hxxps://reformedtundra[.]itch[.]io/windows-12-exe

Analysis

max time kernel
228s
max time network
204s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05-09-2024 12:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://reformedtundra.itch.io/windows-12-exe

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 10 IoCs

pid	Process
5096	windows 12.exe
5552	windows 12.exe
4688	windows 12.exe
1612	windows 12.exe
5504	windows 12.exe
2548	windows 12.exe
6120	windows 12.exe
4860	windows 12.exe
4744	windows 12.exe
4100	windows 12.exe

Loads dropped DLL 18 IoCs

pid	Process
5096	windows 12.exe
5552	windows 12.exe
4688	windows 12.exe
5552	windows 12.exe
5552	windows 12.exe
5552	windows 12.exe
1612	windows 12.exe
5552	windows 12.exe
5504	windows 12.exe
2548	windows 12.exe
6120	windows 12.exe
4860	windows 12.exe
4744	windows 12.exe
6120	windows 12.exe
6120	windows 12.exe
6120	windows 12.exe
6120	windows 12.exe
4100	windows 12.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	windows 12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	windows 12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	windows 12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	windows 12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	windows 12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	windows 12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	windows 12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	windows 12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	windows 12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	windows 12.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	Taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Windows 12 exe.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2076	msedge.exe
2076	msedge.exe
3916	msedge.exe
3916	msedge.exe
2928	msedge.exe
2928	msedge.exe
5636	identity_helper.exe
5636	identity_helper.exe
952	msedge.exe
952	msedge.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1824	Taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	3180	7zG.exe
Token: 35	3180	7zG.exe
Token: SeSecurityPrivilege	3180	7zG.exe
Token: SeSecurityPrivilege	3180	7zG.exe
Token: SeShutdownPrivilege	5096	windows 12.exe
Token: SeCreatePagefilePrivilege	5096	windows 12.exe
Token: 33	1680	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1680	AUDIODG.EXE
Token: SeShutdownPrivilege	5096	windows 12.exe
Token: SeCreatePagefilePrivilege	5096	windows 12.exe
Token: SeShutdownPrivilege	5096	windows 12.exe
Token: SeCreatePagefilePrivilege	5096	windows 12.exe
Token: SeShutdownPrivilege	5096	windows 12.exe
Token: SeCreatePagefilePrivilege	5096	windows 12.exe
Token: SeShutdownPrivilege	5096	windows 12.exe
Token: SeCreatePagefilePrivilege	5096	windows 12.exe
Token: SeShutdownPrivilege	5096	windows 12.exe
Token: SeCreatePagefilePrivilege	5096	windows 12.exe
Token: SeShutdownPrivilege	5096	windows 12.exe
Token: SeCreatePagefilePrivilege	5096	windows 12.exe
Token: SeShutdownPrivilege	5096	windows 12.exe
Token: SeCreatePagefilePrivilege	5096	windows 12.exe
Token: SeShutdownPrivilege	5096	windows 12.exe
Token: SeCreatePagefilePrivilege	5096	windows 12.exe
Token: SeShutdownPrivilege	5096	windows 12.exe
Token: SeCreatePagefilePrivilege	5096	windows 12.exe
Token: SeShutdownPrivilege	5096	windows 12.exe
Token: SeCreatePagefilePrivilege	5096	windows 12.exe
Token: SeShutdownPrivilege	5096	windows 12.exe
Token: SeCreatePagefilePrivilege	5096	windows 12.exe
Token: SeShutdownPrivilege	5096	windows 12.exe
Token: SeCreatePagefilePrivilege	5096	windows 12.exe
Token: SeShutdownPrivilege	5096	windows 12.exe
Token: SeCreatePagefilePrivilege	5096	windows 12.exe
Token: SeShutdownPrivilege	5096	windows 12.exe
Token: SeCreatePagefilePrivilege	5096	windows 12.exe
Token: SeShutdownPrivilege	5096	windows 12.exe
Token: SeCreatePagefilePrivilege	5096	windows 12.exe
Token: SeShutdownPrivilege	5096	windows 12.exe
Token: SeCreatePagefilePrivilege	5096	windows 12.exe
Token: SeShutdownPrivilege	5096	windows 12.exe
Token: SeCreatePagefilePrivilege	5096	windows 12.exe
Token: SeShutdownPrivilege	5096	windows 12.exe
Token: SeCreatePagefilePrivilege	5096	windows 12.exe
Token: SeShutdownPrivilege	5096	windows 12.exe
Token: SeCreatePagefilePrivilege	5096	windows 12.exe
Token: SeShutdownPrivilege	5096	windows 12.exe
Token: SeCreatePagefilePrivilege	5096	windows 12.exe
Token: SeShutdownPrivilege	5096	windows 12.exe
Token: SeCreatePagefilePrivilege	5096	windows 12.exe
Token: SeShutdownPrivilege	5096	windows 12.exe
Token: SeCreatePagefilePrivilege	5096	windows 12.exe
Token: SeShutdownPrivilege	5096	windows 12.exe
Token: SeCreatePagefilePrivilege	5096	windows 12.exe
Token: SeShutdownPrivilege	5096	windows 12.exe
Token: SeCreatePagefilePrivilege	5096	windows 12.exe
Token: SeShutdownPrivilege	5096	windows 12.exe
Token: SeCreatePagefilePrivilege	5096	windows 12.exe
Token: SeShutdownPrivilege	5096	windows 12.exe
Token: SeCreatePagefilePrivilege	5096	windows 12.exe
Token: SeShutdownPrivilege	5096	windows 12.exe
Token: SeCreatePagefilePrivilege	5096	windows 12.exe
Token: SeShutdownPrivilege	5096	windows 12.exe
Token: SeCreatePagefilePrivilege	5096	windows 12.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3180	7zG.exe
5096	windows 12.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe
1824	Taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2164	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3916 wrote to memory of 5508	3916	msedge.exe	79
PID 3916 wrote to memory of 5508	3916	msedge.exe	79
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 5980	3916	msedge.exe	81
PID 3916 wrote to memory of 2076	3916	msedge.exe	82
PID 3916 wrote to memory of 2076	3916	msedge.exe	82
PID 3916 wrote to memory of 5244	3916	msedge.exe	83
PID 3916 wrote to memory of 5244	3916	msedge.exe	83
PID 3916 wrote to memory of 5244	3916	msedge.exe	83
PID 3916 wrote to memory of 5244	3916	msedge.exe	83
PID 3916 wrote to memory of 5244	3916	msedge.exe	83
PID 3916 wrote to memory of 5244	3916	msedge.exe	83
PID 3916 wrote to memory of 5244	3916	msedge.exe	83
PID 3916 wrote to memory of 5244	3916	msedge.exe	83
PID 3916 wrote to memory of 5244	3916	msedge.exe	83
PID 3916 wrote to memory of 5244	3916	msedge.exe	83
PID 3916 wrote to memory of 5244	3916	msedge.exe	83
PID 3916 wrote to memory of 5244	3916	msedge.exe	83
PID 3916 wrote to memory of 5244	3916	msedge.exe	83
PID 3916 wrote to memory of 5244	3916	msedge.exe	83
PID 3916 wrote to memory of 5244	3916	msedge.exe	83
PID 3916 wrote to memory of 5244	3916	msedge.exe	83
PID 3916 wrote to memory of 5244	3916	msedge.exe	83
PID 3916 wrote to memory of 5244	3916	msedge.exe	83
PID 3916 wrote to memory of 5244	3916	msedge.exe	83
PID 3916 wrote to memory of 5244	3916	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://reformedtundra.itch.io/windows-12-exe
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffdc493cb8,0x7fffdc493cc8,0x7fffdc493cd8
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1788,16360489737658306817,13412629992381179259,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1788,16360489737658306817,13412629992381179259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1788,16360489737658306817,13412629992381179259,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,16360489737658306817,13412629992381179259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,16360489737658306817,13412629992381179259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1788,16360489737658306817,13412629992381179259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1788,16360489737658306817,13412629992381179259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,16360489737658306817,13412629992381179259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,16360489737658306817,13412629992381179259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,16360489737658306817,13412629992381179259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,16360489737658306817,13412629992381179259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,16360489737658306817,13412629992381179259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,16360489737658306817,13412629992381179259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1788,16360489737658306817,13412629992381179259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4588 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,16360489737658306817,13412629992381179259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,16360489737658306817,13412629992381179259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,16360489737658306817,13412629992381179259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,16360489737658306817,13412629992381179259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,16360489737658306817,13412629992381179259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,16360489737658306817,13412629992381179259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:2788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1564

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4948

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap8081:86:7zEvent9096
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3180

C:\Users\Admin\Desktop\windows 12\windows 12.exe
"C:\Users\Admin\Desktop\windows 12\windows 12.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5096
- C:\Users\Admin\Desktop\windows 12\windows 12.exe
  "C:\Users\Admin\Desktop\windows 12\windows 12.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\windows 12" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1656,i,169789232865281939,5262090712187177085,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5552
- C:\Users\Admin\Desktop\windows 12\windows 12.exe
  "C:\Users\Admin\Desktop\windows 12\windows 12.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\windows 12" --mojo-platform-channel-handle=2092 --field-trial-handle=1656,i,169789232865281939,5262090712187177085,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4688
- C:\Users\Admin\Desktop\windows 12\windows 12.exe
  "C:\Users\Admin\Desktop\windows 12\windows 12.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\windows 12" --app-path="C:\Users\Admin\Desktop\windows 12\resources\app" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2396 --field-trial-handle=1656,i,169789232865281939,5262090712187177085,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1612
- C:\Users\Admin\Desktop\windows 12\windows 12.exe
  "C:\Users\Admin\Desktop\windows 12\windows 12.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\windows 12" --mojo-platform-channel-handle=2788 --field-trial-handle=1656,i,169789232865281939,5262090712187177085,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5504

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x0000000000000494 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1680

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2164

C:\Windows\System32\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1824

C:\Users\Admin\Desktop\windows 12\windows 12.exe
"C:\Users\Admin\Desktop\windows 12\windows 12.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2548
- C:\Users\Admin\Desktop\windows 12\windows 12.exe
  "C:\Users\Admin\Desktop\windows 12\windows 12.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\windows 12" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1764,i,6252771864353259682,15532785537837212279,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:6120
- C:\Users\Admin\Desktop\windows 12\windows 12.exe
  "C:\Users\Admin\Desktop\windows 12\windows 12.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\windows 12" --mojo-platform-channel-handle=2068 --field-trial-handle=1764,i,6252771864353259682,15532785537837212279,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4860
- C:\Users\Admin\Desktop\windows 12\windows 12.exe
  "C:\Users\Admin\Desktop\windows 12\windows 12.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\windows 12" --app-path="C:\Users\Admin\Desktop\windows 12\resources\app" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2416 --field-trial-handle=1764,i,6252771864353259682,15532785537837212279,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4744
- C:\Users\Admin\Desktop\windows 12\windows 12.exe
  "C:\Users\Admin\Desktop\windows 12\windows 12.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\windows 12" --mojo-platform-channel-handle=2912 --field-trial-handle=1764,i,6252771864353259682,15532785537837212279,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e681bda746d695b173a54033103efa8

SHA1
ae07be487e65914bb068174b99660fb8deb11a1d

SHA256
fee5f7377e5ca213c1d8d7827b788723d0dd2538e7ce3f35581fc613fde834c2

SHA512
0f4381c769d4ae18ff3ac93fd97e8d879043b8ec825611db27f08bd44c08babc1710672c3f93435a61e40db1ccbf5b74c6363aaaf5f4a7fc95a6a7786d1aced8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f081a02d8bbd5d800828ed8c769f5d9

SHA1
978d807096b7e7a4962a001b7bba6b2e77ce419a

SHA256
a7645e1b16115e9afec86efa139d35d5fecc6c5c7c59174c9901b4213b1fae0e

SHA512
7f3045f276f5bd8d3c65a23592419c3b98f1311c214c8e54a4dfe09122a08afb08ab7967b49bd413bc748ce6363658640bc87958d5e0a78974680a8f9beadf44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
e086258e3c45a14bdceafe42370a59ed

SHA1
16505d9b51cb576db6212b61400d8fcff73ebb07

SHA256
fb7cf49254acc484046259ec4ef25d40d914b7ef340e2699c95212895127b4bc

SHA512
f213595a2f737190f6fb019a7dbde328f206d72f46212ebf59f736a389b565e7ee61d3472ab46c4dd302ba9d78f274f9aec8cb57b278904aca7d5998ed2aeff2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f12789bf0f8549fd7f59c35e2cc0123f

SHA1
be913542a17af79860c0eff2226ed6248717be48

SHA256
988698a8c614eb5a9f70f95d700f83e74caec215b345a08903c6da25d7e3409a

SHA512
68b0c33ef488fabee9dad9f7d1a5d6a8f60af3cd79d1a2def87efe01c88196e5237026afd80034d411ff36073777e45836d772e8455055f011e9ae8c89957211

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8a4de8fb8aa000e5689db1fa315b9435

SHA1
b953b446156d8a18975cfa013ea4c4e2da4269a1

SHA256
127c428c1660577a2d164d468d01aaf85bc72a49eed93ea02f40b34ac9b2b47d

SHA512
cecdc1ff6a027f0712ce18bd4328038b3ebbc5702214a8e391bc88d9821fc8c3e7d83895a69b58fff2855f1b3d041c2b11e863c1a9a66e6d5516d961b8593910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
315ba36f38b0e6b4e40394d4e2bc42d0

SHA1
7384b0205567cb5e2d52402818a5dca5e8f809b3

SHA256
06d37836469ab8566747b97128fe4f3dde0bda2419acea1000276ef091e1ad36

SHA512
f211859f979a7c4703e29c38d127a04b41eb0f203afe69d4fd29016d148350ae6ef215d791850dbb78c29a22ce7e8d44adeaa4575bda983421c83df7deeb1b6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
133a141c257f56ba51817ca5c0cea39b

SHA1
36db8c027d40f5b0898044076551083e9b826f7a

SHA256
c170635d56c03318631ffe61a019cbb4d4092ebe2a7b5cd1095c006b96e999d7

SHA512
8be638eeb8951eb70d4a8383a952f20110f95172b39500eb65baa3e918ad5e34a306ab70c7788bda1fea67ed4d3fd771256dd6886ca94e8991dc4dbd5d1d7310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
363edaae4e9fb78fd90ee29e9febc4cf

SHA1
a11db4a745cfb3f805a8bea483fda7f729044525

SHA256
856152dbf8fd2a5b43dee7e36c704f4049fb2f9e389abd5af0a6c2eb6fede165

SHA512
f22d87390b90476c0fec708026b0ec31795945e56287c856a932e49a2245875f9ad05cef851ce0dac4a4267d5f4c1c3c1bb019f01c3495da45f9551d946037e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
28e1caeaffd43522bcc8e18d5fb794b9

SHA1
429559a9296d4e18ddc93db9d1b691fcd87ddb29

SHA256
970b4667275f28f60718dccf4771b44a61f22db6d63c7433ec4b70b596cb04d0

SHA512
5d7b29dbbc8cdaf59dd5dde7e3336dc1f0e769b5aaddf3650db7c6ca621da4d6d7dfe010f74052cf98f1fc81cca9db2778bc08db2d1969f401ba309830f55e71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580f9b.TMP

Filesize
201B

MD5
cdb45a36694232e4aa2245aed4ce743d

SHA1
e040e7d4864a09dcfcfd99b0630ec02d4f013db5

SHA256
c3ffffa148b09eaa17f5e5247ecdaff1af49223bb9d014e3f9ee8df3f59bbc14

SHA512
9efd61e9d0385aff62c60f2042e20b85a5e5c72bc4701f34a0e2c15c0e59ae60d04d28c150ea7e4e0dd48fea5c6e7437ee5e4526872449e94a515ab7d31b2acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e089798a-70b3-44a4-8be6-ef7f8f57b744.tmp

Filesize
5KB

MD5
6fe4e2b70270e2ceccd31439a76606f7

SHA1
c52f8b630164098da37a148c6b6b8e3f80b3faab

SHA256
78ded833202c2e0b965eee240ce09b2c55d6a59493c4b95af0f725db4e3b70a0

SHA512
3b5abb01b138527fed315c2ee606352804452531b390f3af1471f0ce53e9c19129f8923877ba09f2858fa04f142ed8552dc12ee864c489f15f1c1d4dc28914e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9d91ade73d22b1bf0eb5530959eef6cf

SHA1
836f92a76779f1337073a77611846c639033bb36

SHA256
a58f7fb56c73883af053696de209664733f09eaa69d8d39ac0695d14d1c5d5b9

SHA512
21f51b02672a5b5eca9a6d0cc9e77b527f1de608f2594717d43d344349f31939965c12b9a235def7e73aeb1012f23c6fc72b2225055dbd1dbfefb062f881bebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0ebe358c464dee96aef47a94747bcd71

SHA1
ee6e80b4c706edae096814873d73429fbd48fdce

SHA256
92796f573fe9a50160e46171351e332369f4e3cc743087b55cfd14d965f3efd8

SHA512
708823f04bb5d42ece6ae99f54e9d74180a0f15a19b1535b8f71e8dc3434f59627ba78d33bf05db0eb74dcb4ea05362b6359662df1b2ed22776e27832591ca5a

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
27152171537c47796aa7194ac41383bc

SHA1
430c380ea885fce765a771cc40cbfe6358b4d04c

SHA256
28276ad4adb3f540918a28a722f10a63406037b96a14e05565e31ec90c605c22

SHA512
044ded8d45d2249f69ae617768398a33cf060618f1cb583aa9d9a34171de10bf3e23f6e49b3c0b8ca872f5ecbe98e841168fb3e94fdef2efbb299a3cbc01f616

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
f8f606a032719f0447a78d9b50fb672f

SHA1
45d741cb2185064eb8c06a91d79c928fcb657abe

SHA256
d5e5bb3e87ef84f4e352d277fbe38a57f65ed50c0f8309dbff43d57af778b3ca

SHA512
96169b9bcfce9f671452010340d707e2dd3a60a1ba2847cccbf1fff2dd11d0f74dfdc74cb9c20015bdbe95479f52501f9ee30ac634f547006104fba349472b65

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\windows 12\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\windows 12\GPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Roaming\windows 12\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\windows 12\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\windows 12\Network\Network Persistent State

Filesize
300B

MD5
21de6de28bd917da5e53e404871afc7a

SHA1
d7be9c3f4c434b63f3ed4f688f746c2e5663c992

SHA256
fd662b8a0d3f586ff78ddb1832a4f81a6138272d7df3cc9c7a47afe70df68828

SHA512
07d2167e0201839b1771519cbf498dafe4a65736812b0be7d5ecfcd1d6019b9d4bb127af0d3fd2f7d6ad9de5fea71818eb8150526c6db48f8351d7326df7ff22

Download Submit
C:\Users\Admin\AppData\Roaming\windows 12\Network\Network Persistent State

Filesize
390B

MD5
62492adc093afbfaaa5c0a86bbd3d8c3

SHA1
152ae7fb62de40e992e3b9ef6496fb9e411b765c

SHA256
0053a0248b78e4a3dcdc065328efb5da728b82ffab8b1dc2e1a521af618b4d78

SHA512
6bd9e42e93a363e4be7359b6ed771249bacdd07c1dc756a1cc2331a5d47fab681a1979cb74522db656af97d4ca294bc5d2106e903aa0dfa8f8d66161d8daed70

Download Submit
C:\Users\Admin\AppData\Roaming\windows 12\Network\Network Persistent State~RFe594d0d.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\windows 12\Network\TransportSecurity

Filesize
203B

MD5
ff0a892b3cd8f0247b0c50b244c8a115

SHA1
adc7d77472812ed6a10b495d466eb15567cd04e4

SHA256
95fd53c21d538e470edddc4bf19798fc64db931d74a6d3426a6cba2531c75718

SHA512
8544dbd44c26ab6cf3c981d02f0bd4b23b7b64b548a9777ac9f2c8062d3bfc637281544335ada940e46629539db3550611668d1ff72817beb181903cb53366cd

Download Submit
C:\Users\Admin\AppData\Roaming\windows 12\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\windows 12\blob_storage\f785ba10-5e46-4569-9a73-14afc4190445\0

Filesize
7.8MB

MD5
69cdb61b83395d25017aaa787da8eb86

SHA1
393ab7a5acf293eb0b6048e9b233dcc1661b7d09

SHA256
ebae84f8c392c9d9be9d000ba02ea66a011dcc25733fb97a6f14e365d833638d

SHA512
d91872942f24d8d5baa41b55537b9c3e469f4f50604a2169739a8451cf63798fae6adc714f30a3bf1d63cb80c73f76836eebbb64b8b8035a78eaeb5dbed50d70

Download Submit
C:\Users\Admin\AppData\Roaming\windows 12\da32a079-f76e-44ba-9247-2074d67ddeea.tmp

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\Desktop\windows 12\chrome_100_percent.pak

Filesize
126KB

MD5
d31f3439e2a3f7bee4ddd26f46a2b83f

SHA1
c5a26f86eb119ae364c5bf707bebed7e871fc214

SHA256
9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e

SHA512
aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

Download Submit
C:\Users\Admin\Desktop\windows 12\chrome_200_percent.pak

Filesize
175KB

MD5
5604b67e3f03ab2741f910a250c91137

SHA1
a4bb15ac7914c22575f1051a29c448f215fe027f

SHA256
1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c

SHA512
5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

Download Submit
C:\Users\Admin\Desktop\windows 12\d3dcompiler_47.dll

Filesize
3.9MB

MD5
ab3be0c427c6e405fad496db1545bd61

SHA1
76012f31db8618624bc8b563698b2669365e49cb

SHA256
827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6

SHA512
d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

Download Submit
C:\Users\Admin\Desktop\windows 12\ffmpeg.dll

Filesize
2.4MB

MD5
c921230b4bbe802f0d797db79d0009b9

SHA1
dd852ce1f82b2daadfb85efa9c53e3264e1d401e

SHA256
02a6d001e6dd944738e09b720e49dcb1272cb782b870e5ae319d4600bc192225

SHA512
6acdda7d638609ffa1989e50dde5a51436ae3d98e036b24ffc2c3f08bc0d39e91a5a2ea427063645f3141f06e7c272ca45fd41333d6770f8402651489a0f6da7

Download Submit
C:\Users\Admin\Desktop\windows 12\icudtl.dat

Filesize
10.0MB

MD5
76bef9b8bb32e1e54fe1054c97b84a10

SHA1
05dfea2a3afeda799ab01bb7fbce628cacd596f4

SHA256
97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3

SHA512
7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

Download Submit
C:\Users\Admin\Desktop\windows 12\libEGL.dll

Filesize
375KB

MD5
51cc9f3891cfe33e095f901c8e5f121d

SHA1
03ac95d250969e65a3ede7a29c3e5425ccdd9fe1

SHA256
961aff31cab097ebb973a32140c4f87c415734412771cf1fdfe24ddc675b54c2

SHA512
3351898af8c75afa8df3f300416bc9d40f4ead90ea947876140ec54a015fafd149427a9dfb5b7c8239ae229839edd786561a5a73ffe37f29758946fd18730039

Download Submit
C:\Users\Admin\Desktop\windows 12\libGLESv2.dll

Filesize
6.4MB

MD5
fb74e837a2ebbf59afeb09106644a9ab

SHA1
55225fcc692aa332f698960c3dc1140d791d1fa1

SHA256
e6ab5fc601d0d230c989d2f481b37c259a0a1fffb7fb841b7099a5e966f0088a

SHA512
585e464de076d6d2560288fe9430004430effb0599134bfb30fabb7bad3cdccff9458d21d17f580823a308cd6472f36d1f1ce6a04e568ba6dcca2e68fd39d63f

Download Submit
C:\Users\Admin\Desktop\windows 12\locales\en-US.pak

Filesize
313KB

MD5
3f6f4b2c2f24e3893882cdaa1ccfe1a3

SHA1
b021cca30e774e0b91ee21b5beb030fea646098f

SHA256
bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f

SHA512
bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

Download Submit
C:\Users\Admin\Desktop\windows 12\resources.pak

Filesize
5.1MB

MD5
f5ab76d2b17459b5288b6269b0925890

SHA1
75be4046f33919340014a88815f415beb454a641

SHA256
4f29587bcd952de1dbc0b98df0aa506bd9fcf447e6a7258c5eb7e9eb780e6d6c

SHA512
6ec6a08418743adb5e20218b73169be4f45f5458592219497c3718e620e37871876788937418f1341e0023c1137f9cac715e6bb941f4690febdda993b072feab

Download Submit
C:\Users\Admin\Desktop\windows 12\resources\app\assets\05a38c893c80e0d9a2ac8083a994e2c6.svg

Filesize
517B

MD5
05a38c893c80e0d9a2ac8083a994e2c6

SHA1
1b1bb1b47f793cddeaf45ae7ed03a920d7ac31d3

SHA256
c2c4ad098d3c9e97f7f64d05b5fcb43c550c1ce3dbb88d30bc6b336e37ede059

SHA512
558cd2c1ef1553a281947bcdb976519f0d2fe34a42a6e40ef93afaa7fe306cfd6ab513a0ec47f3cab91646a3bcd5b443aab89c108c9f17ba5d74984634b83af6

Download Submit
C:\Users\Admin\Desktop\windows 12\resources\app\assets\2a8b402edbc69084108a843ef2d6cadd.png

Filesize
19KB

MD5
2a8b402edbc69084108a843ef2d6cadd

SHA1
75dfb8b36d542d5c599f0188b980b7f690d02808

SHA256
fbfe024f4d473caebc9835129b95e5880b208268d9ff98eb49566af1c297150e

SHA512
1735f5819a0b336cb47f0d0a039492095b7fcac417666595acfee3ff771915e3ab2919b3e6fdcbf9cb77f31bd0ae081a1aea2ecd7894b2599b13a5b4d4dd9edc

Download Submit
C:\Users\Admin\Desktop\windows 12\resources\app\assets\3f3556e1688a58246b6a530dc4842f92.png

Filesize
29KB

MD5
3f3556e1688a58246b6a530dc4842f92

SHA1
5b8df68d1c5bb815079f6ceb48fb798fd060ef6f

SHA256
68baa70899aec73e6a797f7691bed34c8b88fab0b5bfefcb157865cd332d3de8

SHA512
ee832ba75d405795cca448a46ee48b0322806a2a7ce04664bdbd5bc0a74f880dc584b0847e05cf23d0a6793d978393bc3438d2360b368ce455a355e08dc0cb9b

Download Submit
C:\Users\Admin\Desktop\windows 12\resources\app\assets\508c20ecc94fd4e76e3ff10d3695e3a6.png

Filesize
71KB

MD5
508c20ecc94fd4e76e3ff10d3695e3a6

SHA1
f714fc6c897b38fb73e7e5c7dfa7917db9fb3ec3

SHA256
4416a4d43eba6ec7433344aba7871dbdb07cdc4a5b6597f1257298120576d907

SHA512
fd776a9123de9e2c22c84b39ea45daae2de8219d9b29a373a54d055ce06566ae3dacba4ec76c0b0b042003d76f286e8bf9836d7787b592c3ca053448fe880563

Download Submit
C:\Users\Admin\Desktop\windows 12\resources\app\assets\7473365e17a9b5f4ef41605f79b7dcc3.png

Filesize
134KB

MD5
7473365e17a9b5f4ef41605f79b7dcc3

SHA1
5a8add443b08985d7bc75eca3bacd9bd4cf47a89

SHA256
457e15e07ed91b38620ded712a822d6c8c026b7d3db8c91c2347fcc0a3949c5b

SHA512
97a4bac58b78efbd0b79807db8a5124215000249d1f02869da0f6671e8778d5d1e100303105f69a587f7a361177f7f11a3252c8f7453acd8a42e104a3a9fb331

Download Submit
C:\Users\Admin\Desktop\windows 12\resources\app\assets\bfdc1e48fbae23633a84bfd61cbe2954.png

Filesize
40KB

MD5
bfdc1e48fbae23633a84bfd61cbe2954

SHA1
b144a2d4358281bb482e86df8691840c8245a310

SHA256
1742c1aca07c9ac76f3246e5808aa6b789566e2e5c335e7ed7b06c19924ecad7

SHA512
7c55656cea76d986fc38887905822dda63c36b3869207d73b31b6bbd383816b85eda5b4edcb6dc0e4bc7bf689e24c14b7f3fbfb89fd49dc41bef65b691006233

Download Submit
C:\Users\Admin\Desktop\windows 12\resources\app\assets\e3f3d5ceffeae22c7fff36f3c1979a8e.svg

Filesize
517B

MD5
e3f3d5ceffeae22c7fff36f3c1979a8e

SHA1
9d4483764bc206df90caec95a547f91db6416342

SHA256
c7b03925bf2d3038f88e4bf3c3ad6d2059c4321df27de936adbe0568f0b9591b

SHA512
cd11f3c8e6925beb5aca00bad95fea92404207a0c68a29d87e6fcc8336a87d093d04ef72cfee6a4737142a07f1e1106390cd771a767fd7a0e60b36580dd214a8

Download Submit
C:\Users\Admin\Desktop\windows 12\resources\app\assets\e8a5b253e1364764ba464011007c23fb.png

Filesize
104KB

MD5
e8a5b253e1364764ba464011007c23fb

SHA1
e6ac0e2970c54cf5f2dae0308a510b3d338257e2

SHA256
b323ae90cb10a943cb60043330eb153d107f742a687417eea540e7f3f28267b8

SHA512
e9e6ee40c6c28833605946569db7ca6e7a8c9f426721cc527b09bb715725484b88a61a7670edaeded1e5236d24561046849c2a9c430f7dea5f6b9762afb11976

Download Submit
C:\Users\Admin\Desktop\windows 12\resources\app\assets\e93c420e8f0d473026ccafd0f7e3df11.png

Filesize
107KB

MD5
e93c420e8f0d473026ccafd0f7e3df11

SHA1
9f6eb0fd83b26d6740ad9876e345a56031ab2493

SHA256
bbbcbf5558fb32ad8b9d16f23c2b6c00317b0a4237c584edc00008fb88965112

SHA512
2c989748714ae4afa90ae450bc02890242a7ec22bea619e155ca7a633d1bee61e2f1b796ddbeeca78eb782ca8813416c5b461f61405dfa9784774cd7f59bce58

Download Submit
C:\Users\Admin\Desktop\windows 12\resources\app\assets\project.json

Filesize
149KB

MD5
c5339bb85a6500b10d97cc7265d64f6d

SHA1
9d177b0998d289e9d391bbd4bc0aa32355b6f7eb

SHA256
0f3976a300767aaa666349b7f765506db63c75ef4ee845aa7670fcebd1da5989

SHA512
49ad6f40ab3069ce6deec1dbd744e90fae4a6307e28f180955ee3112225ad939c3b2f5bfd6f39663fa6a828babf1faafd9386a59e19554ecea7543d6ac707a0e

Download Submit
C:\Users\Admin\Desktop\windows 12\resources\app\electron-main.js

Filesize
4KB

MD5
1188b698cd2b9694dc58b736ca129102

SHA1
ada0697fe217e9524154b214fadabcce210d78ab

SHA256
fda45e1aeac0c9ada09169c4d344341ccac3712cb924739838aff31141f2983f

SHA512
e41306f7917bbe8a9fe8e51f52108b61175f5cace3da3c917600086e44464fa252d5839afa16eb2b68b1dec40847fd6e65318f7ff8df496b5d518aa4607484b2

Download Submit
C:\Users\Admin\Desktop\windows 12\resources\app\icon.png

Filesize
4KB

MD5
8deaf706d6e635f289fd5a06a53f2560

SHA1
d1febaadd94d78a6120e9a79560426489cbd4c3b

SHA256
96f557324abcbba31e03bef3c580e8dafcd808472d7073bfadd02eaef337b274

SHA512
33d90873798bbba889ff92ceca9dfecfdbb7bdef84003e8681cdf4257f75b05e6ce420d55541dccd97c938634abf31b6af5e0215f08b71d4a7ffd85315ef7d9e

Download Submit
C:\Users\Admin\Desktop\windows 12\resources\app\index.html

Filesize
86KB

MD5
03e473539b387f33efd92dd82c5aa329

SHA1
af2e542425f72260118288cc1b8300ff041eec87

SHA256
87017d74f8355ad67e416e7bdddda244de8964116764de86dee8628f495dfd92

SHA512
85a260ba46bd25fe1ffefc57c04ebea844150bb81e2d1dab53c43ca070eb0f6f05a17876488143998f03155602cf957513985996c615bde8717716283ef943fe

Download Submit
C:\Users\Admin\Desktop\windows 12\resources\app\package.json

Filesize
84B

MD5
e920a847319e7e9ab17b137d8261efde

SHA1
7733b97299b2934e55246797dbdd991f2dd74a78

SHA256
670fe13f877643ede85bebb3bcd636b6e6e69995fba5c8f60394e6c912ab8d9b

SHA512
c1f8de09d077a5512608a53310350fccab769bffb0d2f751cd41eaef35fe4a7bec7b6167b193299bf2297f85c7397151ba861243dd0aba5d87a010f890e4c18c

Download Submit
C:\Users\Admin\Desktop\windows 12\resources\app\script.js

Filesize
2.1MB

MD5
d9daaeddc8a64897414ae416aa3852d1

SHA1
49e7d413020c749d7146920f53a36531ae2d1883

SHA256
a7fe6f6da3ee8319dcb0b9c7478257e6eeaf8488bd41df349af182e6a0fa3f65

SHA512
d568e072667ebd8cd442ce0d5ab14b131e258d4071c4cb5604bd99693ad5ade61e58c6bbe885879268d2f1397afa2d9ca4e85a064ba625ed170560a73213d433

Download Submit
C:\Users\Admin\Desktop\windows 12\v8_context_snapshot.bin

Filesize
585KB

MD5
b32cbc4a5ff34f441e8e0c264aa61849

SHA1
435d88a3e50ff85b6030c4c6e8918161fa340201

SHA256
4f72c7b625b64d38f819a970cfff5921ff4080e27de84b00b9a7cf8be15277c5

SHA512
7c13eedfab9fba821d5a26e5ba81444a84b48aff13a7cd508c03f7ea113997c2edf7126e5547e16fb3e98a942f0070a5d597c25971afbde92b46125085b57b4e

Download Submit
C:\Users\Admin\Desktop\windows 12\vk_swiftshader.dll

Filesize
4.3MB

MD5
ad00a712203b9dfb702d886e43d215e6

SHA1
1921d4d14b5ac0a669f69cd852a41eba8377a434

SHA256
01742049534047b956328b9a0ca57f720e957edb684a6a0d70acc992e2b684fc

SHA512
f4672dce073c940fe3b9f9687fc9a195b5d0a6e51bb92c91047775be244ce95a2c743947eb05299d77cb3c8b914821984bb98182bc9afdc35e3963148f5562e0

Download Submit
C:\Users\Admin\Downloads\Windows 12 exe.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/1824-993-0x0000018166600000-0x0000018166601000-memory.dmp

Filesize
4KB

Download
memory/1824-995-0x0000018166600000-0x0000018166601000-memory.dmp

Filesize
4KB

Download
memory/1824-994-0x0000018166600000-0x0000018166601000-memory.dmp

Filesize
4KB

Download
memory/1824-992-0x0000018166600000-0x0000018166601000-memory.dmp

Filesize
4KB

Download
memory/1824-991-0x0000018166600000-0x0000018166601000-memory.dmp

Filesize
4KB

Download
memory/1824-997-0x0000018166600000-0x0000018166601000-memory.dmp

Filesize
4KB

Download
memory/1824-996-0x0000018166600000-0x0000018166601000-memory.dmp

Filesize
4KB

Download
memory/1824-986-0x0000018166600000-0x0000018166601000-memory.dmp

Filesize
4KB

Download
memory/1824-987-0x0000018166600000-0x0000018166601000-memory.dmp

Filesize
4KB

Download
memory/1824-985-0x0000018166600000-0x0000018166601000-memory.dmp

Filesize
4KB

Download