fa3dbe172cb9268b5d5b24ead0c32c26c25fb5d5b56fa72348b9099bcd429645

Analysis

max time kernel
1201s
max time network
1210s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 06:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Packet_Tracer821_64bit_setup_signed.exe
Size

227.3MB
MD5

12617fe807c3e4bfa5b0c4748c3b6ff2
SHA1

b13af13de273d9ae41a6113aed93b965f6d14908
SHA256

fa3dbe172cb9268b5d5b24ead0c32c26c25fb5d5b56fa72348b9099bcd429645
SHA512

51ee864ce8cb48ee6645e3b7fe2086f950512035883e7bde39b57b320f56b9125468a8dda7f50557b5b2dd0dfba825f864622e3d5177f86b72dc1d57a6589c61
SSDEEP

6291456:IZ7Mx06hFIDSblcjmwGsUGK4ZXW0lzwjZ:Iix06MWclG/GK4ZGc0jZ

Score

7^/10

discovery evasion spyware stealer

Malware Config

Signatures

Identifies Wine through registry keys 2 TTPs 7 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Wine	PacketTracer.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Wine	PacketTracer.exe
Key queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Wine	PacketTracer.exe
Key opened	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Wine\	PacketTracer.exe
Key opened	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Wine	PacketTracer.exe
Key queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Wine	PacketTracer.exe
Key opened	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Wine\	PacketTracer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Checks computer location settings 2 TTPs 7 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	QtWebEngineProcess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	PacketTracer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	QtWebEngineProcess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	QtWebEngineProcess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	QtWebEngineProcess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	QtWebEngineProcess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	QtWebEngineProcess.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\art\Simulation\PDUGraphics\Status\aPDUDropped\is-OJMCV.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\images\is-NIRL3.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\images\is-G4HMV.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-JCDLP.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\art\Workstation\is-2T67V.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\flowcharts\is-7P766.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-DSH65.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\bin\translations\is-S4PQ3.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\images\physical\is-EV8JG.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-1DFV6.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-L0VDT.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-K7O7V.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\templates\is-KNKTJ.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-LTU74.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\art\Simulation\PDUGraphics\Status\aPDUCollidedExplosion\is-RF2I2.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\art\Workspace\Logical\is-5IKTN.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\images\is-BQP8P.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-90QUI.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-V54DM.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\Devices\is-ERQ56.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-EA2MC.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\art\Workspace\Logical\is-OSMIB.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\images\is-BI1ME.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-F69EA.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\images\is-1H29L.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-0FENL.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\bin\translations\is-O7HGB.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\saves\04 IoT\Solution Examples\is-IP1FF.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File opened for modification	C:\Program Files\Cisco Packet Tracer 8.2.1\templates\Power Meter.ptd	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-SN9ND.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\search\is-70GQE.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File opened for modification	C:\Program Files\Cisco Packet Tracer 8.2.1\bin\IEShims.dll	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\Devices\is-7VO3Q.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\images\is-EJJO7.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\images\physical\is-H1U84.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-AQ2SC.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\sounds\is-E5N34.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File opened for modification	C:\Program Files\Cisco Packet Tracer 8.2.1\saves\03 Cybersecurity\Wireless LAN Security\wpa_psk_test_with_dhcp.pkt	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-JEGIU.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-PT9OH.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\search\is-QP4QN.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\is-J2LM4.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\bin\translations\is-D2VP0.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\images\is-BLH1V.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\images\physical\is-4JKB0.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\art\html\wlc3504\is-04F43.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\art\Simulation\PDUGraphics\Status\aPDUNotForwarded\is-CBVGD.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\images\is-CGCCF.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File opened for modification	C:\Program Files\Cisco Packet Tracer 8.2.1\saves\01 Networking\IPv6\Ipv6Ip Tunneling\ipv6ip_ospf.pkt	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\is-FUP0I.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\images\physical\is-U6Q6Q.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-29UGI.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File opened for modification	C:\Program Files\Cisco Packet Tracer 8.2.1\saves\01 Networking\Meraki\meraki_SA_pppoe.pkt	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\art\Offline-Save\is-E4K63.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\Devices\is-8L73S.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-UI3U0.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-PGJVJ.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-J7R54.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\images\is-UCON9.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-PBGII.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\saves\04 IoT\Solution Examples\is-3KOGA.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\templates\is-M8BTJ.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-MDIU2.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\art\html\meraki_server\images\is-O7L94.tmp	Packet_Tracer821_64bit_setup_signed.tmp

Executes dropped EXE 10 IoCs

pid	Process
2768	Packet_Tracer821_64bit_setup_signed.tmp
3236	PacketTracer.exe
2340	PacketTracer.exe
5196	QtWebEngineProcess.exe
5236	QtWebEngineProcess.exe
6612	QtWebEngineProcess.exe
5900	QtWebEngineProcess.exe
7192	QtWebEngineProcess.exe
8452	QtWebEngineProcess.exe
9028	QtWebEngineProcess.exe

Loads dropped DLL 64 IoCs

pid	Process
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607474427154967"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.pka	Packet_Tracer821_64bit_setup_signed.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1"	PacketTracer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	PacketTracer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8\DefaultIcon\ = "C:\\Program Files\\Cisco Packet Tracer 8.2.1\\art\\pkt.ico"	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.Activity\DefaultIcon	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\pttp	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	PacketTracer.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	PacketTracer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.pksz	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8\ = "Cisco Packet Tracer"	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.Activity\shell\open\command\ = "\"C:\\Program Files\\Cisco Packet Tracer 8.2.1\\bin\\PacketTracer.exe\" \"%1\""	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\pttp\shell\open\command	Packet_Tracer821_64bit_setup_signed.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	PacketTracer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.pkt	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.PKZ\DefaultIcon	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.PKZ\shell\open\command	Packet_Tracer821_64bit_setup_signed.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	PacketTracer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.ActivitySequencePackage\shell	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\pttp\shell\open\command\ = "\"C:\\Program Files\\Cisco Packet Tracer 8.2.1\\bin\\PacketTracer.exe\" -uri=\"%1\""	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	PacketTracer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.Activity\shell	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.ActivitySequence\shell\open\command\ = "\"C:\\Program Files\\Cisco Packet Tracer 8.2.1\\bin\\PacketTracer.exe\" \"%1\""	Packet_Tracer821_64bit_setup_signed.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	PacketTracer.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	PacketTracer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	PacketTracer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	PacketTracer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8\DefaultIcon	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\pttp\ = "URL:pttp"	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	PacketTracer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	PacketTracer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{47A7F94D-DCEA-4211-B22C-7614E082AC8B}	PacketTracer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	PacketTracer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	PacketTracer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.pks	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.Activity	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.Activity\shell\open	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.ActivitySequence\shell\open	Packet_Tracer821_64bit_setup_signed.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\NodeSlot = "2"	PacketTracer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	PacketTracer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.pka\ = "PacketTracer8.Activity"	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	PacketTracer.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	PacketTracer.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	PacketTracer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	PacketTracer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	PacketTracer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.pksz\ = "PacketTracer8.ActivitySequencePackage"	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.ActivitySequence\DefaultIcon	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.ActivitySequencePackage\ = "Cisco Packet Tracer"	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	PacketTracer.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	PacketTracer.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	PacketTracer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.pkz	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.ActivitySequence\shell	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\pttp\shell\open	Packet_Tracer821_64bit_setup_signed.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	PacketTracer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.pkz\ = "PacketTracer8.PKZ"	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.Activity\ = "Cisco Packet Tracer"	Packet_Tracer821_64bit_setup_signed.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	PacketTracer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff	PacketTracer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8\shell	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.ActivitySequence\shell\open\command	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.ActivitySequencePackage	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\pttp\shell	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	PacketTracer.exe

Modifies system certificate store 2 TTPs 13 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DF717EAA4AD94EC9558499602D48DE5FBCF03A25\Blob = 0f00000001000000200000007a9bc7ffecf427111c5a2e5bf589ffff1ee95fef12b3cc42764d7c907a3f6959530000000100000081000000307f3020060a6086480186f92f00060930123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c03021060b6086480186f92f00060e0130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000004c000000304a06082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080b000000010000003e0000004900640065006e0054007200750073007400200043006f006d006d00650072006300690061006c00200052006f006f0074002000430041002000310000006200000001000000200000005d56499be4d2e08bcfcad08a3e38723d50503bde706948e42f55603019e528ae140000000100000014000000ed4419c0d3f0068beea47bbe42e72654c88e36761d000000010000001000000066908ed134572466070299553e6e2b99030000000100000014000000df717eaa4ad94ec9558499602d48de5fbcf03a252000000001000000640500003082056030820348a00302010202100a0142800000014523c844b500000002300d06092a864886f70d01010b0500304a310b300906035504061302555331123010060355040a13094964656e5472757374312730250603550403131e4964656e547275737420436f6d6d65726369616c20526f6f742043412031301e170d3134303131363138313232335a170d3334303131363138313232335a304a310b300906035504061302555331123010060355040a13094964656e5472757374312730250603550403131e4964656e547275737420436f6d6d65726369616c20526f6f74204341203130820222300d06092a864886f70d01010105000382020f003082020a0282020100a75019de3f993dd43346f16f516182b2a94f8f67895d84d953dd0c28d9d7f0ffae95437299f9b55d7c8ac142e1315074d1810d7ccd9b21ab43e2acad5e866ef3098a1f5a32bda2eb94f9e85c0aecff98d2af71b3b4539f4e87ef92bcbdec4f3230884b175e57c453c2f602978dd9622bbf241f628ddfc3b8294b49783c93608822fc99da36c8c2a2d42c540067356e73bf0258f0a4dde5b0a2267acae036a51916f5fdb7efae3f40f56d5a04fdce34ca24dc74231b5d3313125dc40125f630dd025d9fe0d547bdb4eb1ba1bb4949d89f5b02f38ae42490e4624f4fc1af8b0e7417a8d172886a7a0149ccb44679c617b1da981e0759fa75218565dd9056cefbaba5609dc49df952b08bbd87f98f2b230a23763bf733e1c900f369f94ba2e04ebc7e93398407f744707efe075ae5b1acd118ccf235e5494908ca56c93dfb0f187d8b3bc113c24d8fc94f0e37e91fa10e6adf622ecb350651792cc82538f4fa4ba7895c9cd2e30d39864a747cd55987c23f4e0c5c52f43df75282f1eaa3acfd49341a28f341883a13eee8deff991d5fbacbe81ef2b95060c031d373e5efbea0ed330b74be2020c4676cf008037a55807f464e96a7f41e3ee1f6d809e133642b63d7325e9ff9c07b0f786f97bc939af99c1290787a808715d772749c557478b1bae16e7004ba4fa0ba68c37bff31f0733d3d942ab10b410ea0fe4d88656b7933b4d70203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ed4419c0d3f0068beea47bbe42e72654c88e3676300d06092a864886f70d01010b050003820201000dae9032f6a64b7c447619611e2728cd5e54ef25bce30890f929d7ae6808e1940058ef2e2e7e53528cb65c07ea88ba998b5094d78280df61090093ad0d14e6cec1f2379478b05f9cb3a273b88f059338cd8d3eb0b8fbc0cfb1f2ec2d2d1bccecaa9ab3aa60821b2d3bc3843d578a961e9c75b8d330cd60088390d38e54f14d66c05d740340a3ee857ec21f779c06e8c1a7185d5295edc9dd259e6dfaa9eda33a34d0597bdaed50f335bfedeb144d31c760f4daf1879ce248e2c6c537fb0610fa755966314729da769a1ce982aeef9ab951f788239a6995623ce5558036d75402fff1b95dced4236fd845844a5b65ef890cdd14a720cb18a525b40df901f0a2d2f400c8748ea12a488e65db13c4e225177debbe875b17205451934a53030bec5dca33ed62fd45c72f5bdc58a08039e6fad7fe1314a6ed3d944a4274d4c3775973cd8f46be5538effae89132ea97580422de38c3ccbc6dc9333a6a0a693fa0c8ea728f8c638623bd6d3c969e95e0494caaa2b92a1b9c368178edc3e846e2265944751ed9758951cd10849d6160cb5df997224d8e98e6e37ff65bbbaecdca4a816b5e0bf351e1742be97e27a7d999494ef8a580db250f1c63628ac933676b3c1083c6addea8cd168e8df00737719ff2abfc41f5c18bec00375d09e54e80effab15c3806a51b4ae1dc382d3cdcab1f901ad54a9ceed1706ccceef457f818ba846e87	QtWebEngineProcess.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DF717EAA4AD94EC9558499602D48DE5FBCF03A25	QtWebEngineProcess.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DF717EAA4AD94EC9558499602D48DE5FBCF03A25\Blob = 1900000001000000100000002e43cb5682e3a1756f80fc53cfbff825030000000100000014000000df717eaa4ad94ec9558499602d48de5fbcf03a251d000000010000001000000066908ed134572466070299553e6e2b99140000000100000014000000ed4419c0d3f0068beea47bbe42e72654c88e36766200000001000000200000005d56499be4d2e08bcfcad08a3e38723d50503bde706948e42f55603019e528ae0b000000010000003e0000004900640065006e0054007200750073007400200043006f006d006d00650072006300690061006c00200052006f006f00740020004300410020003100000009000000010000004c000000304a06082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b06010505070308530000000100000081000000307f3020060a6086480186f92f00060930123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c03021060b6086480186f92f00060e0130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000200000007a9bc7ffecf427111c5a2e5bf589ffff1ee95fef12b3cc42764d7c907a3f69592000000001000000640500003082056030820348a00302010202100a0142800000014523c844b500000002300d06092a864886f70d01010b0500304a310b300906035504061302555331123010060355040a13094964656e5472757374312730250603550403131e4964656e547275737420436f6d6d65726369616c20526f6f742043412031301e170d3134303131363138313232335a170d3334303131363138313232335a304a310b300906035504061302555331123010060355040a13094964656e5472757374312730250603550403131e4964656e547275737420436f6d6d65726369616c20526f6f74204341203130820222300d06092a864886f70d01010105000382020f003082020a0282020100a75019de3f993dd43346f16f516182b2a94f8f67895d84d953dd0c28d9d7f0ffae95437299f9b55d7c8ac142e1315074d1810d7ccd9b21ab43e2acad5e866ef3098a1f5a32bda2eb94f9e85c0aecff98d2af71b3b4539f4e87ef92bcbdec4f3230884b175e57c453c2f602978dd9622bbf241f628ddfc3b8294b49783c93608822fc99da36c8c2a2d42c540067356e73bf0258f0a4dde5b0a2267acae036a51916f5fdb7efae3f40f56d5a04fdce34ca24dc74231b5d3313125dc40125f630dd025d9fe0d547bdb4eb1ba1bb4949d89f5b02f38ae42490e4624f4fc1af8b0e7417a8d172886a7a0149ccb44679c617b1da981e0759fa75218565dd9056cefbaba5609dc49df952b08bbd87f98f2b230a23763bf733e1c900f369f94ba2e04ebc7e93398407f744707efe075ae5b1acd118ccf235e5494908ca56c93dfb0f187d8b3bc113c24d8fc94f0e37e91fa10e6adf622ecb350651792cc82538f4fa4ba7895c9cd2e30d39864a747cd55987c23f4e0c5c52f43df75282f1eaa3acfd49341a28f341883a13eee8deff991d5fbacbe81ef2b95060c031d373e5efbea0ed330b74be2020c4676cf008037a55807f464e96a7f41e3ee1f6d809e133642b63d7325e9ff9c07b0f786f97bc939af99c1290787a808715d772749c557478b1bae16e7004ba4fa0ba68c37bff31f0733d3d942ab10b410ea0fe4d88656b7933b4d70203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ed4419c0d3f0068beea47bbe42e72654c88e3676300d06092a864886f70d01010b050003820201000dae9032f6a64b7c447619611e2728cd5e54ef25bce30890f929d7ae6808e1940058ef2e2e7e53528cb65c07ea88ba998b5094d78280df61090093ad0d14e6cec1f2379478b05f9cb3a273b88f059338cd8d3eb0b8fbc0cfb1f2ec2d2d1bccecaa9ab3aa60821b2d3bc3843d578a961e9c75b8d330cd60088390d38e54f14d66c05d740340a3ee857ec21f779c06e8c1a7185d5295edc9dd259e6dfaa9eda33a34d0597bdaed50f335bfedeb144d31c760f4daf1879ce248e2c6c537fb0610fa755966314729da769a1ce982aeef9ab951f788239a6995623ce5558036d75402fff1b95dced4236fd845844a5b65ef890cdd14a720cb18a525b40df901f0a2d2f400c8748ea12a488e65db13c4e225177debbe875b17205451934a53030bec5dca33ed62fd45c72f5bdc58a08039e6fad7fe1314a6ed3d944a4274d4c3775973cd8f46be5538effae89132ea97580422de38c3ccbc6dc9333a6a0a693fa0c8ea728f8c638623bd6d3c969e95e0494caaa2b92a1b9c368178edc3e846e2265944751ed9758951cd10849d6160cb5df997224d8e98e6e37ff65bbbaecdca4a816b5e0bf351e1742be97e27a7d999494ef8a580db250f1c63628ac933676b3c1083c6addea8cd168e8df00737719ff2abfc41f5c18bec00375d09e54e80effab15c3806a51b4ae1dc382d3cdcab1f901ad54a9ceed1706ccceef457f818ba846e87	QtWebEngineProcess.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	QtWebEngineProcess.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	QtWebEngineProcess.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DF717EAA4AD94EC9558499602D48DE5FBCF03A25\Blob = 040000000100000010000000b33e777375eea0d3e37e49634959bbc70f00000001000000200000007a9bc7ffecf427111c5a2e5bf589ffff1ee95fef12b3cc42764d7c907a3f6959530000000100000081000000307f3020060a6086480186f92f00060930123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c03021060b6086480186f92f00060e0130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000004c000000304a06082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080b000000010000003e0000004900640065006e0054007200750073007400200043006f006d006d00650072006300690061006c00200052006f006f0074002000430041002000310000006200000001000000200000005d56499be4d2e08bcfcad08a3e38723d50503bde706948e42f55603019e528ae140000000100000014000000ed4419c0d3f0068beea47bbe42e72654c88e36761d000000010000001000000066908ed134572466070299553e6e2b99030000000100000014000000df717eaa4ad94ec9558499602d48de5fbcf03a251900000001000000100000002e43cb5682e3a1756f80fc53cfbff8252000000001000000640500003082056030820348a00302010202100a0142800000014523c844b500000002300d06092a864886f70d01010b0500304a310b300906035504061302555331123010060355040a13094964656e5472757374312730250603550403131e4964656e547275737420436f6d6d65726369616c20526f6f742043412031301e170d3134303131363138313232335a170d3334303131363138313232335a304a310b300906035504061302555331123010060355040a13094964656e5472757374312730250603550403131e4964656e547275737420436f6d6d65726369616c20526f6f74204341203130820222300d06092a864886f70d01010105000382020f003082020a0282020100a75019de3f993dd43346f16f516182b2a94f8f67895d84d953dd0c28d9d7f0ffae95437299f9b55d7c8ac142e1315074d1810d7ccd9b21ab43e2acad5e866ef3098a1f5a32bda2eb94f9e85c0aecff98d2af71b3b4539f4e87ef92bcbdec4f3230884b175e57c453c2f602978dd9622bbf241f628ddfc3b8294b49783c93608822fc99da36c8c2a2d42c540067356e73bf0258f0a4dde5b0a2267acae036a51916f5fdb7efae3f40f56d5a04fdce34ca24dc74231b5d3313125dc40125f630dd025d9fe0d547bdb4eb1ba1bb4949d89f5b02f38ae42490e4624f4fc1af8b0e7417a8d172886a7a0149ccb44679c617b1da981e0759fa75218565dd9056cefbaba5609dc49df952b08bbd87f98f2b230a23763bf733e1c900f369f94ba2e04ebc7e93398407f744707efe075ae5b1acd118ccf235e5494908ca56c93dfb0f187d8b3bc113c24d8fc94f0e37e91fa10e6adf622ecb350651792cc82538f4fa4ba7895c9cd2e30d39864a747cd55987c23f4e0c5c52f43df75282f1eaa3acfd49341a28f341883a13eee8deff991d5fbacbe81ef2b95060c031d373e5efbea0ed330b74be2020c4676cf008037a55807f464e96a7f41e3ee1f6d809e133642b63d7325e9ff9c07b0f786f97bc939af99c1290787a808715d772749c557478b1bae16e7004ba4fa0ba68c37bff31f0733d3d942ab10b410ea0fe4d88656b7933b4d70203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ed4419c0d3f0068beea47bbe42e72654c88e3676300d06092a864886f70d01010b050003820201000dae9032f6a64b7c447619611e2728cd5e54ef25bce30890f929d7ae6808e1940058ef2e2e7e53528cb65c07ea88ba998b5094d78280df61090093ad0d14e6cec1f2379478b05f9cb3a273b88f059338cd8d3eb0b8fbc0cfb1f2ec2d2d1bccecaa9ab3aa60821b2d3bc3843d578a961e9c75b8d330cd60088390d38e54f14d66c05d740340a3ee857ec21f779c06e8c1a7185d5295edc9dd259e6dfaa9eda33a34d0597bdaed50f335bfedeb144d31c760f4daf1879ce248e2c6c537fb0610fa755966314729da769a1ce982aeef9ab951f788239a6995623ce5558036d75402fff1b95dced4236fd845844a5b65ef890cdd14a720cb18a525b40df901f0a2d2f400c8748ea12a488e65db13c4e225177debbe875b17205451934a53030bec5dca33ed62fd45c72f5bdc58a08039e6fad7fe1314a6ed3d944a4274d4c3775973cd8f46be5538effae89132ea97580422de38c3ccbc6dc9333a6a0a693fa0c8ea728f8c638623bd6d3c969e95e0494caaa2b92a1b9c368178edc3e846e2265944751ed9758951cd10849d6160cb5df997224d8e98e6e37ff65bbbaecdca4a816b5e0bf351e1742be97e27a7d999494ef8a580db250f1c63628ac933676b3c1083c6addea8cd168e8df00737719ff2abfc41f5c18bec00375d09e54e80effab15c3806a51b4ae1dc382d3cdcab1f901ad54a9ceed1706ccceef457f818ba846e87	QtWebEngineProcess.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	QtWebEngineProcess.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 5c00000001000000040000000008000019000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f040000000100000010000000acb694a59c17e0d791529bb19706a6e420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	QtWebEngineProcess.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e40f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47419000000010000001000000068cb42b035ea773e52ef50ecf50ec52920000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	QtWebEngineProcess.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	QtWebEngineProcess.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DF717EAA4AD94EC9558499602D48DE5FBCF03A25\Blob = 5c0000000100000004000000001000001900000001000000100000002e43cb5682e3a1756f80fc53cfbff825030000000100000014000000df717eaa4ad94ec9558499602d48de5fbcf03a251d000000010000001000000066908ed134572466070299553e6e2b99140000000100000014000000ed4419c0d3f0068beea47bbe42e72654c88e36766200000001000000200000005d56499be4d2e08bcfcad08a3e38723d50503bde706948e42f55603019e528ae0b000000010000003e0000004900640065006e0054007200750073007400200043006f006d006d00650072006300690061006c00200052006f006f00740020004300410020003100000009000000010000004c000000304a06082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b06010505070308530000000100000081000000307f3020060a6086480186f92f00060930123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c03021060b6086480186f92f00060e0130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000200000007a9bc7ffecf427111c5a2e5bf589ffff1ee95fef12b3cc42764d7c907a3f6959040000000100000010000000b33e777375eea0d3e37e49634959bbc72000000001000000640500003082056030820348a00302010202100a0142800000014523c844b500000002300d06092a864886f70d01010b0500304a310b300906035504061302555331123010060355040a13094964656e5472757374312730250603550403131e4964656e547275737420436f6d6d65726369616c20526f6f742043412031301e170d3134303131363138313232335a170d3334303131363138313232335a304a310b300906035504061302555331123010060355040a13094964656e5472757374312730250603550403131e4964656e547275737420436f6d6d65726369616c20526f6f74204341203130820222300d06092a864886f70d01010105000382020f003082020a0282020100a75019de3f993dd43346f16f516182b2a94f8f67895d84d953dd0c28d9d7f0ffae95437299f9b55d7c8ac142e1315074d1810d7ccd9b21ab43e2acad5e866ef3098a1f5a32bda2eb94f9e85c0aecff98d2af71b3b4539f4e87ef92bcbdec4f3230884b175e57c453c2f602978dd9622bbf241f628ddfc3b8294b49783c93608822fc99da36c8c2a2d42c540067356e73bf0258f0a4dde5b0a2267acae036a51916f5fdb7efae3f40f56d5a04fdce34ca24dc74231b5d3313125dc40125f630dd025d9fe0d547bdb4eb1ba1bb4949d89f5b02f38ae42490e4624f4fc1af8b0e7417a8d172886a7a0149ccb44679c617b1da981e0759fa75218565dd9056cefbaba5609dc49df952b08bbd87f98f2b230a23763bf733e1c900f369f94ba2e04ebc7e93398407f744707efe075ae5b1acd118ccf235e5494908ca56c93dfb0f187d8b3bc113c24d8fc94f0e37e91fa10e6adf622ecb350651792cc82538f4fa4ba7895c9cd2e30d39864a747cd55987c23f4e0c5c52f43df75282f1eaa3acfd49341a28f341883a13eee8deff991d5fbacbe81ef2b95060c031d373e5efbea0ed330b74be2020c4676cf008037a55807f464e96a7f41e3ee1f6d809e133642b63d7325e9ff9c07b0f786f97bc939af99c1290787a808715d772749c557478b1bae16e7004ba4fa0ba68c37bff31f0733d3d942ab10b410ea0fe4d88656b7933b4d70203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ed4419c0d3f0068beea47bbe42e72654c88e3676300d06092a864886f70d01010b050003820201000dae9032f6a64b7c447619611e2728cd5e54ef25bce30890f929d7ae6808e1940058ef2e2e7e53528cb65c07ea88ba998b5094d78280df61090093ad0d14e6cec1f2379478b05f9cb3a273b88f059338cd8d3eb0b8fbc0cfb1f2ec2d2d1bccecaa9ab3aa60821b2d3bc3843d578a961e9c75b8d330cd60088390d38e54f14d66c05d740340a3ee857ec21f779c06e8c1a7185d5295edc9dd259e6dfaa9eda33a34d0597bdaed50f335bfedeb144d31c760f4daf1879ce248e2c6c537fb0610fa755966314729da769a1ce982aeef9ab951f788239a6995623ce5558036d75402fff1b95dced4236fd845844a5b65ef890cdd14a720cb18a525b40df901f0a2d2f400c8748ea12a488e65db13c4e225177debbe875b17205451934a53030bec5dca33ed62fd45c72f5bdc58a08039e6fad7fe1314a6ed3d944a4274d4c3775973cd8f46be5538effae89132ea97580422de38c3ccbc6dc9333a6a0a693fa0c8ea728f8c638623bd6d3c969e95e0494caaa2b92a1b9c368178edc3e846e2265944751ed9758951cd10849d6160cb5df997224d8e98e6e37ff65bbbaecdca4a816b5e0bf351e1742be97e27a7d999494ef8a580db250f1c63628ac933676b3c1083c6addea8cd168e8df00737719ff2abfc41f5c18bec00375d09e54e80effab15c3806a51b4ae1dc382d3cdcab1f901ad54a9ceed1706ccceef457f818ba846e87	QtWebEngineProcess.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	QtWebEngineProcess.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	QtWebEngineProcess.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3236	PacketTracer.exe
2340	PacketTracer.exe

Suspicious behavior: EnumeratesProcesses 42 IoCs

pid	Process
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
3236	PacketTracer.exe
3236	PacketTracer.exe
1036	msedge.exe
1036	msedge.exe
4524	msedge.exe
4524	msedge.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
652	identity_helper.exe
652	identity_helper.exe
5196	QtWebEngineProcess.exe
5196	QtWebEngineProcess.exe
5236	QtWebEngineProcess.exe
5236	QtWebEngineProcess.exe
4424	msedge.exe
4424	msedge.exe
6612	QtWebEngineProcess.exe
6612	QtWebEngineProcess.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
6776	msedge.exe
6776	msedge.exe
6776	msedge.exe
6776	msedge.exe
2340	PacketTracer.exe
2340	PacketTracer.exe
2856	msedge.exe
2856	msedge.exe
4020	chrome.exe
4020	chrome.exe
5900	QtWebEngineProcess.exe
5900	QtWebEngineProcess.exe
7192	QtWebEngineProcess.exe
7192	QtWebEngineProcess.exe
8452	QtWebEngineProcess.exe
8452	QtWebEngineProcess.exe
8856	chrome.exe
8856	chrome.exe
9028	QtWebEngineProcess.exe
9028	QtWebEngineProcess.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3236	PacketTracer.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 58 IoCs

pid	Process
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4020	chrome.exe
4020	chrome.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4020	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp
2768	Packet_Tracer821_64bit_setup_signed.tmp

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe
3236	PacketTracer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 2768	1752	Packet_Tracer821_64bit_setup_signed.exe	88
PID 1752 wrote to memory of 2768	1752	Packet_Tracer821_64bit_setup_signed.exe	88
PID 1752 wrote to memory of 2768	1752	Packet_Tracer821_64bit_setup_signed.exe	88
PID 2768 wrote to memory of 3236	2768	Packet_Tracer821_64bit_setup_signed.tmp	99
PID 2768 wrote to memory of 3236	2768	Packet_Tracer821_64bit_setup_signed.tmp	99
PID 4524 wrote to memory of 4884	4524	msedge.exe	102
PID 4524 wrote to memory of 4884	4524	msedge.exe	102
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 3700	4524	msedge.exe	103
PID 4524 wrote to memory of 1036	4524	msedge.exe	104
PID 4524 wrote to memory of 1036	4524	msedge.exe	104
PID 4524 wrote to memory of 4420	4524	msedge.exe	105
PID 4524 wrote to memory of 4420	4524	msedge.exe	105
PID 4524 wrote to memory of 4420	4524	msedge.exe	105
PID 4524 wrote to memory of 4420	4524	msedge.exe	105
PID 4524 wrote to memory of 4420	4524	msedge.exe	105
PID 4524 wrote to memory of 4420	4524	msedge.exe	105
PID 4524 wrote to memory of 4420	4524	msedge.exe	105
PID 4524 wrote to memory of 4420	4524	msedge.exe	105
PID 4524 wrote to memory of 4420	4524	msedge.exe	105
PID 4524 wrote to memory of 4420	4524	msedge.exe	105
PID 4524 wrote to memory of 4420	4524	msedge.exe	105
PID 4524 wrote to memory of 4420	4524	msedge.exe	105
PID 4524 wrote to memory of 4420	4524	msedge.exe	105
PID 4524 wrote to memory of 4420	4524	msedge.exe	105
PID 4524 wrote to memory of 4420	4524	msedge.exe	105

C:\Users\Admin\AppData\Local\Temp\Packet_Tracer821_64bit_setup_signed.exe
"C:\Users\Admin\AppData\Local\Temp\Packet_Tracer821_64bit_setup_signed.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Users\Admin\AppData\Local\Temp\is-1A7HB.tmp\Packet_Tracer821_64bit_setup_signed.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-1A7HB.tmp\Packet_Tracer821_64bit_setup_signed.tmp" /SL5="$70066,237300973,832512,C:\Users\Admin\AppData\Local\Temp\Packet_Tracer821_64bit_setup_signed.exe"
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2768
- - C:\Program Files\Cisco Packet Tracer 8.2.1\bin\PacketTracer.exe
    "C:\Program Files\Cisco Packet Tracer 8.2.1\bin\PacketTracer.exe"
    3⤵
    - Identifies Wine through registry keys
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:3236
  - - C:\Program Files\Cisco Packet Tracer 8.2.1\bin\PacketTracer.exe
      "C:\Program Files\Cisco Packet Tracer 8.2.1\bin\PacketTracer.exe" --progress-bar-server
      4⤵
      Identifies Wine through registry keys
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: AddClipboardFormatListener
      Suspicious behavior: EnumeratesProcesses
      PID:2340
  - - C:\Program Files\Cisco Packet Tracer 8.2.1\bin\QtWebEngineProcess.exe
      "C:\Program Files\Cisco Packet Tracer 8.2.1\bin\QtWebEngineProcess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en --service-sandbox-type=network --no-sandbox --use-gl=angle --application-name=PacketTracer --webengine-schemes=this-sm:sLC;pt-sm:sLC;file-sm:sLC;sm-local-fs:;user-app:sLC;wlc-3504:sLC;internal-browser-page-resource-http:LCF;internal-browser-page-resource-https:sLCF;qrc:sLV --mojo-platform-channel-handle=3416 /prefetch:8
      4⤵
      Executes dropped EXE
      Modifies system certificate store
      Suspicious behavior: EnumeratesProcesses
      PID:5236
  - - C:\Program Files\Cisco Packet Tracer 8.2.1\bin\QtWebEngineProcess.exe
      "C:\Program Files\Cisco Packet Tracer 8.2.1\bin\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en --webengine-schemes=this-sm:sLC;pt-sm:sLC;file-sm:sLC;sm-local-fs:;user-app:sLC;wlc-3504:sLC;internal-browser-page-resource-http:LCF;internal-browser-page-resource-https:sLCF;qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --mojo-platform-channel-handle=3456 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:5196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://auth.netacad.com/auth/realms/skillsforall/protocol/openid-connect/auth?client_id=02159bbb62514124&openid=&response_type=code&state=mfxnnnJY
      4⤵
      PID:4496
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff9a6b46f8,0x7fff9a6b4708,0x7fff9a6b4718
        5⤵
        
        PID:1184
  - - C:\Program Files\Cisco Packet Tracer 8.2.1\bin\QtWebEngineProcess.exe
      "C:\Program Files\Cisco Packet Tracer 8.2.1\bin\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en --webengine-schemes=this-sm:sLC;pt-sm:sLC;file-sm:sLC;sm-local-fs:;user-app:sLC;wlc-3504:sLC;internal-browser-page-resource-http:LCF;internal-browser-page-resource-https:sLCF;qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1744 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:6612
  - - C:\Program Files\Cisco Packet Tracer 8.2.1\bin\QtWebEngineProcess.exe
      "C:\Program Files\Cisco Packet Tracer 8.2.1\bin\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --disable-databases --lang=en --webengine-schemes=this-sm:sLC;pt-sm:sLC;file-sm:sLC;sm-local-fs:;user-app:sLC;wlc-3504:sLC;internal-browser-page-resource-http:LCF;internal-browser-page-resource-https:sLCF;qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=5968 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:5900
  - - C:\Program Files\Cisco Packet Tracer 8.2.1\bin\QtWebEngineProcess.exe
      "C:\Program Files\Cisco Packet Tracer 8.2.1\bin\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --disable-databases --lang=en --webengine-schemes=this-sm:sLC;pt-sm:sLC;file-sm:sLC;sm-local-fs:;user-app:sLC;wlc-3504:sLC;internal-browser-page-resource-http:LCF;internal-browser-page-resource-https:sLCF;qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=6124 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:7192
  - - C:\Program Files\Cisco Packet Tracer 8.2.1\bin\QtWebEngineProcess.exe
      "C:\Program Files\Cisco Packet Tracer 8.2.1\bin\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --disable-databases --lang=en --webengine-schemes=this-sm:sLC;pt-sm:sLC;file-sm:sLC;sm-local-fs:;user-app:sLC;wlc-3504:sLC;internal-browser-page-resource-http:LCF;internal-browser-page-resource-https:sLCF;qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=6084 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:8452
  - - C:\Program Files\Cisco Packet Tracer 8.2.1\bin\QtWebEngineProcess.exe
      "C:\Program Files\Cisco Packet Tracer 8.2.1\bin\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --disable-databases --lang=en --webengine-schemes=this-sm:sLC;pt-sm:sLC;file-sm:sLC;sm-local-fs:;user-app:sLC;wlc-3504:sLC;internal-browser-page-resource-http:LCF;internal-browser-page-resource-https:sLCF;qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5572 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:9028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff9a6b46f8,0x7fff9a6b4708,0x7fff9a6b4718
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2680 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:32
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3796 /prefetch:8
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3796 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1792 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1976 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6460 /prefetch:8
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7912 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8076 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7948 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8468 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8588 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8920 /prefetch:1
  2⤵
  PID:6812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1
  2⤵
  PID:7020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8936 /prefetch:1
  2⤵
  PID:7032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7800 /prefetch:8
  2⤵
  PID:6640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9444 /prefetch:1
  2⤵
  PID:7132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8028 /prefetch:1
  2⤵
  PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9588 /prefetch:1
  2⤵
  PID:7076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:6736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:1
  2⤵
  PID:6740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9152 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5844 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9456 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8036 /prefetch:1
  2⤵
  PID:6316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9924 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10024 /prefetch:1
  2⤵
  PID:6792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:7104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10208 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10020 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8648 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9820 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9636 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8712 /prefetch:1
  2⤵
  PID:7024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10912 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8248 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11148 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11212 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16973866344411073427,11080231809098017241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11452 /prefetch:1
  2⤵
  PID:1536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff9eddab58,0x7fff9eddab68,0x7fff9eddab78
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1924,i,11227215143695696754,7998881333519744680,131072 /prefetch:2
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1924,i,11227215143695696754,7998881333519744680,131072 /prefetch:8
  2⤵
  PID:5396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1924,i,11227215143695696754,7998881333519744680,131072 /prefetch:8
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2916 --field-trial-handle=1924,i,11227215143695696754,7998881333519744680,131072 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2924 --field-trial-handle=1924,i,11227215143695696754,7998881333519744680,131072 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3468 --field-trial-handle=1924,i,11227215143695696754,7998881333519744680,131072 /prefetch:1
  2⤵
  PID:7220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4340 --field-trial-handle=1924,i,11227215143695696754,7998881333519744680,131072 /prefetch:8
  2⤵
  PID:7268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4492 --field-trial-handle=1924,i,11227215143695696754,7998881333519744680,131072 /prefetch:8
  2⤵
  PID:7372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2616 --field-trial-handle=1924,i,11227215143695696754,7998881333519744680,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4416 --field-trial-handle=1924,i,11227215143695696754,7998881333519744680,131072 /prefetch:8
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1900 --field-trial-handle=1924,i,11227215143695696754,7998881333519744680,131072 /prefetch:8
  2⤵
  PID:7088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1924,i,11227215143695696754,7998881333519744680,131072 /prefetch:8
  2⤵
  PID:1436

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:6756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Virtualization/Sandbox Evasion

T1497

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\Cables\is-TKR1P.tmp

Filesize
315B

MD5
eea645506419ce8a69b065202a7c0d08

SHA1
5706261556997c040006e47328d964d4605c8ce6

SHA256
22c6bfaac607f53a639807ef543d0b5204912bc34c9221fad837a6a70070fec3

SHA512
cca3a0d8daaae4a4b6e9e970f264310e95e4704c124fe13ef89deaac62cd63bcc4706d27b828e81698998b309ce481675c6711dfb69b70cb2db2c59d38eff933

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\Devices\is-1DV08.tmp

Filesize
2KB

MD5
056734550b0efec0f7da59965b6b8142

SHA1
9ad594255763651b00c710ae0965ce5cda668799

SHA256
cb2579a068ad0bb6a4cda5dec48a29e311d239f679f686ded3056cdced019928

SHA512
8da2837d4cd7c5670eb434c34e1da083057be1cddee14fbef87d6ee4beee21c92e4d8d1f41efa304049bf88359acd54780f5f7aed6275c9489ae00f07d6d373e

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\Devices\is-DUSV9.tmp

Filesize
2KB

MD5
0c100c426c446d480b807ae3551060e6

SHA1
6d4086b1ce6f3ee9af25c748eb49e9533ac19d9d

SHA256
c178794e00163ddd37a24323bb2a23fa033b5c9fe89976ad5fee8396f65010b1

SHA512
008db45170f51c0c95311db8f75d72348df421b055e1aca2fa5b1dcac442483e26356649070d7c525ce604107903e8b7a763e6061ec1a98bc35a530645e5646e

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\is-0EKOP.tmp

Filesize
3KB

MD5
a8fc45024622a74dcf62760cab25bf76

SHA1
23462b44066d6fb30e0baf29b445ce2c2d40e5c8

SHA256
640915b6c8bfd69bbff5a582361a70b38a59525b11235ead3da482ea4d6c3ef8

SHA512
e5d89254987717894ee312dfb63c65adea58dadc6beb5cdfcfc2d833822c00de0fc9dc784ad43936af2fcfcd0179a519a39b5ba4eb653d76a39ff953829d0734

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\is-57UU5.tmp

Filesize
3KB

MD5
4c0c80e1fb4b80931b85a74740adef2a

SHA1
03a1ec4355c51da4e39f1066621cb5c78e9edb50

SHA256
fbf01e06b9e61bab5d7ad99304e298f05a320a57aa86557f0bed2d54c7eef3e0

SHA512
00a8a3f451fd1b5271675ba85cfeea0c276c7e44eceef3fe24d755c221e35e7dba92fda44e4bc1f4ef75a9a619da67343e299161f6520a4176446d40b85a5227

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\is-7BQA5.tmp

Filesize
3KB

MD5
511a1f66428bae133373b9f54c955470

SHA1
8fe874be50b754155921a9c9d57ae5766a4d1309

SHA256
dad20606b3b828be8db1af4830f90c5aa85c171e60f7eea6fd1688796a0e4d34

SHA512
8560a4911d3494ea02dc8d30bb8ea0bd20ab8b9a0f85a42a111ab064465fd946e874bf369d2c91556accf7b54b8cbbcd377fe4eff395f6554de419443ab6525a

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\is-IILSF.tmp

Filesize
3KB

MD5
b47d62bbc1da9670fcb42055057684c7

SHA1
34e86cd9a53f5bb8a89d1971e960bfbcdfc6ccef

SHA256
ecd7f8f2d6b89a1e74313ad74e55766dfee58cb271930e0fef9326cfea8f7c4b

SHA512
cb3673f15c7289e03c293cc77206bfa7fbaede75cc2a31f4d40e5704621d2dc83ace9958531d17091449e5a7eefa1088ac3d35d2cd09ec181de41fb6699c4520

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\is-LS0QV.tmp

Filesize
3KB

MD5
b4a980b6d22faadc34644b7ea05e058e

SHA1
bd179dbd402cc3ef8db5174a7cd02ea27a8f8cd1

SHA256
0ce8b553e69497e6dc7431d58e6e9a9d1c954e775075b8ef51c9dc5e6e4e4b56

SHA512
7018a13e564a97b3a40a1ca4129964723d63b9f15b1779c229242c6d6f2d0fbc5c4730714d25f6bac99b78ef2e52a22ed0815f76435e356f3b557a325f4d3cd3

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\is-QL57A.tmp

Filesize
3KB

MD5
875f74d98f259e0bee8b96b79a585096

SHA1
00e573dd9d7ca63652134e6f1c3dd58b28b3e5dc

SHA256
c55797bee1ce875374bc0d8d22294a5b9b016c82ee9a578c7b5de9623661be36

SHA512
4f9707369ad785001f6e8f1c7e91f16c498bb1ba4b3ec57fffa2bbfa9a3b73e310f9495a16514bb59cdbce3b5903f2d49ba7c59c9e6565cd8600995f294737d8

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\is-RPL9Q.tmp

Filesize
3KB

MD5
cd008c299203f56f92017462b58997bc

SHA1
9b4f47f09b91b92d36ec329563b31acc75c14cc0

SHA256
111ca722d4bfb8716d0fc39df61ce91f19289f15669b4a37f39b69fa37dbc3be

SHA512
96892830db7905e5cd390c8372a69d4e87c122e144e9b430c203dbeff2ea5723ec43f4d3c2f1d73c1a72acebd7960501484200ee94eed7fb4c5ff8faf2752b2a

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\art\Workspace\Logical\is-79KR0.tmp

Filesize
2KB

MD5
aebbdf1c2d3b77145019687d8affef8b

SHA1
7d6dab66fe1aa8e909301ff759181c1a3c788a1c

SHA256
e26dc76fdadc5a656b70c0c8df216026fd7f2b47f3cd717897f5d144a9507eda

SHA512
09c1194c966d1e6d3b1ec707cb8e312b4050e55ace370253627cf602dbdf920c732fd59633bdfad050c1f8fe321b88b9b702e5c0de8e3a7d232deb77f0cdafba

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\art\Workspace\Logical\is-ICAGJ.tmp

Filesize
3KB

MD5
4368ca824f1ef9ccf4e646a3a21c6e9b

SHA1
92a95e77d25ccecfc23be7296032437011410786

SHA256
f6b0e86adcef275af7621b979e2ba9b2d6101e36d4b36bd66e5b7a70c3519a5b

SHA512
82d51a7af55af7b0b5d0f16529fa2791c42c4b1f5e17e349be7087c362ba73aa4315c1e6ab2c7072e1379c070a480281136eaf2ecf35fba2699065976616d4fc

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\art\html\wlc2504\is-AOPLU.tmp

Filesize
22KB

MD5
5fa4aa9f25f358fccef0909b97918171

SHA1
351f547912c645798421de9187e57134318a7e2f

SHA256
a50d2a3175f47f399b402b1f036e48f8e411b2564a15982af30d7c52a7e70c9f

SHA512
40761e292420b3a24ff6802cc7b70703bde92bd060dcc38a351f599962e8dd512f1695a176d2f6c1e797e9f6a084170463a26513be0510ecd763087b489699fc

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\Qt5Core.dll

Filesize
6.0MB

MD5
9d588d72081532f682c5c80946045f6f

SHA1
7f95a3d17bfe8d11e4595c9f85172b73fc1f7f56

SHA256
35f68703eb4091c82261a53bce22a809ea31b1f7eedbd41c4fa37188d2284ecb

SHA512
d4e3fa0e0df6b023a875aa7af78809714797b723b0f2a5c6a7ead616c01df12dc15da1a4f44eae85e85427e868a19c17bd5bb9bd39c9b60c0287ce2b29503af5

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\Qt5Gui.dll

Filesize
6.6MB

MD5
75f182632507f9ae75f064f84287eaac

SHA1
5787b3bf6a3f25be14fb2cbe4b84297eb98b0639

SHA256
09a27a644101a4dbed0e61df18a1e288e6bc5b5b79eae13c681c9f5e51b2ad0c

SHA512
e3e1e39e295c39e5a9042fecff0416331477f8e0f27f39575e63dc9ae4b25d92845c048f4f6006fc11c3ec66c8934b78141500c4afdbb9794d85912b51f095a0

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\Qt5Multimedia.dll

Filesize
717KB

MD5
55a95bebaf5ffa9f32e21de6bf46d90f

SHA1
e96615e4195fb6d353f163af6c519b87377bf9f4

SHA256
7d5a9178299c2af6f99e22ab5078927874be0d5f39f52d3c2912ba91d7169c49

SHA512
429815ca446ca6dd1cab8832739042a7397a45772625b5bfda383a5e413277bfe9221f1332c8ff13d835df6f81c25ce95b227f6569430bbf8f9e5d68a9e55e03

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\Qt5Network.dll

Filesize
1.2MB

MD5
aed531d3e2e20fad7b45d8c87e740609

SHA1
d19e3ee13290dc801ea336ee8d3137d3fc345cbd

SHA256
8120f7b91f40669694c073dac1157c8131f91d8840d06be456c7da81fe7b7d80

SHA512
2d103c461c2ff9392ccf60e3c62da1fa137c166eaafab124f003a7080cc83a547c3f95f0970aec584b8b90419b15023a80a2039350b48e1acd0d383ff08d1d29

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\Qt5NetworkAuth.dll

Filesize
159KB

MD5
2609c4a0a310bfd287e591df9fad5822

SHA1
0d794ce278890936464eab4cc49d6c330794686a

SHA256
d9d3e2de428761fb18242b84cc446be3b28e017b8dbc460ae811a092d7b8e43b

SHA512
55860c3981230190a61fe3a2633cc85541de9e27043fa773205a418fbc81aa538809762ee228eba54a83ebe083d8f5b5245aaafe42f3e222a0c6bd3e31245579

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\Qt5Positioning.dll

Filesize
319KB

MD5
f155c5f8cc4b022f8c9629e03e8a8747

SHA1
7dfc1b9dff40701c2f42d77f1ff91286311d019b

SHA256
efe5ec3b7ad56f6a906cd29f4ba833a3915e6e08118f9a0d723d530c2de72110

SHA512
5e2423eb1eb3267f1a068dd5fbde6e763f101f594cde985a134b20f6996c814bac916d7cb93accee30d696ae3970860d03da316e00841299d5fcc73f5f8570d7

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\Qt5PrintSupport.dll

Filesize
312KB

MD5
c3d3df4f0aa5fd9d6e243e3542ffe573

SHA1
640e15b7642a6ede61e9870a4e3a2a6248b70965

SHA256
c350a5b4d158fb919ef93b98a716f0b25f658c1000bd1d07c78ee4567547f1cc

SHA512
0388c20134751617164dd3b26996f89ddbe48594eb1cf94e5ead25cdf1074053f612cd931d038378d2a85e254b4a323177a63e793373f709bf969ba81d289eae

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\Qt5Qml.dll

Filesize
3.6MB

MD5
bf6e8af5d64841e760d3170797509445

SHA1
e3824f2ad7608fae6b6ace23ea8ea37a12d73254

SHA256
3461b5972aef47b726a8cb329704342949eb50eb247619dae57e5f98e64e5e65

SHA512
56c163aa1ed034e61bbe184d43f271d8bf570ebe279475a53277b91903f1c6c20679676ec70145c1b4fc176ed7a80ebc81c46ebb72855be3fe029d580ec3754c

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\Qt5QmlModels.dll

Filesize
430KB

MD5
3ab7e58f77825e6ee91fe865b384b09d

SHA1
1bcf053cf66d7d1b3dcee484905eaa72b1bfa7bd

SHA256
1357be17c6a1b30a41543148afc6e907fe86db4f1d11ead19cf2bd52f8ee7266

SHA512
6078a3a68ccfc1187eff2281a296e8136c0ab64e93c22f70ce94ee1066d12ed8ca6b07f784c234b93ddb831e1fc867eaea364eed246c46926c2b9a360a65b92a

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\Qt5Quick.dll

Filesize
4.1MB

MD5
74c5099072a2d201fe768ed0678e81eb

SHA1
8d438976bcd759c12e1c6cdd6a4e677f9d050b0d

SHA256
8449c36f7ac8b7017a40ff45b737f11a729259a6de9bc4b3a6122afc10c890fe

SHA512
35644e3c8277d962ce22e748ac89f3c23d85e5b1720552f90a9f0730d47b7560fc3613cceed913c25a355b4e428eb32af178ef24c3ae2b1a8a587c54bdb76cde

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\Qt5QuickWidgets.dll

Filesize
74KB

MD5
51ca631b127f0702d08246d2fa2f1328

SHA1
3535eeb55f6d7ac6855e82a9342e7dc197296b95

SHA256
9d560ef016f7c03f35a3d8a3faec1a7206cb631fd3931b63742e450442b2ab2a

SHA512
7e4035aee9446196479fed5bee5eccd200e9a508f8ad1cf93a082d6ff15fda1a4c7df37108deb9b6bb6bbc58e6e42637c4503985837a9ea137c17c95db5d3d9e

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\Qt5Sql.dll

Filesize
202KB

MD5
98edf7d74c3584b2feaeeeb81a804c39

SHA1
269e62e95513dd2111b435d8dd251e3093cb7e0a

SHA256
8288f82c135e640ac46332bae8b3f35c9a7eaf709dace1cf3364d4f8757d7465

SHA512
6412fae7b70538d51851f76c654f80abc87ac05d5cf3eb379fd8636eea7af49ac7db96528e753395f07cd33441272e9cdf57451c7300415a001912a872489a3d

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\Qt5Svg.dll

Filesize
327KB

MD5
214684eeafea01525a3f5c31e9388de8

SHA1
edcc504cb68156dc262065a5d0273a4109c02f3e

SHA256
0be82f308332ae5c1033a633c6535868e26e77443842ad24b275236b0e7ccc06

SHA512
05159b84b5350677cd0245bbcb49ebfed2cfe970f898eefeb59f070533bef93e1c637476c952e9fcd56d7c2c6d2f888bbf6329758b8ef209c4f432ac4d539629

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\Qt5WebChannel.dll

Filesize
130KB

MD5
2f3ddeadeb907025eb6cee3b74596f94

SHA1
90035f614ed5a39c38912aee3cc6cff696e7486d

SHA256
8f0d3a622c4346cfc486970491f851c18d437c0d59f8a7daf21760c8bf959ea8

SHA512
e1218ff89d87f41960bc375f831c33473118c7fbea7101c3af5949914642c00ddb1a4ede5928ba2cbaa538e7a260dfc164124bb24af1750e74d2414d0fe7d34c

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\Qt5WebEngineWidgets.dll

Filesize
245KB

MD5
c6e516979ed6fe2c8150e73ea4b550fb

SHA1
a7270155c1edf15f58c5e226cadcc4d6d3299a9e

SHA256
6a23b22647a32cc03254af7a719a8c1c5947ced9c75e3dc3e584f67c273e3573

SHA512
d7b403e857cf17d0d2c0fc15248a69c01d8a18d9caa1c56758d9022bbf4c97bc8747b5b159bebb51ffc7b70455bf548c33b688d8fbb0449e0f47f87b529222cb

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\Qt5WebSockets.dll

Filesize
156KB

MD5
c2d7b955b4e7626fdfcd5473075ef9a2

SHA1
1cb0e0e15e1f0e31f797a617ac101b029709406c

SHA256
c771173d6dac789d844b59928c3f3c83d1168f4fa08c743b173b84b5757be6fd

SHA512
21ccbfe64946e6764ba74ae8a3f1b9a3829cc8b4b7131827e7c0586f43527890e2aad263b31e05d2b82707901b14f5a81f4ac4a33d6d26aa31544108a7492a9f

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\Qt5Widgets.dll

Filesize
5.4MB

MD5
852e8d74fb22c8cc275118bab29f7f4f

SHA1
7ee8502b09177aa462a78d35d9b0820ddcd31090

SHA256
0615849afdf8f0d6ba97c8cc6a0739ffeee12d641cbaec05481733a063f28c22

SHA512
dc07a2db2f689d77250fbbd1aea3a764a59dd3c908033391c98919785e7ea131e6f11e6ff11553d83a2888b20242dd7964b55406c49a224a980f6e59fe055392

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\Qt5Xml.dll

Filesize
207KB

MD5
b64fd7804cc882c5de8f7a550e02df63

SHA1
32f994cbadd1d54d8e86a5d96b95a59ade5823cc

SHA256
3d290e6fd711b963a712388e43aa59c4ebeffb002c81e65f2bb50dcd63328065

SHA512
78ffb036405cbbb1e9898c63e1f5380a6650980ea90566a9a612663df8e61c867777cc13a85ee2528e2ac0f951889d5d70089bae0eabc07b012c3e4f4c0a8767

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\dbgcore.dll

Filesize
148KB

MD5
c392b60a6f74601b6d01b1e63587ed84

SHA1
434b286bae72ccb2a2f131b0c5b8b4b1d3bee39c

SHA256
c96ad5db6b55fe2962f5928ee2e6afd4621846325f27bf466c8540b36e576397

SHA512
3f694a108de48f8265aa5655c5b85a272ccf577ad8719d7cdbb6fcbe8bcf64de162f193ba73d3fb0c1c173008eeddddbe657c258139976c61537f4c4efb53fe0

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\dbghelp.dll

Filesize
1.4MB

MD5
6d35358c66d8720db912e52b2ea79090

SHA1
dcb86441e5cfd7fe4257659ccf852755677f0be4

SHA256
d645f9d265d980ca77393ef1fd61df046d152620b47b629df47169777f3e1b6d

SHA512
d0eb8254d5d315d9cda7250ca2476bcbfba4bfc57986fbbe848b9d0b9c084db44b61fa53286cf8913f13102ad1eb9dcbf021902a772f5e18315b027dca931940

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\libEGL.dll

Filesize
17KB

MD5
67f0a1ef90ae833bee545ba0301e25ed

SHA1
f47a6019824f395334772cb6300cc67d3085c050

SHA256
0eed162fbe3d1e5f5225b7a365c7181bafa28a63679d9c181a3979b6b1dfae8f

SHA512
37ce30762641abbf9c779aac79a7482dec52c6828ad19a7bc8217f20d04bdea34d25bf1bbb300db17ea40d75bb21f2cade7937312fec1e83fb15d4f0306e5c63

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\libGLESv2.dll

Filesize
3.4MB

MD5
0123afb601eaa57ab7cec647e5c5da82

SHA1
75ff40e572ea210c2758b56679d6d71447764ce7

SHA256
5bc6edec393cc60ae728b74eed09c8a057695e53779c0f38cafe8980fa3cfa25

SHA512
6de1b5b77cd706d7de4042378924381445b599ab7639b214aa9571386e5f22ea37cf6922037b26603efe0e7350307396802f2967062e235c0be5b59b285f859a

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\libcrypto-1_1-x64.dll

Filesize
2.7MB

MD5
198fa1166cb77025c5c7f48ed87dde05

SHA1
258af4da01e222158de1a7bfde89f68aa481512b

SHA256
7c5334f23ef6c537a5511cfea36c528925f06e42b21a01c418b778040ec2c868

SHA512
507202b5bf5efdb2e947deb1b51d0d3971f82637f0e54c3f2963971a18136f9d6ef024064a8c27ebf3ddfef69647a44bdb055a74f27345b668ab22d8ace7dced

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\msvcp140.dll

Filesize
558KB

MD5
bf78c15068d6671693dfcdfa5770d705

SHA1
4418c03c3161706a4349dfe3f97278e7a5d8962a

SHA256
a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb

SHA512
5b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\msvcp140_1.dll

Filesize
23KB

MD5
3e567bd78bbfd8b8fedf4ae2a6330c2a

SHA1
f33b8c5fd4a7e09844f2f8b29346f353bdd8725d

SHA256
09df8a8d74500a21a2a84da237e6a1d2acfb8239e9b0eac150030b8e1f798984

SHA512
e9002e61b113ec1d00601d6fe3b919a171d5ef2b52c8c8881c3c5e5531d95c425209fd36b3c686565588c2f6d6e04718a715715082c93f66069297c27ea0e756

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\platforms\qwindows.dll

Filesize
1.4MB

MD5
0e43cf6bade2d5fe2e4ee284499428cf

SHA1
ae1f3ad613b825741d7261a295a30c4c7a45bec0

SHA256
c490487cc4b24c3c6e25a46bc1c37a47da91d7f96c8a2831e73e3f2d55b3d78a

SHA512
bb15eea13b09fa71315933e3bb69c8ed481c480f599211c7c3deda794720d7ccb09d80686f11218baf48ca9d78a250717455771a7a2103bc001d9c1b08b11481

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\qt.conf

Filesize
72B

MD5
f2ef200849cde3ab7ce94a3ef7d75369

SHA1
44b0137049ab427887d7bf627cc647445261d136

SHA256
c6d22b6d99ee62c3669289a2f0b1c40fd936e76a32d82b59d1ba12814010eef1

SHA512
b6f9b25b17b120943776d2bb2b0a08dd18d65a13488c63885a7a55d1ed22e1516569a6951b12a35f2fcadb791350829b9f7a0795fbe3ad222e2c6e7bef9b9036

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\translations\is-62MPJ.tmp

Filesize
16B

MD5
bcebcf42735c6849bdecbb77451021dd

SHA1
4884fd9af6890647b7af1aefa57f38cca49ad899

SHA256
9959b510b15d18937848ad13007e30459d2e993c67e564badbfc18f935695c85

SHA512
f951b511ffb1a6b94b1bcae9df26b41b2ff829560583d7c83e70279d1b5304bde299b3679d863cad6bb79d0beda524fc195b7f054ecf11d2090037526b451b78

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\vcruntime140.dll

Filesize
95KB

MD5
7415c1cc63a0c46983e2a32581daefee

SHA1
5f8534d79c84ac45ad09b5a702c8c5c288eae240

SHA256
475ab98b7722e965bd38c8fa6ed23502309582ccf294ff1061cb290c7988f0d1

SHA512
3d4b24061f72c0e957c7b04a0c4098c94c8f1afb4a7e159850b9939c7210d73398be6f27b5ab85073b4e8c999816e7804fef0f6115c39cd061f4aaeb4dcda8cf

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\vcruntime140_1.dll

Filesize
36KB

MD5
fcda37abd3d9e9d8170cd1cd15bf9d3f

SHA1
b23ff3e9aa2287b9c1249a008c0ae06dc8b6fdf2

SHA256
0579d460ea1f7e8a815fa55a8821a5ff489c8097f051765e9beaf25d8d0f27d6

SHA512
de8be61499aaa1504dde8c19666844550c2ea7ef774ecbe26900834b252887da31d4cf4fb51338b16b6a4416de733e519ebf8c375eb03eb425232a6349da2257

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\Scripts\main.js

Filesize
952B

MD5
db810f1a889f844222f85802155e2017

SHA1
5f1ee7037036948c5c38340255bf998af6634c68

SHA256
c39923c7a8964d5d922434909e237aaa3164185492eb305ddfdaa937f2923c3c

SHA512
d40722624b0b0e39c74829368189e7ab73a3713fb7a94f6b9892fa98f07ec7021d63cd92520848f5050fb2929ba03bf0704da83d65dc34ef14eec94439523b55

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\Scripts\main.js

Filesize
950B

MD5
b5313ab6e8cada6848fb7507a2628243

SHA1
a3408abec061b9c5a8eca4e9e201e3e8f93b7f77

SHA256
b81b6c1abd613d998a21e44664db0a5fd884188512508ccb049318ad47a43b69

SHA512
2c61ea76287e06e66856d215dd885558d3ba9d553d9f0aa3841b27fc973fe446026fe4779f66943d9454e8d2870daedebef2550a05ed77731becdc21be5e75d0

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\images\is-5ABLS.tmp

Filesize
93KB

MD5
68ce684fd988d943a92ae388a1eb7f13

SHA1
178adb6cd67cbb741448fd211a816fa0f41ceee1

SHA256
08bca539c8d44f4195d406efef4d414d25ce5e35c6d12a7c7a89b9470bf9f8a5

SHA512
d4a9539a440337f27882f6dd404781d5d24f88d786f51db1116409d8058aefe5033d00e97ee97a29270eb6a7f1d7c8359eab808876f871e18d81a5147e85c104

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\images\is-C4I83.tmp

Filesize
85KB

MD5
e19c8576c67988c28bd5388087008920

SHA1
61d82910fc8791cdd39361206de2c61af0831fa8

SHA256
5f4bb265aa7c2f63cf77203a5304890ee079c8f6422b201423732954559e8cb6

SHA512
25b64f2e861bde7c38afcb35e1e34ec11c9ad20627a1ba7f5df2df5d71a23b0cf3c536e61b0168b7a41f77f4960a85cfe0bb22238d5cd03fd646fbb1935cb0eb

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\images\is-D0KQQ.tmp

Filesize
204KB

MD5
c43b571e3b229c9f4d02a200879207f3

SHA1
b0c45c80cb8f2cbdd1836994cb1e7d7341514718

SHA256
6f7484c59629f846127e926bcb54729e4cb685f1c067765e12e9e2411b0b360e

SHA512
0de3631f839c1d2d9720827a503853246be8f1b4263f497d3b2fd947248a7ec7b6214efc8ba9e25a9e62168d19bdad1318d4765d11ebe04b918c5a45016044d6

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\images\is-FSH3F.tmp

Filesize
69KB

MD5
2a916fb4255f2c41b43cd1ef35db5d37

SHA1
536bb714361077b97c78981bbe915a5bf8b4039a

SHA256
ea33ae3b4e6acec9f74b7116e94b656176e7fbc5c0c88d1fbb7bc96d9b99acb5

SHA512
3c485a1dff37a2d5586835759302f263a840eeb0e27866ec6e1d734c54d5122e62e65920aafb0127e1f2e1f6995cc0d602767bb41163856fb9b2690560a59b25

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\saves\01 Networking\HTTPS\image.jpg

Filesize
43KB

MD5
4e52c3f22d7ceccaee688583c23bdd1c

SHA1
1fa80d2b69babe34b52a9bbde8263329928e6704

SHA256
0977417c56b884add248b67adb91176b4b0ed6c7dd42859b87df9992321713c4

SHA512
36b4d1984c096047bc730b5c2c2a2e5797cd1f6c74e613becb06f7796bf9dff526ce2dd9550c07d0c4fb48a55e0323a854e30701763d9a1c2730eb2f6e2f859f

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\saves\01 Networking\HTTPS\logo.gif

Filesize
689B

MD5
433bf2c66708b90b589f7e704e5d3d36

SHA1
1635a9b6fd442cd77905fd5003350e5d727dd055

SHA256
0b841f1def18f7fae65b40316002f08fe069e33744b4a33f435d20aade13938c

SHA512
9578e646e39053a94d51825bec9fe2bc1b79229729c36f5e6533c4fa753fbef2c459947341c9584d3a0f8c0855562f02df40b7ead7c54bcad4df2c80cfefa3eb

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\saves\01 Networking\Wireless\Cellular\Cell and Wireless Path.pkt

Filesize
38KB

MD5
6f02dcc157b5bf5acc529a0e60fed0fb

SHA1
68d7b681e1befabc017a2b7dec7f5a1aca86e49e

SHA256
83cdc4b4a7fc4bdc9a1fc5ee03f8358e2c97acd35e4532ff001fd340527feaa9

SHA512
9d1df9d9f323ba73ed4f202c94081e25d92437cb8d84c7194e806e14c9b8a2c51d375074923e254a9fb4e976de7c94a63c01307de18996810706f83fc6abe7b6

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\saves\cscoptlogo177x111.jpg

Filesize
7KB

MD5
666d5f57c37f04b561369b27ba0a316a

SHA1
791c30566b1fb93ee87585741ff325bd5b043f93

SHA256
d35a3d1446eb87bd65ffe43f169f87832c4a4f0385358b76ae693a3840e08d26

SHA512
7a70b0fd1236ff031c4b7d789bf25aeb67dc8f7b627657f90737c3637638c251231ea848bdc5f9d4186e81c84b9378e42686891c536fbd00a5c02b46c6105c24

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\templates\environments\Default Container.xml

Filesize
121KB

MD5
b9584e4d580160bc906a426775bb7b36

SHA1
69751a6bfa1286c2a2dbe7e78027abbf37d64409

SHA256
15daa3cbe6d39b1e6bf906a7b9226b8a3f648075d21f8563dd49594553545dcc

SHA512
6bfbb49eacc6323e5064893e774b3fd2b02cf0f05f39bc0f022282479c552c2fd435b45e7f9c2571ba05f7b474b023f9a7ac7068d4a5c28dd161d18e2938535c

Download Submit
C:\Users\Admin\AppData\Local\Cisco Packet Tracer\QtWebEngine\Default\1c1c6031-10e8-4f05-8d66-5a350affed24.tmp

Filesize
797B

MD5
a7a5bd8aab533dba2240f21229ac6528

SHA1
e8e4be70b747961a586ae99c5681392dc38fcd4b

SHA256
6ef7d83d23b130aefde5a5e6bf16ad613074633dee3fa1a9338ab7c2a1b2c4f8

SHA512
67a11d2d4505514be471a2424c28414a4a451a2e0481d5c788369dccdd23dea9af802e46c9ca86d989a96c4d5ce1b17a2160782bd62f21909c4495cfd9adc97f

Download Submit
C:\Users\Admin\AppData\Local\Cisco Packet Tracer\QtWebEngine\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Cisco Packet Tracer\QtWebEngine\Default\Network Persistent State

Filesize
1KB

MD5
10dd8cdf419a90a2e45cad96109212c4

SHA1
dfea0485108fa7247ddbc53c3ba30ad75dacd863

SHA256
b3afd25c01ffaeeefb8dca1c5bfc53f380ae8010fb468175066ac3abb11d5d66

SHA512
b4b8bf6885d65138b7ebac2b4a95f546e4d988f025850fbb5912c188ff37781c9105fa018f663c276597ae0d568e898ed770695f720d29f725f83e6751a70364

Download Submit
C:\Users\Admin\AppData\Local\Cisco Packet Tracer\QtWebEngine\Default\Network Persistent State~RFe59a32c.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Cisco Packet Tracer\QtWebEngine\Default\TransportSecurity

Filesize
1KB

MD5
56797dcfe0fae2f4b5f881e3994e213a

SHA1
560e24659bf11cdc30d3a3d112a74cd78df1cccb

SHA256
e02585c4341cc000ddef5d19424ed91f24238226a99e862c0b0ddcad8424a8a1

SHA512
67ef22d8282199d9c3696ec8e6b93be1eea0bec7bcd5f8208adc383619b588c9a94d3708d2b7fccc612e2ef229edc0259aa8ab023f780e4c75cbbb0d3d551d96

Download Submit
C:\Users\Admin\AppData\Local\Cisco Packet Tracer\QtWebEngine\Default\TransportSecurity~RFe59bb09.TMP

Filesize
1KB

MD5
7e33bce5c4dd30f97ac39e7ed4d17baf

SHA1
31de843eefff658f3997d455bd553c5e17b6d44f

SHA256
88f7fac55adf1287157e79d02432076f8243cf9465c9efb319c40bd4b8463cea

SHA512
8959fc6d07ff3aa92e83e33db067bdec0cef6408c42a71a417700da3cc2942b8e90e38b37bae23cc3b5ad010b6ca1fdd08841a0c7e443715d98d1ec1d01b1887

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
22d988e6ce454f8e04df89f79e612878

SHA1
59010fa942fbd0d90017fdd1c0667e43346cc2a0

SHA256
4cec9434581840f7e60be8a9fa09901aa2231e74fef4b6c2fa2215c3c5fe3f19

SHA512
0c989d7c11b4a36d48d0a08826f14a23d35440dad9d14af73de70669baa06ccfabc05f0a332d4a27a1313f02cbc718b43145d62300ca7abed76ee584814fdf6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
42b4569fc47793735801cba9b35a69e2

SHA1
1e5b6415921dbdbd32c94ef5e8992c5c692c4e4f

SHA256
4f5ee47778d5bd84413f7d7e5f648719cba0ee9759d22c42f3b110b6351d738a

SHA512
5bcf7b50009e81365caecebc278112d2f12c62c6357b5d4c9b3c17bcb5d2e8e1b88bba2e28e9797c45f39c34c5fd93b0faf5ce535075e896362e1212bfd5560b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9da03ad1511b849c183ea5bdc333ef93

SHA1
b839c5627bbe9cdaa021fb483a4f070e337ffe81

SHA256
799796abdb6741126039822d665fa85eb839a8681e3906adaa7a63fb3f2b681d

SHA512
470b38abe3292a3006c432c2074cb22abb23e6c770e64e9dc46f3e5091dc946c62c13a1f4d7ba206e653675c2929f7d0a2ec89b15dc064dca0b5f0d8e2b1ceec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
eda3e27db9a6729ba14f904a5f1c6e5e

SHA1
69164816c0aa23467defb69d2acfb0e942b7fb7b

SHA256
6d4313240e58229fab3bec0f4441501d2c8ab015461bd1ef10e5ce637f5e21b7

SHA512
8afbd1854c7112b6a3605ecb025b7a8e013592cd3031497c80e993364e85db637a6b5a15f706ab9ded2d3271914f03123324d141fcd5aa68d806ebfd0aebccb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
7b453a3ea6747e7699fdf5f317aafa62

SHA1
eb805f222ac666794dcb2c58822b807d5b55efd4

SHA256
c7b24e77419f01148a686d44d2854dad195944b40b33fd685d371ea6f4ed3418

SHA512
79365e103bd27958505dcf1ee1adcc5d5ff47e52c72d67ea2fc06ff9c867870f7dd814f7fb9074f1a4cb6c8190e7988a8ed0a9a6ebd0d182418abccf9977083f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
d28ce17d33d101b321d31ecd0100656b

SHA1
f14c606d58a929d38fb0fc53b09cef6e6b9472af

SHA256
142fb8cd9c6629f39be0a9f0a9e72cf927ea775bf861e4933ef258d60033a034

SHA512
a7f2ae38e6826df8c55f1aca483cab2b146a66082e0e99f3f607f32cbf9ac3dd3147a96c132f3df1bfe633888e5f297746ade44eccad54f26493ed926972d5c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
d235528212ecab86446407b1aa6cedce

SHA1
24b8c1f7620092208fb3d187706a66c04f308dcb

SHA256
7ad800f61bd9ab21bf3f0df4d0f1be31adeb1e457a40b368405c846a8126cd54

SHA512
b384c3d89d5cf6c3cfe2b91d63b12d6578294a8455ef18fc756a6aad26e2c3c4c12c7fd561964843b315f7f12926af75e3b3eb10e3c11b4f7fd5781a9dcdf55f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
64KB

MD5
0d195dd38e9406c75882ba90cb063949

SHA1
117557761105bcfcc3f49c5d6312ce8bd382d2b4

SHA256
e7f8740f6058aa21acb34e453bae47d0749fcfb578d8f2ca15c48fec85f2191e

SHA512
99aa204b190bcda69cd9a5b812f27b5b3f5ad30583e34baac713fc23f51eca18e8bfba490fa3c40f31911ee4b337d01c0f3e8278479c99fe76020ce630365524

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

Filesize
19KB

MD5
23b27116b3c4831452570f751338a118

SHA1
7d554a38e31099d02daafad046e94fc1adccedfc

SHA256
c55c717441910dabc60477e7cc7c912c593b992a88fdb173fa8308735b07a69a

SHA512
ecd101f01cde501c64d961d050686245672426afb50ab00cb35e9462615477a267568cd3310fc7e5dbb39e345d0a30cb3b532ff2e0600b08a2851fcdbac13828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
65ed859d08130c427d4988cb03943587

SHA1
ffe07a988c6d0aa3a69925981f04d3fba7c2b9a6

SHA256
756685dba30b95a19ab8bfd282a374cba3d6234606bb40545047bec03a0c7dc0

SHA512
dca55372b62ad93034e82705b41e9e334bb93fa2539cd7a8a0d4e2840f70a01a20ee9aa0600794fa9393d1618f0f0249421a1fbaaf1d853f58e6a743c37669e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c807dbb6c06deaab82653c1921a811d3

SHA1
86a2fc092055f0be9e325c81b238b598a44624b4

SHA256
fa12679b290bc8430842e5f300d9daedbd78fc99d3b906b9065fb06f733bed2c

SHA512
e25d34b4840735a8e2d33b46bcc7c6ca88e809f4b4167ba8a7a074f044039d7bc60e0d4a82b38231f06e14fca0f4f63859f4e8527e8ef90e31fe7cdd9d6d58c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
2fda3440c40b8bb15a816fd1433c3772

SHA1
e4cd14c19e3be72f22686ad864c5de93e9169436

SHA256
36e724adfbe3ca380233e10493731f5d88f5a26a226d438d483088b1ecb7a2ea

SHA512
431392fe1994a8abc0e59070c16c49924a28f87d2c309f6b2ea98f970e53195ce3dd3b54c79818f0e2386b1b53e2fb249624249fe2e8a14a030e232116de27a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_prebid.a-mo.net_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
d14a9b9c087627ac536231bb7da3631f

SHA1
eb0b76344934b5663fb41f94f132debd9fe15620

SHA256
9e64ceaa578be28f5b5588560fff8bf33f341a184e9068a1bb84a0a534a2c488

SHA512
d3aa984ddbd026fe9c74fc5517a637ccbf2a138c9d87a46789c2f82bae1c6a303330237c592ae678bdac721c2164975210f8d0255ee839ef2e3ade5fc65a646d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
16KB

MD5
cd69a5d72e8ccda19a36e3d51e424610

SHA1
f2d48a0bce22365138494c9ca8dbaed84e03b984

SHA256
037bf881a0b9f56dfaadd2e1f453f7b2f26d6dba1985d03b96db5c6adc9ffc15

SHA512
cc62fdafff1052bc2cf65970c12379588b0c16ff985e0d5a7be391193ceeefdb4fe0cdcfa92bd93538b59b1eb63814ee8e4f8cc2298701f0c1d6076518d09d42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
008c1619084a65b024ae32b7ac96562f

SHA1
922c4b5a46c9a2c2e3051084fecf11d266a812fd

SHA256
8f7bf16cfb228025ac88bc5bf20a190cce0b15b94da0d2b0eef591c780b15ecd

SHA512
427088f857f42005644752a87cfaaf048fa6e85764f749d102806ccd26fbbf8b36285064f249f12b059377068de1b3e27e5beb623c032ea7ef15b6ccb02a96fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4b31a5101f94c9ddd9ef78a67ec3ab3d

SHA1
de08d65860d9af5942f9c4a01d04cf490ba0d462

SHA256
099290c329829813899cb497f354f8dfc84b2ecaae9c93ee008aa8647187c7f8

SHA512
98de7c50109a4dfaf9237c8eadcf50d48edb07ed90290e68c87307dbd9fb0b1cd46e2aededf5d4c9ed34bff6ffb3ddc0349386ceb2078ca740659e72dcc02152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
20781192fac98bab76da02819a4726e2

SHA1
b4fe442aef07718dac3e476951f1f33ec74663dc

SHA256
6cb168e49b6ff2f68efd1548b61260e50d5109b4a95a70fcd587744f1f06292d

SHA512
f9bb845f6e2d6df8688b4c9946c62bcbba3ff6cffee970353e5f6f1afe03e87faa5468dbc0442985454f568866cc999e7c23e199fa830d22b38cd2607408b163

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
3341403704cb1baeabc46021420209a4

SHA1
f2e39f87e65c046b31b36fe16921150720d55f1b

SHA256
b140dea438d7f79cf494503a9dc086fcacd34eed068821e6c9732e9b3b95cc20

SHA512
10fee5a00019ef21fe5775b2d523a5cf31780461244e838771c9f97423a0e9b68e489b36149fcb4224c66083c934d3737ee356de915ec48860294afc24177377

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
69f9977bcafd06d195286273ca12225e

SHA1
e4f86708c00f0d27a50b2137b67a9c2b5869d4db

SHA256
3bdce33414559d837848f686285e0ad53294202dec78c6ef46a1ea399ae6fdce

SHA512
c3274481242f17f41365e92093e0109279c9feb558976f1c1714e4471083e9f490f6d2b55eda8958889ecfafcd17f4c95c5e1d1322d3670fd53cc34eaa58003a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
20613108a518858302607b6aa6f19c1e

SHA1
7b6aaeae77649224b140b6514d3ba4a7eef7bd8b

SHA256
3e80edeffe8d086d8014e9eae52849cf1de9f5ed4dc60d9ee72bf12a07e5566c

SHA512
05ba7f2448e8728db96aad3633e7a3ee3f77815d61feac1ff86b8b9af3a8db0f69d57343bfa3c5d79e426220ecef12efd393f5a8fbd08d37e6b8c22c44396ca4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
59189eafdb6bcdbf7083dab79dcee865

SHA1
17c47ad201e592ba1465dc5f2648da6d0a0b70be

SHA256
89d57e5bb0c4c74898403f5aef8f1b6d4c657cd8ff1af15ded5ae2728d1e5ecc

SHA512
8c5ba6bc3c4a41917855289098401e3a4ad69551bcbb1c3e89c3d62df91cc0bcf90cbe1ff339cd44c2d6888d77c50ee2c66de129c0ed332b0511b470955dc8dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
045aa3c7e9da68ae481f3869dade44ac

SHA1
9d3d9f9cacb0964c38ab8ec5a3c32fd9e14bfde6

SHA256
aa4dcb32ab327d8e1394a479d2ef8d3764ab5b1343943239c4fde893cfc8d098

SHA512
5196ba75b8518271936d1b5a3a653e3ea918baaac10c8d52a839f550756ed10300dabc1a84594586e9ccd85cae5a3820876ae3dff7906f384a69562de66413bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
21a12cba71d8c5aa9455d8e5306d4d40

SHA1
73a9424894a27fc657172f2dfa0993ffccb2c34e

SHA256
19a420f450cf336cbc4edcafaed7f98fce904a0970bd1a96331d3d96d02e6647

SHA512
1031a2343a5ce19f8345cad31eeb73affbf9e75ba1a11a59c766fc1ae314017e004a71fdb14e1ee0ba58f9c5bb622eed0a1fc0dd5157be4e8d237465cf23dc95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
13299be83f84af4b15a02f7b7bfedb6d

SHA1
0e0c696f00d01c385c2348c0cfaccb294eb052a9

SHA256
16c870c8803d212a81b58943ddb3df3c1811bde1131861e5806d9dfe11ac2341

SHA512
a0fb66ed7c211c0e7bbd36b550240737f6b2965c70674e80e25e47fa4b55c05d429b2bff55c7f300e5443da6f3746cf5d697990a542cfed894fbf533d1457333

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
0a41e527d4810e701c6a9fb75d885625

SHA1
bea8078023dd9ad746720585a6a237fb6f358fe2

SHA256
d0b25154138645e5873cf14fb4ccf8e6fb59be92c4f56b6bc91443cb79961753

SHA512
5fc67fba0b510a37f2e360fb8ae9549071c9a11e60949d072b331507caa02c9bce92e8a48619cc887f7861d55a76fe2183adf90d9fcf1cedba7e969fdd4eff26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
14ca280441f526343f1d0adb2face570

SHA1
bef968440d8caa1e8c8dc159e35150764743ac8b

SHA256
caceac22a8bff39633b6383b021210a390730aaa4b6b72fdf429aa4eac316e3e

SHA512
f03a92508dc3e00c7eb74ec5e25c3e1be736cdd81a1cacd33c990adb96550cc3e25f2b0369c0fb7edb636c4c63249f01a5e596881a04ad95d9d07752675945be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
7c6a7a74af76f2966af6fe2647f4ddfa

SHA1
d6fad083c661168da1fb07964974d7c9db24c055

SHA256
6fc26781ca8b9daf2f4a61abbd7d397b09fa747855679e43f2847988e9aa6092

SHA512
22c035823ae88e0b88a3604fa07ec2cd9d3dd1b3c5babcee97d1a80d73732b4786c4e1e1ac303b918860de6a9eeaf3d19d153a2615a17f206d000087f8b685d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d19a9bb4532fe755e6def262711af852

SHA1
b74f2d983b4d7111376016d470a959b03d533e4e

SHA256
cc8274a2e879cd16bc4f2c6b8c581ee017e3b64ccfb997eac7096a36e9d2698e

SHA512
2d9e196d66df7730fa3116a617279795d3ab119efe7bdf0c2aba97c68ab7f00768676e7ceb5d06642d43a2bbf221c70ded9eba55fdb2e65d76df4756746ba8c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
03067e9e77e69c23944270de91124f28

SHA1
7cc72b382a7b073007169bb57e8e72802da1d176

SHA256
57ab240fc9e819ec3a7d2a22576f4394bd68fb98709842d4c81d29578bbce8c6

SHA512
bea06c58b17101e007d5ae41056285a3ee16d235fccc46b668068efaff64a6a61c5add1ae05e5dd6bb8f796ae8507fa59e55a72aef566c3b59b0ff8041d7a46f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
6d0666dd17ea2a1e8edd4220cf874045

SHA1
670f9a917dc68678fa7cd3a2042209ebe64ece6d

SHA256
7fb54e110ae9025beb1811ee8afeabf578654cf70a9089957f3f044721ece459

SHA512
cfb40245067b1deac52c92836bc55921597f71d3c5e72576f2ea767fb4cc1aa9f5c22b9ff117554319d3ccdb4063969c51e13e2c943e7c49a3b326a21f63a43d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
93d2d9272b2b59592773783f5a7dde2b

SHA1
f00fa134a76794ee6acfd4c47b5618f86a4de506

SHA256
fb39b6173057de0ab3afba5f38fbb4c8cebf77869ba0255449e94f83d8510aa7

SHA512
21e507a633763dbe9360fb760f31a65d9f3a97bec20f4853055a14235fba843a52d42455a660b63feba0b26bda9e889ed47a4b6df41b544065b4c5abc42e486d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
06ba38989205843a2858bb6c5a90b265

SHA1
97faf7855b82035067dcbbbcd223080fd9cbd801

SHA256
b53f19f76a1f0732d00acda4c9bfc1a6043ef2f445d70374b2f65df44531e651

SHA512
0f6a2e8e4103cd2123c22295cae257198fabaed26b89daaf7ef25f1db3dcffdfc326ce6162bf80dffba519e48063438fd9a36081f03b6d212f12bae8e9f19aa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
ce186a9626a1d76a9ca12448fd58d0b8

SHA1
8ae2125952e340f1b7ebf0b1fa942507505da982

SHA256
14c09ce2afae9e2484895aacdd9a3a30bbcdac760c3bfc325adcefb92c280d93

SHA512
93c7fa1f7d66ab65c45a144de1ce56c55897be53ad054aea80fc62cd89eaaf22cad27fad06d7c4694b4a4feeffab35dbbc410f0a0bdb9e51c4a0c36dec6cfa73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
1c702e0fb41e748bc553e55005ec315b

SHA1
d5b57e6508a7e8df67c22d05aa68ca4480566a78

SHA256
128303e1280bb51525a3403dddc23fe9363f800338f15ceebc0aa171ca48b262

SHA512
ed7bd6cef1c145ad650d41b40afa968cdab7fc215f84da7a1fe9ed78a30d65dabf5126679783b900bc038b55ccd8439dcbe80add8b4676019b9bd9950c9779fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
1f51f2319b80e1ceb569bbf6f1b9b15d

SHA1
5a6e9812e6083ff6d091d432bcc01f9e99d3ba79

SHA256
0b6f1ac5610fb6817c1ac0f2b979b6e5a3598bfad14317a37caecae5670083eb

SHA512
9c03c649d6c75dca7a43f27db2a0cb4cb4cfc8dbe57cf504ce39a5e2eb59e3ace1891a0ce952503e74b071aab804acb99e0f3050b3030738c0c5e6934c41d447

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
eef462762033a47862861c79f73711f6

SHA1
b609d58e5dd0d80881c876d33c2e66ccfba359b1

SHA256
32ea6e15da20ac52e114f02090a227eb6c99734e29aa057ebb1c80e60da6b36b

SHA512
6c394dd3eb14567d3ea219ad5d1419a1daf719ef99d586a60f6a8e91cd6a73f6121918f356388037baecc93c30ac209ca785351b5981895c522ee8737e569c4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
229b91d15ed11fa08f43453adc705b55

SHA1
56e8c225d9487897898dda06f3dbcc5c886fdae4

SHA256
51f4b9d4c372a969209cd9c37084efa980b1db0f57d17a5a688b4f0b54a05418

SHA512
04106e6586c6567a15c02d6aec4cb0aed7534dba7da849f3f77029ad0aa2e3041417e9e83aeca96dea71afe8ecbfb8574907d9a9478b7299850a8882185bd980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
98bb7598a5e4ecaafe17473e24d01bdd

SHA1
581ec39705b411083f6f24a9ecefc112bb24cfdb

SHA256
1a05b4d89e62f5f07b3d265aad11d4c168f62efb8e69df15f577fa837c253e1d

SHA512
48e1fc5a55c5dbec0e96e4d3abf65b9897ded3df0ee81708db639c2f396e9dd5f516a5746063ab69c089ec1af681553b9d93f40239ec8605e91597c798c896b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
3da975cb6f6feed2e6f4fe79294dd0bf

SHA1
3a0d0bec52e79148a66a440f9c2bd546e577d1ab

SHA256
a81f9b85d22a0b9fed0b237ef80bb368913cee03be902c8f948ff561b2682096

SHA512
d843f5526d93a1660ecc4fda197b33e61977096c153bc6945fd73ad07fa378ea73db2e3bf8286d95dff29b8593669960280505f875b85489c2ef6d7ffd33d731

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
cb35ba65d417bf2cdec674d7ecd80514

SHA1
b2142039ccb089b4b06d32c86482f0dff1588ac0

SHA256
b958207ad7a3e09ca781a0dbaea9e3afb375d62e5a8b048a97c1717e59d5938f

SHA512
ea63324386a79b6e8f6caf9e9c90765ab9e8432b43dfd9085e76b6e8f7834b7b64561535eabac4a3ac19ba24fdcba1bfdd5ef3c9cd65e81faf0e38e9f03a288e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
814314402c61040b0e7a7e5a8e268aed

SHA1
cc3f5d48be0fb083fbc88507c95d65e2eadf2fc7

SHA256
05ced649324a68c3adfefc45a6d843777de8bae62a1bcaf39301069d5d9f6606

SHA512
348ba78128a13694c6ca2226e5ea67162edb15baa0ab6198c696a2918241d4db9dfc0f10167c479dc2604efa048710a5e5a49fc0a4734febdcdfd78c5a845988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
f9bf20edd3cf7b394eee9b99897ae70d

SHA1
4924c3c4e6cb57d1ba73cf32050117b44188fc84

SHA256
294a951f1268c003f7ee88a81e76775cf0d91b8bbd5251302bc2e51a6c3661f9

SHA512
a8dc51431df3d67aa6aede313d93069ad9d932551d3672f016ed33f194e1eefcff5345b7dd02250952bad52aa8cb4b0436bc5aa52e924f675dad016270a85c7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
96fd685b47d6a75a7857a4d3f7b19d55

SHA1
314dd4de9183e1605e7b3c54a67373eb8affd435

SHA256
e39c98c243cd9fc80e47047c6e6ad632a6c9e85ea19e40db5ad10099f52cd250

SHA512
444c5123f374b0e66269d147944ce61cfd645d80abb1cae7c8413e1893d3be900a1da8a6cb1e14b974a7237a6e381909317fb15dd068a761cb73995af3839d7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
4cb5911764ae388af3fa6346df6f1646

SHA1
ae3e73e09e2d98c48b966a31a1876fa489e1b182

SHA256
f995e4a82f98f0094fd807b0b94fa1d5af8a0115f18a050a211a7dd272a1b662

SHA512
bc1300bf4cc0abc96a9ce1edb86e19dbb1a3483e9b7b1ce83403daa004ba2b384844795644fe1d3cb13fc77e5a887fc37c93cbc2a4b52ebe933f41cd590f91fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
c8231c01446a4942520a03e34145032f

SHA1
78c9d7289b3ffbefbe7adc31f97f801190cb8d03

SHA256
b5cb5296ce8c4f193ac6ea87ddb921c2ec91dc66c2374b60acc4c5ff3d9d1e1c

SHA512
bdf98f96e1c4cb4910c1fd98385794d5c48594a9076e5fc38038b665ed42b1dfa31a99e7021bd97e49b1e44188b7dbfb1055e1bb523f0ec610a27605186405bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
8f3b06cd397243d48a0ac9af19839a2d

SHA1
20ef0be955c229ea320149bd955fda2ce6e73089

SHA256
2d66365b5323f65d95e6ce372534b10b844e45b9ecc9a3bb0d5e9be88b2497e4

SHA512
8e11ae28d9223c9585ffd920ed8ace7099947df192368580aecea7205e7ea0f2181e8905010e9ee4c2bae09c6c23c7dab4b6be6a946a8d562bed20ca2d17c113

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
2faddff892c0d68881d074c85ae1f316

SHA1
2449b8634b6ee282c3026297d2a3354383f0a3a8

SHA256
ee3226ac93a1b623851af53975678bea53accf3380207320499044710b2e9f44

SHA512
7146e9d20aa7f5f0973d5b54c69a90a4c830d434a8763261461e401ccb6c75cca84634991611449417ba3c9ca98ab7c885326e10fe5db071d1529b96c1582cd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
275057bea7b115d1d1fe9f950f9813d4

SHA1
737282a1c2b8fbaaacb123b7532710a4cecd067e

SHA256
c0af14db121096835a819309e5dad71b686b36cbad1fc373917ca1c852cd1157

SHA512
aaacbb60c419a7520156e33339cb89144bdb190bebd5382ab93d7698d762c007d47bafcc4de2b6979681ccb620e8d2e2ebb6437560aadc5e2d1eb30b91589cf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
8f5d7181450959e8a0ccc65b1f9cd1d7

SHA1
ae7df8862974af31d8faf5694a30854913a2b715

SHA256
95d6e21be35ef87a8351da8a506eb6e460b5c1577a14f049b73f83db6844183c

SHA512
ef2982c234c9ab4c8bec7005c7cd10a037a3067cd91d88780a7894ce035f0df6c4fec1ebf264314a40672b278a62c797e8fa82c3f81ebaf40faf8b189c00c632

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
503dceb376b696b7e9ae4ad5a227d36b

SHA1
8b3fc22c432efca504e30dbdf30a77a4721391cc

SHA256
14c610c7c57dc3d3158d2f1e60c24228969c997b8dcf8fe42b2c5b4287e364fe

SHA512
d9a5b8c33cd82c5a574e0b79aa326c60b45d3533c7f6e5ddc374a9f235445ea3c67c789bef8c57c29e8953a54cfb9c34cb5071034f8cd579a959d35cb0a5a205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
2322ee53a865af2d00761c648ab37f76

SHA1
0b74ca0d4c20b704e81499a75bfebcb3d782b18e

SHA256
954ea12a68bf47efcf9f2b4a99f6fa79aa441eafb2a9e5c99cdce76e4f5947ee

SHA512
57dfebbd6a832a77bb81e826ea39b9f4969d964da04a5dd6fe0b5ae502136b5245ae06b403ac2348c350392a892784c95f311aa8caf155adb921e5e0df69bdb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
8a8605b6b939ee458992f5b39a13c616

SHA1
2fc43fef33ca2fae937dbf1d4ec6282a6449affc

SHA256
79341fbe5480a348c8eef2c7ca9e2c904553882e2e844cfd92afe1824b873b08

SHA512
68434ec69a399a62ac59e90f1d8c6ffe0a3936312c100cde5a9b5413491c2cc5893d8bfe3e11ea9139b15d13f19f9be27f18dbffd4dec27d3eb784186d4749b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
3976210be4baa6f0dc1a14c084a9f1f4

SHA1
8e2605308cfa375396997b53e4f67447dbb21ca2

SHA256
6ee426f3d5e485268aa5a3ccf3ad18244175ac662aa4bc11f186c8b405146bac

SHA512
c161b652739fc0201324dc6944c6e480394e52da1183b282a735d11375255337cedcf7767822276e9042accbf65fabf872e534ca37c6c0579338731cc3cac5d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
86043a4fe24912da90108294fee8b779

SHA1
98e74fca5187fba57ba65c305b29ae128132d3e4

SHA256
5439575fc9ef21585fc0f531ff485387c6225aea27463e37513b1f518b746ca3

SHA512
dbfdfcd5f9902d50d361202dcc878df67fd54d9564dedaa8f50d523be6bb625b9098398ef69776a4b531ffa8780fc7d2e81ae4640ed53737267fc64ebbf0d28f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
eaf0f7cbaeb45c44d0a285aff3aecd69

SHA1
cf16b21d5b8e016acb7f6fe909549acacea5c225

SHA256
f9d76293919ac8fac7b16d933348d9aea1c8ee8d5d554cc29e65751ec556ce62

SHA512
aff897616c3e396538346a053ac18fed4cdc1382a3acd9bed75d56c15488ee0b359ba48bb553fb16de1b1dd9266cbe050509d11f9982d979e7572813d9f34a11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
1c5885286233995f55b2cba77543b4e4

SHA1
0a77093b3f91686d04c00ee773141c6191b518b9

SHA256
e1674d4cdcf9e711fc527d8a42e222b1d402a0d516e6200d8abe59daabc4a405

SHA512
c16eb90f303f6372dfd64fa9377d5ce81ec5118356bc446d1b27fc0d2ccece64e50acb9efb21b38f90dde7f4aa0f75e6eb7f889c88b7f1fc1497d794c885dc99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
ef2e970d100d7acfd3aa4b9bd7c811b3

SHA1
5ff652cea60c3f318cbe547015d33cbe807ee1e7

SHA256
f5341d392b2a1957f431ec1085efc417163b3369b2c14a181127bae02c6c1ccc

SHA512
8b55deb13afd8b8057a05494b6e6153ec70a0f1abfb078c4ca9aac67c27b7f7ccad56f189e0e876de4930622b4a9aeaac197b6b9ac225a941472d4f2fbfebbe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
fc4aa6c64bd247288b0625ee18856380

SHA1
8e671c1364e6c6d5fe124dc70c2f62ee6ec504fe

SHA256
3bcb5e2567ff267c5bea7046e1cd128ba701c44e26f532f953d2ae0beeb51045

SHA512
1e5f95620790a8e10e2a988bea8162bcf4fe9526c7f2a48b0f0f1224432d5c7fee9aeda959fdd4e80cb91df76673b2fc33148f03684f3ddccdd4dce1c9be20c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5935cc.TMP

Filesize
370B

MD5
a38200d872cbb46fde211f8a0fdd9767

SHA1
7a4a376c14ac1c5cb97b30d7e80ca48983b28279

SHA256
81524c9ee80ce1b5690ad286ead685496f87f0d3a8a18f02bdfbdddf2546b4b6

SHA512
7dfcaf84d79fc3fac65334884fa824682dc4495a4570b2c1c6709f9d69475253fb02efa696d47f0a7e031166bf45ab366d17f0bd1f78ba243ad118913cb7c6c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
63664921d4e5e3c995fbf9ea6cea0052

SHA1
ddf96a15aea8a1c06525e7f1a5cec270987365b3

SHA256
a971d4591503467ae850058f7cbedbe90b61016a41fb4c29166c593d986ec75b

SHA512
56046f15e1ed9cdbe3eab5c59a228a4b5a3d3aa7d923f7546e8050ba4272d41c75e7643860403691b40f518e6cce7ee8f01f0040ed169f59529721ca1da49f32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4c545976f3181abc071856ea62c9e6b8

SHA1
c5e8ab3235d70f279f9ca6c25d79b019df61bf11

SHA256
78c8abc2302450b8151c4a7f4eb400514df718097eb62381ac11b644eb786b13

SHA512
39a9684e9d66aa59529d33d840dbad19ffbd3f9ce248f6b7e403cc657123437a8a64f344259970bb6a7f89fc92463bc6e69602600d2d4496ff7eaa2b7d55f35a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2366597dea8af4956b833027cd9c0b9e

SHA1
eeceb169ecebe73a7ab59596d2e3421d8a76f592

SHA256
6e99282688942f6a3804d2985010c2a77dd7ba3f6081ddb04c56b0893fd4a01b

SHA512
dd9b5418cc59b36619c4552bd5a8d2f4ade852526f84e5efaabf9dad21eb96f2d95fa9d3a9dc21f833fa69de48db7503b0a5a09619a8664b523a769d29a29b5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3802c3c9bc0e5f2dd5a0b00f50f1811c

SHA1
77b384f0ff50b8a74cbdc3e240839c8514da548c

SHA256
452ca543251acc1e239757fe8e0b8a5953417735d400df42266a92df70b64fde

SHA512
c1fda892771bc65e50e86e562e63a91d89652246b2d5f2eb494e1476e2c5693c34cad2da2c44a116de292de3fbb199158f252aa6fd5a43dc856005f5a3b2cabf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Battery_item.{12d34_56n78_90s12_34m56}.png

Filesize
1KB

MD5
221966c862ba46fcb4e84c7abaaa8de6

SHA1
13ff14b78f80ae0d7fc59fa24e24e97ce512f424

SHA256
19254d029c972105ed716a422a83f308c323ad34647c6e44b4e8ce3fa22573a3

SHA512
10d1d4eea2451fd817694c34f553c8c66349d62c38bc528dc715179e1c6812c6788429548f39482f2177c2d25a1c732f0d51a264f1646fc6a8162a3c15b66fd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Bluetooth Speaker_item.{12d34_56n78_90s12_34m56}.png

Filesize
12KB

MD5
e82455fad97f4cd04b0a0d533a201a8d

SHA1
d7d7a827ce59df91816c49bd2d108dedb4135203

SHA256
6259136f2148054c04aa3774e7c77e5a71216c406c808d4a759da30477ced0c3

SHA512
63c781fd2395c764bbbd4c1bb5afec7e571f85f3a5ce428146b424cc99e80a47e49febca06af45ce4ad43b762c8791f889306bf67d60fced60663dc5f8d493de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Carbon Monoxide Detector_item.{12d34_56n78_90s12_34m56}.png

Filesize
18KB

MD5
97710941d2a2b91b3989a82dbf925250

SHA1
767a8b09cc8c2cfa99c2fefab99c98b74f378ab0

SHA256
15e92d83ec17cdc198b7b821c1e63e1f00dc50f2eb3da02ce8c90e9c2b175e24

SHA512
bf282269b697cd5bb458042ee32c5711436d4bebd3873b0710b45493febe69a3461c26cb637ac2f223ec64f81b99828770bdb4ecd396d130a52f2a890ea8594c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Power Meter_item.{12d34_56n78_90s12_34m56}.png

Filesize
3KB

MD5
d4fe176a0f0a2ef76274610b4eab0a42

SHA1
a6dc4181372b49faf9891bf1b56af91593277dcb

SHA256
895d482d8afa5bf8ed6f45eef7adc2aa92a9d9886dd42e533ec50c6867c82ee5

SHA512
143404bb0d4e5895a7f2e6f5a105279d72839ca156241f639831dead128e8159e613294a84686a304a3ac710cfb8f7e7f58a4965d10753e8b18084ba1143f4de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Smart LED_item.{12d34_56n78_90s12_34m56}.png

Filesize
8KB

MD5
fdb42a2d8abd99cd60728137fe988e61

SHA1
96608b0b36fa411ae4e253a146cf1325baf4bc2a

SHA256
742dd31777e7010fbf884142cc9886150e7d677ec763490823b5e9053cebe339

SHA512
9b67f8df2e018ffd3b273898e9c506b215f33b04be280dd7e328d066e52f6c5011c4dfcf1591a1940a2d21a8df1e5eaf6b8c83955f7227a43f72aa022685bc26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solar Panel_item.{12d34_56n78_90s12_34m56}.png

Filesize
9KB

MD5
7b7163c7b2b3cfaa8eebf1c9aabe05eb

SHA1
4b53fdaffd87079d9a17a8b7503f8603e0d8b1c1

SHA256
391a81c04ca043e6f81f2e98c5204f1c70c882bcf8b41c9c1871394838d902b8

SHA512
bb22134d458e1e52d0d7ecaab27bb842a0cc25126656bd59f1639c6397c3329cf4a4a91188fd1f5ce26a8639d3b3d644c2e2c146f1696d4e7401c70a29c0f987

Download Submit
C:\Users\Admin\AppData\Local\Temp\Wind Detector_item.{12d34_56n78_90s12_34m56}.png

Filesize
6KB

MD5
68bb319614ba36b7df3080749604f7f2

SHA1
32e6f401da6f33383558ae4e4b3685f17073a49b

SHA256
cc82db4bfa5e7c847ba100c719d569195150cb4c9b0a50944f0fe79c2b3245eb

SHA512
4be728893a3a7884ac334c8903b8ab327c4ca4ea5983bf7d53293f7fd45158890a5d1d18f3c43fc9973575ea47d2a7ca07809e3f1b1ba938bd3aae16a4bb846b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1A7HB.tmp\Packet_Tracer821_64bit_setup_signed.tmp

Filesize
3.0MB

MD5
e382c49d56363e2e32cb7ecda842b1e9

SHA1
137020473600513d20b34f391b3645b3255a7d06

SHA256
9d0fcf7251aed24eee3cfedd6ccc8a2ebe349bb1b282e20b2d282e6e588de330

SHA512
17d488a349444508ba958ff57962f00fc71e05fc3eeb24f3fc9fea85d154ae79c13855993b3cb0628f1f268777843f9b1931e6068bc09d40b3cd3bfd29cdb1aa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Cisco Packet Tracer 8.2.1\logs\pt_05.21.2024_06.38.09.048.log

Filesize
5KB

MD5
76bbcd09677c9479cb546259aa2962b3

SHA1
fd148f0df24de1b4e650cc2c66ca7bf3c9584bd2

SHA256
acc991abfecd1407595a6790433a9ab3d2a4baa9ebf83554e1bebde57d134654

SHA512
b642d0858c4217a2dbef681a64cc063e972092da57c03839b9d8f9c9580f230d20dc4989c54c5fa309d1f9d9f5617cf423f34c13905be559189db83b6873fda7

Download Submit
C:\Users\Admin\Cisco Packet Tracer 8.2.1\logs\pt_05.21.2024_06.38.17.894.log

Filesize
4KB

MD5
34966d0c81e178d7ca2a1bf9edd44a6a

SHA1
d02f91191c0a8aa237976ecd0a8b628900363967

SHA256
3edc412b37dd06c90eeb16616bf8acbc0d5ba906b5fa5b93570fb4d248da042a

SHA512
bafacf313359e2ede5a0e33e3dcc787a4745ace96dc3626e546dcf937aceff595e9eef8d6e452850e225705af01a54e7d4585a5c9531b84c6f1ecce9856ae6e9

Download Submit
memory/1752-13003-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1752-55-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1752-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/1752-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2340-13062-0x00007FF6EFAF0000-0x00007FF6F4D0A000-memory.dmp

Filesize
82.1MB

Download
memory/2340-13060-0x00007FFF9CBC0000-0x00007FFF9D121000-memory.dmp

Filesize
5.4MB

Download
memory/2340-13061-0x00007FFF9B4F0000-0x00007FFF9B90F000-memory.dmp

Filesize
4.1MB

Download
memory/2768-9443-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/2768-5875-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/2768-12539-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/2768-3606-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/2768-3939-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/2768-6-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/2768-13002-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/2768-1320-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/3236-13366-0x00000175A1B20000-0x00000175A1B21000-memory.dmp

Filesize
4KB

Download
memory/3236-13361-0x00000175A4510000-0x00000175A4712000-memory.dmp

Filesize
2.0MB

Download
memory/3236-13360-0x00000175AAA40000-0x00000175AAE82000-memory.dmp

Filesize
4.3MB

Download
memory/3236-13373-0x00000175A1B20000-0x00000175A1B21000-memory.dmp

Filesize
4KB

Download
memory/3236-13375-0x00000175A1B40000-0x00000175A1B41000-memory.dmp

Filesize
4KB

Download
memory/3236-13384-0x00000175A4720000-0x00000175A4721000-memory.dmp

Filesize
4KB

Download
memory/3236-13383-0x00000175A4720000-0x00000175A4721000-memory.dmp

Filesize
4KB

Download
memory/3236-13382-0x00000175A4720000-0x00000175A4721000-memory.dmp

Filesize
4KB

Download
memory/3236-13381-0x00000175A4720000-0x00000175A4721000-memory.dmp

Filesize
4KB

Download
memory/3236-13380-0x00000175A4720000-0x00000175A4721000-memory.dmp

Filesize
4KB

Download
memory/3236-13378-0x00000175A1B30000-0x00000175A1B31000-memory.dmp

Filesize
4KB

Download
memory/3236-13377-0x00000175A1B30000-0x00000175A1B31000-memory.dmp

Filesize
4KB

Download
memory/3236-13376-0x00000175A1B30000-0x00000175A1B31000-memory.dmp

Filesize
4KB

Download
memory/3236-13372-0x00000175A1B30000-0x00000175A1B31000-memory.dmp

Filesize
4KB

Download
memory/3236-13371-0x00000175A1B30000-0x00000175A1B31000-memory.dmp

Filesize
4KB

Download
memory/3236-13370-0x00000175A1B20000-0x00000175A1B21000-memory.dmp

Filesize
4KB

Download
memory/3236-13369-0x00000175A1B30000-0x00000175A1B31000-memory.dmp

Filesize
4KB

Download
memory/3236-12986-0x00007FFF9B4F0000-0x00007FFF9B90F000-memory.dmp

Filesize
4.1MB

Download
memory/3236-12992-0x00007FF6EFAF0000-0x00007FF6F4D0A000-memory.dmp

Filesize
82.1MB

Download
memory/3236-13367-0x00000175A1B20000-0x00000175A1B21000-memory.dmp

Filesize
4KB

Download
memory/3236-12984-0x00007FFF9CBC0000-0x00007FFF9D121000-memory.dmp

Filesize
5.4MB

Download
memory/3236-13363-0x00000175A1B20000-0x00000175A1B21000-memory.dmp

Filesize
4KB

Download
memory/3236-13365-0x00000175A1B20000-0x00000175A1B21000-memory.dmp

Filesize
4KB

Download
memory/3236-13364-0x00000175A1B20000-0x00000175A1B21000-memory.dmp

Filesize
4KB

Download
memory/3236-13517-0x00000175A1DE0000-0x00000175A1DE1000-memory.dmp

Filesize
4KB

Download
memory/3236-13518-0x00000175A1DE0000-0x00000175A1DE1000-memory.dmp

Filesize
4KB

Download
memory/3236-13510-0x00000175A1DD0000-0x00000175A1DD1000-memory.dmp

Filesize
4KB

Download
memory/3236-13511-0x00000175A1DD0000-0x00000175A1DD1000-memory.dmp

Filesize
4KB

Download
memory/3236-13512-0x00000175A1DD0000-0x00000175A1DD1000-memory.dmp

Filesize
4KB

Download
memory/3236-13513-0x00000175A1DD0000-0x00000175A1DD1000-memory.dmp

Filesize
4KB

Download
memory/3236-13515-0x00000175A1DE0000-0x00000175A1DE1000-memory.dmp

Filesize
4KB

Download
memory/3236-13516-0x00000175A1DD0000-0x00000175A1DD1000-memory.dmp

Filesize
4KB

Download