6b54534840c6db880d910e5b016ccb1f1cb1911dd1a68aff12ac6296d144458f

Analysis

max time kernel
145s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2024, 11:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

source_prepared.exe
Size

80.8MB
MD5

abe6386e8dd005a356a274c8c54817f2
SHA1

eaf5dc405b26bf2cdfc0a53562933dd4f9bc6d2a
SHA256

6b54534840c6db880d910e5b016ccb1f1cb1911dd1a68aff12ac6296d144458f
SHA512

dcd193f8324e34bb139cbcfdf34dd5ce883932b4eebb14d9b855f52a1aa5229a73ae0798d0599383d4ca270ad8840da49789490caae7f90896b70de02859ca0e
SSDEEP

1572864:LnvxZQglXE97vaSk8IpG7V+VPhqO+ydE7UlgSiYgj+h58sMwIIKWl9uqScJX0:LnvxZxReeSkB05awO+ypec5k1s9uA0

Score

9^/10

discovery evasion execution persistence upx

Malware Config

Signatures

Enumerates VirtualBox DLL files 2 TTPs 4 IoCs

File and Directory Discovery

T1083

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	source_prepared.exe
File opened (read-only)	C:\windows\system32\vboxhook.dll	wasd.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	wasd.exe
File opened (read-only)	C:\windows\system32\vboxhook.dll	source_prepared.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
5640	powershell.exe
3532	powershell.exe

Sets file to hidden 1 TTPs 1 IoCs

Modifies file attributes to stop it showing in Explorer etc.

evasion

Hidden Files and Directories

T1564.001

pid	Process
4820	attrib.exe

Executes dropped EXE 2 IoCs

pid	Process
2632	wasd.exe
5476	wasd.exe

Loads dropped DLL 64 IoCs

pid	Process
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0007000000023562-1290.dat	upx
behavioral2/memory/1880-1294-0x00007FFF1DB10000-0x00007FFF1E0F9000-memory.dmp	upx
behavioral2/files/0x00070000000234d1-1296.dat	upx
behavioral2/files/0x000700000002350d-1301.dat	upx
behavioral2/memory/1880-1304-0x00007FFF35EC0000-0x00007FFF35ECF000-memory.dmp	upx
behavioral2/memory/1880-1302-0x00007FFF34D70000-0x00007FFF34D93000-memory.dmp	upx
behavioral2/files/0x00070000000234cf-1305.dat	upx
behavioral2/files/0x0007000000023504-1312.dat	upx
behavioral2/files/0x00070000000234e0-1348.dat	upx
behavioral2/files/0x00070000000234df-1347.dat	upx
behavioral2/files/0x00070000000234de-1346.dat	upx
behavioral2/files/0x00070000000234d9-1345.dat	upx
behavioral2/files/0x00070000000234d8-1344.dat	upx
behavioral2/files/0x00080000000234d7-1343.dat	upx
behavioral2/files/0x00070000000234d6-1342.dat	upx
behavioral2/files/0x00070000000234d4-1341.dat	upx
behavioral2/files/0x00070000000234d3-1340.dat	upx
behavioral2/files/0x00070000000234d2-1339.dat	upx
behavioral2/files/0x00070000000234d0-1338.dat	upx
behavioral2/files/0x00070000000234ce-1337.dat	upx
behavioral2/files/0x00070000000239cb-1336.dat	upx
behavioral2/files/0x00070000000239b4-1334.dat	upx
behavioral2/files/0x0007000000023958-1333.dat	upx
behavioral2/files/0x00070000000235f5-1332.dat	upx
behavioral2/files/0x00070000000235f4-1331.dat	upx
behavioral2/files/0x00070000000235ea-1330.dat	upx
behavioral2/files/0x00070000000234cb-1329.dat	upx
behavioral2/files/0x00070000000234ca-1328.dat	upx
behavioral2/files/0x00070000000234c9-1327.dat	upx
behavioral2/files/0x00070000000234c8-1326.dat	upx
behavioral2/files/0x0007000000023536-1325.dat	upx
behavioral2/files/0x0007000000023531-1324.dat	upx
behavioral2/files/0x0007000000023517-1323.dat	upx
behavioral2/files/0x0007000000023516-1322.dat	upx
behavioral2/files/0x0007000000023515-1321.dat	upx
behavioral2/files/0x0007000000023514-1320.dat	upx
behavioral2/files/0x0007000000023513-1319.dat	upx
behavioral2/files/0x0007000000023512-1318.dat	upx
behavioral2/files/0x0007000000023511-1317.dat	upx
behavioral2/memory/1880-1351-0x00007FFF308E0000-0x00007FFF308F4000-memory.dmp	upx
behavioral2/files/0x000700000002350c-1352.dat	upx
behavioral2/memory/1880-1353-0x00007FFF1D5E0000-0x00007FFF1DB02000-memory.dmp	upx
behavioral2/files/0x0007000000023510-1316.dat	upx
behavioral2/files/0x000700000002350f-1315.dat	upx
behavioral2/files/0x000700000002350e-1314.dat	upx
behavioral2/memory/1880-1310-0x00007FFF30BF0000-0x00007FFF30C1D000-memory.dmp	upx
behavioral2/memory/1880-1309-0x00007FFF34CA0000-0x00007FFF34CB9000-memory.dmp	upx
behavioral2/files/0x00070000000234d5-1308.dat	upx
behavioral2/memory/1880-1357-0x00007FFF34E00000-0x00007FFF34E0D000-memory.dmp	upx
behavioral2/memory/1880-1356-0x00007FFF30450000-0x00007FFF30469000-memory.dmp	upx
behavioral2/memory/1880-1358-0x00007FFF30410000-0x00007FFF30443000-memory.dmp	upx
behavioral2/memory/1880-1359-0x00007FFF1D510000-0x00007FFF1D5DD000-memory.dmp	upx
behavioral2/memory/1880-1365-0x00007FFF1D3F0000-0x00007FFF1D50C000-memory.dmp	upx
behavioral2/memory/1880-1364-0x00007FFF34D70000-0x00007FFF34D93000-memory.dmp	upx
behavioral2/memory/1880-1363-0x00007FFF303E0000-0x00007FFF30406000-memory.dmp	upx
behavioral2/memory/1880-1362-0x00007FFF30B60000-0x00007FFF30B6B000-memory.dmp	upx
behavioral2/memory/1880-1361-0x00007FFF312E0000-0x00007FFF312ED000-memory.dmp	upx
behavioral2/memory/1880-1360-0x00007FFF1DB10000-0x00007FFF1E0F9000-memory.dmp	upx
behavioral2/memory/1880-1367-0x00007FFF2C990000-0x00007FFF2C9C8000-memory.dmp	upx
behavioral2/memory/1880-1374-0x00007FFF2F8D0000-0x00007FFF2F8DC000-memory.dmp	upx
behavioral2/memory/1880-1373-0x00007FFF2FBF0000-0x00007FFF2FBFB000-memory.dmp	upx
behavioral2/memory/1880-1372-0x00007FFF2FC30000-0x00007FFF2FC3C000-memory.dmp	upx
behavioral2/memory/1880-1371-0x00007FFF2FCE0000-0x00007FFF2FCEB000-memory.dmp	upx
behavioral2/memory/1880-1370-0x00007FFF30190000-0x00007FFF3019C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\was = "C:\\Users\\Admin\\pysillwasdw\\wasd.exe"	source_prepared.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

T1102

flow	ioc
41	discord.com
87	discord.com
88	discord.com
33	discord.com
34	discord.com
35	discord.com
36	discord.com
37	discord.com
86	discord.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
6136	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133674166205635140"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1194130065-3471212556-1656947724-1000\{0DD200A3-1E74-4F41-9780-1C41F318D2AD}	msedge.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
220	chrome.exe
220	chrome.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
1880	source_prepared.exe
3532	powershell.exe
3532	powershell.exe
3532	powershell.exe
5476	wasd.exe
5476	wasd.exe
5476	wasd.exe
5476	wasd.exe
5476	wasd.exe
5476	wasd.exe
5640	powershell.exe
5640	powershell.exe
5640	powershell.exe
6940	msedge.exe
6940	msedge.exe
6704	msedge.exe
6704	msedge.exe
5904	identity_helper.exe
5904	identity_helper.exe
1028	msedge.exe
1028	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5476	wasd.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
220	chrome.exe
220	chrome.exe
220	chrome.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeDebugPrivilege	1880	source_prepared.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeDebugPrivilege	3532	powershell.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeDebugPrivilege	6136	taskkill.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeDebugPrivilege	5476	wasd.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeDebugPrivilege	5640	powershell.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe
6704	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5476	wasd.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 220 wrote to memory of 1412	220	chrome.exe	89
PID 220 wrote to memory of 1412	220	chrome.exe	89
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2264	220	chrome.exe	90
PID 220 wrote to memory of 2700	220	chrome.exe	91
PID 220 wrote to memory of 2700	220	chrome.exe	91
PID 220 wrote to memory of 4204	220	chrome.exe	92
PID 220 wrote to memory of 4204	220	chrome.exe	92
PID 220 wrote to memory of 4204	220	chrome.exe	92
PID 220 wrote to memory of 4204	220	chrome.exe	92
PID 220 wrote to memory of 4204	220	chrome.exe	92
PID 220 wrote to memory of 4204	220	chrome.exe	92
PID 220 wrote to memory of 4204	220	chrome.exe	92
PID 220 wrote to memory of 4204	220	chrome.exe	92
PID 220 wrote to memory of 4204	220	chrome.exe	92
PID 220 wrote to memory of 4204	220	chrome.exe	92
PID 220 wrote to memory of 4204	220	chrome.exe	92
PID 220 wrote to memory of 4204	220	chrome.exe	92
PID 220 wrote to memory of 4204	220	chrome.exe	92
PID 220 wrote to memory of 4204	220	chrome.exe	92
PID 220 wrote to memory of 4204	220	chrome.exe	92
PID 220 wrote to memory of 4204	220	chrome.exe	92
PID 220 wrote to memory of 4204	220	chrome.exe	92
PID 220 wrote to memory of 4204	220	chrome.exe	92
PID 220 wrote to memory of 4204	220	chrome.exe	92
PID 220 wrote to memory of 4204	220	chrome.exe	92
PID 220 wrote to memory of 4204	220	chrome.exe	92
PID 220 wrote to memory of 4204	220	chrome.exe	92
PID 220 wrote to memory of 4204	220	chrome.exe	92
PID 220 wrote to memory of 4204	220	chrome.exe	92
PID 220 wrote to memory of 4204	220	chrome.exe	92
PID 220 wrote to memory of 4204	220	chrome.exe	92
PID 220 wrote to memory of 4204	220	chrome.exe	92
PID 220 wrote to memory of 4204	220	chrome.exe	92
PID 220 wrote to memory of 4204	220	chrome.exe	92
PID 220 wrote to memory of 4204	220	chrome.exe	92

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
4820	attrib.exe

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
1⤵
PID:2544
- C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
  "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
  2⤵
  - Enumerates VirtualBox DLL files
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1880
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:1560
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\pysillwasdw\""
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3532
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\pysillwasdw\activate.bat
    3⤵
    PID:4708
  - - C:\Windows\system32\attrib.exe
      attrib +s +h .
      4⤵
      Sets file to hidden
      Views/modifies file attributes
      PID:4820
  - - C:\Users\Admin\pysillwasdw\wasd.exe
      "wasd.exe"
      4⤵
      Executes dropped EXE
      PID:2632
    - - C:\Users\Admin\pysillwasdw\wasd.exe
        
        "wasd.exe"
        5⤵
        Enumerates VirtualBox DLL files
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:5476
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "ver"
        6⤵
        
        PID:5492
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\pysillwasdw\""
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5640
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im "source_prepared.exe"
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:6136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff3032cc40,0x7fff3032cc4c,0x7fff3032cc58
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,3910826644246713258,9326343884098469265,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1876 /prefetch:2
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,3910826644246713258,9326343884098469265,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,3910826644246713258,9326343884098469265,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2392 /prefetch:8
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,3910826644246713258,9326343884098469265,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,3910826644246713258,9326343884098469265,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4508,i,3910826644246713258,9326343884098469265,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4928,i,3910826644246713258,9326343884098469265,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5000,i,3910826644246713258,9326343884098469265,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:1368
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff630884698,0x7ff6308846a4,0x7ff6308846b0
    3⤵
    - Drops file in Program Files directory
    PID:2216

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3904

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4056

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x324 0x33c
1⤵
PID:772

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff20e146f8,0x7fff20e14708,0x7fff20e14718
  2⤵
  PID:6720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,6872985401732779323,1936790697292632494,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:6928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,6872985401732779323,1936790697292632494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,6872985401732779323,1936790697292632494,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:7024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6872985401732779323,1936790697292632494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6872985401732779323,1936790697292632494,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6872985401732779323,1936790697292632494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6872985401732779323,1936790697292632494,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,6872985401732779323,1936790697292632494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,6872985401732779323,1936790697292632494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6872985401732779323,1936790697292632494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6872985401732779323,1936790697292632494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6872985401732779323,1936790697292632494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6872985401732779323,1936790697292632494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,6872985401732779323,1936790697292632494,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6872985401732779323,1936790697292632494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:6544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2092,6872985401732779323,1936790697292632494,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6164 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6872985401732779323,1936790697292632494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6872985401732779323,1936790697292632494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6872985401732779323,1936790697292632494,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6872985401732779323,1936790697292632494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6872985401732779323,1936790697292632494,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6872985401732779323,1936790697292632494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1888 /prefetch:1
  2⤵
  PID:6456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6872985401732779323,1936790697292632494,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2128 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6872985401732779323,1936790697292632494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6872985401732779323,1936790697292632494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6872985401732779323,1936790697292632494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6872985401732779323,1936790697292632494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6872985401732779323,1936790697292632494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:3524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

File and Directory Discovery

T1083

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
af8edcfcbe02ab83473ab26a7e9696b9

SHA1
10d3a2a5279bb0e4baacdc47d21d25fc2239b3dc

SHA256
814233fc03d5fef6c32a996ac5561a7c52311e502475dd87091dcfca1b45d530

SHA512
dcb220a1005f3a77e6c51caf0981b8e37260042758340b27d01d16e5d0c2e737cc352e9054f1e8dc1b7c78722e84881f4157b64b21815eb6c92667426e17879f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
d7a305a5bef2634ae5346eaec57f9952

SHA1
a25f8ea21b08b2829ee776999298f2414d555c14

SHA256
5dc8e81f0a4355d72840add5d73c4b74ddeed782c9246e600b7656f45ac8cbcb

SHA512
486005a35e5576003906eb2a62e3fcc7356de2f6d436517b19938c14c79c9456110f1da431f5ba0d09cb236387391154450ffebf156a9cc34045074ff2bf7680

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8243910a62ab2cfe3b65d947fc847947

SHA1
474357b3bfa84b357e686075efda19e3ce8bdfeb

SHA256
975ff6c3c375b9213fbc3110a1149116bd8a33c3e8aaf0bbbfee737e31e4af5f

SHA512
e7fb74ddf4cf690561da556dfe03435729bcafc02a294398976a39bec6f64ba8264c896f11fa048a0a2acd2a8a14d8bb91409da80a77f008ed60c27218a9c6da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
72ab4130e28c33cab071a08aeaa0e3b5

SHA1
cc811b44be6d0c8b592a8c33658efeec276a39fc

SHA256
95438878450bee60bdb3b379c0e1612e30f72a30dddcb72a5df3a0bab2b82774

SHA512
b4191398cabcc2fb0cecdf38829afe6bf432a6d354257a3080c1c2991dc9bab8ee28bd509c1cabffe46547523c365e231cac5efbc26c8ad21336cb130d29f017

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
79e7ce3d791fc7c2e74c421c202d5c96

SHA1
3e64eaf8ced44b97ba63976c7cea8c17d6d7b79c

SHA256
8d1a5e6cf5635a3b6a6c43d963d2e4322c39edc41a71697b6533d242c8a68325

SHA512
66029c865c8cc00ca4125c7bc6fc3602e156a5aacf7d3085e345af3bd30f053591002908a769a1346ab9d25ddd38a945af175d55b8502df8d29ce99b817e6352

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
579c91d7e7060ab3a9c9198ed6c8be18

SHA1
49bfd6df36967fda60e134ac85979234c86a855f

SHA256
583b82f321121c18a1fa6cae39655c4f0483c936feb4f26e9451d38b484c77e0

SHA512
2435226b6299c647fcd328c1e235b2e830e373679d31910320d9e9fe7ab70a55afa59e42513c3e395eddfd3424a4b1abda236455fb86f51af8e0326720b5d85a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
bb6dd28de9eb180accdc0805b97683cb

SHA1
5da5b2c909027626af0b389ce3bdbee01f412b43

SHA256
f8cf387833d678d17ffb887343f536c7d5455be14340e18adf06ecf231899fdc

SHA512
a3dae82427a7f353e4bafa48308ebd3953571bbda3945353f226999d66ca55030418b2e9139775cea036d444f805930bc2db1bc7b94e5787ed933b60500cc9d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f20d7afe6ad498548c109de07868b580

SHA1
8cd4efdbf1d12215c0cb891c370bb11d75c21881

SHA256
4920517dbb469dee301a9aac7f29f5a441a2fdffdbf32f98edc5f9c6fd39b18f

SHA512
581df4d1ba9051c6e11020bab14dfe38d5c54a606c021ae93eb9a9ff07d9a56080a180b067ba364266b155ddd2c3bcfb47ae0e1ea1eb12f10705f3614508e463

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ae14ebc6-2a2e-4681-90ed-b6fee729f2cb.tmp

Filesize
194KB

MD5
b994e5040e3c860f28038c179cedaca3

SHA1
2980cd05eeb4e2ceace75a1635fea82ab14a290f

SHA256
10a6a04d12747849fbf1a659b1c82cd2413aed1032e5f3acf32cb9024364e0b0

SHA512
6aa6ea1d1bc34bbecffd28b228e36e99f0ad1a328cbe23b5221446d2cb4caadfac9206e01fb944e293228216d9169064f5fa3ac595b0f318bee430ec16a32986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
41KB

MD5
ed3c7f5755bf251bd20441f4dc65f5bf

SHA1
3919a57831d103837e0cc158182ac10b903942c5

SHA256
55cbb893756192704a23a400bf8f874e29c0feee435f8831af9cbe975d0ef85d

SHA512
c79460ded439678b6ebf2def675cbc5f15068b9ea4b19263439c3cca4fa1083dc278149cde85f551cd2ffc2c77fd1dc193200c683fc1c3cdac254e533df84f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
1.2MB

MD5
027a77a637cb439865b2008d68867e99

SHA1
ba448ff5be0d69dbe0889237693371f4f0a2425e

SHA256
6f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd

SHA512
66f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3a4feea51e4c045038526cbec02f19fa

SHA1
4f9f794ceb53b2e9d88ac5caa8b3628dabc01bd9

SHA256
fba27112be9bf5a9a3864c3dd2d396fde6867b1312ab57067002a44d2bf715ca

SHA512
3a8274d3d23f54e3aaa71311ea8e9d05a5a6340932bb266955d27ac4d1735ef0c882826cc7680ea7e235ec5af076715f2b33d0057d1f224106060ad16476faf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
108dd45bb9a357d15b1e83a57e506b10

SHA1
0ce66e73ae4003fdc45032bd15865d64bc21a35e

SHA256
7a2df5411cb1c92589ce7eb477e65d0b61dd7e28b7cfdd42baf7d1f5370e30bd

SHA512
52e54139410d37c3ef3cbfbf2dec8030b2e9fb0448cef988b6e4f22b6470e9d300b275fbef68af86e286e942ed6b652583168315b1474d550e663edb13759966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6ad90045206d2c93d57c802b4404fe79

SHA1
833c6e4454504fad32083e0688debb8acdc28e8a

SHA256
c91519137b58a123c28d50a19af267ea85b06592f74bf16bfce3d5d62f3ce3a6

SHA512
4fe3dfc7facf0db4110ca60c96c55573951376725a15071568685ce4b473cebc24b2d46702e1da6cbd6c149dcd0ba07cc37b8b5ad465785a4650fcc7fb4dc81d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa94d74f0b08aa7329f3813b25d6ad7a

SHA1
adee778f3ccd8a5b625f82b331024cee27676683

SHA256
4e76386678f07f4de9b755596955d78dbafb59951566ffb9ac650edb895e5435

SHA512
fb400a7b28a19352d7670fc19a2c3cc32e6748cdda7a4f5ffbbf9917658352d2da4ad4218a19687abb416c3a71be9ed1c168a56ec26407821652d704e15fef4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1b7cb7f99800b4decbc3c0c39c2b5c91

SHA1
39fabe498aa1f403477395a6028f557d19d11d40

SHA256
d41838eb60fb2ad964292d5b0e434c5a0dd7f5419e60a4268868596eead5b43b

SHA512
cdda65fac7ce78a148ff7cd94e57be5bbf0b3eff8f06e21d202c9a132eeb08d0f426925f9654424c56b2754dd769f6e6caf5df8d7c8e971476440edada078ce0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a11b381b29cf5f4782efad52052023ad

SHA1
99bca97c2f4dd9ea9e8a317051e730cace68a8bb

SHA256
90a0f050c113c123177fb38ab0a221124052f20bd71fa82d08f026747c95ff39

SHA512
d1574c497b1f7122daee09a6e19e998dbfb355e5a590f53ce78792f5b89c3bf361df97dace12869f93fc28bed998d2f6ad03e7e8cbc51ab4023cc728a14bc148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b8c6da609d031bd58263ef02fd20b1e9

SHA1
7c26484a62737e1ef8b3f16cadbea85227322a10

SHA256
d9d0d4176932ece78947806a46cb94edfc0de2ba90855cdbbe2bc6a5dfb2f702

SHA512
a8c4c819efc2483b2a55db23a845cc2d554ac8bbfa356095b83a1593b2f32b020acff08edfda24d17fa75b5b6e3776d30cb343624219274ef7602adfe5c79e91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8839466b2f367b4deba8dac8f3208497

SHA1
54c73192a10d7d116c2adc4df1857cae1c61eaf6

SHA256
54b8b1a8368670c134d452079b80d4ae9f9d0f50a9cda15cc164752092aaadb6

SHA512
4e7263140969e533c25b828436536f8e79c74e850ae8f146d9b601b4ef4e15b627cb916ee1b0061a91156bf9b3710b69d3c4600f061997a08aba4b3e6c7b33b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
fd391d6506249a4969fc55a8451c0d80

SHA1
464d46bfcb3a6dae7a4a4c9101121d296c28e5da

SHA256
a5b24ae2902a16ff40b422744c79f59cbaf811d51ceee08c4cd9a3cf894860ef

SHA512
c3cc7937a131038c1ad49dcd5247c4287e340d3668dc4bdab77f28404bec5034380188fe80f3b8ff1081ddb0bffc2c53e437c89ce54cfa2a4bd142ee226dc445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe597fc5.TMP

Filesize
48B

MD5
93d1ecbf90bd9f3f56f7c817dd6983fc

SHA1
7b733fab96fc69a5538af7e252c452594b8cada8

SHA256
3f06e4d39e712e5fcec15a54a4cf0b0400ac896d0585c1c55182b55a115142ec

SHA512
814f7f055ab4c9971bb5c35a9df779005805645ea9b230fb0ebc65260b03bb14d72912e4c7fb5b3df2ac07c16d756858639a44414c364dd3e7d35341b96d2ab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
82ec6c335c21c4832dd2b9b59adb46ca

SHA1
1155e0f5a695ea04ddf46cff0b4a94e526d33c6d

SHA256
323758dc1a8d9e2d6ec078d6b4413016a94c973fe6e22ee3a253917cf45d4c56

SHA512
da845356df719cbac4d6cd920bd085c5bf8588825e10b2502b520c71643e90ed9376bba3c57bd0d67879f401912a3b15ee494975e32214b613b51720812c2d19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2886df4e935682e0974bd824a01fd635

SHA1
f8a44f26ecdae9712a2b3ac68330f4e702848cb2

SHA256
1450f96dfb1be6b92196739216fed0c55a01270f7afc5dbf1a1a3133c6a2f030

SHA512
603f128de56088aee6ee791a046b7f028f5c89dc7f08e83978c293eea6dfb1630b515b1545dcfabf42d9d8eabdb3239b14c1ae736ed4af2b0253fe9a1b5d6427

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe590390.TMP

Filesize
1KB

MD5
c3ba9d949b7e8c25154d44a3c05a5f53

SHA1
590cc84fc3745e96e6f1b8f16b24e275f8daceaa

SHA256
b8f522bc5366b36a7fa9fe983942ab5c02043a477f62c8f4264e978689b246d7

SHA512
b4d86a3e35ea9045bc7350d9cc4f7f6e71603ed4596d525d581824ac19a4613a77a3e5a5bbcea6fd241d0ae3c335543916c255d1af354731c58bc1835c911fea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b1d8ddf02d880f465ae62b745f26ebbc

SHA1
50961b72d141311fd3b7f12870421cd0cda039b8

SHA256
b6893523f1af8bf9216ac3970182bbd96c150b23f73bb99a87efc355cb0d46ec

SHA512
b792d8f0a67cc4c0d4f33376a89fcd9d49e962406cad754c979239241ddae645cc91ed267a4b3e69b1be81d2e7224c3e0e891164432786c5a8ab769a10417ef9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\SDL2.dll

Filesize
635KB

MD5
ec3c1d17b379968a4890be9eaab73548

SHA1
7dbc6acee3b9860b46c0290a9b94a344d1927578

SHA256
aaa11e97c3621ed680ff2388b91acb394173b96a6e8ffbf3b656079cd00a0b9f

SHA512
06a7880ec80174b48156acd6614ab42fb4422cd89c62d11a7723a3c872f213bfc6c1006df8bdc918bb79009943d2b65c6a5c5e89ad824d1a940ddd41b88a1edb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\SDL2_image.dll

Filesize
58KB

MD5
25e2a737dcda9b99666da75e945227ea

SHA1
d38e086a6a0bacbce095db79411c50739f3acea4

SHA256
22b27380d4f1f217f0e5d5c767e5c244256386cd9d87f8ddf303baaf9239fc4c

SHA512
63de988387047c17fd028a894465286fd8f6f8bd3a1321b104c0ceb5473e3e0b923153b4999143efbdd28684329a33a5b468e43f25214037f6cddd4d1884adb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\SDL2_mixer.dll

Filesize
124KB

MD5
b7b45f61e3bb00ccd4ca92b2a003e3a3

SHA1
5018a7c95dc6d01ba6e3a7e77dd26c2c74fd69bc

SHA256
1327f84e3509f3ccefeef1c12578faf04e9921c145233687710253bf903ba095

SHA512
d3449019824124f3edbda57b3b578713e9c9915e173d31566cd8e4d18f307ac0f710250fe6a906dd53e748db14bfa76ec1b58a6aef7d074c913679a47c5fdbe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\SDL2_ttf.dll

Filesize
601KB

MD5
eb0ce62f775f8bd6209bde245a8d0b93

SHA1
5a5d039e0c2a9d763bb65082e09f64c8f3696a71

SHA256
74591aab94bb87fc9a2c45264930439bbc0d1525bf2571025cd9804e5a1cd11a

SHA512
34993240f14a89179ac95c461353b102ea74e4180f52c206250bb42c4c8427a019ea804b09a6903674ac00ab2a3c4c686a86334e483110e79733696aa17f4eb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\VCRUNTIME140_1.dll

Filesize
48KB

MD5
7e668ab8a78bd0118b94978d154c85bc

SHA1
dbac42a02a8d50639805174afd21d45f3c56e3a0

SHA256
e4b533a94e02c574780e4b333fcf0889f65ed00d39e32c0fbbda2116f185873f

SHA512
72bb41db17256141b06e2eaeb8fc65ad4abdb65e4b5f604c82b9e7e7f60050734137d602e0f853f1a38201515655b6982f2761ee0fa77c531aa58591c95f0032

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\_asyncio.pyd

Filesize
36KB

MD5
98ab674455581854c6fa95c710358ec0

SHA1
c9e8c962dd1f27c423661d5a7f2473184b931ddf

SHA256
7df63550209bbf8e736bd646beadeabf1cb45ae81996620ba871b42841b84c05

SHA512
8a797692aa33bb911ebfe56666377e0ee6916ac31376141b5f0010097cd568d64b5d0d35b23d24e1e9d0d5ac5031a1a4a617acd0dbf69dab8110127965700ed7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\_bz2.pyd

Filesize
48KB

MD5
20a7ecfe1e59721e53aebeb441a05932

SHA1
a91c81b0394d32470e9beff43b4faa4aacd42573

SHA256
7ebbe24da78b652a1b6fe77b955507b1daff6af7ff7e5c3fa5ac71190bde3da8

SHA512
99e5d877d34ebaaaeb281c86af3fff9d54333bd0617f1366e3b4822d33e23586ef9b11f4f7dd7e1e4a314c7a881f33123735294fe8af3a136cd10f80a9b8d902

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\_cffi_backend.cp311-win_amd64.pyd

Filesize
71KB

MD5
cdc182dc9761dbad548061af8ed0bacb

SHA1
646c648471552ab5abb49ed07d0bdc9e88a26d75

SHA256
213a68dface36e70bfc33d9b5932f01aab69010d50397f909b6721bfa42bf9dd

SHA512
968f518dbc5dd60c56e71cf7ca0331e1ebdab3c4ebb7614a2a8cbdee8d1e143e5103e37ec7fbb9d710bd0eca3cbda018564cfc08450178cf448086b1b5b86c1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\_ctypes.pyd

Filesize
58KB

MD5
5006b7ea33fce9f7800fecc4eb837a41

SHA1
f6366ba281b2f46e9e84506029a6bdf7948e60eb

SHA256
8f7a5b0abc319ba9bfd11581f002e533fcbe4ca96cedd37656b579cd3942ef81

SHA512
e3e5e8f471a8ca0d5f0091e00056bd53c27105a946ca936da3f5897b9d802167149710404386c2ed3399b237b8da24b1a24e2561c436ed2e031a8f0564fbbc7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\_decimal.pyd

Filesize
106KB

MD5
d0231f126902db68d7f6ca1652b222c0

SHA1
70e79674d0084c106e246474c4fb112e9c5578eb

SHA256
69876f825678b717c51b7e7e480de19499d972cb1e98bbfd307e53ee5bace351

SHA512
b6b6bfd5fde200a9f45aeb7f6f845eac916feeef2e3fca54e4652e1f19d66ae9817f1625ce0ed79d62e504377011ce23fd95a407fbdbaa6911a09e48b5ef4179

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\_elementtree.pyd

Filesize
57KB

MD5
81c7c9d4ef37d80bb31834204333e327

SHA1
fc1b8a84052ae1dad1e6ee2fa2d0561bce30cb88

SHA256
a353acd9a52003184ae2c8667add9673d9d8c558d08cc78812b830adc71f52e3

SHA512
5ee743d7442a8890908d90d1df7b0229b8ed78388caa9e83d9ee235ebb7ac0ebe4ae9e7024c56e6df5794b5e99e7d149422fe39a9fa271c09a0cc8365e8dfd17

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\_hashlib.pyd

Filesize
35KB

MD5
a81e0df35ded42e8909597f64865e2b3

SHA1
6b1d3a3cd48e94f752dd354791848707676ca84d

SHA256
5582f82f7656d4d92ed22f8e460bebd722e04c8f993c3a6adcc8437264981185

SHA512
2cda7348faffabc826fb7c4eddc120675730077540f042d6dc8f5e6921cf2b9cb88afcd114f53290aa20df832e3b7a767432ea292f6e5b5b5b7d0e05cf8905a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\_lzma.pyd

Filesize
85KB

MD5
f8b61629e42adfe417cb39cdbdf832bb

SHA1
e7f59134b2bf387a5fd5faa6d36393cbcbd24f61

SHA256
7a3973fedd5d4f60887cf0665bcb7bd3c648ad40d3ae7a8e249d875395e5e320

SHA512
58d2882a05289b9d17949884bf50c8f4480a6e6d2b8bd48dfdbcb03d5009af64abf7e9967357aeebf95575d7ef434a40e8ad07a2c1fe275d1a87aa59dcc702d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\_multiprocessing.pyd

Filesize
26KB

MD5
1c8b76ed098be56dce82c2df46b64e93

SHA1
f69241382e5d7832b65f012975ed9191d0965633

SHA256
c30275f7b67f761c6d9c0ff35f05e94cdbc5622fc8e0a198c227e120d2bda3a7

SHA512
4fc0e28c9ab6f0030ba919e2f9f3294d193dc5e534b16f65c62100859b6c625307144b8343e4e38daddbe651a07c6d58d000bcc6a34012a11a69192d09d919d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\_overlapped.pyd

Filesize
32KB

MD5
a27a163449e445357ac471180a0913a2

SHA1
276e1d80854225d25d8929132bc0befbdb65b5af

SHA256
b5cf10a77631951204413c0b4bd0b07e1b5c2e8a1f5e80e4936ed2523b4d6ca0

SHA512
63b0364e163107d297fa745ba853c2bf96dda62e8ff4410e12a71237b4552dc85815f7b9aa71b3a19acf6fc4151560d482434ec7a61d86cf57075630e7e37186

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\_queue.pyd

Filesize
25KB

MD5
0da22ccb73cd146fcdf3c61ef279b921

SHA1
333547f05e351a1378dafa46f4b7c10cbebe3554

SHA256
e8ae2c5d37a68bd34054678ae092e2878f73a0f41e6787210f1e9b9bb97f37a0

SHA512
9eece79511163eb7c36a937f3f2f83703195fc752b63400552ca03d0d78078875ff41116ebaeb05c48e58e82b01254a328572096a17aaad818d32f3d2d07f436

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\_socket.pyd

Filesize
43KB

MD5
c12bded48873b3098c7a36eb06b34870

SHA1
c32a57bc2fc8031417632500aa9b1c01c3866ade

SHA256
6c4860cb071bb6d0b899f7ca2a1da796b06ea391bac99a01f192e856725e88aa

SHA512
335510d6f2f13fb2476a5a17445ca6820c86f7a8a8650f4fd855dd098d022a16c80a8131e04212fd724957d8785ad51ccaff532f2532224ccfd6ce44f4e740f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\_sqlite3.pyd

Filesize
56KB

MD5
63618d0bc7b07aecc487a76eb3a94af8

SHA1
53d528ef2ecbe8817d10c7df53ae798d0981943a

SHA256
e74c9ca9007b6b43ff46783ecb393e6ec9ebbdf03f7c12a90c996d9331700a8b

SHA512
8280f0f6afc69a82bc34e16637003afb61fee5d8f2cab80be7d66525623ec33f1449b0cc8c96df363c661bd9dbc7918a787ecafaaa5d2b85e6cafdcf0432d394

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\_ssl.pyd

Filesize
65KB

MD5
e52dbaeba8cd6cadf00fea19df63f0c1

SHA1
c03f112ee2035d0eaab184ae5f9db89aca04273a

SHA256
eaf60a9e979c95669d8f209f751725df385944f347142e0ecdcf2f794d005ead

SHA512
10eef8fd49e2997542e809c4436ad35dcc6b8a4b9b4313ad54481daef5f01296c9c5f6dedad93fb620f267aef46b0208deffbad1903593fd26fd717a030e89e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\_tkinter.pyd

Filesize
38KB

MD5
c087e51e8a806b31bc11677b43cc2661

SHA1
fe90fe5e604b9c0018127798f688ca32ce1937a2

SHA256
4167520a03904ab7f4e17c73996f913ae57f598066c13abe627b31604c50a467

SHA512
2ff58eecf7b802c0aacd5cae6ddba0e7ae3b125d9a2733c8bfe519515ecb78eca51ba680ea64caa23dfeda904f5e6062fa362a291006387b5a9cae11967456ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\_uuid.pyd

Filesize
24KB

MD5
3a09b6db7e4d6ff0f74c292649e4ba96

SHA1
1a515f98946a4dccc50579cbcedf959017f3a23c

SHA256
fc09e40e569f472dd4ba2ea93da48220a6b0387ec62bb0f41f13ef8fab215413

SHA512
8d5ea9f7eee3d75f0673cc7821a94c50f753299128f3d623e7a9c262788c91c267827c859c5d46314a42310c27699af5cdfc6f7821dd38bf03c0b35873d9730f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\base_library.zip

Filesize
1.4MB

MD5
c04a1916b8a726a74bcdba99b42a376b

SHA1
f87ca7e558071e8dc85872644b8b2993563a75c0

SHA256
f9c5fdc929a36e519ec6a0a3d9f9a4f3358105640bdb71d98de7fb395542b8c4

SHA512
8f453af49da1354b8e22aac594edc2cc5907f64a85167a35d750d2d300be0f39b0f461d48ab5cff70cf24e7f43bad8143933d42710db6153f782c3411923a073

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\crypto_clipper.json

Filesize
155B

MD5
8bff94a9573315a9d1820d9bb710d97f

SHA1
e69a43d343794524b771d0a07fd4cb263e5464d5

SHA256
3f7446866f42bcbeb8426324d3ea58f386f3171abe94279ea7ec773a4adde7d7

SHA512
d5ece1ea9630488245c578cb22d6d9d902839e53b4550c6232b4fb9389ef6c5d5392426ea4a9e3c461979d6d6aa94ddf3b2755f48e9988864788b530cdfcf80f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\freetype.dll

Filesize
292KB

MD5
04a9825dc286549ee3fa29e2b06ca944

SHA1
5bed779bf591752bb7aa9428189ec7f3c1137461

SHA256
50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde

SHA512
0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\libcrypto-3.dll

Filesize
1.6MB

MD5
27515b5bb912701abb4dfad186b1da1f

SHA1
3fcc7e9c909b8d46a2566fb3b1405a1c1e54d411

SHA256
fe80bd2568f8628032921fe7107bd611257ff64c679c6386ef24ba25271b348a

SHA512
087dfdede2a2e6edb3131f4fde2c4df25161bee9578247ce5ec2bce03e17834898eb8d18d1c694e4a8c5554ad41392d957e750239d3684a51a19993d3f32613c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\libffi-8.dll

Filesize
29KB

MD5
08b000c3d990bc018fcb91a1e175e06e

SHA1
bd0ce09bb3414d11c91316113c2becfff0862d0d

SHA256
135c772b42ba6353757a4d076ce03dbf792456143b42d25a62066da46144fece

SHA512
8820d297aeda5a5ebe1306e7664f7a95421751db60d71dc20da251bcdfdc73f3fd0b22546bd62e62d7aa44dfe702e4032fe78802fb16ee6c2583d65abc891cbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\libjpeg-9.dll

Filesize
108KB

MD5
c22b781bb21bffbea478b76ad6ed1a28

SHA1
66cc6495ba5e531b0fe22731875250c720262db1

SHA256
1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd

SHA512
9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\libmodplug-1.dll

Filesize
117KB

MD5
2bb2e7fa60884113f23dcb4fd266c4a6

SHA1
36bbd1e8f7ee1747c7007a3c297d429500183d73

SHA256
9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b

SHA512
1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\libogg-0.dll

Filesize
16KB

MD5
0d65168162287df89af79bb9be79f65b

SHA1
3e5af700b8c3e1a558105284ecd21b73b765a6dc

SHA256
2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24

SHA512
69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\libopus-0.dll

Filesize
181KB

MD5
3fb9d9e8daa2326aad43a5fc5ddab689

SHA1
55523c665414233863356d14452146a760747165

SHA256
fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491

SHA512
f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\libopus-0.x64.dll

Filesize
217KB

MD5
e56f1b8c782d39fd19b5c9ade735b51b

SHA1
3d1dc7e70a655ba9058958a17efabe76953a00b4

SHA256
fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732

SHA512
b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\libopusfile-0.dll

Filesize
26KB

MD5
2d5274bea7ef82f6158716d392b1be52

SHA1
ce2ff6e211450352eec7417a195b74fbd736eb24

SHA256
6dea07c27c0cc5763347357e10c3b17af318268f0f17c7b165325ce524a0e8d5

SHA512
9973d68b23396b3aa09d2079d18f2c463e807c9c1fdf4b1a5f29d561e8d5e62153e0c7be23b63975ad179b9599ff6b0cf08ebdbe843d194483e7ec3e7aeb232a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\libpng16-16.dll

Filesize
98KB

MD5
55009dd953f500022c102cfb3f6a8a6c

SHA1
07af9f4d456ddf86a51da1e4e4c5b54b0cf06ddb

SHA256
20391787cba331cfbe32fbf22f328a0fd48924e944e80de20ba32886bf4b6fd2

SHA512
4423d3ec8fef29782f3d4a21feeac9ba24c9c765d770b2920d47b4fb847a96ff5c793b20373833b4ff8bc3d8fa422159c64beffb78ce5768ed22742740a8c6c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\libssl-3.dll

Filesize
223KB

MD5
6eda5a055b164e5e798429dcd94f5b88

SHA1
2c5494379d1efe6b0a101801e09f10a7cb82dbe9

SHA256
377da6175c8a3815d164561350ae1df22e024bc84c55ae5d2583b51dfd0a19a8

SHA512
74283b4051751f9e4fd0f4b92ca4b953226c155fe4730d737d7ce41a563d6f212da770e96506d1713d8327d6fef94bae4528336ebcfb07e779de0e0f0cb31f2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\libtiff-5.dll

Filesize
127KB

MD5
ebad1fa14342d14a6b30e01ebc6d23c1

SHA1
9c4718e98e90f176c57648fa4ed5476f438b80a7

SHA256
4f50820827ac76042752809479c357063fe5653188654a6ba4df639da2fbf3ca

SHA512
91872eaa1f3f45232ab2d753585e650ded24c6cc8cc1d2a476fa98a61210177bd83570c52594b5ad562fc27cb76e034122f16a922c6910e4ed486da1d3c45c24

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\libwebp-7.dll

Filesize
192KB

MD5
b0dd211ec05b441767ea7f65a6f87235

SHA1
280f45a676c40bd85ed5541ceb4bafc94d7895f3

SHA256
fc06b8f92e86b848a17eaf7ed93464f54ed1f129a869868a74a75105ff8ce56e

SHA512
eaeb83e46c8ca261e79b3432ec2199f163c44f180eb483d66a71ad530ba488eb4cdbd911633e34696a4ccc035e238bc250a8247f318aa2f0cd9759cad4f90fff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\portmidi.dll

Filesize
18KB

MD5
0df0699727e9d2179f7fd85a61c58bdf

SHA1
82397ee85472c355725955257c0da207fa19bf59

SHA256
97a53e8de3f1b2512f0295b5de98fa7a23023a0e4c4008ae534acdba54110c61

SHA512
196e41a34a60de83cb24caa5fc95820fd36371719487350bc2768354edf39eeb6c7860ff3fd9ecf570abb4288523d7ab934e86e85202b9753b135d07180678cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\pyexpat.pyd

Filesize
87KB

MD5
3b0ad66aa60c312e9fd3db1530c92f44

SHA1
25081b2623cbc3378cd0d0f42e0649617609a008

SHA256
7951b7d87ae79f332b28be3815b47a4775ddaebae5aae1bc69657b76073a0c32

SHA512
3defa7533d36637d084adc0ec593807147cc70c41c63abe89e94d5aadc1c44875a07b95cc7729aca4cbafd6e33dfd55b60ed34bf61b61d3d228fc10348f99022

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\python3.DLL

Filesize
65KB

MD5
d8ba00c1d9fcc7c0abbffb5c214da647

SHA1
5fa9d5700b42a83bfcc125d1c45e0111b9d62035

SHA256
e45452efa356db874f2e5ff08c9cc0fe22528609e5d341f8fb67ba48885ab77d

SHA512
df1b714494856f618a742791eefbf470b2eee07b51d983256e4386ea7d48da5c7b1e896f222ea55a748c9413203886cde3a65ef9e7ea069014fa626f81d79cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\python311.dll

Filesize
1.6MB

MD5
0b66c50e563d74188a1e96d6617261e8

SHA1
cfd778b3794b4938e584078cbfac0747a8916d9e

SHA256
02c665f77db6b255fc62f978aedbe2092b7ef1926836290da68fd838dbf2a9f2

SHA512
37d710cb5c0ceb5957d11b61684cfbc65951c1d40ab560f3f3cb8feca42f9d43bd981a0ff44c3cb7562779264f18116723457e79e0e23852d7638b1a954a258f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\select.pyd

Filesize
25KB

MD5
1e9e36e61651c3ad3e91aba117edc8d1

SHA1
61ab19f15e692704139db2d7fb3ac00c461f9f8b

SHA256
5a91ba7ea3cf48033a85247fc3b1083f497bc060778dcf537ca382a337190093

SHA512
b367e00e1a8a3e7af42d997b59e180dfca7e31622558398c398f594d619b91cedc4879bfdda303d37f31dfcc3447faa88f65fd13bac109889cee8c1e3c1d62d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\sqlite3.dll

Filesize
622KB

MD5
c78fab9114164ac981902c44d3cd9b37

SHA1
cb34dff3cf82160731c7da5527c9f3e7e7f113b7

SHA256
4569acfa25dda192becda0d79f4254ce548a718b566792d73c43931306cc5242

SHA512
bf82ccc02248be669fe4e28d8342b726cf52c4ec2bfe2ec1f71661528e2d8df03781ae5ccf005a6022d59a90e36cea7d3c7a495bd11bf149319c891c00ac669b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\tcl86t.dll

Filesize
673KB

MD5
755bec8838059147b46f8e297d05fba2

SHA1
9ff0665cddcf1eb7ff8de015b10cc9fcceb49753

SHA256
744a13c384e136f373f9dc7f7c2eb2536591ec89304e3fa064cac0f0bf135130

SHA512
e61dc700975d28b2257da99b81d135aa7d284c6084877fe81b3cc7b42ac180728f79f4c1663e375680a26f5194ab641c4a40e09f8dbdeb99e1dfa1a57d6f9b34

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\tk86t.dll

Filesize
620KB

MD5
7d85f7480f2d8389f562723090be1370

SHA1
edfa05dc669a8486977e983173ec61cc5097bbb0

SHA256
aaeda7b65e1e33c74a807109360435a6b63a2994243c437e0cdaa69d2b8c6ac5

SHA512
a886475aeea6c4003dd35e518a0833574742b62cdbbbe5b098a5c0f74e89795ebddac31c4107dae6edee8fc476addaa34253af560d33bed8b9df9192c3e7f084

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\unicodedata.pyd

Filesize
295KB

MD5
af87b4aa3862a59d74ff91be300ee9e3

SHA1
e5bfd29f92c28afa79a02dc97a26ed47e4f199b4

SHA256
fac71c7622957fe0773214c7432364d7fc39c5e12250ff9eaaeea4d897564dc7

SHA512
1fb0b8100dffd18c433c4aa97a4f2da76ff6e62e2ef2139edc4f98603ba0bb1c27b310b187b5070cf4e892ffc2d09661a6914defa4509c99b60bcbb50f70f4a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25442\zlib1.dll

Filesize
52KB

MD5
ee06185c239216ad4c70f74e7c011aa6

SHA1
40e66b92ff38c9b1216511d5b1119fe9da6c2703

SHA256
0391066f3e6385a9c0fe7218c38f7bd0b3e0da0f15a98ebb07f1ac38d6175466

SHA512
baae562a53d491e19dbf7ee2cff4c13d42de6833036bfdaed9ed441bcbf004b68e4088bd453b7413d60faaf1b334aee71241ba468437d49050b8ccfa9232425d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26322\attrs-24.1.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5jgrkaon.42j.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/1880-1431-0x00007FFF1CFC0000-0x00007FFF1CFCC000-memory.dmp

Filesize
48KB

Download
memory/1880-1504-0x00007FFF1D510000-0x00007FFF1D5DD000-memory.dmp

Filesize
820KB

Download
memory/1880-1397-0x00007FFF27D60000-0x00007FFF27D72000-memory.dmp

Filesize
72KB

Download
memory/1880-1396-0x00007FFF1D510000-0x00007FFF1D5DD000-memory.dmp

Filesize
820KB

Download
memory/1880-1393-0x00007FFF29370000-0x00007FFF2937C000-memory.dmp

Filesize
48KB

Download
memory/1880-1392-0x00007FFF29350000-0x00007FFF29365000-memory.dmp

Filesize
84KB

Download
memory/1880-1391-0x00007FFF29380000-0x00007FFF29392000-memory.dmp

Filesize
72KB

Download
memory/1880-1390-0x00007FFF1D5E0000-0x00007FFF1DB02000-memory.dmp

Filesize
5.1MB

Download
memory/1880-1402-0x00007FFF301C0000-0x00007FFF301D7000-memory.dmp

Filesize
92KB

Download
memory/1880-1401-0x00007FFF1D3F0000-0x00007FFF1D50C000-memory.dmp

Filesize
1.1MB

Download
memory/1880-1405-0x00007FFF27670000-0x00007FFF276BD000-memory.dmp

Filesize
308KB

Download
memory/1880-1404-0x00007FFF301A0000-0x00007FFF301B9000-memory.dmp

Filesize
100KB

Download
memory/1880-1403-0x00007FFF2C990000-0x00007FFF2C9C8000-memory.dmp

Filesize
224KB

Download
memory/1880-1406-0x00007FFF27650000-0x00007FFF27661000-memory.dmp

Filesize
68KB

Download
memory/1880-1408-0x00007FFF1D2A0000-0x00007FFF1D2FD000-memory.dmp

Filesize
372KB

Download
memory/1880-1407-0x00007FFF22480000-0x00007FFF2249E000-memory.dmp

Filesize
120KB

Download
memory/1880-1410-0x00007FFF1D240000-0x00007FFF1D26E000-memory.dmp

Filesize
184KB

Download
memory/1880-1409-0x00007FFF1D270000-0x00007FFF1D299000-memory.dmp

Filesize
164KB

Download
memory/1880-1413-0x00007FFF1D090000-0x00007FFF1D207000-memory.dmp

Filesize
1.5MB

Download
memory/1880-1412-0x00007FFF1D210000-0x00007FFF1D233000-memory.dmp

Filesize
140KB

Download
memory/1880-1411-0x00007FFF29350000-0x00007FFF29365000-memory.dmp

Filesize
84KB

Download
memory/1880-1414-0x00007FFF1D070000-0x00007FFF1D088000-memory.dmp

Filesize
96KB

Download
memory/1880-1418-0x00007FFF220D0000-0x00007FFF220DC000-memory.dmp

Filesize
48KB

Download
memory/1880-1417-0x00007FFF27D10000-0x00007FFF27D32000-memory.dmp

Filesize
136KB

Download
memory/1880-1416-0x00007FFF22370000-0x00007FFF2237B000-memory.dmp

Filesize
44KB

Download
memory/1880-1415-0x00007FFF22460000-0x00007FFF2246B000-memory.dmp

Filesize
44KB

Download
memory/1880-1419-0x00007FFF301C0000-0x00007FFF301D7000-memory.dmp

Filesize
92KB

Download
memory/1880-1434-0x00007FFF1CF80000-0x00007FFF1CF8C000-memory.dmp

Filesize
48KB

Download
memory/1880-1433-0x00007FFF1CF90000-0x00007FFF1CFA2000-memory.dmp

Filesize
72KB

Download
memory/1880-1432-0x00007FFF1CFB0000-0x00007FFF1CFBD000-memory.dmp

Filesize
52KB

Download
memory/1880-1399-0x00007FFF27D10000-0x00007FFF27D32000-memory.dmp

Filesize
136KB

Download
memory/1880-1430-0x00007FFF1D000000-0x00007FFF1D00C000-memory.dmp

Filesize
48KB

Download
memory/1880-1429-0x00007FFF1D010000-0x00007FFF1D01E000-memory.dmp

Filesize
56KB

Download
memory/1880-1428-0x00007FFF27670000-0x00007FFF276BD000-memory.dmp

Filesize
308KB

Download
memory/1880-1427-0x00007FFF1CFD0000-0x00007FFF1CFDC000-memory.dmp

Filesize
48KB

Download
memory/1880-1426-0x00007FFF1CFE0000-0x00007FFF1CFEB000-memory.dmp

Filesize
44KB

Download
memory/1880-1425-0x00007FFF1CFF0000-0x00007FFF1CFFB000-memory.dmp

Filesize
44KB

Download
memory/1880-1424-0x00007FFF1D020000-0x00007FFF1D02C000-memory.dmp

Filesize
48KB

Download
memory/1880-1423-0x00007FFF1D030000-0x00007FFF1D03C000-memory.dmp

Filesize
48KB

Download
memory/1880-1422-0x00007FFF1D040000-0x00007FFF1D04B000-memory.dmp

Filesize
44KB

Download
memory/1880-1421-0x00007FFF1D050000-0x00007FFF1D05C000-memory.dmp

Filesize
48KB

Download
memory/1880-1420-0x00007FFF1D060000-0x00007FFF1D06B000-memory.dmp

Filesize
44KB

Download
memory/1880-1436-0x00007FFF1CE80000-0x00007FFF1CF3C000-memory.dmp

Filesize
752KB

Download
memory/1880-1435-0x00007FFF1CF40000-0x00007FFF1CF76000-memory.dmp

Filesize
216KB

Download
memory/1880-1438-0x00007FFF1CE50000-0x00007FFF1CE7B000-memory.dmp

Filesize
172KB

Download
memory/1880-1437-0x00007FFF1D2A0000-0x00007FFF1D2FD000-memory.dmp

Filesize
372KB

Download
memory/1880-1440-0x00007FFF1CB70000-0x00007FFF1CE4F000-memory.dmp

Filesize
2.9MB

Download
memory/1880-1439-0x00007FFF1D270000-0x00007FFF1D299000-memory.dmp

Filesize
164KB

Download
memory/1880-1441-0x00007FFF15F90000-0x00007FFF18083000-memory.dmp

Filesize
32.9MB

Download
memory/1880-1443-0x00007FFF1D210000-0x00007FFF1D233000-memory.dmp

Filesize
140KB

Download
memory/1880-1445-0x00007FFF1CB20000-0x00007FFF1CB41000-memory.dmp

Filesize
132KB

Download
memory/1880-1444-0x00007FFF1CB50000-0x00007FFF1CB67000-memory.dmp

Filesize
92KB

Download
memory/1880-1442-0x00007FFF1D240000-0x00007FFF1D26E000-memory.dmp

Filesize
184KB

Download
memory/1880-1446-0x00007FFF1D090000-0x00007FFF1D207000-memory.dmp

Filesize
1.5MB

Download
memory/1880-1447-0x00007FFF1CAF0000-0x00007FFF1CB12000-memory.dmp

Filesize
136KB

Download
memory/1880-1448-0x00007FFF1D070000-0x00007FFF1D088000-memory.dmp

Filesize
96KB

Download
memory/1880-1449-0x00007FFF1CA50000-0x00007FFF1CAEC000-memory.dmp

Filesize
624KB

Download
memory/1880-1451-0x00007FFF1C970000-0x00007FFF1C98A000-memory.dmp

Filesize
104KB

Download
memory/1880-1450-0x00007FFF1C990000-0x00007FFF1C9D7000-memory.dmp

Filesize
284KB

Download
memory/1880-1400-0x00007FFF303E0000-0x00007FFF30406000-memory.dmp

Filesize
152KB

Download
memory/1880-1395-0x00007FFF30410000-0x00007FFF30443000-memory.dmp

Filesize
204KB

Download
memory/1880-1394-0x00007FFF30450000-0x00007FFF30469000-memory.dmp

Filesize
100KB

Download
memory/1880-1516-0x00007FFF27670000-0x00007FFF276BD000-memory.dmp

Filesize
308KB

Download
memory/1880-1515-0x00007FFF301A0000-0x00007FFF301B9000-memory.dmp

Filesize
100KB

Download
memory/1880-1514-0x00007FFF301C0000-0x00007FFF301D7000-memory.dmp

Filesize
92KB

Download
memory/1880-1512-0x00007FFF27D40000-0x00007FFF27D54000-memory.dmp

Filesize
80KB

Download
memory/1880-1511-0x00007FFF27D60000-0x00007FFF27D72000-memory.dmp

Filesize
72KB

Download
memory/1880-1510-0x00007FFF29350000-0x00007FFF29365000-memory.dmp

Filesize
84KB

Download
memory/1880-1509-0x00007FFF2C990000-0x00007FFF2C9C8000-memory.dmp

Filesize
224KB

Download
memory/1880-1500-0x00007FFF1D5E0000-0x00007FFF1DB02000-memory.dmp

Filesize
5.1MB

Download
memory/1880-1517-0x00007FFF27650000-0x00007FFF27661000-memory.dmp

Filesize
68KB

Download
memory/1880-1498-0x00007FFF30BF0000-0x00007FFF30C1D000-memory.dmp

Filesize
180KB

Download
memory/1880-1494-0x00007FFF1DB10000-0x00007FFF1E0F9000-memory.dmp

Filesize
5.9MB

Download
memory/1880-1398-0x00007FFF27D40000-0x00007FFF27D54000-memory.dmp

Filesize
80KB

Download
memory/1880-1380-0x00007FFF2F8C0000-0x00007FFF2F8CC000-memory.dmp

Filesize
48KB

Download
memory/1880-1381-0x00007FFF2BBD0000-0x00007FFF2BBDE000-memory.dmp

Filesize
56KB

Download
memory/1880-1382-0x00007FFF2BBC0000-0x00007FFF2BBCC000-memory.dmp

Filesize
48KB

Download
memory/1880-1294-0x00007FFF1DB10000-0x00007FFF1E0F9000-memory.dmp

Filesize
5.9MB

Download
memory/1880-1304-0x00007FFF35EC0000-0x00007FFF35ECF000-memory.dmp

Filesize
60KB

Download
memory/1880-1302-0x00007FFF34D70000-0x00007FFF34D93000-memory.dmp

Filesize
140KB

Download
memory/1880-1351-0x00007FFF308E0000-0x00007FFF308F4000-memory.dmp

Filesize
80KB

Download
memory/1880-1353-0x00007FFF1D5E0000-0x00007FFF1DB02000-memory.dmp

Filesize
5.1MB

Download
memory/1880-1310-0x00007FFF30BF0000-0x00007FFF30C1D000-memory.dmp

Filesize
180KB

Download
memory/1880-1309-0x00007FFF34CA0000-0x00007FFF34CB9000-memory.dmp

Filesize
100KB

Download
memory/1880-1357-0x00007FFF34E00000-0x00007FFF34E0D000-memory.dmp

Filesize
52KB

Download
memory/1880-1356-0x00007FFF30450000-0x00007FFF30469000-memory.dmp

Filesize
100KB

Download
memory/1880-1358-0x00007FFF30410000-0x00007FFF30443000-memory.dmp

Filesize
204KB

Download
memory/1880-1359-0x00007FFF1D510000-0x00007FFF1D5DD000-memory.dmp

Filesize
820KB

Download
memory/1880-1365-0x00007FFF1D3F0000-0x00007FFF1D50C000-memory.dmp

Filesize
1.1MB

Download
memory/1880-1364-0x00007FFF34D70000-0x00007FFF34D93000-memory.dmp

Filesize
140KB

Download
memory/1880-1363-0x00007FFF303E0000-0x00007FFF30406000-memory.dmp

Filesize
152KB

Download
memory/1880-1362-0x00007FFF30B60000-0x00007FFF30B6B000-memory.dmp

Filesize
44KB

Download
memory/1880-1361-0x00007FFF312E0000-0x00007FFF312ED000-memory.dmp

Filesize
52KB

Download
memory/1880-1360-0x00007FFF1DB10000-0x00007FFF1E0F9000-memory.dmp

Filesize
5.9MB

Download
memory/1880-1367-0x00007FFF2C990000-0x00007FFF2C9C8000-memory.dmp

Filesize
224KB

Download
memory/1880-1374-0x00007FFF2F8D0000-0x00007FFF2F8DC000-memory.dmp

Filesize
48KB

Download
memory/1880-1373-0x00007FFF2FBF0000-0x00007FFF2FBFB000-memory.dmp

Filesize
44KB

Download
memory/1880-1372-0x00007FFF2FC30000-0x00007FFF2FC3C000-memory.dmp

Filesize
48KB

Download
memory/1880-1371-0x00007FFF2FCE0000-0x00007FFF2FCEB000-memory.dmp

Filesize
44KB

Download
memory/1880-1370-0x00007FFF30190000-0x00007FFF3019C000-memory.dmp

Filesize
48KB

Download
memory/1880-1369-0x00007FFF303A0000-0x00007FFF303AB000-memory.dmp

Filesize
44KB

Download
memory/1880-1368-0x00007FFF303D0000-0x00007FFF303DB000-memory.dmp

Filesize
44KB

Download
memory/1880-1388-0x00007FFF293A0000-0x00007FFF293AD000-memory.dmp

Filesize
52KB

Download
memory/1880-1387-0x00007FFF308E0000-0x00007FFF308F4000-memory.dmp

Filesize
80KB

Download
memory/1880-1386-0x00007FFF293B0000-0x00007FFF293BC000-memory.dmp

Filesize
48KB

Download
memory/1880-1385-0x00007FFF29E40000-0x00007FFF29E4C000-memory.dmp

Filesize
48KB

Download
memory/1880-1384-0x00007FFF2BBA0000-0x00007FFF2BBAB000-memory.dmp

Filesize
44KB

Download
memory/1880-1383-0x00007FFF2BBB0000-0x00007FFF2BBBB000-memory.dmp

Filesize
44KB

Download
memory/5476-3953-0x00007FFF303D0000-0x00007FFF303DB000-memory.dmp

Filesize
44KB

Download
memory/5476-3947-0x00007FFF303F0000-0x00007FFF30428000-memory.dmp

Filesize
224KB

Download
memory/5476-3939-0x00007FFF30A40000-0x00007FFF30A59000-memory.dmp

Filesize
100KB

Download
memory/5476-3938-0x00007FFF1D5E0000-0x00007FFF1DB02000-memory.dmp

Filesize
5.1MB

Download
memory/5476-3937-0x00007FFF34CA0000-0x00007FFF34CB4000-memory.dmp

Filesize
80KB

Download
memory/5476-3936-0x00007FFF30BF0000-0x00007FFF30C1D000-memory.dmp

Filesize
180KB

Download
memory/5476-3935-0x00007FFF34D80000-0x00007FFF34D99000-memory.dmp

Filesize
100KB

Download
memory/5476-3934-0x00007FFF35EC0000-0x00007FFF35ECF000-memory.dmp

Filesize
60KB

Download
memory/5476-3933-0x00007FFF35430000-0x00007FFF35453000-memory.dmp

Filesize
140KB

Download
memory/5476-3942-0x00007FFF2FFA0000-0x00007FFF3006D000-memory.dmp

Filesize
820KB

Download
memory/5476-3943-0x00007FFF34E00000-0x00007FFF34E0D000-memory.dmp

Filesize
52KB

Download
memory/5476-3944-0x00007FFF34D70000-0x00007FFF34D7B000-memory.dmp

Filesize
44KB

Download
memory/5476-3945-0x00007FFF30A10000-0x00007FFF30A36000-memory.dmp

Filesize
152KB

Download
memory/5476-3946-0x00007FFF2FE80000-0x00007FFF2FF9C000-memory.dmp

Filesize
1.1MB

Download
memory/5476-3952-0x00007FFF303E0000-0x00007FFF303EC000-memory.dmp

Filesize
48KB

Download
memory/5476-3948-0x00007FFF312E0000-0x00007FFF312EB000-memory.dmp

Filesize
44KB

Download
memory/5476-3949-0x00007FFF30B60000-0x00007FFF30B6B000-memory.dmp

Filesize
44KB

Download
memory/5476-3950-0x00007FFF308F0000-0x00007FFF308FC000-memory.dmp

Filesize
48KB

Download
memory/5476-3940-0x00007FFF35420000-0x00007FFF3542D000-memory.dmp

Filesize
52KB

Download
memory/5476-3951-0x00007FFF308E0000-0x00007FFF308EB000-memory.dmp

Filesize
44KB

Download
memory/5476-3958-0x00007FFF301A0000-0x00007FFF301AB000-memory.dmp

Filesize
44KB

Download
memory/5476-3954-0x00007FFF303A0000-0x00007FFF303AC000-memory.dmp

Filesize
48KB

Download
memory/5476-3955-0x00007FFF301D0000-0x00007FFF301DC000-memory.dmp

Filesize
48KB

Download
memory/5476-3956-0x00007FFF301C0000-0x00007FFF301CE000-memory.dmp

Filesize
56KB

Download
memory/5476-3957-0x00007FFF301B0000-0x00007FFF301BC000-memory.dmp

Filesize
48KB

Download
memory/5476-3941-0x00007FFF30430000-0x00007FFF30463000-memory.dmp

Filesize
204KB

Download
memory/5476-3959-0x00007FFF30190000-0x00007FFF3019B000-memory.dmp

Filesize
44KB

Download
memory/5476-3960-0x00007FFF2FE70000-0x00007FFF2FE7C000-memory.dmp

Filesize
48KB

Download
memory/5476-3961-0x00007FFF2FE60000-0x00007FFF2FE6C000-memory.dmp

Filesize
48KB

Download
memory/5476-3962-0x00007FFF2FE50000-0x00007FFF2FE5D000-memory.dmp

Filesize
52KB

Download
memory/5476-3963-0x00007FFF2FE30000-0x00007FFF2FE42000-memory.dmp

Filesize
72KB

Download
memory/5476-3964-0x00007FFF2FE20000-0x00007FFF2FE2C000-memory.dmp

Filesize
48KB

Download
memory/5476-3965-0x00007FFF2FE00000-0x00007FFF2FE15000-memory.dmp

Filesize
84KB

Download
memory/5476-3966-0x00007FFF2FDE0000-0x00007FFF2FDF2000-memory.dmp

Filesize
72KB

Download
memory/5476-3967-0x00007FFF2FDC0000-0x00007FFF2FDD4000-memory.dmp

Filesize
80KB

Download
memory/5476-3968-0x00007FFF2FD90000-0x00007FFF2FDB2000-memory.dmp

Filesize
136KB

Download
memory/5476-3969-0x00007FFF2FD70000-0x00007FFF2FD87000-memory.dmp

Filesize
92KB

Download
memory/5476-3970-0x00007FFF2FD50000-0x00007FFF2FD69000-memory.dmp

Filesize
100KB

Download
memory/5476-3971-0x00007FFF2FD00000-0x00007FFF2FD4D000-memory.dmp

Filesize
308KB

Download
memory/5476-3932-0x00007FFF1DB10000-0x00007FFF1E0F9000-memory.dmp

Filesize
5.9MB

Download