4e354e4e7b09eec60745e0e5a1f169da0d6dcc85b8df368c78c097fc54c61e5a

Analysis

max time kernel
1468s
max time network
1442s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
26-07-2024 23:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

zzztest455.exe
Size

8.1MB
MD5

771d3bf4dd08aee1aeb4d16edda8ee0e
SHA1

e90185fb391e06763b2d2efc4434be87cbd8f1ce
SHA256

4e354e4e7b09eec60745e0e5a1f169da0d6dcc85b8df368c78c097fc54c61e5a
SHA512

82ffaaee290ce6cf7c90552ce4fd7684b67a6a36c67ae028eeaae8a9e3d35a2b069ad43074feb9c7f69219ab4ea359bf53c24552fccb1dfc521dc74ee3be0e90
SSDEEP

196608:b4KACcuywuLlA1HeT39Iigp1ncKOVVt0CTa7weBtQcNP+Z:EscuRr1+TtIiW0VuwA6f

Score

9^/10

bootkit credential_access discovery persistence privilege_escalation spyware stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

Loads dropped DLL 11 IoCs

Processes:

zzztest455.exe

pid	process
4756	zzztest455.exe
4756	zzztest455.exe
4756	zzztest455.exe
4756	zzztest455.exe
4756	zzztest455.exe
4756	zzztest455.exe
4756	zzztest455.exe
4756	zzztest455.exe
4756	zzztest455.exe
4756	zzztest455.exe
4756	zzztest455.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Adds Run key to start application 2 TTPs 1 IoCs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Processes:

zzztest455.exe

description ioc process

Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN zzztest455.exe
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

zzztest455.exe

description ioc process

File created \??\PhysicalDrive0 zzztest455.exe
Drops file in System32 directory 2 IoCs

Processes:

zzztest455.exe

description ioc process

File created C:\Windows\System32\LogonUI.exe zzztest455.exe
File created C:\Windows\System32\winlogon.exe zzztest455.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

description	ioc	process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN	zzztest455.exe

description	ioc	process
File created	\??\PhysicalDrive0	zzztest455.exe

description	ioc	process
File created	C:\Windows\System32\LogonUI.exe	zzztest455.exe
File created	C:\Windows\System32\winlogon.exe	zzztest455.exe

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

Processes:

netsh.exe

description	ioc	process
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

Processes:

MiniSearchHost.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1210443139-7911939-2760828654-1000\{89066D23-6D24-4E01-98E2-EA78A3F4617D}	msedge.exe

NTFS ADS 16 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\cat-blue-eyes.jpg:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\cat-hover.jpg:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\cat-blue-eyes (2).jpg:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\cat-hover (3).jpg:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\cat-hover (1).jpg:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\cat-cute (1).jpg:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\cat-smirk.jpg:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\cat-small-face.jpg:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\cat-crosseyes.jpg:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\cat-hover (2).jpg:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\cat-cute (2).jpg:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\cat-blue-eyes (1).jpg:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\patreon.png:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\cat-cute.jpg:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\cat-crosseyes (1).jpg:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\patreon (1).png:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

taskmgr.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	process
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
2016	msedge.exe
2016	msedge.exe
3024	msedge.exe
3024	msedge.exe
5244	msedge.exe
5244	msedge.exe
5396	identity_helper.exe
5396	identity_helper.exe
404	msedge.exe
404	msedge.exe
6004	msedge.exe
6004	msedge.exe
5296	msedge.exe
5296	msedge.exe
5924	msedge.exe
5924	msedge.exe
1388	msedge.exe
1388	msedge.exe
5368	msedge.exe
5368	msedge.exe
1144	msedge.exe
1144	msedge.exe
5512	msedge.exe
5512	msedge.exe
1756	msedge.exe
1756	msedge.exe
2932	msedge.exe
2932	msedge.exe
2452	msedge.exe
2452	msedge.exe
4892	msedge.exe
4892	msedge.exe
2040	msedge.exe
2040	msedge.exe
5452	msedge.exe
5452	msedge.exe
2476	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 41 IoCs

Processes:

msedge.exe

pid	process
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe

Suspicious use of AdjustPrivilegeToken 59 IoCs

Processes:

taskmgr.exeAUDIODG.EXEmsedge.exe

description	pid	process
Token: SeDebugPrivilege	4968	taskmgr.exe
Token: SeSystemProfilePrivilege	4968	taskmgr.exe
Token: SeCreateGlobalPrivilege	4968	taskmgr.exe
Token: 33	4968	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4968	taskmgr.exe
Token: 33	5504	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5504	AUDIODG.EXE
Token: 33	4244	msedge.exe
Token: SeIncBasePriorityPrivilege	4244	msedge.exe
Token: 33	4244	msedge.exe
Token: SeIncBasePriorityPrivilege	4244	msedge.exe
Token: 33	4244	msedge.exe
Token: SeIncBasePriorityPrivilege	4244	msedge.exe
Token: 33	4244	msedge.exe
Token: SeIncBasePriorityPrivilege	4244	msedge.exe
Token: 33	4244	msedge.exe
Token: SeIncBasePriorityPrivilege	4244	msedge.exe
Token: 33	4244	msedge.exe
Token: SeIncBasePriorityPrivilege	4244	msedge.exe
Token: 33	4244	msedge.exe
Token: SeIncBasePriorityPrivilege	4244	msedge.exe
Token: 33	4244	msedge.exe
Token: SeIncBasePriorityPrivilege	4244	msedge.exe
Token: 33	4244	msedge.exe
Token: SeIncBasePriorityPrivilege	4244	msedge.exe
Token: 33	4244	msedge.exe
Token: SeIncBasePriorityPrivilege	4244	msedge.exe
Token: 33	4244	msedge.exe
Token: SeIncBasePriorityPrivilege	4244	msedge.exe
Token: 33	4244	msedge.exe
Token: SeIncBasePriorityPrivilege	4244	msedge.exe
Token: 33	4244	msedge.exe
Token: SeIncBasePriorityPrivilege	4244	msedge.exe
Token: 33	4244	msedge.exe
Token: SeIncBasePriorityPrivilege	4244	msedge.exe
Token: 33	4244	msedge.exe
Token: SeIncBasePriorityPrivilege	4244	msedge.exe
Token: 33	4244	msedge.exe
Token: SeIncBasePriorityPrivilege	4244	msedge.exe
Token: 33	4244	msedge.exe
Token: SeIncBasePriorityPrivilege	4244	msedge.exe
Token: 33	4244	msedge.exe
Token: SeIncBasePriorityPrivilege	4244	msedge.exe
Token: 33	4244	msedge.exe
Token: SeIncBasePriorityPrivilege	4244	msedge.exe
Token: 33	4244	msedge.exe
Token: SeIncBasePriorityPrivilege	4244	msedge.exe
Token: 33	4244	msedge.exe
Token: SeIncBasePriorityPrivilege	4244	msedge.exe
Token: 33	4244	msedge.exe
Token: SeIncBasePriorityPrivilege	4244	msedge.exe
Token: 33	4244	msedge.exe
Token: SeIncBasePriorityPrivilege	4244	msedge.exe
Token: 33	4244	msedge.exe
Token: SeIncBasePriorityPrivilege	4244	msedge.exe
Token: 33	4244	msedge.exe
Token: SeIncBasePriorityPrivilege	4244	msedge.exe
Token: 33	4244	msedge.exe
Token: SeIncBasePriorityPrivilege	4244	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

taskmgr.exemsedge.exe

pid	process
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe

Suspicious use of SendNotifyMessage 51 IoCs

Processes:

taskmgr.exe

pid	process
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe
4968	taskmgr.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

MiniSearchHost.exeCredentialUIBroker.exeCredentialUIBroker.exe

pid process

5100 MiniSearchHost.exe
5616 CredentialUIBroker.exe
3508 CredentialUIBroker.exe

pid	process
5100	MiniSearchHost.exe
5616	CredentialUIBroker.exe
3508	CredentialUIBroker.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

zzztest455.exezzztest455.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.exe

description	pid	process	target process
PID 1788 wrote to memory of 4756	1788	zzztest455.exe	zzztest455.exe
PID 1788 wrote to memory of 4756	1788	zzztest455.exe	zzztest455.exe
PID 4756 wrote to memory of 1596	4756	zzztest455.exe	cmd.exe
PID 4756 wrote to memory of 1596	4756	zzztest455.exe	cmd.exe
PID 4756 wrote to memory of 4968	4756	zzztest455.exe	taskmgr.exe
PID 4756 wrote to memory of 4968	4756	zzztest455.exe	taskmgr.exe
PID 4756 wrote to memory of 3500	4756	zzztest455.exe	cmd.exe
PID 4756 wrote to memory of 3500	4756	zzztest455.exe	cmd.exe
PID 3500 wrote to memory of 2288	3500	cmd.exe	netsh.exe
PID 3500 wrote to memory of 2288	3500	cmd.exe	netsh.exe
PID 4756 wrote to memory of 488	4756	zzztest455.exe	cmd.exe
PID 4756 wrote to memory of 488	4756	zzztest455.exe	cmd.exe
PID 1596 wrote to memory of 4476	1596	cmd.exe	AppInstallerPythonRedirector.exe
PID 1596 wrote to memory of 4476	1596	cmd.exe	AppInstallerPythonRedirector.exe
PID 1596 wrote to memory of 4476	1596	cmd.exe	AppInstallerPythonRedirector.exe
PID 488 wrote to memory of 4820	488	cmd.exe	format.com
PID 488 wrote to memory of 4820	488	cmd.exe	format.com
PID 4756 wrote to memory of 3312	4756	zzztest455.exe	cmd.exe
PID 4756 wrote to memory of 3312	4756	zzztest455.exe	cmd.exe
PID 3312 wrote to memory of 4624	3312	cmd.exe	AppInstallerPythonRedirector.exe
PID 3312 wrote to memory of 4624	3312	cmd.exe	AppInstallerPythonRedirector.exe
PID 3312 wrote to memory of 4624	3312	cmd.exe	AppInstallerPythonRedirector.exe
PID 4756 wrote to memory of 400	4756	zzztest455.exe	cmd.exe
PID 4756 wrote to memory of 400	4756	zzztest455.exe	cmd.exe
PID 400 wrote to memory of 2312	400	cmd.exe	AppInstallerPythonRedirector.exe
PID 400 wrote to memory of 2312	400	cmd.exe	AppInstallerPythonRedirector.exe
PID 400 wrote to memory of 2312	400	cmd.exe	AppInstallerPythonRedirector.exe
PID 4756 wrote to memory of 2120	4756	zzztest455.exe	cmd.exe
PID 4756 wrote to memory of 2120	4756	zzztest455.exe	cmd.exe
PID 2120 wrote to memory of 3740	2120	cmd.exe	AppInstallerPythonRedirector.exe
PID 2120 wrote to memory of 3740	2120	cmd.exe	AppInstallerPythonRedirector.exe
PID 2120 wrote to memory of 3740	2120	cmd.exe	AppInstallerPythonRedirector.exe
PID 4756 wrote to memory of 796	4756	zzztest455.exe	AppInstallerPythonRedirector.exe
PID 4756 wrote to memory of 796	4756	zzztest455.exe	AppInstallerPythonRedirector.exe
PID 796 wrote to memory of 1292	796	cmd.exe	AppInstallerPythonRedirector.exe
PID 796 wrote to memory of 1292	796	cmd.exe	AppInstallerPythonRedirector.exe
PID 796 wrote to memory of 1292	796	cmd.exe	AppInstallerPythonRedirector.exe
PID 4756 wrote to memory of 4616	4756	zzztest455.exe	cmd.exe
PID 4756 wrote to memory of 4616	4756	zzztest455.exe	cmd.exe
PID 4616 wrote to memory of 3632	4616	cmd.exe	AppInstallerPythonRedirector.exe
PID 4616 wrote to memory of 3632	4616	cmd.exe	AppInstallerPythonRedirector.exe
PID 4616 wrote to memory of 3632	4616	cmd.exe	AppInstallerPythonRedirector.exe
PID 4756 wrote to memory of 2008	4756	zzztest455.exe	cmd.exe
PID 4756 wrote to memory of 2008	4756	zzztest455.exe	cmd.exe
PID 2008 wrote to memory of 3504	2008	cmd.exe	AppInstallerPythonRedirector.exe
PID 2008 wrote to memory of 3504	2008	cmd.exe	AppInstallerPythonRedirector.exe
PID 2008 wrote to memory of 3504	2008	cmd.exe	AppInstallerPythonRedirector.exe
PID 4756 wrote to memory of 3196	4756	zzztest455.exe	cmd.exe
PID 4756 wrote to memory of 3196	4756	zzztest455.exe	cmd.exe
PID 3196 wrote to memory of 4608	3196	cmd.exe	AppInstallerPythonRedirector.exe
PID 3196 wrote to memory of 4608	3196	cmd.exe	AppInstallerPythonRedirector.exe
PID 3196 wrote to memory of 4608	3196	cmd.exe	AppInstallerPythonRedirector.exe
PID 4756 wrote to memory of 4448	4756	zzztest455.exe	cmd.exe
PID 4756 wrote to memory of 4448	4756	zzztest455.exe	cmd.exe
PID 4448 wrote to memory of 964	4448	cmd.exe	AppInstallerPythonRedirector.exe
PID 4448 wrote to memory of 964	4448	cmd.exe	AppInstallerPythonRedirector.exe
PID 4448 wrote to memory of 964	4448	cmd.exe	AppInstallerPythonRedirector.exe
PID 4756 wrote to memory of 896	4756	zzztest455.exe	cmd.exe
PID 4756 wrote to memory of 896	4756	zzztest455.exe	cmd.exe
PID 896 wrote to memory of 1964	896	cmd.exe	AppInstallerPythonRedirector.exe
PID 896 wrote to memory of 1964	896	cmd.exe	AppInstallerPythonRedirector.exe
PID 896 wrote to memory of 1964	896	cmd.exe	AppInstallerPythonRedirector.exe
PID 4756 wrote to memory of 696	4756	zzztest455.exe	cmd.exe
PID 4756 wrote to memory of 696	4756	zzztest455.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\zzztest455.exe
"C:\Users\Admin\AppData\Local\Temp\zzztest455.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1788

C:\Users\Admin\AppData\Local\Temp\zzztest455.exe
"C:\Users\Admin\AppData\Local\Temp\zzztest455.exe"
2⤵
- Loads dropped DLL
- Adds Run key to start application
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4756

C:\Windows\SYSTEM32\taskmgr.exe
taskmgr
3⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4968

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
- Suspicious use of WriteProcessMemory
PID:1596

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:4476

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "netsh interface set interface 'Ethernet' admin=DISABLED"
3⤵
- Suspicious use of WriteProcessMemory
PID:3500

C:\Windows\system32\netsh.exe
netsh interface set interface 'Ethernet' admin=DISABLED
4⤵
- Event Triggered Execution: Netsh Helper DLL
PID:2288

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "format C: /FS:NTFS /Q /Y"
3⤵
- Suspicious use of WriteProcessMemory
PID:488

C:\Windows\system32\format.com
format C: /FS:NTFS /Q /Y
4⤵
PID:4820

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
- Suspicious use of WriteProcessMemory
PID:3312

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:4624

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
- Suspicious use of WriteProcessMemory
PID:400

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:2312

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
- Suspicious use of WriteProcessMemory
PID:2120

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:3740

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
- Suspicious use of WriteProcessMemory
PID:796

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:1292

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
- Suspicious use of WriteProcessMemory
PID:4616

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:3632

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
- Suspicious use of WriteProcessMemory
PID:2008

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:3504

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
- Suspicious use of WriteProcessMemory
PID:3196

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:4608

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
- Suspicious use of WriteProcessMemory
PID:4448

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:964

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
- Suspicious use of WriteProcessMemory
PID:896

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:1964

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:696

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:2608

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:4324

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:2332

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:4264

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:2844

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:2280

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:1320

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:2440

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:3988

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:3792

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:1344

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:3364

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:1596

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:2600

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:2928

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:2452

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:1104

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:2596

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:796

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:5100

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:2952

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:1012

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:780

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:396

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:5108

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:568

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:1384

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:2540

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:4428

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:2036

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:3564

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:2924

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:996

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:4180

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:216

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:2600

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:1976

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:1700

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:784

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:2096

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:2600

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:3344

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:4828

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:3052

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:2364

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:4780

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:4904

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:4996

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:4796

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:4548

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:4744

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:2568

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:2020

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:1388

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:4880

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:4948

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:1116

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:5080

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:4584

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:2080

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
4⤵
PID:2824

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start python C:\Users\Admin\AppData\Local\Temp\_MEI17882\zzztest455.py
3⤵
PID:4864

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5100

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:4180

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xdc,0x118,0x7ffec3643cb8,0x7ffec3643cc8,0x7ffec3643cd8
2⤵
PID:3908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1972 /prefetch:2
2⤵
PID:2868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2588 /prefetch:8
2⤵
PID:1816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
2⤵
PID:1136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
2⤵
PID:3616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
2⤵
PID:3564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
2⤵
PID:1140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
2⤵
PID:672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
2⤵
PID:3100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4312 /prefetch:1
2⤵
PID:3364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1
2⤵
PID:4796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
2⤵
PID:4836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
2⤵
PID:4012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5244

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3392 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
2⤵
PID:5592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
2⤵
PID:5600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
2⤵
PID:5752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
2⤵
PID:5948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
2⤵
PID:6028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
2⤵
PID:6100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
2⤵
PID:6108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
2⤵
PID:2436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4192 /prefetch:8
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:4244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1
2⤵
PID:5552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
2⤵
PID:908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
2⤵
PID:5804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
2⤵
PID:5600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6380 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
2⤵
PID:5912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
2⤵
PID:4584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
2⤵
PID:3172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
2⤵
PID:4960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7636 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:6004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
2⤵
PID:1656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1
2⤵
PID:5364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7908 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:5296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
2⤵
PID:5464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7472 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:5924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
2⤵
PID:3564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8468 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:1388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7472 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:5368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:1
2⤵
PID:5936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8332 /prefetch:1
2⤵
PID:5844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4464 /prefetch:1
2⤵
PID:1960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7476 /prefetch:1
2⤵
PID:3500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
2⤵
PID:3764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9044 /prefetch:1
2⤵
PID:4976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9088 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:1144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8760 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:5512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9032 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:1756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8252 /prefetch:1
2⤵
PID:5596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2900 /prefetch:1
2⤵
PID:1700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8644 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:2932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8904 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:2452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1
2⤵
PID:3916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8784 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:4892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8200 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:2476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:5452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9656 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:2040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
2⤵
PID:6392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9024 /prefetch:8
2⤵
- NTFS ADS
PID:6428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9804 /prefetch:1
2⤵
PID:6448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9720 /prefetch:8
2⤵
- NTFS ADS
PID:6712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,10672161871857351980,17658824223328730257,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6880 /prefetch:2
2⤵
PID:6616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4756

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5504

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5616

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
3181d85b4768ac42c73e3422a8751ab5

SHA1
62aefc90382350345efacd6be96963103bb34913

SHA256
cb4fc094297de7e3edabb7127e7f2e951dfeb24fa83ee98c49d192c79ca1e0f5

SHA512
22bda954fdc8af35448737bba245321f984e4be8d624e4a00ee68bb2fbc5a7ea113e291e954f11bc6911065e2f89fc5b65905e0053c2063500c2ef8b2997a4c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT

Filesize
16B

MD5
50b04fe616bf380b521f6968fe460d3f

SHA1
39ce7e15bcbd9e3aead1564da8b202730af5ec50

SHA256
b6c2d3399f819f4f0bbad74cfa1e1d2daf158e325cb1a4358f2af837abbdcb8f

SHA512
c68dbae3cdd3bf1d6f9ae5560b32c57d55aa8bf69208cddee6e2b60bd2cc94875c90170e11d23d371206ae09dab14f3c254d1d95178383f311df24f7e9f4f64f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001

Filesize
41B

MD5
b8d64edf78c68c2ccb35576506e7f2ef

SHA1
9e9a2fa581e44ca412fbd2522728c2d4874f2db6

SHA256
9444ec1f64f6660bb6299b9c4dcace08c1d8f690979465d7d56163d82ced3f70

SHA512
4eb202f1df401419c962f324271aa4aa3d7562b63551af3508c245ff9d790119daf42939ca5f400bb8b2ee1db99b3034bfea61c1764f921520f45c9beee20641

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index

Filesize
24B

MD5
48f156e7d171dba0ee460e036defea8a

SHA1
c531a5996f30b25009809b51e4aaa3ab79628e3a

SHA256
c96aed536d7833f9e64664df79bedb45b96cdb662a2cd42548ee662084f072f0

SHA512
142b17cc230e408314d951e392a0ada0b1f4a74370a011c6b8ebad598399fe4a106f9b73fbf39b78b3a505d03ad883d2c6f3cfbb5c6c36d811f0e18acb48b0b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_2

Filesize
8KB

MD5
84be5f1ea394e36d47eda81a8feb4e07

SHA1
a5dd333652846b2c43bf5df44e440e4854c1e939

SHA256
de802eafa2947bac39bf746d58bddd4c3f535c401a427df301482fd5e45dbab7

SHA512
c13520b3d276ab6d31dea0574831643c40a56017d8336fc32dce9c7124d7f11ab9a457950aab79b9263bf8ed95a758ecfe87996a71b01373d218d9d6e414e042

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_0

Filesize
8KB

MD5
a3bae3b140110092cdd1f5392f3a59c0

SHA1
1c867516217397d68d2e0e3839dfe82d32b9255c

SHA256
fb80f4d831095bc552e060d0b819118f92db97853f57e5a010b6d617dd37e32d

SHA512
2bf89a5d93dbb330660a1ad5670485ae6d267f9263ccf723444b2b71a2639651de5ad6e134620be024efa08401554b2b5b4464d6cbf819a73c34682aff05a122

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
08c851079d355ea5e9d7edb3483ff25d

SHA1
ff5f84474cf163d30383dbb9974360235c220ae6

SHA256
92fec98332e26464bb3998d7797e64fbcffb35cf410c617d0a9b317bca9a59ff

SHA512
ac23e3e633e11d7de8f0b2d257ec43e1cd5e7de78c7ddc085cf0aba362426fbda2e2bc685e2f2a6aac2f21f73134fd8dc0a1e8262be945fffc96adeb12088aab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_3

Filesize
8KB

MD5
55447be0697f8ac020e4d074a8117371

SHA1
eb5d0494040f2bc888fc2b0939e55af321777219

SHA256
624cd5e3072e60c5b2495edec5dd905fb15a317575ed11f31d21b308d20f1c18

SHA512
ba6498526a0ded50821d8d59da180af018f7ee61acbc86505fcadb85118cf3c2067981ed8a62a48b67f67f25bcd5f4776133d9dbc7eff2e3dad0e12aef7a9e51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\9bc3c8a0-1d89-4c39-adde-978a2c1f85d4.tmp

Filesize
10KB

MD5
808f3561126d5e2f10be290e8930c67e

SHA1
6df061abadc8b73b110487c730353ed582bfe30b

SHA256
d58c65c56843c1ae1114dca7305b3911c91359ab2b37dcd05ed650545fc7950c

SHA512
9d4ef4d078a7e3119948bfa7b2105fdcd1badb4b7fabcd068a5d8986a9f0a0fdc62db46aa1620143995d51f26270c87dcdb39b2ef464aa79a01536ee50002970

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2afe4ffb8a4dbf673961becf3239ce3d

SHA1
064460a6dbb06fd9f1a17a5325a05c711cc66c6a

SHA256
562a422bea7270842bea3ce6846b591a9cbc0641ac047ebcb256b1f44fa35324

SHA512
e5b5699bf35983e04bcc4d5cce495d224a5adfc3a7f93cab6c24ca386889a347cbedf0290c0ec8502c41df6f154c73ba7e7dbaca3b19d1ed6ea988320caf0fd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f5cac2e8e92bc4557096bb07854cf178

SHA1
11c47f88c3b1bb9f00711100f4b73ae1e25d5be5

SHA256
7ed4be34f51787ef2f6d0f8c95f345d2b198433a19e69048131384f7eb5c0e6a

SHA512
bbba1060bb060c70e23f04faf65fc00066e3e64147f50b29faffcb0d8ae39d447383f1e6d320e84ea6eeca0dfb51e9d13d39e5260c6d3ba35da5b3e08615e989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\473e9da9-e832-4e10-bd3e-f2b9a3833939.tmp

Filesize
4KB

MD5
42a08c271827ae869b1b0ea21e5957ed

SHA1
dd09cb48d3e92df09b038c6f6012ac3e19c7b415

SHA256
9d6ef7f32f7108baaa6baf6282b5e7c14b96d74c1aa15c53361abe2efce960b7

SHA512
36b69709e6fb7846883c02b2c5d3af0ddc56767c9b560fd6ba386d5d0b7b7a40b12e458bafe4f6231e2ec898178e3075e3ff0073ca1473613c7e236b10231bed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
74KB

MD5
2c7e2942d63b6fdff7b31318ac37afd6

SHA1
604bbf8b0faf4bee4a36eaa7a7f346e205bfae28

SHA256
f7da91a516fb769b6826af4610c2beabc431fd02f1bb119fd91dc711b4dfca28

SHA512
5ef4312d08af2a8389e0da7d53966ee66c919c68b9fc9cc8dd4ec014b57f312b9fc3562721fc266591f1d1edbbb6b9dbd161470616eba049e994b8f43414aee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
87KB

MD5
f17a6eea6292979488d916ea49cc6217

SHA1
3201ae2a5c2879712c98802366d60b082ee0ddf0

SHA256
610e2805d2bbbc63925f48c4238b7e13d21cd3066797b6d8944130fd71910e07

SHA512
88b64457207c6b0a8cd60d5dd5ea9ec16ae7f22a87d91bf38a94a2a5989a011cb0a6488f888a6b214a764971a7c674337be0d5e7b776734bcdcb206cbf4c7b59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
1024KB

MD5
370342ce51445e68ee677b56ac8992c2

SHA1
ae86b56902e668c27de4c1b2a1a197da17f89163

SHA256
61a2bba2783a9c376c47354fa148974aa36295fc60029c41d6252775e6e84310

SHA512
b47e765be3d54f94e67d75e1f0ced3404946cf193dfc5ad1e4db0c932df90bcfe9bdde7a3c9888a134d2601e38162eb38282dd401344a34c5dcde9ff893dec1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
1024KB

MD5
66e8d3f233fbcef98b88e11acbcf6ba6

SHA1
2b8b441695468ffcceafc2c4820a64632a98ced3

SHA256
28e490622aa7aa0a7ca15f3b804ec193205908d99b1402594b08252d71e7c731

SHA512
d151aaa04e68f4f19fc403620eb68525bd3e064b298ac6482917908e14e28f7b9970e8651621c682ec8cd04bf963cd716a5decdc43234863415c9c753015ffdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
1024KB

MD5
457e51aeaed0b8bad8b81f00300d2bbd

SHA1
c2e86671082458550a42b7b7c975f7c3eca820b0

SHA256
7e080d6e99c2281dbb6cf48976001e3e7409342d142987b9f369a8b5e88c4238

SHA512
425ae5a85fd78903d37a923b7ad5394d0e2ee59138bf5b7bfdefbcc1cd773ea86a3733f7fff795061899e686b2308e03a16991fa3dcdda2247170591affe03c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
25KB

MD5
a3ab23ac9761466e3efa8dd2777f1f51

SHA1
e17df69b4bbfb0e986bccb94aa178c9254bcd9a5

SHA256
c2b3920b9e868dd39aa741b9bace8db29fa2c1e795fe191de6e74bb6669b3249

SHA512
e1ee1eb2a39388642f748e63878dbe9727ec3ea2752beb935f5cf57b9cd0d51be2e4d87278489335a213fabcc59ec94eef04ae0adcbbc35c49d46f90f43dbfc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
210KB

MD5
5ac828ee8e3812a5b225161caf6c61da

SHA1
86e65f22356c55c21147ce97903f5dbdf363649f

SHA256
b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7

SHA512
87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
551KB

MD5
7a3657867732fe045ceb6a25f6bfbebb

SHA1
e1f8898064dd5bb137c223b02e3a7256698f3433

SHA256
364622669cacc34137967064729ce5ae0591e45c86c39bc960285a068cb6f789

SHA512
1e6b90f75833575fa0b3a30b89a28e7dbba66cf7a39187364a1b32a1a2f9bc9981aa271f6dafb8926b6541bf39efd04baa911660566012ae484f4516db2a7884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
4cf06a64af12125abb03076dc7861562

SHA1
d800b0178030b65406d2e1b54df5ba1eaf79b909

SHA256
076ad8ba453cf6a1145233dacdb9dc7d621417672d163cd49530cd006b14f95f

SHA512
3024bf75e32dff2dda4a07233b56954b3ab75eb64df49e4b322f4faffd3649b051abe4539f103994c713394407ef65682561d389cbbc88523859dc710b903bf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
49f0d758990a1608fd706d0e9ea65018

SHA1
52ff21b583c510198792bd90c82fd8d9409ab1cd

SHA256
1e43de03580f5775ed337925f37befbb01375a3e0cf77f0379859aea37d18062

SHA512
3d76c1eb6b4b17b85f3c3f946fe8e6af8adbfb7c947e8daa07fda08c4f2c12ad63a444949ebb9a394cfacc895d9a6e2b38bb504ed3961ab9cc05fe5b0ad63960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
c09ab4de3662ccd87688f97ddcab8b6e

SHA1
69dd311e2044feb34df121ad7a0d4850fd45076f

SHA256
ee5d5992ee6588493e376fff3ebbeb1063e1f53f1f81479b424fb9cf8cb8f4dd

SHA512
9a52afc6569b863bded7377cb0935c1ab52f15639b852af611cc43845c8d4d5bde5485a1e96fc163ed895ea1e236ccc179bb0bc8afe188d3df0e69ffe44f108f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000001.dbtmp

Filesize
41B

MD5
95e33729409e88c28e85ef4c89ff95ca

SHA1
7846e291c1f457abc29e55bc664ce18a476dc68d

SHA256
0995ea0d83d1d12d5ad43ca8629f381bde2a5975e63bd0eb41edda3fc5ffb29a

SHA512
1653675ca53035e29abe7f1a4e6e8472f000bbfb2a82d9a4076c13526c04d14340cac73698a850174b54e9fcc4b7f1746c62cf68631f209e1f49beebbfb7a514

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old

Filesize
522B

MD5
fbd3881211fd2eaa30556e77e2e183e7

SHA1
1a90a63369b6e1843e7dd77b838bafd61fa0c4c3

SHA256
8fca92c731102e65b985986b6301e33dac60df11eec0f76b6aeff4d5cfc456b8

SHA512
027894c2086c67143f75bdb2790aaebd340b47f7969a08f591c22783bf890b45a574c2ecb251980bff2b6e6ba0f003b6312e46fc903e9d3d5da5a40f76cef502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
18f641254d439484bb205641d00d12e7

SHA1
4b7b86dbb1ef14bfdaa752711370764f4b77d119

SHA256
5a2b7349a3cb68f4c051650158c0861cc20a12fa277ff343a8415ef1f1e8d024

SHA512
df42782633df86a9a083c82f80abe8fe555cfcc90c9bceb5579a0db6de798ac3260a7f3d48a987940293c99064f3ffd1917a044b52a69b07dd357c39e84d16ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
caa151c4f2a7b7eaa5d6d33c67af19cf

SHA1
08c9565571ccb898b13fca2520eefc7db90dfc20

SHA256
2b69d5d77f9491cd3d35370a7dae49714e7fa089dba7ee59d4b51273741c31be

SHA512
7aaf6be57c274630fd8c380f44bc203659fc637af101e67a494e2c0be278fbd47871cc7e13ed4f118c4f48054a47cf061f026b019d1183c1c5bcc7b011c62da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
3bd5c395b2bb73b19ef7025f604d1fa8

SHA1
879db9a717b4894230a8731b65171b99f6c4efc0

SHA256
d0fab7184c66b9d8dfcda64242402f8bb7fcf416f3d02b7e92cce04cd6c442e5

SHA512
22d60a1cde6b8da12c54004ed18cd0c16b53920e4f7eb9802b63b78fa03d842351add8f37ed94f34f8a7faf484172a4bae9cb40e5b39b98986f606d3732b236a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
009fa45f78aca8a84ce455cf99140e7b

SHA1
080ba192165683880298a58938d7947cbc39a7a5

SHA256
6a7a40e2a1e5df83b17375f17d55252d2d0e098071c4ee1870cb754ecd54aa86

SHA512
e3eb402a770bf7bf89c3b2ff182f8230be8000bf86aeedcbd04206cb4bebd9d0ca106d81a47fb45eccc24c50cc6732f5656cb017491891f8a64edd456eb5e567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2e3a97e2d42125328698265cf074bac7

SHA1
89e5d20ab5db578f8c1c50faba6e92a627c27836

SHA256
b2dbe909a3fa35e2964040e91cec5be2e0c9c1a907f754c67de8d0a529cd11b1

SHA512
f95330f67c8f692be5a4bf741059de60a74962dc56e81f3bdee1c4fc8555debd4d988939fba51991558bdf6989227b6c79f3743aa37d3696a649180cbd983aa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3e34b9b5ac55a7995b3c4e37a94da8f3

SHA1
c15a38a2285c3968ded457d07ffb344918fc6fcf

SHA256
7f64185d2e7d10043ceb61659b6d544b9c59e7253d5b47d2816eab9b4e10da72

SHA512
c8d4526a3cac2df847a7866714f07ecf86829b58376d03d2b3493046115705e9bcb7cfdb00b04f61b87a89621d56a0b62c34ba6a499428b40c6091aa68921b12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
60581e874591434fe7a24ef5698094a7

SHA1
380a3a215fc69720fdd4b265b550aaf5f876f14f

SHA256
a10d945811d1eb94cbc99452c14692b37b39ec67294f9aa423d492fa50763591

SHA512
bcbee3972c5e1031e25696f56fd446f23b0d21cd89600c93253bf84a8b88746278ef7ec3a9fcbbf19bdba62a95f7941613b2f52454bc4dfbe357b632c9810c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
efa7c293a631ba38c2f98f1ec35e8bb4

SHA1
b1c63d6f643695a4d4fa6632693820b3107acf55

SHA256
9f13ab4a9ae7fda18f446b4ec7d31be995c4a8f6614ad8afbec6b4f0490f0d42

SHA512
6a38c9cb2b97a265e1b885cd216c96790b59e4b10cd2e35cf75293f1a5bc83abab32bdedc9b35882edd0ffdb18a85873862d5110c4cf5c43bfff0869ca390f18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4fb062c6e5aeb397b8039a9614f04fda

SHA1
dff66f832b793782afa8e0b5e973a6b178aac11b

SHA256
9fba38373dfc2f9f19f64be77b815cfc55f3b9e24ec4b74aab619f77d1f8b930

SHA512
35b740823a052c424728eb362314793fe0ab9cd122d01e76e8841a8e819d38d995f946dbf59b5ce521017f378efd49d1b769fea07df3082868f2cb990f02df39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e82c9fc2441acf6f23232d9cd60a2bf7

SHA1
28a817732640415ce616fc00d66b62e65119a6a7

SHA256
791bca215e432b5b3f7d532b2465175702b19a01ec7c3db13a2e4af6a2600984

SHA512
77cd51622dc3d90048673621208ce24518f37253e42bc3c46e9167a6b9fcad091a4b708bb03735452a395d447bd91f26f92a391357f5640e61096c8ba9005993

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0c6e3d88cce8df83e5f47d122438ca15

SHA1
fb6152b56f278e4ad720f7b6172cf6f5b54249a2

SHA256
f2b116e6005e929759f8fb86e96c1526b19c3161b0a9d6882e357755b8273430

SHA512
57802ed4d9822218d7ea5c1805a8ef97682af803088f51851c9f9ebbf8b14fbe22078e848da09ef8519cbedae46f40ed1e56522695678260fd211ef658372742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bc633424153a3156ede56c9db6180f04

SHA1
eccc3d68f959538bb5b6a40fa83b845766ccbb90

SHA256
583ae66ffef2b7fe5d4f3698f53dcce36c59d87e00cd6e5e34acf55be28f7aaa

SHA512
65f47b838e3c0901305ee1f3afef0d6a65ffd92a2ad813708d0408d6abedbd80fd0c6cff472fb29df1b2f49058c21d5bab4b063d0f68a6f3f89068c9146e236d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5b6e83c0a5c093543c9c18dc6be283c3

SHA1
92116f3eff6c48ac2c3add68f3b5bae39ca5efc3

SHA256
ac5624349de048dc712709b8037a09470f3b1caa7e2fd213e56336bb0ec6f216

SHA512
90f3c7cf9661903a47a03fe5b3691536259bd7ca3edbd22cc0d2ef299c56d86460f205cae0c4ea308e8f3a9748a2b2a922607b0cad8bf068e46a13bc70106dc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
26KB

MD5
0b21beb41aa4b27a03004e0af7fa90c5

SHA1
df6bf776b7f1302ea52ca6a894b9c54c34089f3d

SHA256
3133e966c815d805da549675d6492a47f44d9f88682cd4d0f93fcc55fe45a344

SHA512
760d738f7bde1ef7f5ceb25cee323b31b9bcd5fe4f4b3f2c4e0ce7470b979d45e5f2799d740eb209f2c40c8042ad4aa1ae15dcefa807f0fc864f20e2e8c520b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RFe58a1aa.TMP

Filesize
25KB

MD5
e7627cef0166186d7dc3a45be99b99c4

SHA1
90348a9367526059bc381aaeff2cd2f967aae2d4

SHA256
fa95e7e7c241887bede261fff757fd2d3f35083615aafea8d215960a18073a60

SHA512
7407f566a489b8f311796047333404a63c3d903894d938838c06600b9830d3bfa636e6830d48ff6ee9e7de2d0954a19a871b06b46331b3da0405daec5b0892df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old

Filesize
568B

MD5
19cde0900662b70e65de72fe32389a95

SHA1
1a0c6c0948bf7cebb6b694eaacecf2d5bb23a588

SHA256
e4d983c1dc8f16afc887a742fef4bac913f99ae295b39a5177ac2db1536dda29

SHA512
e4c69523f827def32f179f45bd283228e260da834f88ec9132114c033f47848ae78e0193083a5aaa89cd54b62cd35c9d3741688d3ddc9a6f2eae15d292987b93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\3c16369b-311f-4f04-bdbc-0aefb5f2c2eb.tmp

Filesize
59B

MD5
78bfcecb05ed1904edce3b60cb5c7e62

SHA1
bf77a7461de9d41d12aa88fba056ba758793d9ce

SHA256
c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

SHA512
2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
cb36bfec69921f365e5d10d19a73f0dc

SHA1
e0b3c09477efd7fb433bebddf154bbc78975459f

SHA256
51ff9d3df44a3018e2ad1633b63e3e09eebb56edfb11aa25111f3b72d5ab4061

SHA512
c140b14254677f002d4101b3dcf8f7f7b57ed4ac19e44e9aa0597d371df686d472e6818bd265479e1317ef68f8c37ace3118aed5642b894b39945b991a047753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
5b48662a8309c5e5abd329ebb543d1ab

SHA1
176dcd54e5754391636b8d271aa3c1844cbf7aa6

SHA256
e21991ba43311ee5e76d49247e3435be28bee4a6f13e2b85271c97472d127fb2

SHA512
01da6a57e061e1b58897286ce4e2e2d208ebee88c8d42eac5476f9bfc582d6468f0a21cb5e3cc42dc1ef3849c6a95aac677c518674ce46b033a3f1b6db98e693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
e98d344b742b66b9ac5b6d1d6db8d643

SHA1
f1af96bc5b79b028688a2c22181c1022e39519f1

SHA256
d3fe6efd9ada865f5a6864dfa0fc742b783c199b49b0d57b35b1255816f03e16

SHA512
c07fccea716be4360d3fc8057b1a2785c2558bf8623bbaf4969b9aad4cc0c7d41d9e6310b90c08dc23cbdec3876cb088fdd9a2266402c11f42c40420169951d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
29f7c1ec7943e03f291294a57170394f

SHA1
a9415c67a8116b41995356a51c091201681d8265

SHA256
27710a239c38e83f60870f644b727a46b73e577943ea67f4fa36ecc17973e320

SHA512
9666a160d781e19e22bc5d20e0e4202407357f03dd1958b9a91c82010803275a89c6fa79c7b6defdf1b2b59acc601cf8d9a57e1cc06f078294a7d7be0f30450a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5930ca.TMP

Filesize
3KB

MD5
e2e23835e74c8602ad31a5075dfb31f1

SHA1
3fca898af47f0653e065f883d0eb240ca5822fc1

SHA256
d17239884fec27c46c5a873899cd3830130e70d0029a65570ebf848d7377fd04

SHA512
8ddeee7a9471a3c183cb8f66aa227feadd3b54240cd1d7d5603d2b0fd03f6c33bb3a1f7b7972250e45d7f867b0a92a9658633cd01a14240251dd6fcab0a5a7fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f247c2a6-a268-4b86-ac8f-07c899ca2015.tmp

Filesize
9KB

MD5
c6ad3d17858be98d26729b755ee12c3e

SHA1
0c09bbbb02f2c3422ee8dc3356c5aedb54b8518f

SHA256
44b0f4714f5b4198e3d6d028fea5e1be88523cfb22ff8601a0cf46f1129bbc4e

SHA512
99c69e05ada5eaef74c889dc5eb9fda742071f2978945067e04f512f89bc6f0b6c11bc320c0a43de6a01c68b0ea512878e9dd207f3b66d6bd81a2dcaf47760b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edbres00002.jrs

Filesize
512KB

MD5
8ebfac3efef834e55d7d7d7b820b54d7

SHA1
3234bfdc22c9029ddc43a8e9cfb98e96038e832c

SHA256
43d7ef4e2fcff27f361eba92be6dc6e4204529d4a86e45cc0c4d58b53bc1339a

SHA512
e0f9140e302aff641637c2c7c1ca843bd6c381bc351e5d244c4195563132e1c43a97660976966f021093a6f45af5670296d7f5968ab3f6e95e305758eebb0cb3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
537B

MD5
feb2ad6cc0612af1c33be92fa91149cb

SHA1
108232f3db84bd794e47e7cc49f78a1e67b9b238

SHA256
5b3abb6b4629a0165bacf2f846e1b059bd4306710a1161429aa22fe65d3efa95

SHA512
05d88118dd445d6f122e0d52325c1153b2641c75bfd25810ffb833306634b981669894aa241cd8939db605b10770427c4be12e55384913cc965fc350f408cdb8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
1KB

MD5
f5dde75ddf0d265d4c574c3f4c3313a3

SHA1
057f616f2faa3b577d89d089d96e3730f71cdf16

SHA256
b47ccc9909eb7c349a0de9e377d7a7a3908600179749c45a67eacd4ca5a4fd0e

SHA512
dd87259c50ac7fac380d5b1a3633e146489806727e0094f10669554369031d5d7f47b09bb9a7cb654ec6a99b403fb0fc8eaf8191b4f3538f04a224302bc25271

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
1KB

MD5
bd233a3ef9b892fe1d8e03946ac9821a

SHA1
2f659b88029f8ecae0a8b49c6579fa9df78a1b2d

SHA256
3f2e05755fc1125550a9d3571c58b0db532c8117bd34ca2ecd8d3aa5f4ae8836

SHA512
0c7d353d255bebca735f9e510bf2711c2d509138e10f1535788d41ebb45fafddf1317086e82612cb399240d8b346cd3e9a2964ef06eee97a0f7ccb9c2b554639

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
2KB

MD5
18b9fc23e795439e200fc3b860662121

SHA1
0a2cc8433cd3d392e12da8450ac62886ea85dc7c

SHA256
81d43433571b60c7eb11ad6c47a8667cb3c4cc16f96589de3938a0f0a70aaef5

SHA512
6076903093826693d35e97a77a2fe4058e491bcf77f8cdca728efe4cfb3b06f9f47ab422e51f0060b0acf657abbaff5ac484f2b7a1450d5b0b3d1fedb3406207

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
2KB

MD5
7bcbd1b4c6a9367433658ae3fe5865b2

SHA1
5cded7d330aebef11cc39a8c867b3c7e4bce45e9

SHA256
c97eb40cdb5d7d09d125951e2c961ce5c43d774bea82bbf55da2f87a0fdf2076

SHA512
903aa172d008ede124abaa90c75b29088c97ec862fd33bd27658045934e28e91c8319e99748e75bb8f23db52730709e1c049efd0b968e5cfd292f80093f6547f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
3KB

MD5
fe52915278c776fde975c7e2b94670a9

SHA1
745c24ca0e6697b4a171be20718d66c16b43ed87

SHA256
1a4f926c2e7049cb1a340d7219c9d7476cf3cbd92c40efe6768b033ff6e799ba

SHA512
2f4ea6274eaf36a5e168524ec463ff2b37a53378657911ccc2f0d401f549cc5cee94ff114cf9e9fa8049a7d230357e1ab73ebe2c8af7648ef09c1b97a944c1d9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
3KB

MD5
94dc3ed7e448b81e2d886a27b171d97f

SHA1
77fb416bab1529641914e4ea04079ce813bbe79d

SHA256
e195a2cbb72f5759a9bb33533df789782ee5abdbcb42e9ec3db380e69584fc00

SHA512
fac71e83a0131248d912f6d58c6df42933eb6025a4c97e0d0b0c0bacb7a4f6403017a73b0100af80fc57dd08488fac7fc75186d351f581986db2614bf920e46d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
4KB

MD5
8fc4cbf70a85d90f89c00d7c7afd3018

SHA1
79dcc76bbf9b96fc685540154c26b38ba54ea152

SHA256
f0a28271acdc50c20a2e9a51cfb1f9894e8633834a7f83a2c63396e154814786

SHA512
8ffdb6dc382058406a9ffb619cb6b34cccc54d4951525cf097328a08b7030f94dc51eeecbbbcec16ac515d636f5550d52ce19905eb095de148dbe7f8e34f0309

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\VCRUNTIME140_1.dll

Filesize
48KB

MD5
f8dfa78045620cf8a732e67d1b1eb53d

SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704

SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\_bz2.pyd

Filesize
83KB

MD5
5bebc32957922fe20e927d5c4637f100

SHA1
a94ea93ee3c3d154f4f90b5c2fe072cc273376b3

SHA256
3ed0e5058d370fb14aa5469d81f96c5685559c054917c7280dd4125f21d25f62

SHA512
afbe80a73ee9bd63d9ffa4628273019400a75f75454667440f43beb253091584bf9128cbb78ae7b659ce67a5faefdba726edb37987a4fe92f082d009d523d5d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\_ctypes.pyd

Filesize
122KB

MD5
fb454c5e74582a805bc5e9f3da8edc7b

SHA1
782c3fa39393112275120eaf62fc6579c36b5cf8

SHA256
74e0e8384f6c2503215f4cf64c92efe7257f1aec44f72d67ad37dc8ba2530bc1

SHA512
727ada80098f07849102c76b484e9a61fb0f7da328c0276d82c6ee08213682c89deeb8459139a3fbd7f561bffaca91650a429e1b3a1ff8f341cebdf0bfa9b65d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\_decimal.pyd

Filesize
251KB

MD5
492c0c36d8ed1b6ca2117869a09214da

SHA1
b741cae3e2c9954e726890292fa35034509ef0f6

SHA256
b8221d1c9e2c892dd6227a6042d1e49200cd5cb82adbd998e4a77f4ee0e9abf1

SHA512
b8f1c64ad94db0252d96082e73a8632412d1d73fb8095541ee423df6f00bc417a2b42c76f15d7e014e27baae0ef50311c3f768b1560db005a522373f442e4be0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\_hashlib.pyd

Filesize
64KB

MD5
da02cefd8151ecb83f697e3bd5280775

SHA1
1c5d0437eb7e87842fde55241a5f0ca7f0fc25e7

SHA256
fd77a5756a17ec0788989f73222b0e7334dd4494b8c8647b43fe554cf3cfb354

SHA512
a13bc5c481730f48808905f872d92cb8729cc52cfb4d5345153ce361e7d6586603a58b964a1ebfd77dd6222b074e5dcca176eaaefecc39f75496b1f8387a2283

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\_lzma.pyd

Filesize
156KB

MD5
195defe58a7549117e06a57029079702

SHA1
3795b02803ca37f399d8883d30c0aa38ad77b5f2

SHA256
7bf9ff61babebd90c499a8ed9b62141f947f90d87e0bbd41a12e99d20e06954a

SHA512
c47a9b1066dd9744c51ed80215bd9645aab6cc9d6a3f9df99f618e3dd784f6c7ce6f53eabe222cf134ee649250834193d5973e6e88f8a93151886537c62e2e2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\_socket.pyd

Filesize
81KB

MD5
dd8ff2a3946b8e77264e3f0011d27704

SHA1
a2d84cfc4d6410b80eea4b25e8efc08498f78990

SHA256
b102522c23dac2332511eb3502466caf842d6bcd092fbc276b7b55e9cc01b085

SHA512
958224a974a3449bcfb97faab70c0a5b594fa130adc0c83b4e15bdd7aab366b58d94a4a9016cb662329ea47558645acd0e0cc6df54f12a81ac13a6ec0c895cd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-core-console-l1-1-0.dll

Filesize
21KB

MD5
9a1e39a255c0a22e49906da7ddc69274

SHA1
72473a4b33601a06f2f9aaa47645a1cad7469bf7

SHA256
a742b375fc6cb32e17c66f7e677cef59399216ac21c1384de6ec892c2b099a4d

SHA512
2657b7aa74e845a8c512ac28d9926ec03f601c65916d262c5a0f7a6d742e243f0fd1a3babcd0e4be3daa86c30115c2cb5b6e7b234c6cbac249a28f47b5529392

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-core-datetime-l1-1-0.dll

Filesize
21KB

MD5
9f8e3e48e50cc817581fcf8c4412fd16

SHA1
e7178bc74ae55150f1af666964d9959815d6309b

SHA256
4e8c54b23d5c0d5b388d7c0182da2e3afc9819073640e83b753f517d5cf77aeb

SHA512
30de1a93121129c423f37e9d9828bcb01ae5a1469183667c950630592027789c673fda5e7437dc236fc12176555990cff2dfd7df1b092cd25e69e150cbaeaf01

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-core-debug-l1-1-0.dll

Filesize
21KB

MD5
6df69a0bee972d981517a031759ab800

SHA1
f840040398bb7fa6091ddb1b6b2f4314df7e4163

SHA256
29354cbe6e808ae1b1c187aafe5f2a66d8cb5b4ed7ef3f830884c7c02171305f

SHA512
57b334bd7d3694c915a8de68e8cdc69ed8014f86e24efb8a0dfd504f5a6bbfb00a83abc54482a3f487b5ae77bc3a2bb50a064c699ab0546b8c016667d6966fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
21KB

MD5
e783c4599529d988e6dd51f602a3852e

SHA1
fe074c132aee81b30b935d82af7dd266ec657cf8

SHA256
cfce9bfbe11b534e1fc28d59efed233b7490f081380a016b45b2357b4be1f173

SHA512
e2b3b7db56f52ecb7579fda1bc267530c257c4d3e0ca0fcfe1ad1192568b1f8c0b91b50b69824403d61c00838db88ca8740a470d82127c4d1ce3f0af370926b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-core-fibers-l1-1-0.dll

Filesize
21KB

MD5
28d448a71ef395a4a6c218986a001b97

SHA1
ca88e3c54a6525e8adb64263f53bc5ce280dea98

SHA256
7d02b9f60a652ee3496d809fb42a5779d6523aa9e574a853d9d71ca13aa0344d

SHA512
ace4ac658cf7deb526835c2c058f5255217613c11d06eedd8c17e6137741e480a874b1f524de576d6d00b1bf14188604e4842e07fef5c17843db784df042cc7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-core-file-l1-1-0.dll

Filesize
25KB

MD5
68a9e2900942d86001e56fc7ff0be7e1

SHA1
8c8169ca5d85f0dbaad0b0ab580751b82ceac697

SHA256
2ff6914e5887b3fa53cb418b5602c84b79f189e441e1e66bf42c759688d8c885

SHA512
a512519b58fb227bdb27ca7bdacdc3a3cd740833725db06d19b5a3173a7cfc2e7adbe3089b0643815f741223fe25c31322c4cf20c689b615cddd55c77faf99d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
a855f5ffc6690c1bd1706d1dae6251a2

SHA1
075f84148285a2b61808d3094c8e1fe35466d59f

SHA256
98b4b6a29374e68a383bd6e4b58cd76223335d38d2586c5a494466444811b75c

SHA512
35ee703d27e15e192a847f86c22ad613880e1e53296a1bc0ae2249b2a777a0bfe3695fd609278281e8b3e5621534a242c3d3a7bda48c7ab23e513b59ceeb889d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-core-file-l2-1-0.dll

Filesize
21KB

MD5
18a078bf6941f50fc3158b749441b9ce

SHA1
279e944990b2fb184a6d09e3e62f574751e2e9a7

SHA256
637e9a34044c366b9b004e62ee15aa4875e344a5a6b7634c803a40d95883d7cc

SHA512
bc45590aaa25264e2c9640f5a9a357d6b0cf88e9027fcf70fcad666a50cc309378ce9a49e0d02cdf299b2631b724e863e31061090d6ae7893db048afa6fb6943

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-core-handle-l1-1-0.dll

Filesize
21KB

MD5
22c40155ed832a8fe858479e40bb368b

SHA1
7ac524609f61346080ffa912dc40e689d0c2fad4

SHA256
049a1b6b3fd664e5ab2bb27fc3614d8f8091a0dabd4aebc92a0804bf62a55c38

SHA512
82aa8459d7cc47c3d2bbaaffed61a7cfaca30d9a75c4daf688b3795178bcf6258b324c8b71d6f887d5dbe571ce2c73e6a4891a8964e7e1d96fecdf986ed80af0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-core-heap-l1-1-0.dll

Filesize
21KB

MD5
296c039ebbc1f4ba4700356789f8b23b

SHA1
25e07840d35aa37cd9b001f565e53c6e136cc02f

SHA256
0d5db713081a8c823506739716ff483f6b68e203128b54ea3b807f9aa6fa7f49

SHA512
e2db64f95d4baa0474fb4422bcea990f8fed3a1acfae0f75ae45e165f9ba19c3ccefa7d10091dbc06facf4cc5c11cd8afb1059e36a91015286271466066265e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
21KB

MD5
e95347fd6fb9c65f32edf729e47bc5b9

SHA1
e88d0def4691b3efcdf9aa16f34cfcfa644df8ac

SHA256
73170ecc212462678605e0025d87dfad646e53edbf7c015857cfdd47dfa1138f

SHA512
b4fcc7c7d97d8ad0e4cc9d9b5460989959d471891d3cb2311f356231e71d3384a356c729f9c9e5935a08aa8e551a69a0cee36efc528c211951079dcb42c9cdb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
21KB

MD5
65f21f421f27f7bc5a53daadfe07de3b

SHA1
8749b95bcc2b598093fb26b0cef6382c17cbbe4a

SHA256
f6445229c496e05b84092b4ae5ad765233471acdcd12460b492d499001d623bf

SHA512
b9736bc37d6a9bd591b1c001dd37cc305cc7540879906f37123389898b4f29cc5e2758b17ea5398fb685e5ce7cadd8ec86333167358a8f9ee7a405fa75bbd46e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
8a52d5f941f257c581e856811586b887

SHA1
a510353c67126ec00d13a3f4c0b2e494394a2949

SHA256
6ce59c2de64b6195695e8754636cbe283a7af3ddb78acf32c3879d7d09aba4b1

SHA512
39bad27e61d9a694740556c8290739780ebd7cfdd1f909b85a37ef5c55bc3bd8f439cb6e26d77715649bb04ae701a02fc789535f0d23a5db9ca4a981a38fcb8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-core-memory-l1-1-0.dll

Filesize
21KB

MD5
b9e7b025cdaa8901f3b0dd06b8e08853

SHA1
1fbff353bfce19a72d496469559fc86773cd415d

SHA256
0b1793130550ea2e80c52cd5c28442f29364cddb063833d67b3c6d5995fd89dd

SHA512
06fe1462e1f8b1dbd9da3f23d1b197b5b01bee14a6ca700eae1b5ca094827f1dbd4f1b5b7c2a1cd13d4f2a5bb749ea5a3b8f49209dde459f56501ba886cd2ad9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
21KB

MD5
177c5821140b07732dcba255ca20c77a

SHA1
039d7dfb7ad901741840aff3f26a21b0947e5a09

SHA256
218d0b5a06fb1c07249bb7388b8ff9c5d7622206c562ffc9fee21a372d1371af

SHA512
47e55706149baad6fa10be1f46c400a304b9f4fe95c2f1eb6e1fd59c4bbe1b1d46bc000a35beac9a28db588e4e6968f770cfc71c88b1c3f618deb4b4d657cc6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
21KB

MD5
704e2314ac6e314acc28d5befb0bc7cb

SHA1
5b74961291656116259966853e79a3f2624150c4

SHA256
11dc3f718b8cd959c30d7c69af2880f728ab5640c678af7290acd554911bc9b0

SHA512
98545518b4b9e1ca5642bdbb89f652c7d002a3e61c8721c6e49d39e7b886aa67968768ca316b70166366c8920503270629b830efa119b3edcfd053dfbc405cb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
21KB

MD5
cd215cfca95bb0885a637a106674df02

SHA1
029fcb8bc4b1e7a0c4c8d328bfb57abc5252bf8e

SHA256
49172aa2c8734ef8159bc6dd58a9ddf9d391f3a109254a96f48fc0d9f9eec89a

SHA512
ccf245bc6edff2a4d7aec94d9a490a370258095469b38ac51b09b4c9ca6570d6dd9070439d9719297f5edf2c15fa5830c5f0ba89b2267a6e6ada927a7cb6d7e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
21KB

MD5
cb6102cdcd530e82f9a7f2579dd5be22

SHA1
8f1881ba356c8d7497580fc5efe2681200632cae

SHA256
f5c82a141bdc7929bb3d6d4196c0e8501f4a894fd65a435f8134c073134461ac

SHA512
bc9129d58c05991f4567d2ce64e5d5a5ecaa876503ee0644ac61b67fea4b794251cd0f1d1631ef63e8f530a0db074684cde9f35d852ddcb50a9b02d641a63d59

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-core-profile-l1-1-0.dll

Filesize
21KB

MD5
95dd2837ab03e4ac6df6556d600867ea

SHA1
fb6bac628a794bffcfb2752048781edede095755

SHA256
d71ca70fcf6871ef83f8b45218edc50a2a1ee9d568b77bb69bd56fcf3ebda97b

SHA512
3879de168e6c0ed7a9b814d969d9e409f3b9973172ef5e0d98e1626c79a21d0acff3f61d550f1be4b7a746bd358cb1fab1b108394ea84c1777917e394c345cd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
21KB

MD5
0c2522cdd1a6d898acba478ec646e6ce

SHA1
9f1273dda066cdcdd58f62e12da0ebd48d0648c5

SHA256
e400bf8019dc0caf98865aea07429f8581ac5b004b9759a1c62f2d7bccbcb3a4

SHA512
ee98aa44a575e61097fa67b892314e0dc0aecdc7b15a7e4fb2546ad85faebc2fb1ff063647df9e770adc006b47f0f5edf8f907fa94306ba03e6e44b85883ef34

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-core-string-l1-1-0.dll

Filesize
21KB

MD5
0013a4840e882642151622e0edbc87b3

SHA1
5fc16ecd9c0648d0df57993606e8388fcb1d9072

SHA256
3e35afeb848c4777e3db2b3b38b2cd8fe768feac82b18c69308fe07d65b1a602

SHA512
3136a9a8dc30f3069f77fb74e84ee548fb71dc01b0ca6d1c65950782ae91d52c50cb13a04d21cbec3275596dd05341a2b475abbf9cfae6f2f34dcfe9eeb28b44

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-core-synch-l1-1-0.dll

Filesize
21KB

MD5
2223d56816451aa18de3518409d9c835

SHA1
747f3a5201f34b7aff2ae84ec159fdd0fcfb94da

SHA256
f09a3b2d04c4ae6c1217ed073421c912eb7e0fb006441291948470e6329a4fd2

SHA512
72314c20d34c9dcd4736912ddbd89e710ad7a69a14eef2197faa7c3eaaf39c3e467005cf4ddd88d15d02e1fa81cf218a5f48eb7b995592f3adc222d52a2970a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-core-synch-l1-2-0.dll

Filesize
21KB

MD5
fee1a97d282bee6e34a5634e6ae71699

SHA1
bd5bcff531df9a70f838bc8d9e84661569015da8

SHA256
5cf8cf2b29a0fb4f3df647ccb1efcae0390e0d57bedfc37200c1577810c3716c

SHA512
6bb3bcad6d8153ccd2803fb2c465d1dcf4778689a9f76ab30edb165bb34dbe995441af3cb04bb985b456b92676ba16caf9ecb3555d17c7051fb57bda9b8439b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
21KB

MD5
b1f1058597973bed224af2c9c0a878fe

SHA1
74754fe3825d1a1523d35279da7e998a476ed8f3

SHA256
b3b356cdca34cb5023cd8f49025e23128f1e86dd0d4865d62bc42f775f1acca8

SHA512
4471b425078058e84705b3be09e6bdbbc4b044543d8374e69685de470ec021b21567786be4cbcd6ffb5fc571fcbd4eedd313588fd3aad0ecfd38026e1e19d057

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
7f0a0a190aea88884088bd09d36a2c4b

SHA1
f8d3039deda1f7fc025f4e4cbbc3010cba3762b3

SHA256
a202f21169cc103c019019d3cbc05c3549a8dbac6eed0ecb4e5281e36f028a26

SHA512
5f75ad8016ee9649cd565e27930f951cfc7b40b468ca7a5792578301ff2a16825ca2a98103ba8f4e6d8feb761655be1d8c24fa9e1d539bec6c3a5b3a04f8e9b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-core-util-l1-1-0.dll

Filesize
21KB

MD5
83251b9d23c1f80ad95165aac4988a41

SHA1
bdf7d476eaa4ba653bbaab69d55cea1b6a1eabe4

SHA256
01cbe35a9513dd5c499179a31dbae86a4f37a510bba7a7cc484f23559b252067

SHA512
1b35745b8a4f49db953f547626c1a1cb271466335bfbd64a32742fea186ff0b1302dc7ce6b333e4d40f42d90a4f92755eb87ec9d728a338153e86f0af2b252f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-crt-conio-l1-1-0.dll

Filesize
21KB

MD5
f296c2faa7817165685921a7c29ef444

SHA1
c8182dade7f1089074410026b135ca07a39261bd

SHA256
ea8ad551e8944389ce502cb8d5f979d243af7784ce7382fa18a04a9de2f7b2d1

SHA512
815225889ee4286c26bd004a22fd1fdb43cf18655d12cf18ae92f1e70445e9daa8a55207a971299ecd6adf1f848cf3279a4c6c966f371a208c818744d13041fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-crt-convert-l1-1-0.dll

Filesize
25KB

MD5
ec929cdb876f15a5b1c56651a132e70c

SHA1
171da7a89e177d08873b7ef73c0b8b0e0c30bb96

SHA256
eb41bf23e10405efcad8bb3eb8972f431394113324717386362ac6406a5c6d75

SHA512
a830d7b5aedab56e5c959af944cf3a5d1c81fbfbc58dd9b18a56aafb9dc10cdc21ae6f524819c6a4e17ab06a139c73068f927cf6a675131cfebccbcf1fc35c3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-crt-environment-l1-1-0.dll

Filesize
21KB

MD5
6b1a8f966512f0fb05b07d557a079476

SHA1
c3713af0e4ada371710a3ba456fcdbe0547d86e2

SHA256
294bca6dcb6455e9027b527aae42ed5aa04d5ae769cb897cb36a150b40a6fa26

SHA512
0f977caa8cdd07b3cd5fefa6bb554755289da93199f479d9ee30f9e7251c48dc1ac9fdfda23146075fcde1f1e36a9553d9d6cbfdec1994e1e3ab54ff322b0bf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
21KB

MD5
35cc322c04032419445b3ee052ce85fc

SHA1
8b1064117c231a736805190d1453ae8b61ef1e9e

SHA256
a60dbd92bc1e1e06035d6aeef821d71dd06de7e15b5536110048233dd523a9a2

SHA512
6549e9dd6281f2f3ae8b29cab59999da2f3cfcc9d5a58900ccda40c28a16d56dd6aa0c35d9014f72b00eca4e8fa3f3e6c4488aa53090fe3f80065f5db01e5e29

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-crt-heap-l1-1-0.dll

Filesize
21KB

MD5
ba9303ddc07281252d1c56faa85d9716

SHA1
88c4256b84fffd7d2c1c4920a90b3cf8423252f1

SHA256
20ce58e1990ac2f726466e234e6a6ef4dfae97f8cb1571a0a4b1bd74df87dfdd

SHA512
758f66b8931fccf436ca67b34166700f9d9bc5fee19a6ec1569b5e8f4af9821b0d07753931b7b51907cca94b449b7054a3ec8595161b5cbfaaf5b1d416402a8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-crt-locale-l1-1-0.dll

Filesize
21KB

MD5
0774cf132b254ba3271bd9ef48259165

SHA1
76a7ab15b3acbf3b12066cc494c800d3053e4307

SHA256
fe617cc8748560a1e12e58559fdf192c5888babff4ae62e386617293d5fc20b0

SHA512
d747dc4cc1fc5e29fed84e5234a73a404671f04708aaaca454c0cb4c4345c920246480eb75c7f8275a6742347f4baf6b2ab7c58b408164b18879cf5b1f546a22

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-crt-math-l1-1-0.dll

Filesize
29KB

MD5
87789f1e4ac145980437a907f7ec1984

SHA1
85d146e1610ec2f5b289c27a626edafad94a64f5

SHA256
655965eca578ae6b0afedd0ce2a424a3f6e9b3e624dd0d55ce67bc7df75b3b6b

SHA512
0be4dd47a3a003c10e6f7f89b5899268400a43b25e8f16957f13154771ae809e17def48d5babaddad81320760d3f994a7446b06498bc594829b69e8c212166b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-crt-process-l1-1-0.dll

Filesize
21KB

MD5
4a5ee7c5ed85ad19c0c05a99f563165a

SHA1
1f199631b516ab553bef7fcdcf216648b9d77173

SHA256
2292e2b873f90645e2d6e94e83c748f301773a2c12c3824e80581aefd869cc9c

SHA512
a04b225e2bb1637ee4a5fdfabc2628daade078f555f81fbc7eff3643eb544e2be8c5e60878ee9e8e1ba33014b468890c7490c3a99b4c464f13df0cb862885376

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
25KB

MD5
554da00be256a94c51a4bdf92387ac2a

SHA1
fed494412793c9a3f78686aae38e34e0ab910043

SHA256
84ce7e29868776de9939938d5c3091736669ebad4f063f5e83df0299b474e5ed

SHA512
3244cf3a19a132c1f17b94fc433c6b033247865c8f66e2f7b3456e23e1f23bd9c934b13d1f8873ae220b9dae14a06c998ef9589cd8a1140392fd1dac77c82780

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
25KB

MD5
cae87585a8e25d1b0754be0b397d065d

SHA1
a39b2373cb2d412d4398c531ee2e1c64cd5683f6

SHA256
acd08d06dfc981071142a851913e55aa253926c12b5b9d73649b832a4bfd0dd9

SHA512
9f840b316b19058047e06294df8b43460adc832d6d61274b66bd8491fd78ca53dc944c701f7bdd78c04c08eb11598f1c33cafc94df54b1286bef7656e29f3aed

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-crt-string-l1-1-0.dll

Filesize
25KB

MD5
395e487fa98b314a1a703310917f8476

SHA1
36f30e8d4f530ad402d1d563a7e25b97b25ad34b

SHA256
db897e58b7d327a059db263af2f1be1eff58176e3bcdb82aa801e2d69fd2293c

SHA512
c7d9e1b22f5e79c459a916f48dec9b0c93c0dbf1909bbd3e99f6f44dd61bf38ff77bed5a9963fda8367a238e72cd79fa19c6642506dc8438203199800e794c25

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-crt-time-l1-1-0.dll

Filesize
21KB

MD5
939cee7266426363a65f2fbb02699d8d

SHA1
ec2c10e80992021283ec49badd64148f58d51100

SHA256
44705d9b3271d9db307f92c7c2764a98db5819e670897dbfc95beb386a1840bb

SHA512
85bee7a8b81c7ba122832e26f4e2d826eebb27b017917404d69a38e2a016216d1556f1416019c45e6aaf7fe9e7a8851d4359bd2ed443f4892395a42295b33c5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\api-ms-win-crt-utility-l1-1-0.dll

Filesize
21KB

MD5
e2355e98d5b48f75c3661a94cebb6a47

SHA1
c70debbb62a80dcf1af338aa1c42cf9db4b1d5ac

SHA256
fe4c586d1fc06d9012b2fc9c34aa72b219a939dbb2d9f034763465a7de24fff2

SHA512
2ac1b6137289906bae5c7d46a31b6bb6725b9545b3882d9dea5244146c0d6321cf3f17b5a91f5e9024055b9218f589301fa81627e7fdb9a54004856f5938fef6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\base_library.zip

Filesize
1.3MB

MD5
43935f81d0c08e8ab1dfe88d65af86d8

SHA1
abb6eae98264ee4209b81996c956a010ecf9159b

SHA256
c611943f0aeb3292d049437cb03500cc2f8d12f23faf55e644bca82f43679bc0

SHA512
06a9dcd310aa538664b08f817ec1c6cfa3f748810d76559c46878ea90796804904d41ac79535c7f63114df34c0e5de6d0452bb30df54b77118d925f21cfa1955

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\libcrypto-3.dll

Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\python312.dll

Filesize
6.6MB

MD5
d521654d889666a0bc753320f071ef60

SHA1
5fd9b90c5d0527e53c199f94bad540c1e0985db6

SHA256
21700f0bad5769a1b61ea408dc0a140ffd0a356a774c6eb0cc70e574b929d2e2

SHA512
7a726835423a36de80fb29ef65dfe7150bd1567cac6f3569e24d9fe091496c807556d0150456429a3d1a6fd2ed0b8ae3128ea3b8674c97f42ce7c897719d2cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\pywin32_system32\pywintypes312.dll

Filesize
131KB

MD5
26d752c8896b324ffd12827a5e4b2808

SHA1
447979fa03f78cb7210a4e4ba365085ab2f42c22

SHA256
bd33548dbdbb178873be92901b282bad9c6817e3eac154ca50a666d5753fd7ec

SHA512
99c87ab9920e79a03169b29a2f838d568ca4d4056b54a67bc51caf5c0ff5a4897ed02533ba504f884c6f983ebc400743e6ad52ac451821385b1e25c3b1ebcee0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\select.pyd

Filesize
30KB

MD5
d0cc9fc9a0650ba00bd206720223493b

SHA1
295bc204e489572b74cc11801ed8590f808e1618

SHA256
411d6f538bdbaf60f1a1798fa8aa7ed3a4e8fcc99c9f9f10d21270d2f3742019

SHA512
d3ebcb91d1b8aa247d50c2c4b2ba1bf3102317c593cbf6c63883e8bf9d6e50c0a40f149654797abc5b4f17aee282ddd972a8cd9189bfcd5b9cec5ab9c341e20b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\ucrtbase.dll

Filesize
1.1MB

MD5
05f2140c1a8a139f2e9866aa2c3166f1

SHA1
9170cff11f3b91f552ac09a186a3bae7ea7cda25

SHA256
048d4c5a51e45777ba15facdaddbf7702594a2268e8de1768ab0f5f4e4d7e733

SHA512
bdc7daf31fa9261967cab58c928fe5146b53c96f9b7c702ae8ee761b2652702d9f34dabf4252b7b580311d6dd4d2914ea7721296bebcea3344006eaa0f99f2ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\unicodedata.pyd

Filesize
1.1MB

MD5
cc8142bedafdfaa50b26c6d07755c7a6

SHA1
0fcab5816eaf7b138f22c29c6d5b5f59551b39fe

SHA256
bc2cf23b7b7491edcf03103b78dbaf42afd84a60ea71e764af9a1ddd0fe84268

SHA512
c3b0c1dbe5bf159ab7706f314a75a856a08ebb889f53fe22ab3ec92b35b5e211edab3934df3da64ebea76f38eb9bfc9504db8d7546a36bc3cabe40c5599a9cbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\win32\win32api.pyd

Filesize
130KB

MD5
3a80fea23a007b42cef8e375fc73ad40

SHA1
04319f7552ea968e2421c3936c3a9ee6f9cf30b2

SHA256
b70d69d25204381f19378e1bb35cc2b8c8430aa80a983f8d0e8e837050bb06ef

SHA512
a63bed03f05396b967858902e922b2fbfb4cf517712f91cfaa096ff0539cf300d6b9c659ffee6bf11c28e79e23115fd6b9c0b1aa95db1cbd4843487f060ccf40

Download Submit
C:\Users\Admin\AppData\Local\Temp\file_4.txt

Filesize
6B

MD5
0abd41a321671bde38d942f9bd170d74

SHA1
77f65a8e8e6aa0e49d755e16e8093c4f971cdd3c

SHA256
a5c8e9cd3c68412497783998ca950379568d063cbc4215b189c7e9cf11eb575d

SHA512
932c8e9bfbfaaa427c8431d6a235f712e410e8ce05d870d84027a8b9c71fd697d475b9d6603fab3a725f198ed113505f9a60e2f18598d815b52066ef485487a0

Download Submit
C:\Users\Admin\Downloads\365408f6-57d5-4c41-9275-88320fb9aaa9.tmp

Filesize
69KB

MD5
46baa7ddbe6b0fc24d9398cdae8abe96

SHA1
cbd076aaf0ada7813324e7ee617f59c6cd7553c7

SHA256
58c64c8eb076f75e220ea7e86fc8c150cf5303d4fd3a3ba68b94276851db148a

SHA512
1c747c8da6a22a1c9902e639db535df8395153bfe3dcddcd4ebda170fe023db46fb08c7e5301542416d292ca2fb13cd35f2f51f9fed33e49267e842a1f19d31c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 149252.crdownload

Filesize
87KB

MD5
b95f972b9b33ef69ca3b9fb1b0adef5a

SHA1
d8ad42fab3f36712b6205d6205ac0947615caec3

SHA256
b1d1005b14deca1ed1e078758d7fc0dd9917748b46f71b0be16b44c57bd0088c

SHA512
5448bcbca0acbc02b2cf12e81fadb1a0a1b5b27128a530a3620576b58a26926b8b07f814f2dbc60716321f883e75d08a3f606b14b8cae56e459065c7456b4def

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 563323.crdownload

Filesize
26KB

MD5
ebc880bbc38875853640cde5964f595b

SHA1
14267b4b280d9792795c9c8ec8ee6a0212a2ff38

SHA256
e3dbad3f3e815cf016672c4374361a9d68d5a77f2c89f26b62260795da6940c5

SHA512
0d0cc77e016bfc2076a437a32e42a19ce71c19191ce78a81f2164296491ce92156ffc25684ab6b2743693b7a16c55ca0c75fce8754d5a2c2aae071535ccbe93a

Download Submit
C:\Users\Admin\Downloads\cat-blue-eyes (1).jpg:Zone.Identifier

Filesize
123B

MD5
75fb4ad145331b3459b27fcdfc7e4dd2

SHA1
cc37045d978c0c8cc179d3fefa0bd3faf8effa3c

SHA256
241fa2e7f5d19219c6ab4e560f546257d29a56ed061c95633a6e6e3106717853

SHA512
aad2236a20b9c745e41d9e5d4027a90f995a5bb5593209e415f673c16c4fd852742e7b1d800eb2c16b8954108bd9498a93ba4304fab254464efa265bd9c48a72

Download Submit
C:\Users\Admin\Downloads\cat-crosseyes (1).jpg:Zone.Identifier

Filesize
123B

MD5
4229630808cab8fcd80e5d60b1bebbf6

SHA1
8dfdb1b65446f92185e1271a512c80e7f39a07aa

SHA256
766e333d0f9c79129245c077a864886f34e25694318e8413449987f72d5ca11e

SHA512
cc832ef0dee934ee46f239b5f88e4d6f28ef0d0e28cd5b305565fe2a788a85ea93c9434f25304e600d3153d34a86e37deddb9e663248eca89f3696f290d7c764

Download Submit
C:\Users\Admin\Downloads\cat-cute (1).jpg:Zone.Identifier

Filesize
118B

MD5
dc4743fda84768a73f55c52d694a7719

SHA1
24efbd9ce2ca9cbda0cd61a1e04c1054ef223247

SHA256
ce10bd7744ed1e6ab1e8680b17e01adf8c1090844acc08cc6972814f68a2cd1f

SHA512
724e571708e3f42c151525feade121e078806dde54413de214403dc1bbe17c6ca9cd50185530701f78e7a4426e1495feb2fb6a73a3e9dd58a2ac012201dcbd2f

Download Submit
C:\Users\Admin\Downloads\cat-hover (3).jpg:Zone.Identifier

Filesize
119B

MD5
a6a4bb52de092d29b4209a43775a51c8

SHA1
12141cbca749ed57cf7f6c51acb69b43baa43c49

SHA256
f1009cf4bd44a8825ae65174943e5b4cd466f6ec2ff88ca00bc39e8bc07a30bd

SHA512
12ef3a25fb104dc4a30fe53d300d32b03144551814a9e368de7bd00211e109ef30c94a787480605776902a95d795c325aa82e3c373cf8aa5c0ccf1a3520f4bef

Download Submit
C:\Users\Admin\Downloads\fcbfdb7f-0ee1-4934-9112-bf79f62ce38d.tmp

Filesize
50KB

MD5
f67b92fd8e324343e1ac281c71cd211a

SHA1
8be7f9cee879c485ccbaeab70dfa57a9604db8be

SHA256
05b23ec1f5ff6d4b3cb7419ed22b1663281c4ec193c3810b18a2108414de62a3

SHA512
7896f149941425e8c3314b715e53a528f14adcf88be108f94ed6eeee123f3bd5777ba113dfe7cfa7edd9b4a96edf2173f10e2692481443799e8daa75b23c08d2

Download Submit
C:\Users\Admin\Downloads\patreon (1).png

Filesize
51KB

MD5
e38a04fccc918f99e4ee279f2a8bd165

SHA1
80d59f045bf9ea60c5e12a44998e3229786b3717

SHA256
a0a96707edfb3a31f96c90978e1fe7876b8c2f8491d776b0b6dbf2f628ff975c

SHA512
f24e487833454a5640e89e294e618349952c1ee785ec13a93f95ffc9809c4dd2bc312595afded5def0aa54781b623a43a703a134cbd4e182fd2f9dbfa64b8f9b

Download Submit
C:\Users\Admin\Downloads\patreon (1).png:Zone.Identifier

Filesize
117B

MD5
a242aeebe2bc8fd12c712bce6ed93bd5

SHA1
81df59610e38867d327b64810d3a55faf2eddc21

SHA256
0ad5034d07145d359ee877e3a65c47ac32d5b561085dd2ef8e490ff82ff917f5

SHA512
88d75957ab34293d061cc7428936372e2656451cc154748836fa16c6d5de50433dd8ebbc3492d261d075e9c08731ab94694e40ffddcbd19be5a954174da8f482

Download Submit
memory/4968-1380-0x00000223C77F0000-0x00000223C77F1000-memory.dmp

Filesize
4KB

Download
memory/4968-1379-0x00000223C77F0000-0x00000223C77F1000-memory.dmp

Filesize
4KB

Download
memory/4968-1368-0x00000223C77F0000-0x00000223C77F1000-memory.dmp

Filesize
4KB

Download
memory/4968-1378-0x00000223C77F0000-0x00000223C77F1000-memory.dmp

Filesize
4KB

Download
memory/4968-1377-0x00000223C77F0000-0x00000223C77F1000-memory.dmp

Filesize
4KB

Download
memory/4968-1369-0x00000223C77F0000-0x00000223C77F1000-memory.dmp

Filesize
4KB

Download
memory/4968-1376-0x00000223C77F0000-0x00000223C77F1000-memory.dmp

Filesize
4KB

Download
memory/4968-1370-0x00000223C77F0000-0x00000223C77F1000-memory.dmp

Filesize
4KB

Download
memory/4968-1375-0x00000223C77F0000-0x00000223C77F1000-memory.dmp

Filesize
4KB

Download
memory/4968-1374-0x00000223C77F0000-0x00000223C77F1000-memory.dmp

Filesize
4KB

Download