57873

SHA256
de90836c7ab84e3516aeda172aeae034af8d7c9bae9ae158d5bf9a2c9009963a

SHA512
068b1ae71c47c606496f4a35faf35a5ef9c7bc5b4863659248ad8c27d3d06120c5225a8da8c84873f32967ad122a4b9f13c4f09ed798d3e3a7cbc19cdf9660e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ad83a453087abde57bc18e8a6f8dd0f7

SHA1
52797361ae60a5a2616ca54eaf34590136642ed3

SHA256
b81bbf7d41a013f418f7be0708853f110eb458f4c0a04860247f7de9c40a977c

SHA512
4b89ca31634b1d62d5caec914ed22db389a2eb60a58287f985ae4169872f7a2111ea5766f11a4c0543acbb1459ad22b9dd71300a2555c0e8162f53c8b1f4f3fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b5d65fad882b9c164a65f3d8b9c99508

SHA1
2c8d192cfffdb8212b7446c2776802694297c4c5

SHA256
bd741f330993e494d415c8dbddd98983664604e00f5960a529dd5f28c1ddc65b

SHA512
153b4397834c24da3ffd40296f68dc2632fa08cfe27c9553a662f2ecc53d97ca945239af1eeac21538930b54790e05161a23fa4bc20cb0d95c54af6ef7c2b328

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
883a532faeffb84b35e4c0400f4db538

SHA1
30b27e79226006a8c96b7757bda38a84e35d4e2b

SHA256
a02d96542e5784343843385a6ee786a08cd3d6c36cc0d86f2dc8994a7e3a607c

SHA512
6b1e611edce96f12feb06c2b34b2e7bfc26fffba98ea24e1633f0aaf788db67d1505e6b7fe2139fef6eccebebcdb5a846e64c810506730d538819418d101c4ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8c700a0132acf8e8cf6d395acb5c4057

SHA1
fa93f5db189a20faa483682e795f76cddb8e1b4d

SHA256
de50b2cb47cd00ba6f0f78e4bc68c3fcb64c9b7b67f61277bbb4ae19a2ab68a6

SHA512
6de30f557e49feab7e2551b1063f2ae2ae4cd86e3da68f9ace6c1def79afa2a44e0eac06d8a7cd834aa72a8207fee6f5f66e3c3e0734c8b936f84647428dc09c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1ab4611f07ab705a5c9a8e158ea8e35e

SHA1
795ddbd26f4d69b818eb0155e11f52e078cccb93

SHA256
b534609bc1ce59ff5f9a0d7e46ebe7e26f807e6e58c111ccfc29fc2ea83fb689

SHA512
6972b78aeb50d45b25f41538b6fef166733393df68c786f939c7044cc2106d617fa602a4dda92edf3c13000663f58e1f31eb62e00f4408fc503142668a5afb6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
520965872a33f4bc8bbffe29649916f1

SHA1
daad78eb917c9ccd4caec2ee24b0189aa1d3200d

SHA256
98649684ef208c1bed782414ac4abe1723e58d99547f63184f817e815c8afbdf

SHA512
6201e6c9790cf1afce4c3ac8e0e9a69b65405729c3e3dbe59ebbc9b377a728c2055567008610e944ba0618bd79b171d988b086710f9adac0f995bd8e93dfd3ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5dcaf4.TMP

Filesize
538B

MD5
8c70ad8f0f564638ab434fc529a1adf5

SHA1
a12991af7def01d49cd9f38647cae5be2a572041

SHA256
08b4fa7eb6ec9195c38406b83a375d15f62acb123c51a0c521fdd1ff7b631c43

SHA512
b3768f68caac4c41641028971d143bdd5af3492bffc70e2481ca0b4c326ebe500631ea1c5273b8734b66aa478b8672fe99756cbb06b436ae48938a7bf3d2f793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
830a11c382832c594e089a1eda6beb3d

SHA1
f13bb7f0831460ec605f72b96cdc4dfd0da8dab5

SHA256
524e9044ae419d71c08e4c86392fe1f606b00b31b557dd5e442524a85fa07428

SHA512
1c18e78bb0f06f7d20bdf04b803efe470184a5402862cb510e298fc6c720a35a99387a0372ecc5a99fd54dd68335a2fe3be6ae646bf60d94dbb2521a8f05790d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
39188d054d85a20a8d3b623714b2346d

SHA1
34c32f9af1bc497d16e5023f2960595f96cbe13d

SHA256
dab604be5a1b16ff0da0f55b3979cfdf67c0a8258045cfd24342af523d45cd26

SHA512
922e08086099e3357bbf55b81f6dd0779308e3bd13320d7b2bf0043fafcad84e97a4b6fe7b965636bd34c5193a00f9f5d304dfdff2805cb49b03242eb05b0315

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
036a3dfe6b1ebd342e3bb1083e6558a8

SHA1
a727221a586bd7e517f5e763cd050d69a8c32955

SHA256
869eacbaf07c40b44d7d1aa481c20e60e0776819b8f7b2aedc0616e0be51666a

SHA512
3f9d122b5de151f9feb70f07e9f6437791677b3b61dfd66f3267fd8e67d902cda0c9f55b17d3c7773449ee54c9e7522f76aabaf81f226eef5d3772b8d66934aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
12d743f04fb2a0403a7e0f538c5e0f32

SHA1
f8d7fd4586125e175b0f62d24f3f6444cc2f82aa

SHA256
a13de943b49e50a05df8c751f556f98463a0eff83dd1ee0a5e27d5e8fdbceb9b

SHA512
5d9dae7c588e71ab165bd5760469c2fc68b051e0812f0b4071e40817b7ea437c6093edfc40c7b20bad7e70cee699cdb19b464765a816559b2e4f1fe569e044e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b26fc4959ec1311cb3ca249c527626e2

SHA1
7f4bdc7f21a2a68199c6c53791e0076dc9d34efb

SHA256
38e7f975de8c093c5356c6f2e1bcd3c9a72c298b078fbbb6ab76c2923fd16299

SHA512
390d2f692d62a07fb65bc0e0bed430e26b39773a7e5c299d97737da33bcc6abfe34826c1c641038b814b8a59738c8be2380237125c7f52c3cf9a9ae8fc07cbe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c6dddc82b34bd5319044642837877332

SHA1
fee72ac85720a7cf28cc0219c3bd35fc9f3fa20f

SHA256
0b99865576efd51056e77ee70e0546ecdfb7446db4f0c8e061c1a8f4f763b597

SHA512
b48c4a862ac3f42845a676b7b5843c1df02fdcd37473e5f51984903f0eabd0772b2ff5e93db013f9ee7602c19a7630648a3c684fa3df137f20262c484c6f9899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
256KB

MD5
419b507a02884ea3e0cbc7bc063e3aaf

SHA1
8d6d751e62782978217dbd7c96a6ce61b4f571b9

SHA256
0ecbf3bae722f48d6147e6ff1b8b2d81e77e45e5523e83e4a47336e916efdf9f

SHA512
c3983e06083a2659b49240003521fcf538f3c13c486c4ec57e590cbbbb46fc24db523a748e9e284e3bcd2d6f305133b38ae74e6150dd59a6817b70b556abdbf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\885C2B10-8321-4581-ABC9-E2A92D2F45AC\AppxProvider.dll

Filesize
664KB

MD5
a31cb807bf0ab4ddbbe2b6bb96ae6cd1

SHA1
cf63765b41aee9cd7ae76c04dfbb6151e909b3c9

SHA256
37f45e6fc1e531279dcffed70c420df7b073504efe43bbb99a33a9ec24b75a47

SHA512
6a83378c7e88fe04dde20685889d76fd7efdf4e02342a952ba2e6ab0fa354e3293560986e5fded00718e4c14417970db0c06e6384277ae1e50021bb4dc87fad3

Download Submit
C:\Users\Admin\AppData\Local\Temp\885C2B10-8321-4581-ABC9-E2A92D2F45AC\AssocProvider.dll

Filesize
136KB

MD5
702f9c8fb68fd19514c106e749ec357d

SHA1
7c141106e4ae8f3a0e5f75d8277ec830fc79eccc

SHA256
21ad24a767aeb22d27d356bc8381f103ab620de1a47e374b9f961e44b543a358

SHA512
2e7d403c89dacdda623ed1a107bac53aafde089fdd66088d578d6b55bcfe0a4fc7b54733642162bd62d0ca3f1696667a6f0cb4b572d81a6eefd6792d6003c0d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\885C2B10-8321-4581-ABC9-E2A92D2F45AC\CbsProvider.dll

Filesize
1004KB

MD5
f51151b2d8d84cddbedbeffebdc6ec6a

SHA1
adc9c19aa0663e65997f54835228968e13532198

SHA256
7fe4e4924fbbfdf6d772cb9d0a4963d49f6aa18b3c86a2e8df6ca49e22f79884

SHA512
802b58617be5e92bfc0c7f8c8d7443128d81908ae99d9a4ce0a785f858dc7832c70dc305f2ad39c9f57db01c05f483f6bf949ad8811fc6fb255c5aee88c729b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\885C2B10-8321-4581-ABC9-E2A92D2F45AC\DismCore.dll

Filesize
444KB

MD5
c73ee8f61bce89d1edad64d16fedcdd6

SHA1
e8fe02e68fd278fd4af501e350d412a5a91b269f

SHA256
b1045fc7dce8fcf5612f82f8f97f8d243008e4c6b7389187e6babc554dd1e413

SHA512
8a5960e6bf35cf07e555558db13c89bf940c92d206adae0eb6e28404b7e499500a8158d29f3400f0b24ab8cedbacb75a28b0138be2e029b70a5cc66cce7cef25

Download Submit
C:\Users\Admin\AppData\Local\Temp\885C2B10-8321-4581-ABC9-E2A92D2F45AC\DismCorePS.dll

Filesize
200KB

MD5
7f751738de9ac0f2544b2722f3a19eb0

SHA1
7187c57cd1bd378ef73ba9ad686a758b892c89dc

SHA256
db995f4f55d8654fc1245da0df9d1d9d52b02d75131bc3bce501b141888232fc

SHA512
0891c2dedb420e10d8528996bc9202c9f5f96a855997f71b73023448867d7d03abee4a9a7e2e19ebe2811e7d09497bce1ea4e9097fcb810481af10860ff43dfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\885C2B10-8321-4581-ABC9-E2A92D2F45AC\DismHost.exe

Filesize
168KB

MD5
17275206102d1cf6f17346fd73300030

SHA1
bbec93f6fb2ae56c705efd6e58d6b3cc68bf1166

SHA256
dead0ebd5b5bf5d4b0e68ba975e9a70f98820e85d056b0a6b3775fc4df4da0f6

SHA512
ce14a4f95328bb9ce437c5d79084e9d647cb89b66cde86a540b200b1667edc76aa27a36061b6e2ceccecb70b9a011b4bd54040e2a480b8546888ba5cc84a01b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\885C2B10-8321-4581-ABC9-E2A92D2F45AC\DmiProvider.dll

Filesize
436KB

MD5
e54120aa50f14e0d3d257e77db46ece5

SHA1
922203542962ec5f938dcb3c876f060ecf17f9dc

SHA256
b5fb1a5eb4090598d5f878cdd37ed8eca82962d85995dd2280b8849fba816b54

SHA512
fbce5d707f6a66d451165608520be9d7174a8c22eb9827dfe94d98718e2c961f15ac45583b1743f3b8078b3fe675992d4b97bfc5e4b893b60328d94665f71dc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\885C2B10-8321-4581-ABC9-E2A92D2F45AC\EdgeProvider.dll

Filesize
200KB

MD5
c22cc16103ee51ba59b765c6b449bddb

SHA1
b0683f837e1e44c46c9a050e0a3753893ece24ad

SHA256
eb68c7d48f78b46933acba617cf3b5fcb5b8695c8a29295a9fa075f36910825b

SHA512
2c382aaddeca4efda63162584c4a2338ffcc1f4828362ce7e927e0b39c470f1f66a7933ae2210d63afb5a2ae25412266fde2ee6bdb896c3c030bdc08b67ec54e

Download Submit
C:\Users\Admin\AppData\Local\Temp\885C2B10-8321-4581-ABC9-E2A92D2F45AC\LogProvider.dll

Filesize
108KB

MD5
c63f6b6d4498f2ec95de15645c48e086

SHA1
29f71180feed44f023da9b119ba112f2e23e6a10

SHA256
56aca41c62c8d0d1b26db3a01ef6c2da4a6a51fc963eb28411f8f7f029f1bfde

SHA512
3a634340d8c66cbc1bef19f701d8bdb034449c28afecce4e8744d18181a20f85a17af3b66c8853cecb8be53f69ae73f85b70e45deac29debab084a25eb3c69dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\885C2B10-8321-4581-ABC9-E2A92D2F45AC\OSProvider.dll

Filesize
180KB

MD5
e9833a54c1a1bfdab3e5189f3f740ff9

SHA1
ffb999c781161d9a694a841728995fda5b6da6d3

SHA256
ec137f9caebcea735a9386112cf68f78b92b6a5a38008ce6415485f565e5cf85

SHA512
0b18932b24c0257c80225c99be70c5125d2207f9b92681fd623870e7a62599a18fa46bcb5f2b4b01889be73aeb084e1b7e00a4968c699c7fdb3c083ef17a49f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\885C2B10-8321-4581-ABC9-E2A92D2F45AC\dismprov.dll

Filesize
292KB

MD5
2ac64cc617d144ae4f37677b5cdbb9b6

SHA1
13fe83d7489d302de9ccefbf02c7737e7f9442f9

SHA256
006464f42a487ab765e1e97cf2d15bfa7db76752946de52ff7e518bc5bbb9a44

SHA512
acdb2c9727f53889aa4f1ca519e1991a5d9f08ef161fb6680265804c99487386ca6207d0a22f6c3e02f34eaeb5ded076655ee3f6b4b4e1f5fab5555d73addfd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\885C2B10-8321-4581-ABC9-E2A92D2F45AC\en-US\AppxProvider.dll.mui

Filesize
23KB

MD5
f70750a86cda23a3ced4a7ecf03feebd

SHA1
1c2d9d79974338ce21561b916130e696236fbb48

SHA256
8038c5177461aef977ac6e526ac0851bf7eff5928972462657176ff6b6d06050

SHA512
cfb6b5cdb451b12e7aee6e69ab743b91bec8bd417d4d2384def03010851fef0d7f2a65ff6349c4e62e564b44e742597aeb108e71a962a48020b1988a6c6f1a9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\885C2B10-8321-4581-ABC9-E2A92D2F45AC\en-US\AssocProvider.dll.mui

Filesize
8KB

MD5
3a26818c500fb74f13342f44c5213114

SHA1
af1bfc2ca2a1dcbc7037f61f80a949b67a2c9602

SHA256
421bbff0c63377b5fd85591530f4c28d0109bc1ff39162a42eb294f0d0e7c6bb

SHA512
afa1d62788d24cd6d739ad78cff19e455b776a71904af1400a44e54e56b55b149eca456db9c686c3a0b515d7fd49d96dc77b217ec769e879b0937bedad53de7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\885C2B10-8321-4581-ABC9-E2A92D2F45AC\en-US\CbsProvider.dll.mui

Filesize
53KB

MD5
8644aa200968ce8dfe182f775e1d65c4

SHA1
060149f78e374f2983abde607066f2e07e9b0861

SHA256
46b59cfae0ea50c722718cdb8c07b3f5d6f02174cc599cd19a157eb6016c6030

SHA512
29b4299ae749587c4fc9fd4b9cf3bbe3e9677088b159a40506a2cbd5796808e7432e7af08f0a2eef6c26bacb39b23afa65d0143c72774f38d55dedaef36eba1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\885C2B10-8321-4581-ABC9-E2A92D2F45AC\en-US\DismCore.dll.mui

Filesize
7KB

MD5
0a4338fdfb1adaa6592b8f1023ced5cf

SHA1
b96bd2067f43e5142e19f9c66e4db7d317d9cd2e

SHA256
0b6ac5a720dc9163dea36e565c82da1e375041688e6594de15d97652ab7aca80

SHA512
cf8cbb592dc5f09a95892d897680d4ca4f59e74afaeea2701d7258ace84c4c1182e032e7dd76cbd52a77ea08c8d3858e9b5f900691a6d80c728f5e56701382db

Download Submit
C:\Users\Admin\AppData\Local\Temp\885C2B10-8321-4581-ABC9-E2A92D2F45AC\en-US\DmiProvider.dll.mui

Filesize
17KB

MD5
3b3ac59021e9dc8918647b454a1f5024

SHA1
cf36a48398e2823f7d9b684d9aacf3a0a4d54d06

SHA256
a5cd6429d6be85895c4589e08cb33075041a13d93fca69084ffeb4213bb0d4ff

SHA512
4eeaaaf3d8a466c0b1723ae97e1ecd1c3f6b8751ddc1ec314a04192e088a38ee5f29f16541ef27a56f2f26c6d146c7f9fc581680ec69ff02843580be525a2b7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\885C2B10-8321-4581-ABC9-E2A92D2F45AC\en-US\dismprov.dll.mui

Filesize
2KB

MD5
bff1ff3b5a6dba20ce82214fd626dc2b

SHA1
affa7a6f6f1bec42dafe0ca868463eddffcc17e0

SHA256
f307033265151affded4af3dbc2527bc16479468af740ea913f84a2a3a557c46

SHA512
20dfc62f92fc8ab8c7f757a078103414c4e359b744a603f8b655dcd2340677fa7d5fd2acf3c544a3409d31194df788e764c262ea7c625019276e1d00d3f6de19

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AH2PD.tmp\RAV_Cross.png

Filesize
74KB

MD5
cd09f361286d1ad2622ba8a57b7613bd

SHA1
4cd3e5d4063b3517a950b9d030841f51f3c5f1b1

SHA256
b92a31d4853d1b2c4e5b9d9624f40b439856d0c6a517e100978cbde8d3c47dc8

SHA512
f73d60c92644e0478107e0402d1c7b4dfa1674f69b41856f74f937a7b57ceaa2b3be9242f2b59f1fcf71063aac6cbe16c594618d1a8cdd181510de3240f31dff

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AH2PD.tmp\logo.png

Filesize
246KB

MD5
1df360d73bf8108041d31d9875888436

SHA1
c866e8855d62f56a411641ece0552e54cbd0f2fb

SHA256
c1b1d7b4806955fe39a8bc6ce5574ab6ac5b93ad640cecfebe0961360c496d43

SHA512
3991b89927d89effca30cc584d5907998c217cf00ca441f2525ef8627ffff2032d104536f8b6ab79b83f4e32a7aab993f45d3930d5943cbfb5e449c5832abe14

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AH2PD.tmp\zbShieldUtils.dll

Filesize
2.0MB

MD5
b83f5833e96c2eb13f14dcca805d51a1

SHA1
9976b0a6ef3dabeab064b188d77d870dcdaf086d

SHA256
00e667b838a4125c8cf847936168bb77bb54580bc05669330cb32c0377c4a401

SHA512
8641b351e28b3c61ed6762adbca165f4a5f2ee26a023fd74dd2102a6258c0f22e91b78f4a3e9fba6094b68096001de21f10d6495f497580847103c428d30f7bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
7d57325dad542c6652a887108db72914

SHA1
35db151cab4738266b288d76e346760746ed4435

SHA256
168025a0484344dd3728c07d17d513a75fca722c8ea8f3ac08d491c55b458efd

SHA512
e41309e980de59e78658193bb045cb20613a13f0e51afd77d409faa04af3e48c813a41aee3e6e1daa0a40c9ab3753636aab91b2a1e7db9e73e6a79b67aca7982

Download Submit
C:\Users\Admin\Desktop\CloseDismount.vstm

Filesize
372KB

MD5
1263136678b3cbf96dd9d923e95dc5e8

SHA1
5efd258e59fc936d48237f37db5eb7a3dc6a9ec6

SHA256
525e7883cc7ff53af6a6793097250cd944face0a58f223b493e59ae889ccbcc1

SHA512
efe8a171b3beb98c74eaf7ff46971357fe94103e7e6de26f333adf4de0c4e792b266c2f3286c8b9f3107b93c9e6d83ebdc9b8434763aeb108c929aa4970fe834

Download Submit
C:\Users\Admin\Desktop\ClosePush.i64

Filesize
330KB

MD5
f2345379074a9be108bd4ba4b0a9e1ab

SHA1
ffcf3c9f2c17f51079c4d5d61135f9e9256a4401

SHA256
b1faf4138b2ecbd7fb5512f7471fb60e5a52f029bf9199cebb8dadf83203e554

SHA512
5a3dad6e4296e87e746d515550518eb4839de8dcb7c5d1972199dca53644961ce89e12c5e585691a35155e7261570de46ef35bb29d340f2cb0232188183f5d6f

Download Submit
C:\Users\Admin\Desktop\CompleteResolve.jtx

Filesize
436KB

MD5
63cd551967d33c31ecd0f4cd8e2a97a5

SHA1
7e802d119afb59fe6097607db73252d4725a59fe

SHA256
c89f515236cbe848fd62bce90242b90325884949c388846d4f15d0a0925008a0

SHA512
4703fc4d96979306baa420faec6f97c88ce6fc47e9e3549a35ab2b846f9ede15536d6a31593c856433ac789918470457370398b3aad4274854a49e6f33279809

Download Submit
C:\Users\Admin\Desktop\ConnectStart.asp

Filesize
42KB

MD5
c55edf044146a22e2ad1d9c0e7e9bfde

SHA1
dead3dde88ab7925b835a613220d413488bc65b3

SHA256
d1ec76c4a575eb9f657352d384f48a4c1edc1fb3cafde84f97800b3909b00c4c

SHA512
a2d33fca003e493ab98f3c1829bdec5bce9be917b64ca12cf4d556169bac83bf00e4fa737a527e92694dd4f581bb7706668ca51487a661e5f77a34603faa20f5

Download Submit
C:\Users\Admin\Desktop\ConvertFromProtect.kix

Filesize
500KB

MD5
95067de92741f9097cdedd1a5c407943

SHA1
8a21a6704804b1a8366309febc2d405104270e29

SHA256
d3af3594cd64da938f86f4fa37a2af65ffce500cb356fd7209af6ad3e0919d49

SHA512
2c86557024006c0f23ed6c93cf51d56727bb0aff5732e2854e4c6d3ee33b68868fdafe0d2b0940d25ffadb00ad4b439c73d32780d6fec9a68505c23c112afe30

Download Submit
C:\Users\Admin\Desktop\ConvertInstall.vsdx

Filesize
543KB

MD5
87176de6606e822414575768703fe06a

SHA1
2d27e343658eafbdfbba87a815b5a9011c69e4d9

SHA256
5cefc637e6e7ffbd1105bb3f88deec9ba31b0ead66090e5708dbd39bfd19d25b

SHA512
02a3f8eecd2628c453817f94c20e4c67fd5caa11bd2c5d9c48f6ff492205ad1bc67ad58733f6914358a21cd96cd62d181ce19c135b5808caccc943a11f8242bb

Download Submit
C:\Users\Admin\Desktop\ConvertUnprotect.ocx

Filesize
564KB

MD5
d48f10c4b522334265513cd62e85f6a3

SHA1
c65a5675daafc4d6fd4284688e46d19cfe89596b

SHA256
258d6640f9ed7a6922384549dd9cbc2eb2c3bdaf3789825d0d411ef5ce1a46fd

SHA512
a25b5f92dad280c7e311951dbfb11f164cba2fee561282636a3011377d09e9caa68f70af57a6560736441c59166d1c322744034af5b9ba5389bb3b53cc864ef1

Download Submit
C:\Users\Admin\Desktop\CopyExit.bat

Filesize
756KB

MD5
8f1451a2530bafd73176eb9ed07c0e3d

SHA1
a80166f28f1e73a93b5c126b89725c915cc127ba

SHA256
080d332605a5d2505f6736dee87877aa25e9b58a0bf8822d30c040317d9efa8c

SHA512
6c7323d5d70eb4422b2430c79e11422f07cba2c46a981231af56a15905df9c79a9277c8efff2f746e849f6898de7cf35687df109d1b7f9f57344e13fc80380f6

Download Submit
C:\Users\Admin\Desktop\DismountRestart.avi

Filesize
521KB

MD5
c728aad5fc0877f8d802bf47a378b417

SHA1
1a65d557edc7a4e69d9f451ae36de7da8deebb3c

SHA256
c02cd5fce7a8abad9c284e6f7df0fa417a943afcf4be604dcd0739c96354b8f6

SHA512
428287500a906729d561a2c835baeac23e9a0a1a906d3a83e0f38fc0f554d334fb3583c03055b906aef6c89d30cb0fd9011ad0997e62818093b149c3ab74dd17

Download Submit
C:\Users\Admin\Desktop\FindDisconnect.xps

Filesize
585KB

MD5
1b4fbdb678c74e8972971bf4d6d88b8f

SHA1
199331e8b7910f4cc0d676ec2074b97161e77800

SHA256
771ddae237b2315dbfefad65052505c44fc193777693ab04d4abc454a7666d03

SHA512
891c1bcc781bdd82df5bc76721b15b99a420de4b6c1129e9a90caee585f679810da48402e2804813584c224ea3cea8ad9f36de7bf39c06cea4f17b22c1a48541

Download Submit
C:\Users\Admin\Desktop\GetExport.inf

Filesize
14KB

MD5
f843154a8602abfafdf2d303ac66d738

SHA1
75ec2dc524c32caceb2b43647cc9694f9d847b5f

SHA256
eab857429c45bc411bd70a99c89fb5ae04d2603f24612fb989eee867e16677f2

SHA512
379903cfeb634e8b8caa7d61f174c76dc5a8d2cb7a650b0770986428dab19f016d4b11e850c14e7d09a38a31aa8e15c56e62f7091f558ac29d4868c555f672ac

Download Submit
C:\Users\Admin\Desktop\HideBackup.mpg

Filesize
14KB

MD5
4986a2c46a7b302b9f590ee012d8cc97

SHA1
fa90a42000439e05fbf1e49abe26a9a174b1c1aa

SHA256
c0e401cf32587717b184ef83da75d3b55df876a9c4ea56acb6f2e04bde07cfae

SHA512
fbb32b007c2c94d2b60c1e0d99270ea181ca1a8c9a356eeccc95ef8ee89943448cf883527b5ce3407174ee430ad9c66a41f32dfa9967d39245712b50edb73d2c

Download Submit
C:\Users\Admin\Desktop\JoinConnect.ppt

Filesize
287KB

MD5
200989966d1e260686d8f93f6db4ad48

SHA1
b99fa08e141532b0f97508ec81cb8aa176eaac41

SHA256
2abaa771398b4926cd9cc47eec339936310eab260129a1f728101056ef644ee8

SHA512
4fae12fd78a0c5a7e51e7ec0b916fd46ded9b02232b63d4d6f6b822287056249924db719cb21fccf049f87ff0adbd764edea7fb3b74c06bd75597d44b4d6e9b0

Download Submit
C:\Users\Admin\Desktop\ReadResume.dotx

Filesize
734KB

MD5
fd1ac566310a22032765a38efc4adb77

SHA1
e8c660a1bcdabed8b1e953e09bcb6c5cf0e91538

SHA256
debf8179bb96e5a647a9ba58cfc084c8d2abf5a432fb87b7f5ea7261e6fd5ae1

SHA512
9e01e110226d8d2adf6fe00ecb2c2d7fa1b1119d61289048ef25bfd8b62f45256f31ec676a78a63ad276d47a9dfb735175f092e9078248096b33d0dc7179ea32

Download Submit
C:\Users\Admin\Desktop\RequestRestore.pptm

Filesize
479KB

MD5
1e6cd4330249ebbabfa60069c66ab817

SHA1
6c4487ebefd80a5300beac99f209c07caec6f1f7

SHA256
6e3b0783bf2273baf4da3c9f7a9bc701a6bf882ce2d125c799b63ae50b0f1799

SHA512
25d62336fe7f256b0c41c4d6b3215f58b615f0c598e593c6d63aba6be31488b1372c1b55ca1257f9bb736de444ada4b29635d248f2305a81fbce234b1e527e39

Download Submit
C:\Users\Admin\Desktop\ResolveRegister.wav

Filesize
692KB

MD5
1f5bd3dbe9593dd4859e58248d632707

SHA1
d567fb492c82232df02623bc1d71ad19859a1c5b

SHA256
dd64aee6a768102fb1e61bb953853f29affb568327ff1d903605f9e3bc528b6c

SHA512
719ac58c73e50601a4417b24ddffa0235e65e4b25a8a6d08e6ea6e217eeba58b358c1479a39e62ad424ad14c6229991cb3270397cdd90b60d70ce74103db8618

Download Submit
C:\Users\Admin\Desktop\ResumeMount.xps

Filesize
607KB

MD5
3a22e644f36e192fda659930285e1871

SHA1
f4a149edee0e0ce5143a67e5b10e61f5428a75e7

SHA256
145dd63c9638aa05a27528d1588e79d5c85ddde84a624f0d36f6531d6c6739b9

SHA512
302c546fe268784957b90ebd6048cd0ec3c13f749271fe2a10fd58b01eebe8f87fbf913d56c0b899130b693fc2de300c9dc8e46dc51feaaea0fee939eebf2647

Download Submit
C:\Users\Admin\Desktop\SearchDisable.vbe

Filesize
256KB

MD5
a7a4ed99a70ced3dd1a5b8bd13265e8b

SHA1
e3a1f7febf98ed86ea35c1719197ff88ac8dab29

SHA256
e5902937402f22686cf11ffb269e074bf856420b886cb536a990eb8727909983

SHA512
d9fcceb124081fa745b1064d4db4b0681455b4ae412dec569a387b32abdd89e39957bdd5342342b70d1b2f94061220c2f65eda27420ad2c42ce83ee92013d160

Download Submit
C:\Users\Admin\Desktop\SendPublish.lock

Filesize
308KB

MD5
3133f1eb6c9c05bfc2d2019a1546dd88

SHA1
74e08fa11104af55ed771953ad36b07c3c994a34

SHA256
f46641afc0c2466fd2ff4bfdf697a639ce16e7fcb5f3815832390edddc2b7a8b

SHA512
c38ada1870b0baa9c0b97845876c24d95ae19c0e437a6d824ea8fdc19916a97395c471eba368f36a808112cd580f03f1b070cea50862fa2aeb22a65690fc7005

Download Submit
C:\Users\Admin\Desktop\SubmitDisconnect.mhtml

Filesize
394KB

MD5
da4110b69be9b9cc7a052b80e15a662f

SHA1
1e8232db8318a45049d5ccae8cf953bf9b0623ce

SHA256
f873146e8911ab88651eb543f7d0b6b066fb1c443e11318061eb215b92e83a9f

SHA512
052367638995eb6ad05023a1f734eb1f0bc24ad30bc7c9b8e0b6865a67f698975910f2dd41af7eb737477fdb0ea1743ba00f8b31ce6d1219318219b5f73d570a

Download Submit
C:\Users\Admin\Desktop\TraceRead.css

Filesize
266KB

MD5
286ad5bcd0f601c4cef468c0ed9d2fe5

SHA1
5029a932c45c9ef772f7af15322d4354edf5d5e6

SHA256
c69b7316f23e85a8d265772ca1631700a51676b986740d442a484dc1551ce2ee

SHA512
009882fd38970d9caa0751f26ff3ad816f159918076ab90c54e80dd68e562ed028e4295bff3e9c95f672b62630966371b2db3d511e53c3e93e81888c689cd75b

Download Submit
C:\Users\Admin\Desktop\UnlockCheckpoint.mp3

Filesize
192KB

MD5
ae2aee40d8991373086d73adae81362f

SHA1
d6ed10996e886e1066bc62569a2acbb42616b56a

SHA256
4e565c02a4b49f52b5375e20470b4fa4e72de36539670e1864a632784d098adc

SHA512
4af775966bd731472303db030169340f5ce151cfe615c7ec4f7569df2f9f4e9d4a69554e657f24585ab098714342b3e13a993bc6f7921d4171d49554a167693d

Download Submit
C:\Users\Admin\Desktop\UnpublishRequest.3gpp

Filesize
192KB

MD5
02c5ffda0ca934c3d7bfece17b5e2c26

SHA1
6a8b0f02e7492aedd3adb8fa21ee8aa6c29dee01

SHA256
0f77b7214ab511ff9157b6e5e1acfbe31f209093009de7efb85fd8bea60e9f15

SHA512
198e355731af098780c5c4c1d4ca4d6b45a3a85175a9a08adcbde3eaa250f4080a84906dc832e09f81d581cb16d026f8b1868fbd1db43fc838d52c4c4052c2ec

Download Submit
C:\Users\Admin\Desktop\UpdateReset.doc

Filesize
256KB

MD5
37dfb048f0d694c01ba461e59104fb7f

SHA1
9d6da97b90e346afcd01a127adf197ca0910e99b

SHA256
fb75d44020967f858ec1c96b9ce72b8479b26421ed0e828cd523b730dddd5850

SHA512
bc7f2fb236a9085e0da04d1c33bce007a049ec9d900decc7cc516206b2ad3b873503400547e85bca719fe634d48464349db5c6ca77e67568ec87095d9e0e0bf3

Download Submit
C:\Users\Admin\Desktop\WriteClear.jfif

Filesize
351KB

MD5
00f68ced1c6edcce89374e1d9a4095b8

SHA1
acfce3334de90fa4c6e457e44cb4ce32c00ff099

SHA256
0f9946d3a8ce974489cc66fc24f307c99db72f4d182be55c483c83d286cd7bf5

SHA512
5bb7c0e5c5815f12ee30fb5acb4a859a97fca6bbed09af2493d062d2fb950b61ae734510b25d7b7ba724e8daadaab28a45cc7b8fd980b90091ec4ac55a1bf986

Download Submit
C:\Users\Admin\Downloads\CheatEngine75.exe

Filesize
15.1MB

MD5
1c93147564ee79e48a88e2c59a9d6de2

SHA1
c9890148126756e2bc352b2427a3d319d4718410

SHA256
18d7d2236050b9db844680a8d13a079f51716bc5b1f5975faad6fbfb09139260

SHA512
47dd5b7c4683371061f7302e86ea253a890acebc548ff43f22127eb72368cdae445d0b3327ee862c5cd2371d614c96c8a740118027790800b2c3ed58fe6db806

Download Submit
C:\Windows\Logs\DISM\dism.log

Filesize
24KB

MD5
d5eaba2c45803db22f5bddd9702862c2

SHA1
fc0c7da75753f3734f106793893eed07b6814a14

SHA256
827669cffc6c7faf3501eee6c38d3cecb0e20434ee1c768df1b1aff21cb5d727

SHA512
64f92147e485fe09ded76e2bfede7bbd486988a84fac9011ebb9e23a1f1b4e9e9b4297e86c9940ea848f8a8d751e11470ee6979d24e8f300b2c9cb5d9cc00bfa

Download Submit
memory/4916-2063-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4916-1444-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/5460-2062-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/5460-1449-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/5696-1404-0x00000000027B0000-0x00000000027B1000-memory.dmp

Filesize
4KB

Download
memory/5696-2091-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/5696-2070-0x00000000027B0000-0x00000000027B1000-memory.dmp

Filesize
4KB

Download
memory/5696-2069-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/5696-2067-0x0000000004410000-0x0000000004550000-memory.dmp

Filesize
1.2MB

Download
memory/5696-1440-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/5696-1438-0x0000000004410000-0x0000000004550000-memory.dmp

Filesize
1.2MB

Download
memory/5696-1437-0x0000000004410000-0x0000000004550000-memory.dmp

Filesize
1.2MB

Download
memory/5696-1433-0x0000000004410000-0x0000000004550000-memory.dmp

Filesize
1.2MB

Download
memory/5696-1432-0x0000000004410000-0x0000000004550000-memory.dmp

Filesize
1.2MB

Download
memory/5720-2092-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/5720-1439-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/5720-1400-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download