b21830ae4e42dcb22c3a3b0b1021f0f60733a0f3357b491e1970a805f99d1c1c

Analysis

max time kernel
942s
max time network
944s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-09-2024 02:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

save-money-by-kondo_L0274sMnqk.zip
Size

6.4MB
MD5

69571adef6e120c1a21d662d5ad21f93
SHA1

e4d2ad8093a87ce3f92e974729437d4cd95fdbea
SHA256

b21830ae4e42dcb22c3a3b0b1021f0f60733a0f3357b491e1970a805f99d1c1c
SHA512

01511115eda5abd29416eafb5c31552cfc2333cb471d317d4ebfbd97e08fd79bc1ac0cdb94eeaacd4957a9f350abfa71d20c96806733ba6c992fae8491e4dcd7
SSDEEP

196608:hJlkqrQrenCIJ/RE7XA2cCiwJ0tV7cPPLU:hMfyDfELhcdVVwXI

Score

10^/10

discovery

Malware Config

Signatures

Suspicious use of NtCreateProcessExOtherParentProcess 4 IoCs

description	pid	Process	procid_target
PID 3032 created 3468	3032	taskmgr.exe	179
PID 3032 created 3468	3032	taskmgr.exe	179
PID 3032 created 5000	3032	taskmgr.exe	181
PID 3032 created 5000	3032	taskmgr.exe	181

Executes dropped EXE 6 IoCs

pid	Process
4812	save-money-by-kondo_L0274sMnqk.tmp
3348	steelsoftstages32_64.exe
4240	save-money-by-kondo_L0274sMnqk.tmp
1552	steelsoftstages32_64.exe
3468	save-money-by-kondo_L0274sMnqk.tmp
5000	steelsoftstages32_64.exe

Loads dropped DLL 11 IoCs

pid	Process
4812	save-money-by-kondo_L0274sMnqk.tmp
4812	save-money-by-kondo_L0274sMnqk.tmp
4812	save-money-by-kondo_L0274sMnqk.tmp
4240	save-money-by-kondo_L0274sMnqk.tmp
4240	save-money-by-kondo_L0274sMnqk.tmp
4240	save-money-by-kondo_L0274sMnqk.tmp
3468	save-money-by-kondo_L0274sMnqk.tmp
3468	save-money-by-kondo_L0274sMnqk.tmp
3468	save-money-by-kondo_L0274sMnqk.tmp
4528	vc_redist.x86.exe
2176	vc_redist.x86.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
316	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 42 IoCs

pid	pid_target	Process	procid_target
3248	3348	WerFault.exe	118
4128	3348	WerFault.exe	118
2000	3348	WerFault.exe	118
5000	3348	WerFault.exe	118
2124	3348	WerFault.exe	118
1684	3348	WerFault.exe	118
3196	3348	WerFault.exe	118
1384	3348	WerFault.exe	118
4396	3348	WerFault.exe	118
1168	3348	WerFault.exe	118
444	3348	WerFault.exe	118
4244	3348	WerFault.exe	118
3732	1552	WerFault.exe	151
744	1552	WerFault.exe	151
1584	1552	WerFault.exe	151
3496	1552	WerFault.exe	151
1504	1552	WerFault.exe	151
4204	1552	WerFault.exe	151
2876	1552	WerFault.exe	151
1172	1552	WerFault.exe	151
2488	1552	WerFault.exe	151
2444	1552	WerFault.exe	151
1800	1552	WerFault.exe	151
1648	1552	WerFault.exe	151
4592	5000	WerFault.exe	181
4984	5000	WerFault.exe	181
712	5000	WerFault.exe	181
1168	5000	WerFault.exe	181
4868	5000	WerFault.exe	181
2460	5000	WerFault.exe	181
2972	5000	WerFault.exe	181
3048	5000	WerFault.exe	181
928	5000	WerFault.exe	181
2756	5000	WerFault.exe	181
2964	5000	WerFault.exe	181
4248	5000	WerFault.exe	181
4376	5000	WerFault.exe	181
4776	5000	WerFault.exe	181
3924	5000	WerFault.exe	181
3856	5000	WerFault.exe	181
4492	5000	WerFault.exe	181
2612	5000	WerFault.exe	181

System Location Discovery: System Language Discovery 1 TTPs 19 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steelsoftstages32_64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steelsoftstages32_64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	save-money-by-kondo_L0274sMnqk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	save-money-by-kondo_L0274sMnqk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	save-money-by-kondo_L0274sMnqk.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steelsoftstages32_64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vc_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	save-money-by-kondo_L0274sMnqk.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	save-money-by-kondo_L0274sMnqk.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	save-money-by-kondo_L0274sMnqk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vc_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vc_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NoEscape.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vc_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NoEscape.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-355097885-2402257403-2971294179-1000\{F2688C1B-483B-4573-A567-21A5256F7CAD}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	taskmgr.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-355097885-2402257403-2971294179-1000\{5D2087A7-26CA-46C1-997B-224D097100AD}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
684	notepad.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3160	msedge.exe
3160	msedge.exe
1880	msedge.exe
1880	msedge.exe
4812	save-money-by-kondo_L0274sMnqk.tmp
4812	save-money-by-kondo_L0274sMnqk.tmp
3348	steelsoftstages32_64.exe
3348	steelsoftstages32_64.exe
4240	save-money-by-kondo_L0274sMnqk.tmp
4240	save-money-by-kondo_L0274sMnqk.tmp
4240	save-money-by-kondo_L0274sMnqk.tmp
4240	save-money-by-kondo_L0274sMnqk.tmp
4240	save-money-by-kondo_L0274sMnqk.tmp
4240	save-money-by-kondo_L0274sMnqk.tmp
4240	save-money-by-kondo_L0274sMnqk.tmp
4240	save-money-by-kondo_L0274sMnqk.tmp
4240	save-money-by-kondo_L0274sMnqk.tmp
4240	save-money-by-kondo_L0274sMnqk.tmp
4240	save-money-by-kondo_L0274sMnqk.tmp
4240	save-money-by-kondo_L0274sMnqk.tmp
1552	steelsoftstages32_64.exe
1552	steelsoftstages32_64.exe
3468	save-money-by-kondo_L0274sMnqk.tmp
3468	save-money-by-kondo_L0274sMnqk.tmp
5000	steelsoftstages32_64.exe
5000	steelsoftstages32_64.exe
3948	msedge.exe
3948	msedge.exe
4344	msedge.exe
4344	msedge.exe
1752	msedge.exe
1752	msedge.exe
4068	identity_helper.exe
4068	identity_helper.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3032	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 41 IoCs

pid	Process
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

description	pid	Process
Token: 33	4212	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4212	AUDIODG.EXE
Token: SeDebugPrivilege	3032	taskmgr.exe
Token: SeSystemProfilePrivilege	3032	taskmgr.exe
Token: SeCreateGlobalPrivilege	3032	taskmgr.exe
Token: SeSecurityPrivilege	3032	taskmgr.exe
Token: SeTakeOwnershipPrivilege	3032	taskmgr.exe
Token: SeBackupPrivilege	4628	svchost.exe
Token: SeRestorePrivilege	4628	svchost.exe
Token: SeSecurityPrivilege	4628	svchost.exe
Token: SeTakeOwnershipPrivilege	4628	svchost.exe
Token: 35	4628	svchost.exe
Token: 33	3032	taskmgr.exe
Token: SeIncBasePriorityPrivilege	3032	taskmgr.exe
Token: 33	1908	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1908	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
4812	save-money-by-kondo_L0274sMnqk.tmp
4240	save-money-by-kondo_L0274sMnqk.tmp
3468	save-money-by-kondo_L0274sMnqk.tmp
3004	NOTEPAD.EXE
3004	NOTEPAD.EXE
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe
3032	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3004	NOTEPAD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 3424	1880	msedge.exe	98
PID 1880 wrote to memory of 3424	1880	msedge.exe	98
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 4240	1880	msedge.exe	99
PID 1880 wrote to memory of 3160	1880	msedge.exe	100
PID 1880 wrote to memory of 3160	1880	msedge.exe	100
PID 1880 wrote to memory of 1460	1880	msedge.exe	101
PID 1880 wrote to memory of 1460	1880	msedge.exe	101
PID 1880 wrote to memory of 1460	1880	msedge.exe	101
PID 1880 wrote to memory of 1460	1880	msedge.exe	101
PID 1880 wrote to memory of 1460	1880	msedge.exe	101
PID 1880 wrote to memory of 1460	1880	msedge.exe	101
PID 1880 wrote to memory of 1460	1880	msedge.exe	101
PID 1880 wrote to memory of 1460	1880	msedge.exe	101
PID 1880 wrote to memory of 1460	1880	msedge.exe	101
PID 1880 wrote to memory of 1460	1880	msedge.exe	101
PID 1880 wrote to memory of 1460	1880	msedge.exe	101
PID 1880 wrote to memory of 1460	1880	msedge.exe	101
PID 1880 wrote to memory of 1460	1880	msedge.exe	101
PID 1880 wrote to memory of 1460	1880	msedge.exe	101
PID 1880 wrote to memory of 1460	1880	msedge.exe	101
PID 1880 wrote to memory of 1460	1880	msedge.exe	101
PID 1880 wrote to memory of 1460	1880	msedge.exe	101
PID 1880 wrote to memory of 1460	1880	msedge.exe	101
PID 1880 wrote to memory of 1460	1880	msedge.exe	101
PID 1880 wrote to memory of 1460	1880	msedge.exe	101

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\save-money-by-kondo_L0274sMnqk.zip
1⤵
PID:3252

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://temp/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x104,0x128,0x7ffad91b46f8,0x7ffad91b4708,0x7ffad91b4718
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7401427664272513874,16211699932472147673,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,7401427664272513874,16211699932472147673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,7401427664272513874,16211699932472147673,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7401427664272513874,16211699932472147673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7401427664272513874,16211699932472147673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7401427664272513874,16211699932472147673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7401427664272513874,16211699932472147673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:2740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3184

C:\Users\Admin\Desktop\save-money-by-kondo_L0274sMnqk\save-money-by-kondo_L0274sMnqk.exe
"C:\Users\Admin\Desktop\save-money-by-kondo_L0274sMnqk\save-money-by-kondo_L0274sMnqk.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:372
- C:\Users\Admin\AppData\Local\Temp\is-41EH2.tmp\save-money-by-kondo_L0274sMnqk.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-41EH2.tmp\save-money-by-kondo_L0274sMnqk.tmp" /SL5="$80248,6427453,54272,C:\Users\Admin\Desktop\save-money-by-kondo_L0274sMnqk\save-money-by-kondo_L0274sMnqk.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:4812
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\system32\schtasks.exe" /Delete /F /TN "steel_soft_stages_913"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:996
- - C:\Users\Admin\AppData\Local\SteelSoft Stages\steelsoftstages32_64.exe
    "C:\Users\Admin\AppData\Local\SteelSoft Stages\steelsoftstages32_64.exe" 3cd67503f5153f7be1750522e8b523f1
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3348
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 880
      4⤵
      Program crash
      PID:3248
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 888
      4⤵
      Program crash
      PID:4128
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 896
      4⤵
      Program crash
      PID:2000
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 1088
      4⤵
      Program crash
      PID:5000
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 1108
      4⤵
      Program crash
      PID:2124
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 1128
      4⤵
      Program crash
      PID:1684
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 1176
      4⤵
      Program crash
      PID:3196
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 1124
      4⤵
      Program crash
      PID:1384
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 1184
      4⤵
      Program crash
      PID:4396
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 892
      4⤵
      Program crash
      PID:1168
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 984
      4⤵
      Program crash
      PID:444
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 140
      4⤵
      Program crash
      PID:4244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3348 -ip 3348
1⤵
PID:1636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 3348 -ip 3348
1⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 3348 -ip 3348
1⤵
PID:232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3348 -ip 3348
1⤵
PID:1900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3348 -ip 3348
1⤵
PID:3228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3348 -ip 3348
1⤵
PID:3992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3348 -ip 3348
1⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3348 -ip 3348
1⤵
PID:4976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3348 -ip 3348
1⤵
PID:1416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3348 -ip 3348
1⤵
PID:3252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3348 -ip 3348
1⤵
PID:3264

C:\Users\Admin\Desktop\save-money-by-kondo_L0274sMnqk\save-money-by-kondo_L0274sMnqk.exe
"C:\Users\Admin\Desktop\save-money-by-kondo_L0274sMnqk\save-money-by-kondo_L0274sMnqk.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2008
- C:\Users\Admin\AppData\Local\Temp\is-R384H.tmp\save-money-by-kondo_L0274sMnqk.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-R384H.tmp\save-money-by-kondo_L0274sMnqk.tmp" /SL5="$20318,6427453,54272,C:\Users\Admin\Desktop\save-money-by-kondo_L0274sMnqk\save-money-by-kondo_L0274sMnqk.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:4240
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\system32\schtasks.exe" /Delete /F /TN "steel_soft_stages_913"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3584
- - C:\Users\Admin\AppData\Local\SteelSoft Stages\steelsoftstages32_64.exe
    "C:\Users\Admin\AppData\Local\SteelSoft Stages\steelsoftstages32_64.exe" 3cd67503f5153f7be1750522e8b523f1
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1552
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 852
      4⤵
      Program crash
      PID:3732
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 860
      4⤵
      Program crash
      PID:744
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 916
      4⤵
      Program crash
      PID:1584
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 1052
      4⤵
      Program crash
      PID:3496
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 1072
      4⤵
      Program crash
      PID:1504
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 1056
      4⤵
      Program crash
      PID:4204
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 1104
      4⤵
      Program crash
      PID:2876
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 1188
      4⤵
      Program crash
      PID:1172
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 1196
      4⤵
      Program crash
      PID:2488
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 952
      4⤵
      Program crash
      PID:2444
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 1296
      4⤵
      Program crash
      PID:1800
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 140
      4⤵
      Program crash
      PID:1648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3348 -ip 3348
1⤵
PID:4324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1552 -ip 1552
1⤵
PID:3628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 1552 -ip 1552
1⤵
PID:2156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1552 -ip 1552
1⤵
PID:2996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 1552 -ip 1552
1⤵
PID:3060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1552 -ip 1552
1⤵
PID:5040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1552 -ip 1552
1⤵
PID:364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 1552 -ip 1552
1⤵
PID:1988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 1552 -ip 1552
1⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1552 -ip 1552
1⤵
PID:2468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1552 -ip 1552
1⤵
PID:4696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 1552 -ip 1552
1⤵
PID:2316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 1552 -ip 1552
1⤵
PID:1380

C:\Users\Admin\Desktop\save-money-by-kondo_L0274sMnqk\save-money-by-kondo_L0274sMnqk.exe
"C:\Users\Admin\Desktop\save-money-by-kondo_L0274sMnqk\save-money-by-kondo_L0274sMnqk.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4840
- C:\Users\Admin\AppData\Local\Temp\is-4T1BD.tmp\save-money-by-kondo_L0274sMnqk.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-4T1BD.tmp\save-money-by-kondo_L0274sMnqk.tmp" /SL5="$A0032,6427453,54272,C:\Users\Admin\Desktop\save-money-by-kondo_L0274sMnqk\save-money-by-kondo_L0274sMnqk.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:3468
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\system32\schtasks.exe" /Delete /F /TN "steel_soft_stages_913"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1596
- - C:\Users\Admin\AppData\Local\SteelSoft Stages\steelsoftstages32_64.exe
    "C:\Users\Admin\AppData\Local\SteelSoft Stages\steelsoftstages32_64.exe" 3cd67503f5153f7be1750522e8b523f1
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:5000
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 852
      4⤵
      Program crash
      PID:4592
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 860
      4⤵
      Program crash
      PID:4984
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 920
      4⤵
      Program crash
      PID:712
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 1052
      4⤵
      Program crash
      PID:1168
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 1092
      4⤵
      Program crash
      PID:4868
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 1080
      4⤵
      Program crash
      PID:2460
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 1112
      4⤵
      Program crash
      PID:2972
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 1136
      4⤵
      Program crash
      PID:3048
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 1188
      4⤵
      Program crash
      PID:928
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 968
      4⤵
      Program crash
      PID:2756
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 1240
      4⤵
      Program crash
      PID:2964
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 1220
      4⤵
      Program crash
      PID:4248
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 1100
      4⤵
      Program crash
      PID:4376
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 968
      4⤵
      Program crash
      PID:4776
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 1224
      4⤵
      Program crash
      PID:3924
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 1240
      4⤵
      Program crash
      PID:3856
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 968
      4⤵
      Program crash
      PID:4492
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 1236
      4⤵
      Program crash
      PID:2612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5000 -ip 5000
1⤵
PID:2572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 5000 -ip 5000
1⤵
PID:3992

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\save-money-by-kondo_L0274sMnqk\PASSWORD 123.txt
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5000 -ip 5000
1⤵
PID:3252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5000 -ip 5000
1⤵
PID:3192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5000 -ip 5000
1⤵
PID:1980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5000 -ip 5000
1⤵
PID:1244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 5000 -ip 5000
1⤵
PID:4160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5000 -ip 5000
1⤵
PID:4896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5000 -ip 5000
1⤵
PID:4020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5000 -ip 5000
1⤵
PID:4704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5000 -ip 5000
1⤵
PID:4172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x78,0x108,0x7ffad91b46f8,0x7ffad91b4708,0x7ffad91b4718
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,9458189769037263241,3836272245257349453,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,9458189769037263241,3836272245257349453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2556 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,9458189769037263241,3836272245257349453,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2984 /prefetch:8
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9458189769037263241,3836272245257349453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9458189769037263241,3836272245257349453,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9458189769037263241,3836272245257349453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9458189769037263241,3836272245257349453,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9458189769037263241,3836272245257349453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9458189769037263241,3836272245257349453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1948,9458189769037263241,3836272245257349453,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1948,9458189769037263241,3836272245257349453,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3524 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9458189769037263241,3836272245257349453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9458189769037263241,3836272245257349453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9458189769037263241,3836272245257349453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9458189769037263241,3836272245257349453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,9458189769037263241,3836272245257349453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,9458189769037263241,3836272245257349453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9458189769037263241,3836272245257349453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9458189769037263241,3836272245257349453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9458189769037263241,3836272245257349453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2176 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9458189769037263241,3836272245257349453,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1840 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9458189769037263241,3836272245257349453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9458189769037263241,3836272245257349453,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9458189769037263241,3836272245257349453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9458189769037263241,3836272245257349453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9458189769037263241,3836272245257349453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9458189769037263241,3836272245257349453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,9458189769037263241,3836272245257349453,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1408 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4324

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x4f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5000 -ip 5000
1⤵
PID:4824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5000 -ip 5000
1⤵
PID:3908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 5000 -ip 5000
1⤵
PID:1212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5000 -ip 5000
1⤵
PID:3064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5000 -ip 5000
1⤵
PID:2756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5000 -ip 5000
1⤵
PID:980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5000 -ip 5000
1⤵
PID:1812

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Checks SCSI registry key(s)
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3032

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\eef5a8d3aac6484d871a5b76a55bc3d7 /t 1688 /p 3468
1⤵
PID:2456

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\fecead02c27d422991332812a4b3f748 /t 4076 /p 5000
1⤵
PID:4404

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4628

C:\Windows\System32\-ue4vv.exe
"C:\Windows\System32\-ue4vv.exe"
1⤵
PID:3412

C:\Windows\bfsvc.exe
"C:\Windows\bfsvc.exe"
1⤵
PID:3712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffad91b46f8,0x7ffad91b4708,0x7ffad91b4718
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,2156771264264227520,3671339798815784947,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,2156771264264227520,3671339798815784947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,2156771264264227520,3671339798815784947,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2156771264264227520,3671339798815784947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2156771264264227520,3671339798815784947,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2156771264264227520,3671339798815784947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2156771264264227520,3671339798815784947,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,2156771264264227520,3671339798815784947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,2156771264264227520,3671339798815784947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2156771264264227520,3671339798815784947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2156771264264227520,3671339798815784947,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2156771264264227520,3671339798815784947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2156771264264227520,3671339798815784947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,2156771264264227520,3671339798815784947,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2224 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,2156771264264227520,3671339798815784947,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2156771264264227520,3671339798815784947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2156771264264227520,3671339798815784947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2156771264264227520,3671339798815784947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,2156771264264227520,3671339798815784947,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,2156771264264227520,3671339798815784947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6212 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2156771264264227520,3671339798815784947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1864 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2156771264264227520,3671339798815784947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2156771264264227520,3671339798815784947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2156771264264227520,3671339798815784947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2156771264264227520,3671339798815784947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2156771264264227520,3671339798815784947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,2156771264264227520,3671339798815784947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,2156771264264227520,3671339798815784947,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4268 /prefetch:2
  2⤵
  PID:1632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2636

C:\Users\Admin\Desktop\NoEscape.exe\NoEscape.exe-Latest Version\vc_redist.x86.exe
"C:\Users\Admin\Desktop\NoEscape.exe\NoEscape.exe-Latest Version\vc_redist.x86.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3632
- C:\Users\Admin\Desktop\NoEscape.exe\NoEscape.exe-Latest Version\vc_redist.x86.exe
  "C:\Users\Admin\Desktop\NoEscape.exe\NoEscape.exe-Latest Version\vc_redist.x86.exe" -burn.unelevated BurnPipe.{C06E32B2-16E3-4444-84DD-799C2E545C45} {B352BBEC-7002-465B-BB81-59C14C4D2306} 3632
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4528

C:\Users\Admin\Desktop\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe
"C:\Users\Admin\Desktop\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2744

C:\Users\Admin\Desktop\NoEscape.exe\NoEscape.exe-Latest Version\vc_redist.x86.exe
"C:\Users\Admin\Desktop\NoEscape.exe\NoEscape.exe-Latest Version\vc_redist.x86.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3296
- C:\Users\Admin\Desktop\NoEscape.exe\NoEscape.exe-Latest Version\vc_redist.x86.exe
  "C:\Users\Admin\Desktop\NoEscape.exe\NoEscape.exe-Latest Version\vc_redist.x86.exe" -burn.unelevated BurnPipe.{E0004659-81F0-404E-8839-C822EBEAB440} {F7CCDBD8-494E-4749-A9D9-FEE6B9B7B620} 3296
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2176
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" C:\Users\Admin\AppData\Local\Temp\dd_vcredist_x86_20240902030947.log
    3⤵
    - System Location Discovery: System Language Discovery
    - Opens file in notepad (likely ransom note)
    PID:684

C:\Users\Admin\Desktop\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe
"C:\Users\Admin\Desktop\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe"
1⤵
PID:2576

C:\Users\Admin\Desktop\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe
"C:\Users\Admin\Desktop\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe"
1⤵
PID:4404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4120

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x4f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1908

C:\Users\Admin\Desktop\NoEscape.exe\NoEscape.exe
"C:\Users\Admin\Desktop\NoEscape.exe\NoEscape.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0e9f18f47fbc1dd82a3daba3b963f9dd

SHA1
7a3cee6cec9de3c7e016ad01fb9b99da39bb54ce

SHA256
cd88f0a1cd999f2488b03be180cac9834bf6cea6f06403c8adc0fbd15c914c81

SHA512
0da45ab716d2e87902120a7800e6812758f03bf5537fb859caec94bb531685c203eb997172326c6bd2a859f850a8ed4281e5fcd32fef4128887c5753bf252612

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ed2db50ef1369c44f8946a0de4ca94ef

SHA1
593fe1bff170180ccf95d86c71976318c130571a

SHA256
820b0896d03ae11d1fcb126b9bed4a23c0d3d1fb113f4ca1159f112b3b8504c5

SHA512
06258f7b3197c012dba44afd0b862a712fad776040fb33ebe5498fade4049f7298538c5ffadb6ea8d497ebe341c8f51b0118cd0650cb32adfa5fc2702db58598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4d5cbe3c-abd6-4f26-b84e-be52c0c8e432.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
63KB

MD5
5d0e354e98734f75eee79829eb7b9039

SHA1
86ffc126d8b7473568a4bb04d49021959a892b3a

SHA256
1cf8ae1c13406a2b4fc81dae6e30f6ea6a8a72566222d2ffe9e85b7e3676b97e

SHA512
4475f576a2cdaac1ebdec9e0a94f3098e2bc84b9a2a1da004c67e73597dd61acfbb88c94d0d39a655732c77565b7cc06880c78a97307cb3aac5abf16dd14ec79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
70KB

MD5
ba970966e10a8e87ca855b95cee05ab0

SHA1
e3a5e78a16392fd5da108f9821e00f48a7e44b5d

SHA256
463fde9c3ee7e0bd18f5ed0d239cdc1565481df623433fab4142869430ab00e1

SHA512
e8a47925d959e5ab41e3b81a9461ef436c4fe81af5b0bbd350856175ad8e0dd0ac181e509c93799350b86c4815d94219752c0e780a37935eb76d633cc7a852f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
43KB

MD5
0cff0872c785b9d25c2577dd6c3c0b1d

SHA1
82972fd9ede84e171399ec551c603dd22d72a8ed

SHA256
07cf7f8598ed9563cb0488dd2feb8e3ee0b0800877f155740f691c84c5ca9457

SHA512
c944e51c83c216aea00118656381f44ccfbcbac3d4d74f32aa72de2c4821854d663fde4865fa318703022142cb9ffe16cb13272739006b117e8764c505ce92dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
117KB

MD5
c998578712a7f6dde6f9c433668e2d09

SHA1
a3836207da6bc41775aa7d4ced4eacfe5ead96ec

SHA256
eb85f08027fb3a7f1541d7a58688e12563d2556551ef67e4d2928913cdfa8920

SHA512
7dc0752acc334bf8bbadf029c991cd18a943926d59e30dd5cc2320ade3e10405ba0aef8abea2ddba3b9387b86850a6eb4adf50911e77851d289b9dd0cd58a8a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
30KB

MD5
2cc24f7b04f8a1cb200eb51fffc7b6a1

SHA1
e045d7123831ae8572605188e9f62da74d60bd9c

SHA256
5db78438afa2e4787f59784b8d5ff185352dee9c9a02663dcb4bf8f815c0e87a

SHA512
bd32b3d226aaa0a4b0344b65247dc183473605c60c87f4664b0639ff65714e983f742047f65bd4f5f78e6b91eed58e26828c60c1451b866a67e0ef8fa0b1128c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
349KB

MD5
885bb04fee2ba3ece3cef5ce860cc51d

SHA1
4d69a00c06ee53f32582f51fb0005baff3761697

SHA256
1dce7fcb0e2447acc531e29383317e4cb05fdf7962c7242b3d4be469bb238952

SHA512
078ffb06277dc9fccde350d79dc123c00b7eb03b4a0bae8b66734c6aecd295446ce6a1587a24485f7d7c8bfa8a8cf7698d217d3dc484c9f7092a57148f7eefa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
43KB

MD5
a07916b4b2fc176478ac0177b9fc738f

SHA1
692e80e1f9c07ee8167b4ebce1f4c2d86bdaf9a7

SHA256
92ece0353510206b02548c4ab62ad98abf86ea726703a1b5063726447a1bb917

SHA512
c78c6e50cc272cafdcfd8123c3263999fe5c4df9a42fbc26e7cd96789de94fab3b78cab52fa4ca80df77e9dc94c4f2f0d101d737a8bd754394ceeba9be78d4db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000080

Filesize
303KB

MD5
6c07fe43f1ef1d6b1887f63aa59cc3e8

SHA1
11fae63786e23d6126ed943b7514e862fa70d7e5

SHA256
09adee1c729c100e947aa0e0142a7f026022dce0845ab1f76fe28f1be7b8b052

SHA512
813f26ee3d5ec45aa8c0b72876df65575e169614e2914f2631e31b97b959b6ef183c6077aa13d1dddd3f79f41f1513e29218cdef454ba920f0ce868330017b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000084

Filesize
303KB

MD5
5cdad8444929850c300bcc7a3ae56ef2

SHA1
32393af855b9d40462fae5c6f6f800b386ae32b4

SHA256
e3cd2e22cfdfbf69ba7313052d758ce3a8d738f9fe130bafc0f2a5611bc49ef2

SHA512
de6484b541d11606d310ff28b99ddd519cd53992027680333855b94ad15d8cc18b69dab6195de1efd996c18b26bc4932830cb976a0ed7261d95a65727076af8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000085

Filesize
272KB

MD5
a287219f5018e1d1bbf835f6c21c90b4

SHA1
8ede95ba3216ae150edfc3ee6f3caf11bcd7760a

SHA256
772d52ff807672e360df19bc13863c2aa0952bb948aba8b25f0d2f1fda7c3bf1

SHA512
4b8f764ced291611f6c309950b428cc086687b0787eb011b4fb60d76f6332270ec0d66c6d00aa2d1a36d413a3f4d959fefe0d1444fabd6fedef4bed204dcbb2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000087

Filesize
262KB

MD5
f10c40def98fd015b81e5e0d281520a1

SHA1
f40cab99294d843fc9d0c612856bd538f9a732f6

SHA256
a607396f1573dcc00ce02841ef9964ea11dc850bd15bab8c763fc2f74bdb2e0e

SHA512
8e93046fab51f26deb9a48d8dc75ca45af5beb7b4aaa35f6e2ab58c10b09c6c815100cacbf5b8834a0c47cd91bd3ea9835eaeb3c99afba0446cc23519756c89b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000088

Filesize
263KB

MD5
d291461a90c4094b8bd16b8f7431601e

SHA1
f8841d50d2e91e58b63781952d19a38f034fc8d4

SHA256
2853eb7367a92119d6cb4e5bfc9e3e59ea581e6e5e85bc720353e47d398c8109

SHA512
288d6a6249ee037b6164838dab783f58ff869f635040249f8b2601fdb56789a929c1931afb0f915584f0598644dafa99a6d8fac7bbcc12c15b766b48024e5abc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ca

Filesize
47KB

MD5
2b5dfb1918c67607a49e6f784b48797a

SHA1
a8830395cceb8de7687b3b751c6626546f307d47

SHA256
5aa5e0d95839092c4545fea0928eeffac76690e8adf533d97b600e97250dac8a

SHA512
eaab7c07e1dc33f43aae512b77a2217af2189aede83c97dc73f2be7a17da5b1a242f47c7bd272ab13c9513d837fce6ce0ed0114b27971543370413b2a9c5dcfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cb

Filesize
232KB

MD5
6cf83526919e2c39b12ad0fabbe14542

SHA1
9921389f4b958bfa622aa2f8ff6bc893e38e30d5

SHA256
6bf5dffc7f23eb0fd6bb5816831b57aab67f73df1ee9f78f9303891c9d424678

SHA512
5c0c2b6db46e5bebe9881f407dad6b2a26068807f21d5c02b80ee14e07b415aa1d562632c11b427bbc3b53839027c92e34f3df8a1fcce8d53415eb8ff9620bf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cf

Filesize
32KB

MD5
eeed3865918f5f4f828ba620f28ad872

SHA1
1a9c62fcb83b3b07e93bb4598e26fec821ca8729

SHA256
bd990ace13afd11503454ac99b3795d6d10d71f22f2805feb6566d2469c59a4c

SHA512
ada4f8269e3984782b3d5ab29cd5655636f431073266367fe9d602e338a208aa359a72ec3145e3131eaf1ffcd4a5154dcb1e7d9a0aec989416fe0293e13298dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d0

Filesize
32KB

MD5
c3a6cdab067beb2f78014e56210ae536

SHA1
bd117962b45336e96e576c6243009e602d09ee47

SHA256
e605878123ff1aa07ad7665de4fb689d90ac89e2cf51e91428324d213f540ba0

SHA512
7fe893fedf95ec495216ace819e096448b544c32634c948a634e4e793b7ebc6d7740d7b739343412eb7af42604c9ba37deeadec016bc3caf286166718358ba14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d3

Filesize
20KB

MD5
e922f99ffe1e8eb6ff6c80c8c2582339

SHA1
a737e6dbe5bd43874b6b49a8ac947b36f406d47c

SHA256
fdbbab8f74ff0685ddbae8725bb34b645af31f70da755eee412e6c64d78627eb

SHA512
211182d1b99db02f0bb92786d57bc1cc8db182b4d56b5493c26059cdbb651fbf59a4ae0e9c712bf80ab94396e42c0ddd75ac52dc02422668b3525bc7d1625ce4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\26069886e990cc46_0

Filesize
3KB

MD5
cf0f556be483b43de6e999f08bb3e24a

SHA1
a59318925518a0f3d54649cedd6b5299cfc32ec2

SHA256
01402b5ebd9f5014ae7209a772ee0601b4fda1cf08d998d42bfb3e2f3bbf1069

SHA512
e1b9e16fe4c415186555f0fe285beb55238bee91d7febb4d0c756755a351dd18674b139923220133ddf9532c05b22dd0729d38108ec20d7644ef8c322226a786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3b3e0ce13da94924_0

Filesize
3KB

MD5
b93779a5aed819532d81d974613054f0

SHA1
0825dd3ae44264550fb57ed401c84a9757935c4a

SHA256
a1914a364839dfc49b7e24fc6bb8f4689bfe3e5ab52d558999f9fc590c47284c

SHA512
9afaf6dcd53890cb84734b7ad72c58d7b209eeb887f39c41651819db3eaa75f639fd9dce92eacc45ce3b51125e983606471858463a315d98ee5f33164aa8e3d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45e5367511c71409_0

Filesize
26KB

MD5
35075d871983370f110bebc00a88c5ce

SHA1
3a870b0419a564ad7b31c1541c956e8232801777

SHA256
8fbe1f0c1c396363cc1b46bb4b6cccf98ce4ddbb4c09beea904f1b2a9e0b0785

SHA512
bd7806956dc84b8b621472ba8084eab087feb4026c4a3aec74393858c7045f7bbb33ac636a25741560742fc1b3cca98716a209f201c2c793f96f20a23d48ca43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e8cea48702440e81_0

Filesize
3KB

MD5
51c00c92a6b12d569ddfe0cafe76687a

SHA1
96cfdc6a021339a38a5fb83f0fa452f1b7c0e14e

SHA256
c28ca6ae941e4666d19870be91f74599b95acd0916c44e4a486d15f1747db560

SHA512
fc1e80fa3dd96f5c19a699017dd6f8be6f18d13f5a30285f0a820a01b7cd3c4caf2b05014f092542a4572fbe4a83714f060d951f5f328efbf8a64b20aae07f18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
c7a7c021dea2850ef6f199e5b84c8605

SHA1
13a7d22a392089c493461ac2373c7e5bb0aff509

SHA256
8e33b0326b0affa7964acf9fc324e70e53b91f215172bf38a5734804f1fcf13e

SHA512
6f16c93d47a12dc40db790e76912b4e0baaff8eb834c8b15e4afe0c4aa9af26908ef92e665b2a09f3529b7c7cf60a3581ca291167c41a2eb4ee3b010a761a738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
2808b7edf20b01ce4a3a1d50576f8215

SHA1
c5b1d47e2a056c55a8520168305dfd2533dafb85

SHA256
e89050a82ba902c9c1ab5cedba475bff38e885f86e2fa175bf3c99fb4962654a

SHA512
3466ad39636c55a7e9c7165aa0c22bf92fd71ee187f8419dd004f8256b584f8996c1a14b0d619198865a3a98078ff07b3c56c2e61c8b217f587fe19e808fb40c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fa8aeb2b7e14e5c19458aac642fe5c79

SHA1
e59de345f1fa8cda49dcf931bc8368340c9f7b8a

SHA256
b07cf0cfef05a4a815a05d55ab1e8c9bc982f864baa6f823adddcf62cfe97aea

SHA512
07e690cfccb9bf68eaaa845b4630d7e75f89a9929915facc36691702a0133add48356f5e0fe9e0fd2d29283937b62d1facf7c435f5d4cf2a03aeab229dea41af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
985ac5e3a5e861963ffc1eba630459bc

SHA1
4033253f86dad31cf8a6621ded7712db3181e151

SHA256
fd5ee44b54eaea33dc9b7ffeed54879a72d26183ac2aa2a6e848f3d56dd19f49

SHA512
b4ce45503f7f7875f3e311d0a58713a71dcee6c744f5777f2374503aa702fb619da48a4d6afd8a13a42b48eccb7717ef774b32dafb15c255db6d5f2b46f76309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b65b217e2c0af81bc323fac7938eb893

SHA1
772c692c8009fb70535e5ee01c5a8dbc5b178156

SHA256
e3eb9ed5d84d62ce1eb61be069086414b8f8c98bdef1d0e1662b042c087a2f50

SHA512
fda2e1d8f620865d3d2432106e250e158ad4e926cbbb7e255bbf1dd6bb8406ab909d18b0a421095e8d77ce0ad70e92c927f52fbf036ace3268a4eb3d0d99af58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d84e3a7771fccc106825b382850896bc

SHA1
f64c39b4371ab69a04cfb92e822121a9c38287fb

SHA256
13343c6cd01d1af9ce41bf73f7386c345dbc737dc0ec974543f0c47bc33e7889

SHA512
fe8026a796fb5a3982497bbf7b81d67fc3c7eff828bdf1d9eb946420e6cb240b41e4d1fdbd611feab61d7fa6f653c722a3bb1a4b22936b2b999ef30dcfa42192

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
00795c150b6b8f76cdf366133575dc57

SHA1
ca6032eb8d28f91d6c2e9f44e9ef6544b005e4dc

SHA256
cf2cc475fa8d458a53d848d62b773480e11362cd2bd195a3494b7dd955fd0d42

SHA512
520a71c374d1845c12fe8dadc6fec5369bb84ec908b768ac34dcaa5b82c88ab098368541f71fdc18fa33df490d8f981ddd6c4477f810f1b244ce02e01bf0bc78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
68d0bf037faae9c48a933a085d933871

SHA1
11769eba6cf32db52f82028c5a164b77107f11fa

SHA256
4a2c115123c19e0bc3957d84492e3caf066df9280fce4c0420b91943b773d7a7

SHA512
db645558c6917ea449f5218219838c837106abf123fb973923bc163f22b2af6b7056df8a4c03dd9738557a447d138bc51f59f67547c4d12d405daf2c8209fe54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c6a4fb0dc40d13ee6690e2b60ce7a518

SHA1
870685ebd9b17bfeaf3d55e3a88d032646360ad4

SHA256
008095a8b57154ad7f91be5594d8f3c8247e906757b4508e21ce45f68835eae6

SHA512
773f4507928e73f2c9beff3f878bdd2470197ef3ee60c115b3ec5a5b32212dcc92137121e0b8d44b8824d1e087ed9fffe7d3cf5ede9b46575f992ddaedd580db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
60ba7caa78dac63945e09df215a200d1

SHA1
2c5ebac2b149047e33a3bd2fbfb8bb9169a74a59

SHA256
b32dedfd0559facaa04c62518976424fb307301c970ce799a180cb3d49f3ba57

SHA512
7d056d517ebae24df20dff9b750ea52108a1dd8551c1ab8d94ddea697967185fef57ed4aef3cf53c4bd0f3feb9d17fa23100756f567df903fcccb4d8e433f59c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9c96b06bbfd7f6c9ca19417145d459b1

SHA1
9381b7093b3817d21caba2bcabb2cc87abda65af

SHA256
838daecd2c5c03a727f7d47cde54c775f92f4c6fc9512e398cb68b66dfee2b77

SHA512
5fc2a2e62d634ccaa696ab5bf088916080aa6317f71fcb26340bac3d7baadd114976a6127183a4ee782afb5f946f439b9b9beecdda1f01227c84952a91c200c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
58d24982946acd2a6110605517217d18

SHA1
f2e895c761205db899287c2c7aa2fbaddb0ef253

SHA256
90236c3c846ae9b43bfd0b9139e95fb668eb391629440b5f540d6264bed22adc

SHA512
6ab96513a257de8cba00295c6978d3574e38b0ac909a4006f40d4f03ddcc29fac7083eb7b0280d88a8360b2f44f3425b136d5843cb6257059b3421b93021e51b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2d2b04a96fd684ff3dbcc71314a06a82

SHA1
236cb004ac957e44fed34dd856e74f42251191a5

SHA256
c2f612b34358d871028307df025522eee27065f3de4e7d4e9f00061b007dd6ec

SHA512
97ab96f30dd98bab3cabb59169ca1579a2bdb9eacc408366fcc56a4bc6889262260ec85e335c45c4096018ce5e47183e71a39403a85424f2a531922ed624ad09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3e665608270508e5ab515b2385df82bb

SHA1
09c1e21b13bc456080c78d581b9adcc36ed37d16

SHA256
c5295b0f5d0f37f21e9a29b7af62b00ed5b0226b5b03cada62716be38b57878a

SHA512
3b85b86ff68c1a4273e8f7c34608b35b00eea528bccfa5e933f85eb7d797e736e7e27ca9e86934b4d27538243d934b31616e520c8391ac47e28f19d9bcd6c756

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
407acc718bdc62587df52a754edba9fb

SHA1
80218b5bfea913aa9296dac6569239bb6fa1c428

SHA256
e060a69d93d1acf8cf5ce43e250c00121dcdc9587e402cfab83db61d89bab2b8

SHA512
b600d0db3c6e1a850dd1a311c2e68fbda6da18c2856b288e1ff200a2c16a315069c24acb9e6788ff24c4eaf2b051b732ccf8f8be6159b4d9f004b47a287f8905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
76cd43f7701c0c65d6572feff6e4d558

SHA1
a9157fec327214bdc7b433391617269220e75cb7

SHA256
d9b35e73dc302177c483d6469c055866f5143e8f365558f374316ba0764ee555

SHA512
4ba50adcc77acf997595379b9a283b3e9ec3fbbdedcbaf03dcbf1d0b14b7c5f33673f968d597ffa5aba22e92e295f4fc9896e9bc016cb795064307a91c529a04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c2cfbfbc09897b03c60c5d9d4ce46110

SHA1
fd8010c2387886396c3dbd4b874572aa5ed321bd

SHA256
68da28d9864f3e964955fe82b4dcc9117df611a06cb207d2d9e5be75d56ddd50

SHA512
3dd8a41c4f3f0971dd309f5b856df80ae7438dc4f6c3b3ea3d2f7d72177ca185d91c274657980793e3fdf3caf0387e9d9781560db44113c3cefb570e06f08d46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b453c99a6d4aaf3a7dfc153fbf9c4103

SHA1
6ef920e815cc9cb964dc6b189054dc6d01946eb2

SHA256
3f9a3a8f1855c5064c05839cbc665aaacf7f547b856817675ee422477b013bfa

SHA512
3511266b33e9db7368863709076852b89a84800408afd460815b823d6ac51111ba2e90b07c52929831e177dfe9481a786e88359d43e36e38827cb9b755becd79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
83db86f88b4d67c26b225e0b82d29955

SHA1
41e3f4b04c7f1e275d14634acb6343f52c192171

SHA256
f57f635b017b72fbddb4a37544240e9b3bd591528a1f3c5ec4a42458d12115ae

SHA512
88c8bc09b4b323aa2ad38728e800f7a50afb3df70d5c210336aa720ea057b0de9cfe6d0aaedef3a77bbba4d3d9519db40d225fa3fca825827f9130a0f1a3885c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
68cb43e804907e7f25e7908194183a1d

SHA1
df6e0df02f94102e576e35437c45479e55b5d202

SHA256
8786900e3b57818427651eeac7b3998c10939d07e996fe406cde66a00a9456d0

SHA512
11d806ce354a2aac4439bfab77c19db3d928908cc3231089d474bafc9d5761071f7cf5e944a02149c00e8a3bebb95c9691a4d92ee2d1a0bd9d6d2767371a229a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
61394db48d55440b2ff4356f6bf2c7ff

SHA1
d21088a0fe88c68c975142b14aad9a2f379b1db6

SHA256
11b6a2444363390a02f6b36ad418505bf6bd6d59e58fc6422df6013805b49f40

SHA512
39d6c49dfb93b95339809dfa871e30fc3c475a3737e555da2f2b6e7067299cf3fae6366e9a3415c9918a80caeae6a8d2e0bb1a35c7b592f0dcc4318748945ed4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2af15780d2eb72c611601683da857f38

SHA1
4e62d6502ff06047a1b5edf7947803c0ede864b5

SHA256
1737a2c3db2aeebe1dcd656e6e0046e930d091dd001810ec81d2abe24bdad3c5

SHA512
271e09da46ea9144a8e1c812e5636160bbf6a2265ac5b57710cd9ff52f161eb8675ef6b57ed52a85dd3bbe359ddc255e15a4e87503f7d937d009b402050bb474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8f48d99206849784a85d5dccf75a6030

SHA1
99177b964b27d7a5a390cd6e8703e175693620ca

SHA256
533d94b02d9710e54ba18254df58d3c852c2cc0019d8deb1cc18a2b07b6c81be

SHA512
6ef072b73ce801ba2e3ba5a33ad33fbe492ed4167272ececa7628f1b70729d8343374c7483fa7a332dedaed86a05a869cba9426fa96b027f1393dde0d2a0745e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
764463c5b563171933a08db5d09943da

SHA1
b843de86af2b61ce8ef4d3de3caedf334e3d23df

SHA256
44ae671041b00a058b68b65888bcd5c715d66e5643f53a47bc514a10acdc3f36

SHA512
184c4a26fc506fac0f5e9003edad6847159bf845fad083f8ee81fc78b1c07cd3aaa3694664ad4c0abe3a94e0908e39fa81e4aaa4d74f43fab4509ed21e50c391

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
81e9128dfad32355aa8dee813e83b4c9

SHA1
2cb0e4d732ab922be93ca0f67089870a8a8a6922

SHA256
2aba8d28c7dad3a033edc8930b5edd06e58d5e09a98640a4c8eb39d4482aaa8d

SHA512
6bc297c094f52d391a38ed360a0fee33bfe2853321e155bfa5a102a5c59bc85f2b72e6dcc14b3fa5d0cd03d9c6ab796f54698aba272ad5d4cd1c6027996514d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4eb93db87fd761d603a385d67aa0287f

SHA1
0d3c3608bac44c25e12c8b8e9b4384f45abb103e

SHA256
985823fc4c78030ece677aaefeb776288913f39a97635ca3e9418c4c258b1905

SHA512
e89e68fb229f811a44678ad8aca312bd451a772732d8714b5dcacefb3ccd01f331f2039fa08a0c49dd25d4a840396e97f9611898636b94c0ec39ffd595541849

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a74a2f5e51c27f85bc1d0ca7dfa97dd2

SHA1
c1af360e377a78e6e7af77c89b1a43cdc1669031

SHA256
24c06b2bdc229a24b9c06caa762dc08face3d8ed19553cf126ec29651a30123f

SHA512
1de94fc6aada5c663e467fce5fc8e34f78f934204773a3bbb9ecd7c5d8b32484c5b08f3d0e49eeab1938ffab5d48dde6bae92de12de951f6b27402f1bd589da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bee7a791c3962bfb68743f3eef7cbe29

SHA1
cc294099d2169d80ae6c466144285027fdbd9353

SHA256
a649a41ac0c180a150c67cf1bc2ea12c5f516d59fe65cabdaa1cba5362981bf3

SHA512
51ad7e46923979ea025728e7d258ecad024274655754df256a735d383274fa4fb7d49509c58401b737c499767ca990ea5a6e8803254d6ed73e48cd55e788dc69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b44f83b58104a927a4766ed30a4387f5

SHA1
e549f87b86bed1ad49ebe3d1f416bde0b182dbb4

SHA256
a5213ba4aba7ca643e01ce7a798fb38135289b9a66c33af504da5bbd20ab821d

SHA512
e1089d8eceba5f3eebb0052a09c852dddcd1dbc0f87cfd6b5d8caa665459c3d17632424fc957fe5ccf6817b0ec663e482c3401bf698e487605c521fb4c08722f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\18ea0dbf-0865-4871-8507-553a987d1cbf\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2909e61f-9b7b-4b5f-aedf-060e57d42868\index-dir\the-real-index

Filesize
2KB

MD5
deb3b3a52532bd0133fd64a2f817abd7

SHA1
962eb9e5eedb770c0f989b1bfda8cf20e913b61e

SHA256
c314ff618b28c20d02b0cb12531ca5dc60cab61d130e9da4590f4764d4471f27

SHA512
f7342ad900708d6b2c9373c2845a9cda2cbcde45a75f5faf870acb6dcb1a584dd95259e9fa459ff0c472309f5f67fa8618cd19341f5dfd8cfc3ee925416c7763

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2909e61f-9b7b-4b5f-aedf-060e57d42868\index-dir\the-real-index

Filesize
720B

MD5
a3e39018e411ec356d359c2a835dd784

SHA1
2a0b5551423684f66b2801197fc3d8b49b3f584f

SHA256
fa00eb04ca92cc32cde12c51352ddb7156f6e7755aae5fa5c680b36d4671ca8d

SHA512
7d336f794b773c694342d0c0674cced4136cad9bf0dfc7a7d56420424597f6e413840c48492e558013160b06010f007cd453bc4585f51b8d1a00f7104a9e01f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2909e61f-9b7b-4b5f-aedf-060e57d42868\index-dir\the-real-index

Filesize
2KB

MD5
fa25c9cd37914212caf3892121232996

SHA1
6b1f10c692ed2432ce727a165fa703ba3a7dd736

SHA256
cf1b623ace5a2400db58bd1205ab4402d27d94eed49d2227962531bdebfa7ffd

SHA512
b8dc3f5e62e3c6d30474626a363fe079c4c70a6ff7d0320113cb963c37fcac3fa70780226a939bee39845e40d22a2f388e9a95669296f654c4a4a69d5172cd57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2909e61f-9b7b-4b5f-aedf-060e57d42868\index-dir\the-real-index~RFe646d51.TMP

Filesize
48B

MD5
095ce9d8c3242ab02238b129dba4ce8c

SHA1
fcac57c3c89999543d97ad0ec1b4ce0029d0efc1

SHA256
f6e6b0e76c1a2a006d632292f1ef7a625372b91dc184f907f80e768554a16115

SHA512
1eb778acf47887f08946448d4cce7db75f189db2b0875c2d6f4b1dcdd23cb7d1b09ffb155138c2819cd7a39ab4cd5fbbe5b6db84ccc61eb649d696e4a0b0ada7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6d80ff91-6869-4258-9e91-f1b77c701f8d\index-dir\the-real-index

Filesize
624B

MD5
23d61401b8aedd4bcdb95d2ecf87b238

SHA1
e7640479448c587c571aea3c2c5f2f9ac37d0d2e

SHA256
1b0527d9cd6697a99d26e44fed95b1fd308645007b9d01cfa052477b07816cf3

SHA512
03ecc5b9bbd8726ce099869a6b4e7764fdc1e03b49149652b8178d2f2d4bac26f00034a72b40c42976d8590a3c9613498105f77ad4401c3ab4dabb5ebeec797b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6d80ff91-6869-4258-9e91-f1b77c701f8d\index-dir\the-real-index~RFe64c8bf.TMP

Filesize
48B

MD5
5719c57b67b4762293b663e6341eb10f

SHA1
c5eeaf606455c67a0016c4fe16726a464052de3f

SHA256
a1edf5cef2822e87ddb46cab741a5d4c62ab563a08bb847e2c0e085330973b7f

SHA512
88fd400bf784c0d8309235f8817ba0eec30d0888d2dc12b23fe56440c3da7be2667829a67812f930f808129b49323c67bd94bffea3c4bc3aa917cb461296782b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
791b0653f41f50b8c5e5e62084f0aacf

SHA1
ea4228a79a40d3ef5d40e8a64428cdf4ddf072ea

SHA256
857fcbe03b5b49536ee0b393dc42dffd2f2b686fc4e8ecc28fcae1ac4b37440e

SHA512
b4b8253b71815dc52575249e37e41314887a1604ef3baafe6f987934f283ecf4e4b2e0695c26b5c0c02c0daf400889e1f48e39ba7e1bfd0c515669e4c8188924

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
0ef9059d2e4a2597fc7123709b2af127

SHA1
077da3153d96ea2a6e18fb943d2f0295e51fe9f5

SHA256
90e6b94ba8577dde6ca25965280b3151c39976cc42e7094d8648572cabdfd769

SHA512
3839bfd08c80648ffaad3de10dae92f9471ca783ca042d0fd60a5e6286ebf80ec39289de58a90694a308f1c87339d1fbcc796628f7169b7e648a3bb4d92a2b67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
f9ae1b08b952ddbc4a4b04f529684401

SHA1
39d42da8cfa91f3b8d0ffb15a2e8a3b617f77af6

SHA256
20e9d99f2705375cc1cab9c45b4dbb6c97fa2afedfb35dd99777aa19ea4ea045

SHA512
503fb39e371335dd276b5916f594e744e4b89fc4b9a98a06fb371c86c1adc50fc2dcc504418aa489dfac8878e8ce1978763b7eefe149d27e7a68e90d84868d01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
55a4902fd60992e502d22bba16c9e6fd

SHA1
ff02bbaed2e385049a733ded5feaa6ee58c121d8

SHA256
5491b03ba08a6a34289a7e17578f414396efb5088817431aaf916f828e15f6c0

SHA512
eb579f3829584301872b01088913ea05b16df40326156ffd9ea707a126f9cdbba26491d1ef97752b0484dd4bcff74195d44fa52331d87e77341cb4677c06020b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
e2fc959e8309cb1c89492f9691f4b6e0

SHA1
920191702b941f8a6aa29448d438711a0b5d69f5

SHA256
cecb9e7682e9160f82754472efc1675bc5a86ba8eef3d4b4fa2d040e18b18326

SHA512
74931c4cb676c37a762799f6d71465490f5361b93c7b4af28d22a49325792dc55a1862e140ed16aca56208cb3a072919ca5075ed47ceff320bcea2292e461bc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
1fe3b1d8c62452d59a3784eebc4b04ec

SHA1
4b053bc56efeb51ffdb1da9c7b3dd3fa9e9b23a4

SHA256
0a5709d4b7acc268331b2e7bb0e37ac93c7e91395321932dde8873b15a6f64ad

SHA512
17c51d3cdc90c02f63adefbeb36adff390ecccc8d7b6ff83ba2bab81e2d07512dd1337ad2d00aa5e29b5978c04589db64d1eb791faa9996ae1f53707c5e5ac07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
d38203e3ca88d7ff5fd1335b643da4a6

SHA1
fae52ad589e2560a944fd1636298ca8827108cf8

SHA256
6842610af16e1e9baa8faf7946599fdac477a2e94721ea8486b9bdeb19aafc3e

SHA512
5201ac5c743471ce9a33a8ab21b34353940dcd54c7fb31fd333262ef4408bcd758418fd109b088872243aa06bd99da52626c8a7f4aaf1996248a7e9413ea8ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe645dd0.TMP

Filesize
89B

MD5
391b6fd85365e331fe5982cef1a5f289

SHA1
b1cec5827578ec8c051c73dbb7287fa1ab785f4e

SHA256
ced99ef02c351d498c6c6058e97fa1386929ead1eb534b71f75be200ee7efb8d

SHA512
5c70fa842b42daf3a49ba11758e2b692dc8b75fe3aecdb4b35c0aa01414977af63b09da040b71472095856e6317cde8fd9ce346dff394299e5585dd0609f5080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
78e3f5d4d049037aad42b28df4c60a6b

SHA1
ea9921d79538c8a24ab1fb50861e2f16d93557c8

SHA256
e5d8daf754510078714d7733d189655573dbb5027c6be830f2f955a1e6dbe58d

SHA512
2e2665f8fc150fe31e114e306500de31a395fa66dde0af968aff226d4d41293ac7e2935c2f19fb9fb4c2abd59d9325089e0d4d5419e79776ee8499dc424f6677

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe64c014.TMP

Filesize
48B

MD5
dbc8f09b64c510aa5ae06a92af91cec0

SHA1
542f74a61b60b47bdc1399f64497c6725eaa51d6

SHA256
4e61eab2071a77292430dc4977ad05f35020b4e6ce00874e6eb14f442b6173ec

SHA512
2cfa53810b8b0cf1a301e0bdc8cc8d7c75ef060a159f30fd5540328e2c084b88b938c6221e315aa3b11c703257c7ab040465e7968953dab3d714afa64c400a9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13369719409901141

Filesize
1KB

MD5
db823f6ac0f7150dc25e4fe7f0ede6b2

SHA1
f4443fe6cadd629b1fee4a3a48e1b759ca8f330a

SHA256
d82de5b5567225117de4a52c33be5b2640171f12b41461bb1bd21eb04eb8aeb1

SHA512
21008a92e03a60d0956687c628673b04fa08764d90339c056875e7c6109089ebf8e318dd10d91d7d2463e07a20b24ada9330e2f4e007fb93de2fbe10f70164fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
ae5700e6a00ac7a3a0fb479d9e8559c6

SHA1
2cb167792b11bb4e2af79415f41c5d833f0f62bd

SHA256
bcf2d9ba9320ff4d32a3302bf191478c9a3ef4ad1abd8158d8693f9f49b0234b

SHA512
6240e66ec8d81c1e955035889910ff5f34bf45996d5c0ba48744ba2dc2e304d7b8834b59fa042befe396f966dc6a08f5f700c09148f12e3d51ea9e3a23c6bb26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
e5b35b4247439d35b383142d3a681f86

SHA1
98194c1b155770870825b6aadc3d4f660dbcf84a

SHA256
c162d2ce25bb1ade2f5c9a14d39b287b325c120664b8727deb367fbc959c151f

SHA512
b585c01acca3c14972ca172aefd72437e32b0a2a9c1bb3bed97f77ffb214c9b716fd47f58ba6e64d59b5c417d3817c9eb9ce13d190a40056ca70a49cd84f26f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
fc4309bdfca7c3ff418d533829a42390

SHA1
1c91b3d162080f9598895de5290fc5bbb1fb0da6

SHA256
42e6f215d9b64c8efb9f8ca78fd071aaccdb5544d3cbe2327b69b1814ef0d31f

SHA512
6ef33d98b751cf5a807f1c627cb355d1e7818df9cd4f46a5982dd2498005f9c41695e757b0e0bbcbd2b3f29aba993bd025bf89f9e54dc6e70ed99db1a6795a1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fcc22372812e3234514250dc5e882333

SHA1
ac76ac1fbfb0086382b45ffb307dce92dc2b90ba

SHA256
3bf371a612ffb1b96acd8e90d5683b9996ffcc619f37433f91207e7346b7b984

SHA512
b58af4286d84716e30dd0899ebfd3f19bbc1d8a13ec75e4c62d77f61d8ecf113cd1f7ba2cb2681a37370c32f07783811da737913689021e2c9544c4561efa834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d278623dd932432bf0d0e0dcb34ca2b2

SHA1
9ea6a86788bf2b57bbaaf0fc98527805de6243aa

SHA256
871f776175a21dff754e357c848a572ddd5a4970c98d07b73bd59a350e487195

SHA512
61e0d09399d07cbd7be7f7140aff7ff6c80212cac295fc05c97eaff373d665a4bc309f4552ced9d045d7f2ff64e29e5c8d4e144b0cee8cad82a13960d5486205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a1300f92789f70ecd4bf639a85adf4f6

SHA1
6ef74a975f79f9ded8a05532ae00aa54035a9a54

SHA256
b332502a614dc2afd0f8b5736ac355e0d6290c0e03e06a8ce7f380ce31ab5ccc

SHA512
458087d2f21a93de07ff8eb79505251eee96f74410780e9ae5e497870684061930d7a4e7bf174320d1f04d06656615ce73e753b2186bc971b8f7489e08214338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2693142ee4e8782aca42674ff41cd713

SHA1
e71141f7518f906076a868997c7c816ae2a64669

SHA256
3f1831f6141739e34f47e92ac2277a4ad629c94d65ae213cabaebd2ce8389d30

SHA512
91a2518a6ab0f6feb777e84bd87c22561ee9e7fc39b3267dabde72906052c97d6af652580f7829bb4ee55d7e0fd5ddb9c4971220fe5d054f85d9d6fda2dc4fd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
597ad94bcfc710c7525ae73471018ad8

SHA1
4f70022bf4551d13652616b79bf89621844d4238

SHA256
c21bc4621ae3e91ea0fbea72afc344a426e09d23c0d886ebfadc90d2ff234d6a

SHA512
52aa5ca29b3cbb16518f866cfb51b126587d5328120f8d85417337f7efb1483ae2a96ef5f905f2ab5899c69bb8bc4efd1401157648af9f8d1b45ae6d8c7e9c7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b62dd.TMP

Filesize
538B

MD5
3cc63430a68f1b2bd3996f06a6e4ab7d

SHA1
df276be9bec7605e8d929fbd4da4ab780f9d9a33

SHA256
a5d25ad6362785faa6f01a330795b140d979c033240db7a64e7b9e1f8fd5aa09

SHA512
8a0af8d8434fa1adc5a823e446407e861d61ee9257ed16a8d8ec6ec49ba00bb9b82e3d57544a46d9d9fa9c9cb14c5ce3dca931d847e42021faa1e2dce9dcdbc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ca9d9b418d619a007b549ca8312779c6

SHA1
df1a2532f3ae0299a679b9fddbcef19c586a3bc3

SHA256
0183a82f58ea3e1d1553085578fbb2a63daa04d2bcb9355a8d912779d627b280

SHA512
a1ca03b5c2cc10913bc6d56d12069edca9495641d482a0931a4e926ca1df072767873b40167351ab7e1a0777619a55ebe6981b79eb28d0fe53eb4dd032b83435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e58d700e6c9f2bc4808b91f36a9d1d82

SHA1
6cc1ab47031c9aa677c72661054b678ec139c6cb

SHA256
8b91057dd8b9e50c2a6584175c16bde327b9cfa662724444854c79a40d3db99c

SHA512
9569a036c3620633509014da07e8928d2ad46bb0a70b4bba82325f728485caf51c5055be91db577f3ce02ab02b8be56d12cfb76b44e2accfe8081ddf4738525a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
482e1d5b2278d7b5910fc616d36da147

SHA1
fdab127038b04541960d55844d4cf31edf0487da

SHA256
a684004b402ab4dbc4673ba7952bd8997e815d1bfabaeff89b3b31938ff72b52

SHA512
a5f32486da96826b037202b935c41760d2100404f0c9987d502ad9a0f699927e8d95f824f344b0bc13b1919b445b0e3d5464e5509d487b9d4b33b89c7f15688b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a0cf2805834d028dbc1f9e0ca74852b6

SHA1
5da9602feb43e1be51866b8f0287883febfa33f4

SHA256
2c79bb851c5efaa326052dbb5d1fb8b314e7a9f1bd9f4715bb816694fb1d92a1

SHA512
4b4dfa434c36e0586b6661d2884b1c082f37739a5acc5cda0cb46a867ef04818a22935e650199b6749ef9d662561f72c0a182e1d8c29c5828c33f8b2e397e1db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a91805a79ab4ee5e67aad67309f8f14a

SHA1
b46d7d125cd53dcbb7453d6420e963202bf24f1e

SHA256
ab3731ddd1b42a4441c74d58ef0701e2c449ef3e5510cdfb8ced9757e914fb22

SHA512
6e5003b55fa5fd16894dd86325894f4a3a719a88cdf84a470ce0554e2108a9e46f7c247416e035cca157a033bfdfafcb4165b7fa8fd6089b3059e3c403b2ec6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\SteelSoft Stages\Qt5Concurrent.dll

Filesize
28KB

MD5
b32b3e4dff5a38135fb4b6eca7db6060

SHA1
c68e59f3342f39a68cab627665acd4a8e18c2516

SHA256
c0eeffa6eba75c15db545198903f9d7536521762f7d55dc2ba6cab8f487919fa

SHA512
f62862e6c71a749d4ee7c0d30edf9a0c0abd05cd73b8ae5e5862678e8b3266cde7c039e29956953ee94d43f2db2fa2025919789d0e4afa236047373ccbd80126

Download Submit
C:\Users\Admin\AppData\Local\SteelSoft Stages\Qt5Multimedia.dll

Filesize
781KB

MD5
0303b15a536f0383aecca1737e6e2d29

SHA1
001eb9623de95cadd4f8ec2ff1a571fb649e0938

SHA256
e788f9d007f9ceb41616b0b1165ffb94c6649956b8873583fee5bbaa5a1ce94f

SHA512
76979e5e4ba68dc23746ab2ff2a7dbf63f12d5abdcdaa2925fce9ddec2d78e6e46d073b6199a11cebd57994624ac344b4ab0d1c24850e8749e03a49d3943fc73

Download Submit
C:\Users\Admin\AppData\Local\SteelSoft Stages\Qt5MultimediaWidgets.dll

Filesize
100KB

MD5
ab45c071f3c430ff80019799b6c49fd5

SHA1
94f429c76a3e7e2accc850e492450fa8904eb1d5

SHA256
ef4db92010d70e632296ac93ad0f2bbc3b1b3098ad397a5a4f6e134818530305

SHA512
052f784d20f4a7b0a9f537384d17f00823ba805f811c57c2b7b2ac8d5c38ade005df2d4ee7daaebe76c5fef8aee1ff5acfe49e80094033fee422b2bb5cce13d5

Download Submit
C:\Users\Admin\AppData\Local\SteelSoft Stages\Qt5Network.dll

Filesize
1.5MB

MD5
a81f5fb9cec6a8ab27128e741bba8168

SHA1
0cb5fb7ed33b5cb418fa679175e87e70cf1d8ee8

SHA256
8bf02ebcb732d23c94529a0f6b8702f82bf459fe0e1dcd641b404884ca41db57

SHA512
10424d30eb9ee79695b93168c21793989b2f5158d120e72a0a595a5bc48f1a67524f726350c7d36c4d8c2ae1d5659cb7dbd190f052da8f4f0ea051ab69ea166c

Download Submit
C:\Users\Admin\AppData\Local\SteelSoft Stages\Qt5OpenGL.dll

Filesize
327KB

MD5
c1d465e061d7d02895daeb19bdb28ac9

SHA1
5e729ee51df080545c7031d771b85094a2b2d4e9

SHA256
777917d30f277a9e88d8fc04e69b955a2b0bd3f2bcf2e36f7f9cffef2583ee60

SHA512
438adaa0ac3ad47621d288e3ff56493cc7de4e2a89fc5420e246a6045db79e7cb84a28d3f3420841340ab33bd632f12fdc3a4e9d8ef99601ca9f975b7f8309e1

Download Submit
C:\Users\Admin\AppData\Local\SteelSoft Stages\Qt5Positioning.dll

Filesize
242KB

MD5
3eb507cdda6010014e2a692ff2a2a008

SHA1
18738dde537e7b77fa57b4f7a564679a1f92d16a

SHA256
20ab110602eb79e2039f99fbafa16fc1c8a436002022916e9bc586c35fa459ea

SHA512
994350cbb3fd7fe9caa5e34977b1c181295d23c23c658f286f71cbc7b72130b67f9120ae76b97801eedc3f86c353a4416ff694303c33411e9abd41203f1d75a8

Download Submit
C:\Users\Admin\AppData\Local\SteelSoft Stages\Qt5PrintSupport.dll

Filesize
349KB

MD5
79ff45559fa35e9b48ec486652010d09

SHA1
35586c0d8bcd3c738459ca9c0dba8d167169f349

SHA256
00a3cf7f2fbd4acafe749bf65040328bc67165dbeae6f8f629d7e27202ed9844

SHA512
a9a7d4173e1186f9b8b665b2c7908717addfc427853716f2cc21c52d60228e60e655d4e4bc29a16f0a63a47f1b605224299b35ad16192b1bc314ce0e26eb3dd3

Download Submit
C:\Users\Admin\AppData\Local\SteelSoft Stages\Qt5Sensors.dll

Filesize
194KB

MD5
a2c7c70e326fe148a9ba33dfdb828ef5

SHA1
96805ee9da4d083f76a113f73f9078c096ba7bf5

SHA256
07013a57cdb1442eee6ce699a11265555944ce56b587c888910c09b610d18a23

SHA512
6ccd470852d3f17200116b7f72be035223fb1d46a52acf119f1d6969c816fe75bab1f63cd93bffbba83722dbfdda03bb8e92544dfabc333ac53131dbd5dd8d6b

Download Submit
C:\Users\Admin\AppData\Local\SteelSoft Stages\Qt5Sql.dll

Filesize
253KB

MD5
2c7b9071cf540794c209d3b87a29a0ec

SHA1
6f64a3fe1cdbc6a2b51cb698a93402fc683de320

SHA256
85cc8a03db59c4e6a0c39a9b5e3d47633a06550863c4f4175a77e25bf00c647a

SHA512
6a9075de9dd1236a5b13ceff1831e6c7b7a9166c588bdcbdae54193e59ff9c8db504af67f729e013001ad81cc508690fd22e4818ce58dbde7dc4a3b8c6bdba89

Download Submit
C:\Users\Admin\AppData\Local\SteelSoft Stages\Qt5WebChannel.dll

Filesize
123KB

MD5
4b2db8fa8a9b55bcbc02f29f12c93f93

SHA1
b4c149c55472bebe10694e6b82758bdf4c82d05c

SHA256
e97acb579d51036311484daebf6ac10472db603c2ba405e8de32eebcebf3f925

SHA512
f314ba3bc256d8d4258f8565fe8f11f29bdcdedcb045696cc94d007ce0f75ad155f679fd486bcdd71a156d097706b8d59f61ae3039d770ad31b0a53820d1a63d

Download Submit
C:\Users\Admin\AppData\Local\SteelSoft Stages\Qt5WebKitWidgets.dll

Filesize
268KB

MD5
eaf7ce27554bcb5500611351b344b083

SHA1
c8bee7c36a8bee1d5b6af62af3ab760d5c09f1ed

SHA256
a4b45c536fc0ae58d016b3726d2eeed8a45713a6ec527e91028af48f04c9b30a

SHA512
b76888d4c64a1b7979f5b019437421b5e29b48016658e058ff7fa6a67b8e8fea69f3536db509627f8fef6fbf56335cdf415d2da908505b61f48dde98cc7fbc18

Download Submit
C:\Users\Admin\AppData\Local\SteelSoft Stages\imageformats\qgif.dll

Filesize
32KB

MD5
20d7a6cfb946b22a816d92ed57b51ce5

SHA1
0af25d85e631e96f49ac9772301726ee78e0823d

SHA256
a51efadb5492658449d095079e2d53808a045341edc6afa453a9536e61b2fa3f

SHA512
0a3975a9032dcb18a06360752d4f39a74c2e82d6e0e77079c25e7d4cc03d9ca12af26ae04208af306edf9986552be456cff26091d4cd1286ca5fff3ca67ed3f5

Download Submit
C:\Users\Admin\AppData\Local\SteelSoft Stages\imageformats\qjpeg.dll

Filesize
241KB

MD5
24583405f8bcfc26884f221a2a9eb0c9

SHA1
8dab67860832bcb9ca9a99007149f6d7d6dac303

SHA256
28f7688622dc5eeffe960b7d906a2fe800ef4ef2654add389aa84ef7c6edcade

SHA512
c39e14619e6a225baa5cc6b110bdbcfcdc2f51ec76413d6ed302b0faa2daeb43bfea2b290936665a76b224ffb5d8822885581f02b533a6b052fb39f7f10b730a

Download Submit
C:\Users\Admin\AppData\Local\SteelSoft Stages\libgcc_s_dw2-1.dll

Filesize
117KB

MD5
fadde43c97607e4445a6f924d851f04e

SHA1
36c1aa0e1b6d4a322c350f5e502c10c64c203041

SHA256
f0614835136413217ed3baec9ba22aaac4c37956afcb0209f1f89b7676ae86bc

SHA512
66f5637419f88070838ed522defad9aa1b46dd4fd8cb045e0292742831520740d152795b6e99770f34061db596019ef3a342a956b541180e78d1c48b2703f42c

Download Submit
C:\Users\Admin\AppData\Local\SteelSoft Stages\libstdc++-6.dll

Filesize
1002KB

MD5
c283d446b34e75019b81d0981cb11f0d

SHA1
a6e146975dfc55b0659d09e25b9a69f7cff993dc

SHA256
f6530962659d0641236a42517a30dc55c4fcb7d30e942c3e820af343798a770d

SHA512
eb51969a79ee4501c955a81cec9f07e9a39007c1ea69c5021e03ebf3b640d949e19f6e0cd7af969e80ec60ea6b8477804fb76deec2704db503e72906103fea63

Download Submit
C:\Users\Admin\AppData\Local\SteelSoft Stages\libwinpthread-1.dll

Filesize
48KB

MD5
d128ae39a79e5d196fc001907b5ec3d1

SHA1
71de74d0aa93903e0a169c88fd21e0c617f0660a

SHA256
4195ac1e3a4a8056de42c31d511e0e595772439adba96180b8953ef5f135f7a5

SHA512
5b32eb7e2f01fb17ed0c4434a525ae3056acddde75c32c5036c18b6f2ffa4cf80cfee9bab4c824ca313e6e33114ea0e761dc8f75db3bbbbe4319c079848a3c06

Download Submit
C:\Users\Admin\AppData\Local\SteelSoft Stages\platforms\qminimal.dll

Filesize
31KB

MD5
b747471f055b61bca1c77ea549ec3db6

SHA1
7421bb89c50e52d45f3baa8a3e789ee3d6f18cf9

SHA256
19c2a0f8dd954fe7a3214b4d850800df1bbb80ededcdcc233783e6052bd1fc51

SHA512
cf7e5f81e062864feb8bc6767779094f08a94d7816203302dabfc88df2acf75e7239005f079eb5fa81991255636a47f977d466e5614a909a10c260eee45b4d9e

Download Submit
C:\Users\Admin\AppData\Local\SteelSoft Stages\platforms\qoffscreen.dll

Filesize
654KB

MD5
3acbfc4441bec4891a6d11f7695a189a

SHA1
28843a7ff8379feac622e8f0ede50961da468bd8

SHA256
72380b2cec8d7f403ff991638caa2b9b231890e9dd8208030662b707f580aacd

SHA512
241a29590f6be539e07ffefb04d8c79fdea0de35a23c3bd51f25bd1f16e87ebf6a9418db51a36772ea87fbccc52866ac785cc6e3b5ff40a653095c76a8af4851

Download Submit
C:\Users\Admin\AppData\Local\SteelSoft Stages\platforms\qwindows.dll

Filesize
1.3MB

MD5
bcfee6b4161d9bec56bf97634a9b9c2e

SHA1
3040622dbc625dcb8be6ab2ce2405da157e44c35

SHA256
e09ca14953574cf748a96596242ca415c1fa8bbaa4997aebb698e8ca8b1e518c

SHA512
df97bd1ab2056c6c13d059a1eae372b2c4f0ad6830ebaf2b88640e00cfdc6081e7e3647fa267886cf501f8ee89c00f6354332c172551dd56b6975b32c6002a8e

Download Submit
C:\Users\Admin\AppData\Local\SteelSoft Stages\printsupport\windowsprintersupport.dll

Filesize
43KB

MD5
802b73d63d6e47dfc5d9a7abe51bb025

SHA1
ec002f4145a8d860a996294d6b4aa24d8910abee

SHA256
5e2a3b61393599618fc306769ac955cde94409b76b71fc8aae528de2b2ee68b3

SHA512
c2e91574b82721d12589ea3ed2b2171a43a8f0068079793304bf35e508a405bfdc84c64d5ba6d538fd710f634483016461bb1fde9d4d8f08be8b4d62bcbfb2ba

Download Submit
C:\Users\Admin\AppData\Local\SteelSoft Stages\ssleay32.dll

Filesize
270KB

MD5
0e42fb7c0ad61d48bea2488c0c88581b

SHA1
2bfb621a42e3c12af442091b246ce4ca7db7b070

SHA256
5f983e8876256fc1788d389f6903d5a60742fa27a0613d569efc9105ed524313

SHA512
6e6c27a3e61ac47ac0b4603493017427fde9b1ef7ce678302c1451bb5fe7ad76fb4cbfd3384ec68da6bb1bccb2cfb3d2e998ff8a24fc1b48e55ef048bf4109e8

Download Submit
C:\Users\Admin\AppData\Local\SteelSoft Stages\steelsoftstages32_64.exe

Filesize
4.1MB

MD5
49ed725babcdd1ae595324da2ec02d97

SHA1
ffbbc5722e0f83dd04c01f0760ef003906fc67f1

SHA256
d0bf28b338679015513add3269e3e8e42e8c28ff6bdf7f52a67054436a9634f4

SHA512
b22eb135f8c482dd063acfe949e044ca18355885e309b4b1e070ecd0e669b653955c9dbe6167770a39683ede7a512adff00684f3883bc925d18633bcb0ac6187

Download Submit
C:\Users\Admin\AppData\Local\SteelSoft Stages\unins000.dat

Filesize
6KB

MD5
5db788da339980a6ad0fd68d28664d83

SHA1
3f960f84b471088bb02db1894331219bc9927a84

SHA256
cd7e26707b533e48008519d2608d5a6cb017207c1a3ca00bdbf6e4e9cacae5b3

SHA512
cd5b410372bafb9484c639169959e406e92af04c6de50767c446bb4def9795ac3233177a9459999a6c323e57c50aa0e1097a70f62791efd57d774cb41c7af748

Download Submit
C:\Users\Admin\AppData\Local\SteelSoft Stages\unins000.dat

Filesize
10KB

MD5
bbf29ef4982cf454fb0b3396011e3a09

SHA1
25099f8af35ae4396b6ea5b0e80f6369557615c1

SHA256
530d89b381e348c5aeba9eda051844df138720a50d1bcb7d5d7ddd4a3e5d4e81

SHA512
c6c1d4c07af918edddcb9c5d8bd6e7e00c58848b6d4eddf5a6522804b836f1d962f364c9f6c37f33bbe25e343441f8bf3bd22b90ecb89610c89c5d8b01da1baf

Download Submit
C:\Users\Admin\AppData\Local\SteelSoft Stages\unins000.exe

Filesize
698KB

MD5
5bcd46f34f8d25247eae40836c1ec2d2

SHA1
eb73455f2680038a772f2795992e5ac2210363ab

SHA256
3813940657117a5fca098cd5d1f6adda6043393298dfaf048d810b3ed063bc9d

SHA512
50b50ca01128856c396ffdb59286084eb57646a6ff5f4dfb7a9dcfcd8c6b21a2968c2744794d7d381ad1ee767f23b0ab76533914ecf9ae90be6d5139e7bb22e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-41EH2.tmp\save-money-by-kondo_L0274sMnqk.tmp

Filesize
687KB

MD5
f1760c4244cea1457a60d88b303f220d

SHA1
9ae8ce2e974cfea2239c34189056bae67387707f

SHA256
a1fb4dfd34050b4c9f2b9d2c7466a12175a862bee5ffc0612206731e3600ac7b

SHA512
f5f094ab348a1524b494ec9fc760ebbf0a65dde7b12180f138fd4385172db38818a16fbd42fe7d8d156cea71436ebc65e4a399ce0671787f18936b5aefa4dbb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-7LS7M.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FO6K1.tmp\_isetup\_iscrypt.dll

Filesize
2KB

MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FO6K1.tmp\_isetup\_isdecmp.dll

Filesize
13KB

MD5
a813d18268affd4763dde940246dc7e5

SHA1
c7366e1fd925c17cc6068001bd38eaef5b42852f

SHA256
e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64

SHA512
b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\wixstdba.dll

Filesize
118KB

MD5
4d20a950a3571d11236482754b4a8e76

SHA1
e68bd784ac143e206d52ecaf54a7e3b8d4d75c9c

SHA256
a9295ad4e909f979e2b6cb2b2495c3d35c8517e689cd64a918c690e17b49078b

SHA512
8b9243d1f9edbcbd6bdaf6874dc69c806bb29e909bd733781fde8ac80ca3fff574d786ca903871d1e856e73fd58403bebb58c9f23083ea7cd749ba3e890af3d2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
d2298ad879dac993540b43a5628bbab3

SHA1
8b4d8a9d136fe8398ab93d984ab32607a994131c

SHA256
aaae1581607e298902221efb07d2317c2007b487b1335b630541abac5256120d

SHA512
987eb66bd4144ee6e04066758d051d6929268eddbd076808de4ac4ebc4b7e1c18b92c20d06053ce6b7d1d07801f2ac8e35fbb2f45fff21e21432873f74cca6d3

Download Submit
C:\Users\Admin\Downloads\NoEscape.zip

Filesize
616KB

MD5
ef4fdf65fc90bfda8d1d2ae6d20aff60

SHA1
9431227836440c78f12bfb2cb3247d59f4d4640b

SHA256
47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8

SHA512
6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 511451.crdownload

Filesize
13.5MB

MD5
660708319a500f1865fa9d2fadfa712d

SHA1
b2ae3aef17095ab26410e0f1792a379a4a2966f8

SHA256
542c2e1064be8cd8393602f63b793e9d34eb81b1090a3c80623777f17fa25c6c

SHA512
18f10a71dc0af70494554b400bdf09d43e1cb7e93f9c1e7470ee4c76cd46cb4fbf990354bbbd3b89c9b9bda38ad44868e1087fd75a7692ad889b14e7e1a20517

Download Submit
memory/372-260-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/372-98-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/372-175-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1552-263-0x0000000000400000-0x0000000000C1D000-memory.dmp

Filesize
8.1MB

Download
memory/1552-270-0x0000000000400000-0x0000000000C1D000-memory.dmp

Filesize
8.1MB

Download
memory/1552-268-0x0000000000400000-0x0000000000C1D000-memory.dmp

Filesize
8.1MB

Download
memory/1552-267-0x0000000000400000-0x0000000000C1D000-memory.dmp

Filesize
8.1MB

Download
memory/2008-265-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2008-209-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2008-272-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2744-2085-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/3348-193-0x0000000000400000-0x0000000000C1D000-memory.dmp

Filesize
8.1MB

Download
memory/3348-205-0x0000000000400000-0x0000000000C1D000-memory.dmp

Filesize
8.1MB

Download
memory/3348-190-0x0000000000400000-0x0000000000C1D000-memory.dmp

Filesize
8.1MB

Download
memory/3348-187-0x0000000000400000-0x0000000000C1D000-memory.dmp

Filesize
8.1MB

Download
memory/3348-184-0x0000000000400000-0x0000000000C1D000-memory.dmp

Filesize
8.1MB

Download
memory/3348-181-0x0000000000400000-0x0000000000C1D000-memory.dmp

Filesize
8.1MB

Download
memory/3348-177-0x0000000000400000-0x0000000000C1D000-memory.dmp

Filesize
8.1MB

Download
memory/3348-199-0x0000000000400000-0x0000000000C1D000-memory.dmp

Filesize
8.1MB

Download
memory/3348-178-0x0000000000400000-0x0000000000C1D000-memory.dmp

Filesize
8.1MB

Download
memory/3348-202-0x0000000000400000-0x0000000000C1D000-memory.dmp

Filesize
8.1MB

Download
memory/3348-250-0x0000000000400000-0x0000000000C1D000-memory.dmp

Filesize
8.1MB

Download
memory/3348-196-0x0000000000400000-0x0000000000C1D000-memory.dmp

Filesize
8.1MB

Download
memory/3348-174-0x0000000000400000-0x0000000000C1D000-memory.dmp

Filesize
8.1MB

Download
memory/3348-173-0x0000000000400000-0x0000000000C1D000-memory.dmp

Filesize
8.1MB

Download
memory/3348-208-0x0000000000400000-0x0000000000C1D000-memory.dmp

Filesize
8.1MB

Download
memory/3468-304-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/4240-271-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/4240-266-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/4812-256-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/4812-176-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/4840-303-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4840-273-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/5000-306-0x0000000000400000-0x0000000000C1D000-memory.dmp

Filesize
8.1MB

Download
memory/5000-305-0x0000000000400000-0x0000000000C1D000-memory.dmp

Filesize
8.1MB

Download