hxxps://mega[.]nz/file/TfxG2KCR#yy5tBZlj5FFQYNMA0IS28Dh3XaKd3TrhZ3Fk4g-pEVo

Analysis

max time kernel
443s
max time network
440s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-09-2024 21:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/TfxG2KCR#yy5tBZlj5FFQYNMA0IS28Dh3XaKd3TrhZ3Fk4g-pEVo

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 9 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	TouchEmu.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	TouchEmu.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	TouchEmu.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	TouchEmu.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	TouchEmu.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	TouchEmu.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	TouchEmu.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	TouchEmu.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	TouchEmu.exe

Executes dropped EXE 25 IoCs

pid	Process
1976	TouchEmu-0.0.2.exe
4388	TouchEmu-0.0.2.exe
5436	TouchEmu.exe
6124	TouchEmu.exe
1984	TouchEmu.exe
6100	TouchEmu.exe
5828	TouchEmu.exe
6056	TouchEmu-0.0.2.exe
5324	TouchEmu-0.0.2.exe
4216	TouchEmu.exe
3600	TouchEmu.exe
1568	TouchEmu-0.0.2.exe
1860	TouchEmu.exe
2460	TouchEmu-0.0.2.exe
5904	TouchEmu.exe
2344	TouchEmu.exe
1256	TouchEmu-0.0.2.exe
2096	TouchEmu.exe
1768	TouchEmu.exe
1536	TouchEmu.exe
5560	TouchEmu-0.0.2.exe
4952	TouchEmu.exe
652	TouchEmu.exe
5196	TouchEmu-0.0.2.exe
3296	TouchEmu.exe

Loads dropped DLL 64 IoCs

pid	Process
1976	TouchEmu-0.0.2.exe
1976	TouchEmu-0.0.2.exe
4388	TouchEmu-0.0.2.exe
4388	TouchEmu-0.0.2.exe
1976	TouchEmu-0.0.2.exe
5436	TouchEmu.exe
5436	TouchEmu.exe
6124	TouchEmu.exe
6124	TouchEmu.exe
6124	TouchEmu.exe
6124	TouchEmu.exe
6124	TouchEmu.exe
1984	TouchEmu.exe
4388	TouchEmu-0.0.2.exe
4388	TouchEmu-0.0.2.exe
6100	TouchEmu.exe
6100	TouchEmu.exe
4664	taskmgr.exe
5828	TouchEmu.exe
5828	TouchEmu.exe
5828	TouchEmu.exe
5828	TouchEmu.exe
5828	TouchEmu.exe
6056	TouchEmu-0.0.2.exe
6056	TouchEmu-0.0.2.exe
5324	TouchEmu-0.0.2.exe
5324	TouchEmu-0.0.2.exe
4216	TouchEmu.exe
4216	TouchEmu.exe
6056	TouchEmu-0.0.2.exe
6056	TouchEmu-0.0.2.exe
3600	TouchEmu.exe
3600	TouchEmu.exe
5324	TouchEmu-0.0.2.exe
1568	TouchEmu-0.0.2.exe
1568	TouchEmu-0.0.2.exe
5324	TouchEmu-0.0.2.exe
1860	TouchEmu.exe
1860	TouchEmu.exe
2460	TouchEmu-0.0.2.exe
2460	TouchEmu-0.0.2.exe
1568	TouchEmu-0.0.2.exe
1568	TouchEmu-0.0.2.exe
5904	TouchEmu.exe
5904	TouchEmu.exe
2460	TouchEmu-0.0.2.exe
2460	TouchEmu-0.0.2.exe
2344	TouchEmu.exe
2344	TouchEmu.exe
1720	taskmgr.exe
1256	TouchEmu-0.0.2.exe
1256	TouchEmu-0.0.2.exe
1256	TouchEmu-0.0.2.exe
2096	TouchEmu.exe
2096	TouchEmu.exe
1768	TouchEmu.exe
1768	TouchEmu.exe
1768	TouchEmu.exe
1768	TouchEmu.exe
1768	TouchEmu.exe
1536	TouchEmu.exe
5560	TouchEmu-0.0.2.exe
5560	TouchEmu-0.0.2.exe
5560	TouchEmu-0.0.2.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TouchEmu-0.0.2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TouchEmu-0.0.2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TouchEmu-0.0.2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TouchEmu-0.0.2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TouchEmu-0.0.2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TouchEmu-0.0.2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TouchEmu-0.0.2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TouchEmu-0.0.2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TouchEmu-0.0.2.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	TouchEmu.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	TouchEmu.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	TouchEmu.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TouchEmu.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	TouchEmu.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	TouchEmu.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TouchEmu.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	TouchEmu.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	TouchEmu.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TouchEmu.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TouchEmu.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	TouchEmu.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	TouchEmu.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	TouchEmu.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 12 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\dofustouch\ = "URL:dofustouch"	TouchEmu.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\dofustouch\shell	TouchEmu.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\dofustouch\shell\open	TouchEmu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\dofustouch\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\2m8AXKnisTAtaWalmBbAzVgYaUW\\TouchEmu.exe\" \"%1\""	TouchEmu.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\dofustouch	TouchEmu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\dofustouch\URL Protocol	TouchEmu.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\dofustouch	TouchEmu.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\dofustouch\shell\open\command	TouchEmu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\dofustouch\ = "URL:dofustouch"	TouchEmu.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\dofustouch\shell\open\command	TouchEmu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\dofustouch\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\2m8AXKnisTAtaWalmBbAzVgYaUW\\TouchEmu.exe\" \"%1\""	TouchEmu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\dofustouch\URL Protocol	TouchEmu.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 991736.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4264	msedge.exe
4264	msedge.exe
1916	msedge.exe
1916	msedge.exe
3476	identity_helper.exe
3476	identity_helper.exe
4336	msedge.exe
4336	msedge.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
5580	msedge.exe
5580	msedge.exe
5580	msedge.exe
5580	msedge.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4216	TouchEmu.exe
4216	TouchEmu.exe
1720	taskmgr.exe
1720	taskmgr.exe
1720	taskmgr.exe
1720	taskmgr.exe
1720	taskmgr.exe
1720	taskmgr.exe
1720	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1720	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	4320	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4320	AUDIODG.EXE
Token: SeSecurityPrivilege	1976	TouchEmu-0.0.2.exe
Token: SeSecurityPrivilege	4388	TouchEmu-0.0.2.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe
Token: SeCreatePagefilePrivilege	5436	TouchEmu.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe
Token: SeCreatePagefilePrivilege	5436	TouchEmu.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe
Token: SeCreatePagefilePrivilege	5436	TouchEmu.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe
Token: SeCreatePagefilePrivilege	5436	TouchEmu.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe
Token: SeCreatePagefilePrivilege	5436	TouchEmu.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe
Token: SeCreatePagefilePrivilege	5436	TouchEmu.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe
Token: SeCreatePagefilePrivilege	5436	TouchEmu.exe
Token: SeSecurityPrivilege	4388	TouchEmu-0.0.2.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe
Token: SeCreatePagefilePrivilege	5436	TouchEmu.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe
Token: SeCreatePagefilePrivilege	5436	TouchEmu.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe
Token: SeCreatePagefilePrivilege	5436	TouchEmu.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe
Token: SeCreatePagefilePrivilege	5436	TouchEmu.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe
Token: SeCreatePagefilePrivilege	5436	TouchEmu.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe
Token: SeCreatePagefilePrivilege	5436	TouchEmu.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe
Token: SeCreatePagefilePrivilege	5436	TouchEmu.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe
Token: SeCreatePagefilePrivilege	5436	TouchEmu.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe
Token: SeCreatePagefilePrivilege	5436	TouchEmu.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe
Token: SeCreatePagefilePrivilege	5436	TouchEmu.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe
Token: SeCreatePagefilePrivilege	5436	TouchEmu.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe
Token: SeCreatePagefilePrivilege	5436	TouchEmu.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe
Token: SeCreatePagefilePrivilege	5436	TouchEmu.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe
Token: SeCreatePagefilePrivilege	5436	TouchEmu.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe
Token: SeCreatePagefilePrivilege	5436	TouchEmu.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe
Token: SeCreatePagefilePrivilege	5436	TouchEmu.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe
Token: SeCreatePagefilePrivilege	5436	TouchEmu.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe
Token: SeCreatePagefilePrivilege	5436	TouchEmu.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe
Token: SeCreatePagefilePrivilege	5436	TouchEmu.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe
Token: SeCreatePagefilePrivilege	5436	TouchEmu.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe
Token: SeCreatePagefilePrivilege	5436	TouchEmu.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe
Token: SeCreatePagefilePrivilege	5436	TouchEmu.exe
Token: SeShutdownPrivilege	5436	TouchEmu.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe
4664	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 1340	1916	msedge.exe	82
PID 1916 wrote to memory of 1340	1916	msedge.exe	82
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 1840	1916	msedge.exe	83
PID 1916 wrote to memory of 4264	1916	msedge.exe	84
PID 1916 wrote to memory of 4264	1916	msedge.exe	84
PID 1916 wrote to memory of 3084	1916	msedge.exe	85
PID 1916 wrote to memory of 3084	1916	msedge.exe	85
PID 1916 wrote to memory of 3084	1916	msedge.exe	85
PID 1916 wrote to memory of 3084	1916	msedge.exe	85
PID 1916 wrote to memory of 3084	1916	msedge.exe	85
PID 1916 wrote to memory of 3084	1916	msedge.exe	85
PID 1916 wrote to memory of 3084	1916	msedge.exe	85
PID 1916 wrote to memory of 3084	1916	msedge.exe	85
PID 1916 wrote to memory of 3084	1916	msedge.exe	85
PID 1916 wrote to memory of 3084	1916	msedge.exe	85
PID 1916 wrote to memory of 3084	1916	msedge.exe	85
PID 1916 wrote to memory of 3084	1916	msedge.exe	85
PID 1916 wrote to memory of 3084	1916	msedge.exe	85
PID 1916 wrote to memory of 3084	1916	msedge.exe	85
PID 1916 wrote to memory of 3084	1916	msedge.exe	85
PID 1916 wrote to memory of 3084	1916	msedge.exe	85
PID 1916 wrote to memory of 3084	1916	msedge.exe	85
PID 1916 wrote to memory of 3084	1916	msedge.exe	85
PID 1916 wrote to memory of 3084	1916	msedge.exe	85
PID 1916 wrote to memory of 3084	1916	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/TfxG2KCR#yy5tBZlj5FFQYNMA0IS28Dh3XaKd3TrhZ3Fk4g-pEVo
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaba0546f8,0x7ffaba054708,0x7ffaba054718
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,16089182085177296722,15386228815406985164,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,16089182085177296722,15386228815406985164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,16089182085177296722,15386228815406985164,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16089182085177296722,15386228815406985164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16089182085177296722,15386228815406985164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2168,16089182085177296722,15386228815406985164,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,16089182085177296722,15386228815406985164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,16089182085177296722,15386228815406985164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16089182085177296722,15386228815406985164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16089182085177296722,15386228815406985164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16089182085177296722,15386228815406985164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16089182085177296722,15386228815406985164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,16089182085177296722,15386228815406985164,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16089182085177296722,15386228815406985164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2168,16089182085177296722,15386228815406985164,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6332 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,16089182085177296722,15386228815406985164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4336
- C:\Users\Admin\Downloads\TouchEmu-0.0.2.exe
  "C:\Users\Admin\Downloads\TouchEmu-0.0.2.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:1976
- - C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe
    C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    PID:5436
  - - C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe
      "C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\TouchEmu" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1784,i,4929963851221668341,14464349133656035950,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1776 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6124
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
      4⤵
      PID:4548
    - - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
        5⤵
        
        PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe
      "C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\TouchEmu" --field-trial-handle=2160,i,4929963851221668341,14464349133656035950,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2140 /prefetch:3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe
      "C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\TouchEmu" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1612,i,4929963851221668341,14464349133656035950,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2516 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5828
  - - C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe
      "C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\TouchEmu" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1880,i,4929963851221668341,14464349133656035950,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=912 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:4216
- C:\Users\Admin\Downloads\TouchEmu-0.0.2.exe
  "C:\Users\Admin\Downloads\TouchEmu-0.0.2.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:4388
- - C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe
    C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,16089182085177296722,15386228815406985164,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,16089182085177296722,15386228815406985164,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,16089182085177296722,15386228815406985164,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3724 /prefetch:2
  2⤵
  PID:4000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:428

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x52c 0x524
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4320

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Loads dropped DLL
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4664

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5960

C:\Users\Admin\Downloads\TouchEmu-0.0.2.exe
"C:\Users\Admin\Downloads\TouchEmu-0.0.2.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:6056
- C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe
  C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3600

C:\Users\Admin\Downloads\TouchEmu-0.0.2.exe
"C:\Users\Admin\Downloads\TouchEmu-0.0.2.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5324
- C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe
  C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1860

C:\Users\Admin\Downloads\TouchEmu-0.0.2.exe
"C:\Users\Admin\Downloads\TouchEmu-0.0.2.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1568
- C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe
  C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5904

C:\Users\Admin\Downloads\TouchEmu-0.0.2.exe
"C:\Users\Admin\Downloads\TouchEmu-0.0.2.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2460
- C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe
  C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2344

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Loads dropped DLL
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:1720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:388

C:\Users\Admin\Downloads\TouchEmu-0.0.2.exe
"C:\Users\Admin\Downloads\TouchEmu-0.0.2.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1256
- C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe
  C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Modifies registry class
  PID:2096
- - C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe
    "C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\TouchEmu" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1776,i,18254683025624568208,9092746076510263005,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1768 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1768
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
    3⤵
    PID:1808
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
      4⤵
      PID:1460
- - C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe
    "C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\TouchEmu" --field-trial-handle=2104,i,18254683025624568208,9092746076510263005,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2116 /prefetch:3
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1536
- - C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe
    "C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\TouchEmu" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1184,i,18254683025624568208,9092746076510263005,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2552 /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:652

C:\Users\Admin\Downloads\TouchEmu-0.0.2.exe
"C:\Users\Admin\Downloads\TouchEmu-0.0.2.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5560
- C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe
  C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:4952

C:\Users\Admin\Downloads\TouchEmu-0.0.2.exe
"C:\Users\Admin\Downloads\TouchEmu-0.0.2.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5196
- C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe
  C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\TouchEmu.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:3296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
3d5c3a2e44769e17626a1940d675147e

SHA1
99a3392bb3e74cdec7b5237bd58fcd5905ad7f30

SHA256
2c4332479239b44373a02899e5a8a983cb9b7844b163386c2f60c49e89887ab0

SHA512
fb22c79fb5c3f7a934a361aa56dae33480a76c0f08c828c661ee8db9d7e719a890e00e504e5521125a6aa8b22d7c66742a1fea89f159553ce28ad3ccead018c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\00\00000000

Filesize
2.6MB

MD5
b583ef7a26aa63369918b6ff115a411f

SHA1
58014f2da177aaa84c1cab88a1986ff6e613ad9e

SHA256
8ce6c5e16a9c460216801fc62ae8260f3f493c7bd5deceb9694bfa476460b096

SHA512
7efe1aa1d0e01f5d9ed96ac1d8617895c57182a53f18cb74ef8a130e0bfce7d7078f3f254b2c26298763231f70f5170ad9b9c63b6d364f6d3e59765ab912acef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\000003.log

Filesize
47KB

MD5
9802f641226a612a2cc0fa622547c7fe

SHA1
fae6b8d06ba23325baf37053563197235ba2b468

SHA256
cc489ebb774c95eec3419bf9808416659ab7fcf6f40fc47c3521ab97b568a759

SHA512
ea92feece2dcaa4f4524740539aff887fcc384d52153c227d6faab6d4f35db692d0dad9b2c80a4f70b2795ed0955c4f053ab276493e904d921253258fbefe5fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
3889aaec9f388f043014ab4ce2844a4c

SHA1
ed122e07cfacd996ff6fb6fb65c7934800acc250

SHA256
9e72ab84de25b4062786dbeec762e0c8b6f4e1a1e714e59cdf54e309cfa337f7

SHA512
10c1c45e9c32ea6f7842accc3e8d3616f95c90fe010b378c9b37474df65ed8e8d332ba76a1c87733f09b344a39616c8e9d6f975d2d40cb7c5d8586fb61c4684a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
7f956e726e43ad160175f552d9dad5da

SHA1
598cd2f62b863484bcc1c4a64563f383d984f290

SHA256
760cb004524f8ef233782e426ff2db32974fe9cc1e094fc1e94811814aa157ec

SHA512
d4320cfd0c57499bef8160499713cda787d5c9b5d6ed2db32c62edf4482f97beafe1c24e9d896eb37c8b2a96020b1f005e3a8863823e5fa25e098059fe3a252a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
9000b0e941c4b7e7d47e2954de67596f

SHA1
f30c396e6bcccd67950bbbf5880f57e480120080

SHA256
a402037d6ed6d5bfcc813b82df56b9bc6626b5c1666595c806250d8aa9541af8

SHA512
cfc196d614351d71a96212bf1520018f373a2cfa274a8c6d37da7af298465778ee0fb09c78a05d4c617d1de3f963b4a9d0d5bc96c9fd079ec892d262cb8a1a6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old~RFe57902a.TMP

Filesize
337B

MD5
62f9d192536106274d776934e8a97b38

SHA1
e236b0e814163ea456d77970e116c250b91d718e

SHA256
318770138e6f5152f7bc37d22edf97aa43f68884c67f33c8e092f31b07bfaf25

SHA512
17bfa015829e228a98de1682a0d67dadc1e0fd29c0d4b5a0062a7784bdf6840828c42168541d898c1fe68a68086e8767d67000095aa1816f09844424013c6133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
008114e1a1a614b35e8a7515da0f3783

SHA1
3c390d38126c7328a8d7e4a72d5848ac9f96549b

SHA256
7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

SHA512
a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
50b3980647c6e1402f2edcfce3a0301e

SHA1
cedfa3a983eaf37d3312f69ee7a9188cd64860da

SHA256
5b1838d8861345f78966312d74870c93055ed483abd1930134fbd44f7a459fb2

SHA512
bc4710c25d0cfde2677fb0673bbd6e49ba918d529f80db25b2148eec431c22416426e21113dcd758584a2078501c6bbb3a155de3995d1dbdb0e3dba5dfe9b1e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6690d2182d36fc6b0b787f2739141d1c

SHA1
17929d22bcd1e9206370868da2f5932c8cce2fac

SHA256
c7a3ee03a4dd4e13d73c1c4b1483eb3dd6834d557e5577dbea2d000249645b9d

SHA512
6c52bdca1dfce3352fc2dc0f998a5ba85abb194eaab244d13c47a4ecdf29a1f49abe11dbc6f355e3e4601973210b55c5bc401d9999917b1ce34a715ad1c3b447

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
48355ee889db4718e6ae66dadaf79075

SHA1
9a6a514e0834cb4fc55abb01cc21401d4e0fa189

SHA256
3fbf571b3cb3f441c5ffff888e6f55ddaae1cf84445ca3d07c57e016949b1144

SHA512
0601cbb58d5f3532089fd2d58776e2c6e84cdc17e5135f979c110ce2f333cfb050f0154f6d958a3d1e38c08ae45d0298d46bbeac805ac6ffba9ec8fb667381e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
24120d55e086d0c0ec1300880f6b31e1

SHA1
52c47b04978479d595d7974591a22eede5eca717

SHA256
6f7fe1103c3714c83640f2eaf00fc53c700d33fd8139e278780c1dfcd4407ea6

SHA512
8320210f933f7e8350d90ffda3c1f82b279e39efd4ad8ec544faa8b109fbd9a75b9d06ed7839de2770e3d6f4ac15afa9e672efa99d098c3644ba25b2c48427b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bd0211a519146aa52b67daf8839c7168

SHA1
21d72053fa8af90b397963d26b4ee81ff4f0ce2d

SHA256
2331ad58598650aec8ba4f8ddc2ffba52573fa213f6a5dcf878a30bacbd9adf7

SHA512
dbd138995190d675c0ba76b347e67d4fa06546a85e5ee036e6099fc617e8d769f051ab6c9815134e331518a0f3500961be210db73a96c96ac5c01017cdc3d06b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
66764aab4cd9a7207a29eca003fe05c4

SHA1
4368a8e769a8fc63975c5a4f54a054b1e7968ae4

SHA256
5387b649cb5d1cf8e2fe625d5b50c2332a3bddf18567841b72215dc0b43368bf

SHA512
f88ce93f5423a0d051e9d89781be7826c73bb6cdd84a3493561550590d51cc1777e520a9f68b6f05aacf89eaf86fb030c21abd43ee579ff05cbeaa1381a4366b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c5d0.TMP

Filesize
48B

MD5
78ce7931adb41d81155bfe32d8e8f8fa

SHA1
f577f478182cd671ea769ab475ef898a682377cf

SHA256
bedf3e3ad385edd7d9e55c22ca3f0230de2b2affb7c32d2d7b600490cf1e9926

SHA512
d182ec16ae154f980d7e13056813520e7ca1eed4e5d340cd45c9cd1423ca0b1e09e731c163b9c0c3a3ce030cc702d341cac5952af24a6409db2a03d2cb15c3bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3164422f8d64b056459e7ba80efc1561

SHA1
aea523e3f4d78f50d4983de5f751b28fa6533831

SHA256
bdb91042bc93a441f88e5841c8c523939a105de584ff403b80d992b65d66a130

SHA512
822a1d9b579fea128a56d60aa0ea2e00bef57b2cfbae614c1b8f6200b59e9f7d53821a9c456399fc89ba17e6e3a1013262c277a4c4fef888d10f272632210832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
45636067487513754ad2e9e47532894e

SHA1
54218ac14a65cd4748dbf2a1d37268aa25c2c1ce

SHA256
bc2206b4a2e70bd1de97bea9c7cfea99cfe6061cf5801e72a5aec91e6378437d

SHA512
37dc6ab08ee1f8e7a521dcbc64d4cabb45eaa9755629a9fc536dba884efb12486dca6e2ae3f6ebb8138e9719ce83744b2ceda451ae9673da76c681090ab6193d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2e9e3a9908a99ed5fc5badbf334d6fbc

SHA1
5cd3dd7a0e7dadab40c3568f1d8bf2cdcf3c8a80

SHA256
3cd6f20cb2b226204dd7c0903b6a1d95eb6ef26074ce16c9bffc80e541c1abf7

SHA512
6ac4cfa9a89c8d5e543ef005f6ca4b3fb0541bc5118298c7b26e88316129e43b54c6b88a9bce7d31d876bde3e215d8f160f60f63d1eb13b377f47d1687b154a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
040ec7d06ea96e732d11f38c5138761d

SHA1
5a2797dfa76be2fb4c7676eb085d17925095f7f9

SHA256
ae0c42ea39b11d53557e391bd7f8329e027289b63b734231be6de86e3c1de3f0

SHA512
2422f5ceba7518f14f9aa614b26aefba937a16a904abb6f864c2d37cd6d19ae002880faa0332646a32ec9320eb126e1ba3f680cf55a43f4a80b85e53b7e21f05

Download Submit
C:\Users\Admin\AppData\Local\Temp\0673365c-4976-4353-b344-ec14942ed11d.tmp.node

Filesize
208KB

MD5
1cb9b8897827079ff18ce6ac04079eab

SHA1
cfb2db87346a871bc2ebf348f141cd5d8570ab0c

SHA256
69f2a3793c290dc93da6d6fa6b69a85ee33ad8c4f5ec0f1f11e8203a2043f9aa

SHA512
5c217d4ba9a13056561c1d93dffe5d508dff25e80b4f8d167042a9309b53e9f05fd0b7eed01491afa098748993b164e0c957c89b8fed1ddc7b08b6f06f8f00d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\chrome_200_percent.pak

Filesize
223KB

MD5
e9c1423fe5d139a4c88ba8b107573536

SHA1
46d3efe892044761f19844c4c4b8f9576f9ca43e

SHA256
2408969599d3953aae2fb36008e4d0711e30d0bc86fb4d03f8b0577d43c649fa

SHA512
abf8d4341c6de9c722168d0a9cf7d9bac5f491e1c9bedfe10b69096dcc2ef2cd08ff4d0e7c9b499c9d1f45fdb053eafc31add39d13c8287760f9304af0727bf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\d3dcompiler_47.dll

Filesize
4.7MB

MD5
a7b7470c347f84365ffe1b2072b4f95c

SHA1
57a96f6fb326ba65b7f7016242132b3f9464c7a3

SHA256
af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a

SHA512
83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\ffmpeg.dll

Filesize
2.6MB

MD5
9691e33909895bfb5bb0355b6f439c81

SHA1
7fca2dfcb9aca4ed92c644e8f7ceb98f87116a52

SHA256
223448ec1715cb4b1a2abbf1427547956f3ce583092177c287542e6d226319c7

SHA512
9ead46836900c054d8740a1e2f569bc321cc53cf3c47e3fa927f4cca54809bcf173bdea239fbdeecd694277e8869565e476fd272df393b924bb62a845e897533

Download Submit
C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\icudtl.dat

Filesize
10.0MB

MD5
ffd67c1e24cb35dc109a24024b1ba7ec

SHA1
99f545bc396878c7a53e98a79017d9531af7c1f5

SHA256
9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92

SHA512
e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79

Download Submit
C:\Users\Admin\AppData\Local\Temp\2m8AXKnisTAtaWalmBbAzVgYaUW\v8_context_snapshot.bin

Filesize
646KB

MD5
a62fbbb671bf975ed46b42d9cf437bcd

SHA1
408b595b1dc6658533e0db1d35f509ab9ee70525

SHA256
a8bd22478c4f85afa836c89d3a7f52c606b17872fbbefce268b499bedede10ae

SHA512
87c934670df70afcced0ea5c73449a17ad27d5b6a25cedad9eb61634aaff8a42b713f578e861c2efbc77593793bba240a1495822b69c99a8ecaef64b07b6a62c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\LICENSES.chromium.html

Filesize
9.0MB

MD5
ae174699b663bd90d8d06c68c6952477

SHA1
8c76eda61d320779909adc541593b8e26b24815a

SHA256
c6737ef4ed9de369077718824f76c5e7026d0e39163e26af8606783e41c93e18

SHA512
3fb72dcd790464dde34978c9d0895376827f4d839b4a199c6e9fe77ab810d62b960babc4b21f6e189dc70147b5fb4334815730f4d1cdec05489c19e0725c2158

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\chrome_100_percent.pak

Filesize
148KB

MD5
cb4f128469cd84711ed1c9c02212c7a8

SHA1
8ae60303be80b74163d5c4132de4a465a1eafc52

SHA256
7dd5485def22a53c0635efdf8ae900f147ec8c8a22b9ed71c24668075dd605d3

SHA512
0f0febe4ee321eb09d6a841fe3460d1f5b657b449058653111e7d0f7a9f36620b3d30369e367235948529409a6ce0ce625aede0c61b60926dec4d2c308306277

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\libEGL.dll

Filesize
470KB

MD5
09d3bc8a5c6104d78566cd6e51c5a6a8

SHA1
d1db4f83bad27dc0caf75f77d510f2eb62dd84c4

SHA256
1307025ed98ecfd00770c2d5c74c8a5e498c4e457397f17c3cbd176ca8a62a85

SHA512
198072fff54bd6ae5ac21bd891c23da9d657a4525dd5944719eda6f7062775ae66d9cb15d29105d2477378ae605351e4b840c9934106bf80f936a596e7a1eddd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\libGLESv2.dll

Filesize
7.7MB

MD5
02374701c3dc3b26088763fd3cc11bc9

SHA1
84e582496c53ce139d9efd219b762ad38a50d011

SHA256
8e68245d98bb740f393472938612979a56391f127d1af7683253e9e749e7af41

SHA512
09693492447b037e8ce16095fb3d63d806604d18c3340bf57fecc0e0ae3c877bdcd83320e633b0fb898a4c20616bfb4558ccd8d93a10d235dd90c3be8020a8a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\af.pak

Filesize
494KB

MD5
e48860fe82ef022ffab38cbc4c96dffc

SHA1
a832fa66bfddabf3ae7f219cf379f66d2903162a

SHA256
e2470090a09ca500679e68bb5e3b1acc35a5873fea4f93af25a23c82122f2c13

SHA512
e4d0973ca7e59091c482d2acc384aa48ec87d3ce72d8d42a03a183b230fd209e085a4e907473a05d02d41e15ebc527df942774c23b4804c150367fcd727af7b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\am.pak

Filesize
800KB

MD5
d6e8c344b2b40a9c671304f6f252d51b

SHA1
c59ddcaad921b6d2d3f70b7ab07026c35e5d1e08

SHA256
4e15946e86a578eeff41feda808bb291d81e240fbdfc96cbe2efe692ad35eef5

SHA512
018ce2bf4beb4ce066703b2ac7413c6517759be68f889f27990de5d6694e9f84b4027f9861901ea4b15abdd1bb570e5a16651c935713feafc4d16cd57be0b911

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\ar.pak

Filesize
874KB

MD5
f6ca56d15814dd5afd5e7ff985257880

SHA1
ef236d7027cb50a188c1e771527e6628702311ea

SHA256
5cc02570e5f61cbca791309985df3a29584e41583b3344f1d9fb6b04ce423e6f

SHA512
46c0436c110d6f1a8f3ebe962226c51af525228262cd56744e4d89aeb05d1eda614801a294bbfd2e08598e355750d7a2d200b3e7b594da03dd26ece4cdd31e3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\bg.pak

Filesize
913KB

MD5
e6608ecc589e87a6f78f9ce553ec2609

SHA1
9fdb2ff6291549df773ba243b3a92b984b15bdf6

SHA256
97ef7984074775282b68dca5d5a469efdb2b22474ee6669fdfb5197d3f1b3768

SHA512
25450b23acc962be85977ef08be9b484c2a9127775039c521158c1801cd57d5781bcd8d5b8784f8a8b9403ce44b59964a20dbe36ce181f1d239143b22b53d5e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\bn.pak

Filesize
1.1MB

MD5
57eab375114893a5ed0de36a516e8252

SHA1
16f23ab3eb62bc7a2525a7a5d86139fa88670b89

SHA256
1aba82aee8c985e5e370e7cf2b35c9ec20cbe5174db5fcb54ec7d19ec5d79587

SHA512
895bc282484ed028f5f023cbbb6e2755091f036e540c531b6ff639cf9e0ae5da02801dc81d7910eb141edd5c255d8b088d1abb531b152fbb161d6c2bf9615f4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\ca.pak

Filesize
556KB

MD5
7474c8e0c3285b97f1f12792964b6824

SHA1
8b9381be0754fc3df2f4f13f8575bd4abab90e9d

SHA256
b3d5dfae25427596b1f14a8e13d6bcb58532c82554229c2367779ff5c42b28bb

SHA512
4ad524fd530bfc72d72edf04ba4890e06ca0a20cc1d5c2c3d95cda746b1d884a62ec2d4463ad7be9cd01c7529b41bef65f9e669c62719808a83d3c70f9475d43

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\cs.pak

Filesize
572KB

MD5
582fde87aac61961e4f7955f16d31769

SHA1
3a8eb832317dd7e07efaaeeb5885c32b9d381622

SHA256
7d7b701ce510b2e4a18e957e500086db590aad8bf5acd37f82263a676f0b556c

SHA512
adb04ccce5471d80182f7ca73bf1a2e4ce63a4980d455837fb378bf679a0022d4ee6f9fbe148d6932fad83f458c76ac229229542092e0cb9b271c8d44639b11b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\da.pak

Filesize
518KB

MD5
5f8f09aa98ec3a4c8122d64c5bc6610e

SHA1
08a6dfaa3a11d8c994da90460e78ce0a4fcfb644

SHA256
3430c0f1946901dfa24190ca3989f72171ec564bc7c523853e6a1f531b61b5ee

SHA512
9c643eb6415cad6aca0584d62211aed5ed21a0f8d71ac4f692bd420a4a190a9781add7c874d0f56bb5c1c0f65d543d932d0f50caf127e8d014c05d015ae61ca3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\de.pak

Filesize
553KB

MD5
d1a513308f9de55b6c7bbeef7c4fe90b

SHA1
a4a5e99fe73d5f9df2e508c3c8e9b73dea03a76d

SHA256
662496eff49febbe49f0a03cf2c51acaa743cb2237de3c41014556e16f3d8e2b

SHA512
9756e16255976569584a3a5e2a17421a31bc8f9b158c0ad3d30f6fe624ecd0e77c255571e46554c03c54d58b06d3f7b0fc77d347548f435547eb1ed9173b30be

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\el.pak

Filesize
1001KB

MD5
34c6150acccd20c7f260b269bce06930

SHA1
277b6d2387f600c84263847d6fb2342fd4746cfb

SHA256
162e51bc7d682e223e498f4ff8c81f019d136d857bd25a1c982d4a1084a8c840

SHA512
58308b1f4f92f1eb26af8516351194b96defa8b40f26cca2776aeb9e804e585fdb9918bd2acb9c6318b63c3768c29893574bd0a4fc18fa9dee96b9112732ff94

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\en-GB.pak

Filesize
450KB

MD5
56bdf77ab3487e28d354a8b0f9ba8d2e

SHA1
b10ee918320a50a417b1ee6a28cd4b05a5f77238

SHA256
7df934906a61c0ae7a952f9ed058f4a06cd3989663a7d9f50afc3c9f830135bb

SHA512
8d74c79ba3a554d69f26fb8c20210c9a339d85c0e9a9af445901e8a5c7ea544ea6ec713f9dd2db7b8bb5cb0afb0fb385236d4668a73af37dc9ef8d2f73c57fcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\en-US.pak

Filesize
454KB

MD5
5c52a86b21633b55b383c20f16859b2f

SHA1
126585e68cb17f241351004e21c1d30e65de1cf6

SHA256
41123d72bd8e289e85bd35227aabb4cc61fe1de02b5cd7a7834e5ec200bc2078

SHA512
2a1b6a4becfb97d470cd7de74857edf2cc9cd4a77f377ccd9bf60c30539862ff1ac3ed6cc849632a3ed4ea0e5b92679f3cc5b4cb26cc7eaaa2bb2f4ae9974a6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\es-419.pak

Filesize
547KB

MD5
15d1e262602e54d76de8bac02dada000

SHA1
54e93995675bcebc595befaed6b73c9ff5e6e735

SHA256
ec922f8ca16b7e7642fc73369ba7b75ec950cafb1dcadc6c88426c034382d483

SHA512
a232eb97021f17fde322697db2c00423cd70e9741772912c5f7a41849b35dcf3e2fe84001ff0a7902b2b54305d1f805f53988e421e192be0d5abd157bf8b5f1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\es.pak

Filesize
547KB

MD5
f90d43351ffdc63bcef25bf634c1fd35

SHA1
f80df8034cb64df1ef62e586891275a74868ab6c

SHA256
0385e6776de5a0d8a3b30b7bad44308ac4cb04e2bcebd573d3c7938b68036573

SHA512
7bfa70a5de14652063d261c28ffd3df89ea5e38877cc7977ab27f7280c48084a4ab1e5bdad0c2f624a7434a5d975feb9d8d221c010e24963d3c42921f5a36e65

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\et.pak

Filesize
497KB

MD5
3cad945e9ae6e31cfe66c89365e5d353

SHA1
43758cb523d60d936b9a417123f337b8e123481c

SHA256
ba4ec85d2306a1f1f178a017fef4d340b77b33e10bbee07bd359a8e0ff8ea461

SHA512
ac07e7f72b670a2e8b7a46a672fefedc58d9384d4773a6f220c231c619c1134613ff68c0ccb0dc9e03eb5f47dea7ac57de318af5f3f242d6be7ae43071e2d947

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\fa.pak

Filesize
813KB

MD5
7851efacda8438c041c9a511f4097de2

SHA1
64cba381a17ef0ffae2dff5135d57fd1f9300ab1

SHA256
f1a7351bf0d8cad475d2761b9edf970c3098836e38aa98106a5e04a41002b7c8

SHA512
d94fb1d04630cc292296ad6033c6beed1a00dcd4c11eaca04a7eacb50c238269b21e4d2a4002836f4d41e0f6d951624beefc95beaae23530eccded4569ff1869

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\fi.pak

Filesize
508KB

MD5
6d7aaddb1365b3efee94d4c510a3002e

SHA1
2a970204894c5ac163c980ec0fac2dbd1711e5b5

SHA256
11b0b9b0f74d01f16db7aa49be9dceeb55fde9da56f17419c4bca159cdcae274

SHA512
f44bab9cee552dddac17d4ac1949870943cf138b3fdb0e649e8827acb6de9528dd9cf738757e5b495587e165d1c750b8bcc6205bdd029a01eb92aecab22ba49f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\fil.pak

Filesize
573KB

MD5
c744b92c8feff1c026034f214da59aca

SHA1
95780d3374841efdbc0d8a46cddc46bb860a26e0

SHA256
d7fdc7fd08dcc421bc8aaae3fdc72599c60a3b96f05989a3e46736f0de06e745

SHA512
eeefc73474642e75da61056f2841e7cfeb8d8475be55a39852dfe7de8a972f7d86e9d1df4614b3ca3ae4fb01b68e5ced664bc8e46ccfc94f44b06e29a5035b43

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\fr.pak

Filesize
591KB

MD5
79d945ef9b8ebc7d39fd03d05d9b2f27

SHA1
6fbcb748515f97056689d4a747e4df3a830fe049

SHA256
1f6cc56e04bcbd6b6ecbe500bcb0a5702551ec80d79e624642d0c7d9758d4424

SHA512
f1a26715ad9399052b664c71fb60b6eb6f965fa80d6d8d6c47e0b96ad0d4a4d2028c3e19dad49e008bbc29edc24e656777ce073da008d3f4dfdee4c8f2212a07

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\gu.pak

Filesize
1.1MB

MD5
e884bbc8ded4f5f059211fbbb85ed351

SHA1
8f4ecb45ca73902791ff5e56e0b272252c08508e

SHA256
087e99953eef9b5fd736e3dbd98d702fdb01dc614593a4c575cb619159688118

SHA512
50837daec40a2624097cf36dfd7beebba4db748fd9cc470bf71b526e612c1aa6c88ead7511ba751e370f6f5d28ad9d6338dcb3581d7e3d53e2672741915b952f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\he.pak

Filesize
713KB

MD5
ad6af80367f0b5d408bbe2c7b32ade48

SHA1
9dd4e4e5a63e50e9d3715667b8149edd8d07a52c

SHA256
20b1c80f8b2bd5130a1fb372814fb9c9ceac15305da3da0cb29923960a94a934

SHA512
95df5ce7f7885d0e72b2d89e1794a3796a1ab407fb27174219db22c668f74a8c3ba1f680cbf990be533c35ca0b2136b1917c0cb92d4556e3ff2ef3447c55efbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\hi.pak

Filesize
1.2MB

MD5
66ab509000cac52c805d6871ca6c1f25

SHA1
e3d3e7bacbcfaa7538ca89d9d26218eca06c01f1

SHA256
9c6d8d93278a6e375405142df9829adefbcc8ae9797a4f589591b9784b2b71c8

SHA512
356642a19f044c6e192f658ca2bf8764431129cdf7c9891b5b5bf4e99f6b990a1428c1e483487b619865e7f2d31cb5c9bbb3b49ed25fa81c4374de3e8e65519b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\hr.pak

Filesize
551KB

MD5
1973723b9c45b9d971c97229e7a441cb

SHA1
2bfa4922bf2084486681af45cd7f7dedf95b2d66

SHA256
afed35643df24709c8c5cc9b8158b3d9a2266fbfeed132e98ff254ced4086c5f

SHA512
6a1f35435b01ab187cd93b376b76444dff575284632fbf37bf8b08e6cfe7783f985d0fad2425df3d3c332aad2278971412455a748e83c2d6fabd0f6afc3dc292

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\hu.pak

Filesize
595KB

MD5
2515bb367f56f282657b3dd3b9ffcbc3

SHA1
8cc350e359f1cfefdf0ce3b016109dd483d45a8e

SHA256
b4e6a1135de8bdc42c04f4db4eb1ce48256f18eb46a5146a21010b6165a90e7a

SHA512
779a77b3380f08dfb1d1e9bd65806f3d5ab56619d040bd6ecc9726c17944f4d0c3a619edee06d638549250fbf4c6a2be46cd6196a3a8862d184a68d45d6f6d72

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\id.pak

Filesize
490KB

MD5
91bad2312491410c7f0393be512b895f

SHA1
6e4e9cc985c5b96eaaad91787f8bb7f72cddb604

SHA256
a21f9474a19fe2d7f26c59f5ba8d6e72801a8a057b7dbcb8b3f96471043d9059

SHA512
5c0e1cd1741e78fff90f3ec2be02bd47bfc669e50ad0cdde975238a74cb4081536faf80d0a28dc9fea6efda6548dcca4e569c54b903f5c2773c17f72000a99e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\it.pak

Filesize
539KB

MD5
591113bc491e5c388ee3876de4aab3a1

SHA1
a63c2a18eb92fd03445bd237a5755d557e1cb593

SHA256
33652aae78a486dc3ce4e5affd1b7f72e1248f6f9f3e62188afe3b5d73bd148e

SHA512
66f1e79c9bf179f19942352258181858268a991b42d4a79747ca580df3fa219c2be71ab6597cec4ba7bd4c691a5e1328aa03a565b3eef442c6e2216f0d82653c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\ja.pak

Filesize
659KB

MD5
412bef3ec11f53c2aa6511ca139b1f35

SHA1
8b42655c2b62edc13c61a4625f55c961cefd1c49

SHA256
c5692ca739c31569ae2431fd58f1028e6c8c01af278b76656ee0bb65b79e9985

SHA512
85760c2a0dd4404a2d41f0d957c9cf8962d6b80389df838cd2d85b6a31a54f4e50c5f19ee73d2ee66e3e61a8809aeb5b493e7170aceeef9bda53e135ae02bc42

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\kn.pak

Filesize
1.3MB

MD5
a11d186b8eec7362a280abec3859107f

SHA1
966065cc6f69c3a222751d2191a0efeb6049cbdd

SHA256
a6ecf1dfe4d99f6ba0926c696b5b23b77d234fa8fd03da9825b074ecc640d508

SHA512
099e73977453a5dca329b1d8a8cbc612dd2739bb3db034b7509af35877ede6ee12450875302ff3f9351fc7096b60be1b2d8ccbec89ace3145eb264f25946d46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\ko.pak

Filesize
557KB

MD5
965ac0d213ccdfd83ac4970de23a8f11

SHA1
8326841ab80c40a7ca8b13589a3f5ff54fc15827

SHA256
3fa72d61a997c36f9c093f769f4bba60b290d1fbcb71d5544f85e8e1efe51d07

SHA512
5eaf14ce5c493bb4704716add07428edc6569f2dcb721679e140916c0e426cfa8e8ce27a2c38c48ae6e60461a678525e48e42c2938ce40e488b59d3f97a2f9cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\lt.pak

Filesize
597KB

MD5
20906aec4a21bcbb8bc8bab067075ba6

SHA1
369da9c1567d4376852cebdb87cd9213dc4bd321

SHA256
a1257d10e673311747363e6929832e70f36668b1fc0d6a5ddd550fe88007aa58

SHA512
8d1ee40bff980b889af83b95fa408bddf2ff5d257f532d2da46bfc3ddbcc31b9cf14b473fdfca1a574c0316fd689a424ae241e9bcc533b7dfe0c7203d4b252fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\lv.pak

Filesize
596KB

MD5
a999e734f9addcf07c080f9861c3c170

SHA1
522bb12a0cd4e5232570001684aed84f421abcd0

SHA256
33fdf706f6d3f06b485c5115a7c73a571296dac41c582fc9d0dbb371d86e8653

SHA512
ecb92c4ddf7b252a3216059e63b387c6847f6eccde532c300b74e6b04ab56da0208c2ecbd00ab1d5e48acced909db74b1aabf88e34d0d5928b89320f45200dc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\ml.pak

Filesize
1.3MB

MD5
39d4a5ed8cf7c8e0df946220fbfc0f68

SHA1
70794849b41d00f2b895f1211a6baaae3fa7d261

SHA256
87384db1ddcac012b0b40ec89daf47ebbbcf1497705f023a6983fb2470e4abd6

SHA512
ac992b9cebc2fd51f7477b36f1aa4d9157a84c3023949c02ea236d909c78fb5ccce28dd213c089820131ee3f669164529daf58901766630ebcf40546d33e132e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\mr.pak

Filesize
1.1MB

MD5
649e76b6666096a2258b942745ff9fe1

SHA1
82edf8ca68dff0caa36b17901c1e12a17172fa51

SHA256
039f4e0176c38867fef57482825d043fa63bf1356c85eab0fc665f118db125e4

SHA512
92f51140416cd6dd53109ddcc1ee24c1d26999de5cd48a11e6954dbbc985298c1b90c0b4a7bbd8701a2737b71340e8a257e8b1ace85ff3b4876b714c60befdce

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\ms.pak

Filesize
514KB

MD5
9fb7c18f376b46b254ef9a960e08655f

SHA1
31cb060fc606d011151f1b5464e2a469372113a2

SHA256
2f0c83b5b3bff8f624d78e0670a31c509e7f1d5330f72aaede471b2e97c956e2

SHA512
23ea07d917bc0cb9a2f530f985c4c1930d31eb6e8271804709126b8b0f5266dc51636f679944d2e3d8dd7b603564defe85c1088a33a922e9fe15c2073b509a8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\nb.pak

Filesize
499KB

MD5
de04250ff403e9af66a1351598d2a64d

SHA1
4b7a5a2bf48d988f95aac6e85b11a8c2b2fd007e

SHA256
887a0278971d6ba61e2f24c62029a3087a46c4962c4357412c28ede12ed6da15

SHA512
71527c025205bbcd63351283b7b123d8807c05bc68f2f7555f10386e330e052d031b9986ae2c1f0398bd174e67962657e0b8d4a57a07d167c233390a4e6c5556

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\nl.pak

Filesize
516KB

MD5
d59fed8986eee2b9d406ad52d88cbcf5

SHA1
f7e409e17723e21174361bc81e54bcef269f40f7

SHA256
619c61701b3a142733d23ad8c7117bc013867a842d3d1d572faa56895ad8257e

SHA512
234aaddaa7677b39667b4078dc3a630d67b4f2ab7df5ce763d509183a4d88e8f7bd1a231113b8a51418d577e4aa630860a7f2735c34ef59e0f65966cef825597

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\pl.pak

Filesize
574KB

MD5
8d4db26e2ee5181afdfdd513053f3c17

SHA1
0da427a085927a5c02d2a67c424ea99cbf5e6b02

SHA256
f2a7dcb69a433c2a898866c555b82c26e3515c089f500e7748b9b11ec3047786

SHA512
bf441f501d746f1fd996c21e5e2cde643b9031bf58bac31474e68a72ea6993447f8bfad3284351bffc94d6a088e183e0b24d109398d65dac0edee8826076ee21

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\pt-BR.pak

Filesize
540KB

MD5
b4183914f46fd63a7bd32d715b8629f5

SHA1
d0295b556e55a74e357f932473f9dd2bb1cd2f51

SHA256
5ff219be32f9178fee40e8966ac5deff2be1f2ff259a66cb9cdce81c2e90a7e8

SHA512
3bcd37cc49a827c03fb5b3a97a5eeb863ebb6f071fb2af697ebfc4f57dda676227533cc6a2fdb00505cb2395aae685dae087970ce13af113260d856b845a985a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\pt-PT.pak

Filesize
543KB

MD5
03138b2e4fb822b03713f6c4f0fc67cf

SHA1
8f6f6585743676177eaff5a582d18691e3386bbc

SHA256
02ea290fac25b414a1d4ed78cdc159cf6c73fe5350824c2f36f032e426a23364

SHA512
b000f1b8fc952849d1ada21aab665cbb97989fc28e892a75077ae9a24c4ef1d15b7d5cf1c5aca89d27d40a01c64f343a08f790049249fcfed43a1a430b4fef9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\ro.pak

Filesize
562KB

MD5
cfd7cb2444248216e12193689ba56c10

SHA1
0a9d65fdbc68688bf1624a8c98fd42673961e0d2

SHA256
655c175903a791d0ff56264a487c53f7bd09ed037cf04cfa6e79eb8be5b677e9

SHA512
7ab384dfe93c4de0d82d3a581d0c4b988f823f49848cedf081067e052be2d43c42389899588839dbc7cb35ba70617648bd0c7c199900e78c487f3dd77e64b4fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\ru.pak

Filesize
924KB

MD5
46fb61aa9515e97293969683fc330764

SHA1
5bcc41716976eefb65870ba2a2b230238f7e53d3

SHA256
4babe5f20caafca33867ee263aa9dd55ed271704a062e4372fdd133eb359a558

SHA512
c3acfc1c902c651e5fc0501a7a77358cbb99daa020597f7f6be9fc81ee53509dcb0d63c6bbc5ae308c88d95dace7099f024d698b6f364dc7db4ae2a7660e5b31

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\sk.pak

Filesize
580KB

MD5
5d41e75bf42cb12d7674986f4e5dcba4

SHA1
7c3375226997e3f69e3c9a3a5ed762ec40d24973

SHA256
89f984a67cea3997c704005fbfbacd3f6f5652248626945c2ab1c3bcf24e6623

SHA512
a2b91c888ea3dc2e618bf8faf7ac9f0fe562ff16c85d03afac0778ed671b1868a665b892aeb2d588e7f5bf32a7eba57b75e2e15f2c51fc9264e0db2f95d804d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\sl.pak

Filesize
556KB

MD5
6c71fa576a41711dcb351abf92a65ea4

SHA1
a0281f6b9dc363628e7d6045f7dc2904149c9dad

SHA256
458b15bf249c1e6fe9843725c42443274ef6e09dcb15f5288c916c0561aefc47

SHA512
258e49b51ee65bf508d05a5b3286a8937d3a876a876635b59b97752c5171e89458b9d23d9d7178153aa16b6fc908cc011a8e855c6d3a0152c919b40349cdf4fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\sr.pak

Filesize
859KB

MD5
eb8ec452c7079ef7dc24bc7975513ed9

SHA1
4787250292b8f2040c7ec0b265f60edcfd1ffcd6

SHA256
4cea4c83b5e887463dadbf470a9953b8175149f31fd07b83406a6fc59acfde41

SHA512
3ab2eafd3f09627efed8263cc2d59d5780b6a856a6d1299be511bbb5c1350fa05f98b0e77c53c3707ada17e7e44b8801b191802e2cf5129548e279703983a8ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\sv.pak

Filesize
501KB

MD5
819b5e4f2b7734ea4677f6d579d72f84

SHA1
aff3048d8e35fabf68a756513b67efedba59f85b

SHA256
105460cb717104d82f99cf8c5e2c51ff252211a605bd1c98bf75981f100d619e

SHA512
3e1ff5d934c7e0656dd16265be697420c31b191f88a5140c3598b4fe37a6bd3031f50d45ac7e961acaf0886934951a48230f7b10a53d85e015d6d5e1602c3eff

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\sw.pak

Filesize
529KB

MD5
be2bc09130635406f560b95e789f9a81

SHA1
f189cd6eb6c844e2d96ffaeda66fe4d5f1453130

SHA256
f0fccf2e3ad332846736d816e254028569f5f84918573872442987a8bc9bba58

SHA512
f651ea959066a5966f35493788b9833597dff653f649a5bc8b09a8ed748bcf086bd0586a36e1f4ecddd361d04774253e21d67801760d0988f3e17f0c6e1121cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\ta.pak

Filesize
1.3MB

MD5
52ee28471f2f9d01ef3f57233496554b

SHA1
abd7dd9989fac90636626a41f007eb6aa5ec7a2e

SHA256
1cebac8d758298ed2763e62b9bdfb17351831e691ff3e1ba85252c9a66d66242

SHA512
af2e9593faf60319244c90e9c06604dd3830705f14c18cd380dc2338aaa0c1e137bf751603ab9beaf7f1783839f83bcd4fda357b7cebc66ee94155d560b6f691

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\te.pak

Filesize
1.2MB

MD5
3a71904057869c23d1bc108f1e8d0d31

SHA1
6fb6e60c80bc332a2bb66d02a1e3db69961a9c41

SHA256
8264244c6de861817f5b19cef282844a18ed8cb7d4e059451489652749fe931e

SHA512
7248058b2d357c4a8b9c2e95d580a2000a96d9a5adb0b822adeeba5c4422e08cc12ef84b9b9a627a1f6cd07a08698ec000510885d14d64afd40c6e8d69376022

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\th.pak

Filesize
1.0MB

MD5
879a881174501e22c3de65b9f80bc19b

SHA1
a2e020d5ed1be7dee50a495a2f8581e751cbf735

SHA256
647ad394e92e7610bd0f6c4e08d28748408fcd5a816a35e4622ea7f71cfa7a9d

SHA512
b8961a90036b94340283237da57659cc277e65e545764251f7d3e406dc5f70c9ae29366184d0aa8831aaa0a7cb5c12ff825078bb87528606cae223fba58c73d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\tr.pak

Filesize
539KB

MD5
414b557adfe76e3564d43cb93f513c5a

SHA1
f775095f7c55e834a777c7f25fdfb81f1e63ca08

SHA256
f58ed19be62706fb4fd797a6bfd3af5c6ad4b39aef994a577cd28968fcac0291

SHA512
8b1be522ef23888d46c13888a18229f4c9cb6e1c6e6730cca79d9b13d71eb86ecd3d0c172ade6f70ff63a7fb5242e4de7d9742b93376669d13c77de0cb622f94

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\uk.pak

Filesize
923KB

MD5
241fc33569b22647e7d2c4189a8ee7bf

SHA1
f56a73cc81b1e96560b74ee5e73d7af792720ada

SHA256
13e40208e2c9f4f4b83dcf422610dc82314a8f99ba50acdbd286c508f92eb232

SHA512
ad16f84482f0c7c3d3c3fb98caa3dbd0048138f361aa6eba2b6338ff6e25da4c3ab39450354f2a86a53d655cad99e92fab2c030b5771d7e6a25190617f1a9385

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\ur.pak

Filesize
808KB

MD5
fb978b7d211112a0774ce09ca54ca96f

SHA1
fb0c69801230437dcd20e3803db81ee60fc042b0

SHA256
60310f9a3457fae0395b447a30646211ef4160ba84bd7c36d291af4c8ec2b79a

SHA512
abde8d79f46b27e0e315034025837a3126d6e5d2bc52504d49c946fe96828bd9b20cc4a5c05283fb9f8813e6820a28249cfd68b30cb27fba216970c16ecc8d44

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\vi.pak

Filesize
639KB

MD5
565abf3f9b296fcff95fa5b169a7d598

SHA1
24de1221b2adec13b5bcc23c4a54b8e987e9f12e

SHA256
fb9463d5655e73fa69cace9800d95f8cd077ee9284fef3bfe162d2bfe220c257

SHA512
53bfe0c1c289ecdf48114048e15807c3143dbbe357736753cb845a31a6a3fccd0dbae652294508706076ca4b30e5da00e53bc6aad11b06fffbf2621997e7de36

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\zh-CN.pak

Filesize
460KB

MD5
3fe312d9859b299c3a332373172c33f8

SHA1
ce6a99d79dcfc363bcf68bdb1ddd4e6862236020

SHA256
f0c0ba53c954325b3bbefb333ba23f7fb40a7a4e506043e9f7886089f611943b

SHA512
488a6043381834c9d69a906edd9e3273da01b618e9f3351a89082e6a4727f9f882e435eca3d590cb30336cab289fc71b109322d43804ddde5fa038a63a0b84f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\locales\zh-TW.pak

Filesize
455KB

MD5
e302e1102f3f5a21860f38f41b3c30f8

SHA1
78b5d1c451cf674a7641dfcc815f966fc920cf57

SHA256
d4033cb3264c7c4cd2636ea2a202421650c449e5bfb10f29949e4c44e91ca93b

SHA512
1f96b197eb7ae6b7983ed38d4ce33ea0c845ffe527fedfbc9e53a6009871dd3c39084a04cd1d43fd6dd24e7f26e3ec4845d4225df828de0b9ba346cbc98efea4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\resources.pak

Filesize
5.3MB

MD5
3a87e8d6dc2d7dab0c3c37fe4a74308d

SHA1
5ddd587a6541e034203f24ee329796dfa316656f

SHA256
61216fee0360053988d5be52ab626c89173c86da1cf0b5a697bc32944282fe14

SHA512
7ba1bc093f25cec2539fb462084cb1fc32b17841f79be95679c90f4c735772d1dbe652471e52f4be254b10e650d31e3460ebebc82d89efa6a9ef801e5d98ea6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\resources\app-update.yml

Filesize
86B

MD5
37cb7db42a059bd2eccc0766917e6177

SHA1
501319aaf91048ff8fb3e3321414583fc32740fd

SHA256
aa466333e79e5844d300e384005ad276f2a4e558e49c999af9d73940890b3592

SHA512
b4f3b8ec39f92b4b759c7b2b26f346498677b56e6e7e3f15e23c3f286ea2e8a8ac57a67bcc12b44f74a1ce57a7dda394516552ca652f4bd65a6bbb9b90cb6919

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\resources\icon.png

Filesize
33KB

MD5
3bd4dc73388c39d1bb5d3e39ae7c0121

SHA1
a6762c8b61c525db0b1e269a6e3325b023318612

SHA256
7e2f0df31bfb66f046a243f28d93d2a527ee55e2a77d6876004bae82ebc75df5

SHA512
93c5ff739b9a50234c03049bf783bc90c591ede0fa3e0e1aaa124e3ad9d65dbb3eb06da3776901960ab5a9f9705d5ea7909613db86a24742153fa32c4b5b0a47

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\snapshot_blob.bin

Filesize
302KB

MD5
62b9e00c46ed829e06d0c2494aa994af

SHA1
988882632b95bb78d80db60e4787c576e48338e4

SHA256
22a46de643045805a3e588f9a18ebaa377f9fba3dee46b2d60f3ae300a09cc4e

SHA512
03b7c57782923ca3a011fcb85f74e865bb7ff9976c89152758770be3bd3d40684ebd216fe34f0d0050936b536c8bab5eafcaa35fc26e893d30a108e36687876f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\vk_swiftshader.dll

Filesize
5.2MB

MD5
337b0322f328251f01bd0fda8948217f

SHA1
6e59fb5df7773c8668e8f18755e62b532a9071c3

SHA256
11f24457eb9af084eb845780f3fdc1989605766c2749fce6fb003dd988d5ff65

SHA512
3540b2f5df1f20b5cbb6e61caa005fe7da5d1cfbe58f639ae0c40f6a4e7a9d8786f3db4691dfee9a001a2a87ac7b0bf39b7f308c14f809874a89f86b18ff8fbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\7z-out\vulkan-1.dll

Filesize
938KB

MD5
6db4abe9370ef778e93cfc6bd6dbd292

SHA1
0d7bd9d21524780b6f8904a82c3ce09ae5d03f97

SHA256
52bf439424759a84cdcb6d379ed88582a6d6ba58127c44adf1b8379f0e88e5ec

SHA512
1ec07916d82d78243d9a144db3e947c95ca92fce1350708484c45fca2f953bb76728889b8d9a02c041849bcf005f998804d7066a90359fa180d94c237d014317

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnFF60.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/1720-3852-0x000001F917AB0000-0x000001F917AB1000-memory.dmp

Filesize
4KB

Download
memory/1720-3853-0x000001F917AB0000-0x000001F917AB1000-memory.dmp

Filesize
4KB

Download
memory/1720-3854-0x000001F917AB0000-0x000001F917AB1000-memory.dmp

Filesize
4KB

Download
memory/1720-3855-0x000001F917AB0000-0x000001F917AB1000-memory.dmp

Filesize
4KB

Download
memory/1720-3856-0x000001F917AB0000-0x000001F917AB1000-memory.dmp

Filesize
4KB

Download
memory/1720-3857-0x000001F917AB0000-0x000001F917AB1000-memory.dmp

Filesize
4KB

Download
memory/1720-3848-0x000001F917AB0000-0x000001F917AB1000-memory.dmp

Filesize
4KB

Download
memory/1720-3849-0x000001F917AB0000-0x000001F917AB1000-memory.dmp

Filesize
4KB

Download
memory/1720-3850-0x000001F917AB0000-0x000001F917AB1000-memory.dmp

Filesize
4KB

Download
memory/4216-1903-0x000002CD26D80000-0x000002CD26D81000-memory.dmp

Filesize
4KB

Download
memory/4216-1901-0x000002CD26D80000-0x000002CD26D81000-memory.dmp

Filesize
4KB

Download
memory/4216-1912-0x000002CD26D80000-0x000002CD26D81000-memory.dmp

Filesize
4KB

Download
memory/4216-1911-0x000002CD26D80000-0x000002CD26D81000-memory.dmp

Filesize
4KB

Download
memory/4216-1910-0x000002CD26D80000-0x000002CD26D81000-memory.dmp

Filesize
4KB

Download
memory/4216-1909-0x000002CD26D80000-0x000002CD26D81000-memory.dmp

Filesize
4KB

Download
memory/4216-1908-0x000002CD26D80000-0x000002CD26D81000-memory.dmp

Filesize
4KB

Download
memory/4216-1907-0x000002CD26D80000-0x000002CD26D81000-memory.dmp

Filesize
4KB

Download
memory/4216-1902-0x000002CD26D80000-0x000002CD26D81000-memory.dmp

Filesize
4KB

Download
memory/4664-1570-0x0000013C6D790000-0x0000013C6D791000-memory.dmp

Filesize
4KB

Download
memory/4664-1571-0x0000013C6D790000-0x0000013C6D791000-memory.dmp

Filesize
4KB

Download
memory/4664-1572-0x0000013C6D790000-0x0000013C6D791000-memory.dmp

Filesize
4KB

Download
memory/4664-1573-0x0000013C6D790000-0x0000013C6D791000-memory.dmp

Filesize
4KB

Download
memory/4664-1574-0x0000013C6D790000-0x0000013C6D791000-memory.dmp

Filesize
4KB

Download
memory/4664-1575-0x0000013C6D790000-0x0000013C6D791000-memory.dmp

Filesize
4KB

Download
memory/4664-1576-0x0000013C6D790000-0x0000013C6D791000-memory.dmp

Filesize
4KB

Download
memory/4664-1566-0x0000013C6D790000-0x0000013C6D791000-memory.dmp

Filesize
4KB

Download
memory/4664-1565-0x0000013C6D790000-0x0000013C6D791000-memory.dmp

Filesize
4KB

Download
memory/4664-1564-0x0000013C6D790000-0x0000013C6D791000-memory.dmp

Filesize
4KB

Download