479471beca7ffd44666539b1da127c3ddb22155c26c4420295a98d6a1f02accc

Analysis

max time kernel
1045s
max time network
1047s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/09/2024, 05:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

servermake.py
Size

1KB
MD5

a1b60d0bb8dbe25e3faf3966414dfceb
SHA1

b6ec4553d13c0445ccc2f7f786042a81d1d0d066
SHA256

479471beca7ffd44666539b1da127c3ddb22155c26c4420295a98d6a1f02accc
SHA512

ff3aab374d6a6a83a504f3073f1d4fe626e2403159605bab4562bf3532c2f224b5952e0cbea6f8c94f5dd7f25dcf07182896c0037b298c20b40e0017eb3ddb71

Score

9^/10

discovery evasion execution persistence upx

Malware Config

Signatures

Enumerates VirtualBox DLL files 2 TTPs 8 IoCs

File and Directory Discovery

T1083

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	FREE FN.exe
File opened (read-only)	C:\windows\system32\vboxhook.dll	FREE FN.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	FREE FN.exe
File opened (read-only)	C:\windows\system32\vboxhook.dll	runtime.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	runtime.exe
File opened (read-only)	C:\windows\system32\vboxhook.dll	FREE FN.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	FREE FN.exe
File opened (read-only)	C:\windows\system32\vboxhook.dll	FREE FN.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
4900	powershell.exe
5032	powershell.exe

Downloads MZ/PE file

Sets file to hidden 1 TTPs 1 IoCs

Modifies file attributes to stop it showing in Explorer etc.

evasion

Hidden Files and Directories

T1564.001

pid	Process
3080	attrib.exe

Executes dropped EXE 8 IoCs

pid	Process
624	FREE FN.exe
1928	FREE FN.exe
856	runtime.exe
2300	runtime.exe
6264	FREE FN.exe
5184	FREE FN.exe
6900	FREE FN.exe
6844	FREE FN.exe

Loads dropped DLL 64 IoCs

pid	Process
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Skype = "C:\\Users\\Admin\\runtime\\runtime.exe"	FREE FN.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
90	discord.com
91	discord.com

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00070000000239e0-1754.dat	upx
behavioral1/memory/1928-1758-0x00007FFD00AF0000-0x00007FFD011B5000-memory.dmp	upx
behavioral1/files/0x000700000002398c-1766.dat	upx
behavioral1/files/0x0007000000023573-1764.dat	upx
behavioral1/memory/1928-1774-0x00007FFD17310000-0x00007FFD1733D000-memory.dmp	upx
behavioral1/files/0x0007000000023577-1773.dat	upx
behavioral1/memory/1928-1771-0x00007FFD17720000-0x00007FFD1773A000-memory.dmp	upx
behavioral1/memory/1928-1770-0x00007FFD1B0B0000-0x00007FFD1B0BF000-memory.dmp	upx
behavioral1/files/0x0007000000023571-1769.dat	upx
behavioral1/memory/1928-1767-0x00007FFD1A220000-0x00007FFD1A245000-memory.dmp	upx
behavioral1/memory/1928-1792-0x00007FFD172D0000-0x00007FFD172E4000-memory.dmp	upx
behavioral1/memory/1928-1793-0x00007FFCFFCD0000-0x00007FFD001F9000-memory.dmp	upx
behavioral1/memory/1928-1794-0x00007FFD17150000-0x00007FFD17169000-memory.dmp	upx
behavioral1/memory/1928-1796-0x00007FFD17700000-0x00007FFD1770D000-memory.dmp	upx
behavioral1/memory/1928-1797-0x00007FFD141F0000-0x00007FFD14223000-memory.dmp	upx
behavioral1/memory/1928-1799-0x00007FFD173A0000-0x00007FFD173AD000-memory.dmp	upx
behavioral1/memory/1928-1795-0x00007FFD00AF0000-0x00007FFD011B5000-memory.dmp	upx
behavioral1/memory/1928-1798-0x00007FFD13740000-0x00007FFD1380D000-memory.dmp	upx
behavioral1/memory/1928-1801-0x00007FFD14120000-0x00007FFD14147000-memory.dmp	upx
behavioral1/memory/1928-1802-0x00007FFCFFCD0000-0x00007FFD001F9000-memory.dmp	upx
behavioral1/memory/1928-1803-0x00007FFD04690000-0x00007FFD047AA000-memory.dmp	upx
behavioral1/memory/1928-1800-0x00007FFD17140000-0x00007FFD1714B000-memory.dmp	upx
behavioral1/memory/1928-1810-0x00007FFD140E0000-0x00007FFD140EB000-memory.dmp	upx
behavioral1/memory/1928-1809-0x00007FFD140F0000-0x00007FFD140FC000-memory.dmp	upx
behavioral1/memory/1928-1814-0x00007FFD14000000-0x00007FFD1400B000-memory.dmp	upx
behavioral1/memory/1928-1813-0x00007FFD13FF0000-0x00007FFD13FFC000-memory.dmp	upx
behavioral1/memory/1928-1812-0x00007FFD14010000-0x00007FFD1401C000-memory.dmp	upx
behavioral1/memory/1928-1811-0x00007FFD13740000-0x00007FFD1380D000-memory.dmp	upx
behavioral1/memory/1928-1816-0x00007FFD13FE0000-0x00007FFD13FEC000-memory.dmp	upx
behavioral1/memory/1928-1815-0x00007FFD14120000-0x00007FFD14147000-memory.dmp	upx
behavioral1/memory/1928-1808-0x00007FFD14100000-0x00007FFD1410B000-memory.dmp	upx
behavioral1/memory/1928-1807-0x00007FFD14110000-0x00007FFD1411B000-memory.dmp	upx
behavioral1/memory/1928-1806-0x00007FFD172D0000-0x00007FFD172E4000-memory.dmp	upx
behavioral1/memory/1928-1805-0x00007FFD17130000-0x00007FFD1713F000-memory.dmp	upx
behavioral1/memory/1928-1826-0x00007FFD13B10000-0x00007FFD13B26000-memory.dmp	upx
behavioral1/memory/1928-1825-0x00007FFD13FC0000-0x00007FFD13FCC000-memory.dmp	upx
behavioral1/memory/1928-1824-0x00007FFD13FD0000-0x00007FFD13FDE000-memory.dmp	upx
behavioral1/memory/1928-1823-0x00007FFD13E60000-0x00007FFD13E6C000-memory.dmp	upx
behavioral1/memory/1928-1822-0x00007FFD13E70000-0x00007FFD13E82000-memory.dmp	upx
behavioral1/memory/1928-1821-0x00007FFD13E90000-0x00007FFD13E9D000-memory.dmp	upx
behavioral1/memory/1928-1820-0x00007FFD13EA0000-0x00007FFD13EAC000-memory.dmp	upx
behavioral1/memory/1928-1819-0x00007FFD13F90000-0x00007FFD13F9C000-memory.dmp	upx
behavioral1/memory/1928-1818-0x00007FFD13FA0000-0x00007FFD13FAB000-memory.dmp	upx
behavioral1/memory/1928-1817-0x00007FFD13FB0000-0x00007FFD13FBB000-memory.dmp	upx
behavioral1/memory/1928-1804-0x00007FFD17310000-0x00007FFD1733D000-memory.dmp	upx
behavioral1/memory/1928-1828-0x00007FFD13720000-0x00007FFD13734000-memory.dmp	upx
behavioral1/memory/1928-1827-0x00007FFD13AF0000-0x00007FFD13B02000-memory.dmp	upx
behavioral1/memory/1928-1830-0x00007FFD133D0000-0x00007FFD133F2000-memory.dmp	upx
behavioral1/memory/1928-1829-0x00007FFD13700000-0x00007FFD13717000-memory.dmp	upx
behavioral1/memory/1928-1833-0x00007FFD04120000-0x00007FFD0416D000-memory.dmp	upx
behavioral1/memory/1928-1832-0x00007FFD13330000-0x00007FFD13349000-memory.dmp	upx
behavioral1/memory/1928-1831-0x00007FFD13350000-0x00007FFD13365000-memory.dmp	upx
behavioral1/memory/1928-1834-0x00007FFD13310000-0x00007FFD13321000-memory.dmp	upx
behavioral1/memory/1928-1835-0x00007FFD13290000-0x00007FFD132AE000-memory.dmp	upx
behavioral1/memory/1928-1837-0x00007FFD00A90000-0x00007FFD00AED000-memory.dmp	upx
behavioral1/memory/1928-1838-0x00007FFD0F9E0000-0x00007FFD0FA18000-memory.dmp	upx
behavioral1/memory/1928-1836-0x00007FFD13B10000-0x00007FFD13B26000-memory.dmp	upx
behavioral1/memory/1928-1848-0x00007FFD00A60000-0x00007FFD00A89000-memory.dmp	upx
behavioral1/memory/1928-1849-0x00007FFD00A30000-0x00007FFD00A5E000-memory.dmp	upx
behavioral1/memory/1928-1850-0x00007FFD13700000-0x00007FFD13717000-memory.dmp	upx
behavioral1/memory/1928-1851-0x00007FFD00A00000-0x00007FFD00A24000-memory.dmp	upx
behavioral1/memory/1928-1852-0x00007FFD133D0000-0x00007FFD133F2000-memory.dmp	upx
behavioral1/memory/1928-1853-0x00007FFCFF950000-0x00007FFCFFACF000-memory.dmp	upx
behavioral1/memory/1928-1855-0x00007FFD13060000-0x00007FFD13078000-memory.dmp	upx

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
508	taskkill.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 899655.crdownload:SmartScreen	msedge.exe
File created	C:\Users\Admin\runtime\runtime.exe\:SmartScreen:$DATA	FREE FN.exe

Suspicious behavior: EnumeratesProcesses 61 IoCs

pid	Process
2844	msedge.exe
2844	msedge.exe
1308	msedge.exe
1308	msedge.exe
4468	identity_helper.exe
4468	identity_helper.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
4548	msedge.exe
4548	msedge.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
1928	FREE FN.exe
4900	powershell.exe
4900	powershell.exe
4900	powershell.exe
2300	runtime.exe
2300	runtime.exe
2300	runtime.exe
2300	runtime.exe
2300	runtime.exe
2300	runtime.exe
2300	runtime.exe
2300	runtime.exe
2300	runtime.exe
2300	runtime.exe
2300	runtime.exe
2300	runtime.exe
5032	powershell.exe
5032	powershell.exe
5032	powershell.exe
5284	powershell.exe
5284	powershell.exe
5284	powershell.exe
5184	FREE FN.exe
5184	FREE FN.exe
5184	FREE FN.exe
5184	FREE FN.exe
5184	FREE FN.exe
5184	FREE FN.exe
6844	FREE FN.exe
6844	FREE FN.exe
6844	FREE FN.exe
6844	FREE FN.exe
6844	FREE FN.exe
6844	FREE FN.exe
5108	msedge.exe
5108	msedge.exe
8156	msedge.exe
8156	msedge.exe
2896	identity_helper.exe
2896	identity_helper.exe
6508	msedge.exe
6508	msedge.exe
6508	msedge.exe
6508	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2300	runtime.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe

Suspicious use of AdjustPrivilegeToken 29 IoCs

description	pid	Process
Token: SeDebugPrivilege	1928	FREE FN.exe
Token: SeDebugPrivilege	4900	powershell.exe
Token: SeDebugPrivilege	508	taskkill.exe
Token: SeDebugPrivilege	2300	runtime.exe
Token: SeDebugPrivilege	5032	powershell.exe
Token: SeDebugPrivilege	5184	FREE FN.exe
Token: SeDebugPrivilege	5284	powershell.exe
Token: SeIncreaseQuotaPrivilege	5284	powershell.exe
Token: SeSecurityPrivilege	5284	powershell.exe
Token: SeTakeOwnershipPrivilege	5284	powershell.exe
Token: SeLoadDriverPrivilege	5284	powershell.exe
Token: SeSystemProfilePrivilege	5284	powershell.exe
Token: SeSystemtimePrivilege	5284	powershell.exe
Token: SeProfSingleProcessPrivilege	5284	powershell.exe
Token: SeIncBasePriorityPrivilege	5284	powershell.exe
Token: SeCreatePagefilePrivilege	5284	powershell.exe
Token: SeBackupPrivilege	5284	powershell.exe
Token: SeRestorePrivilege	5284	powershell.exe
Token: SeShutdownPrivilege	5284	powershell.exe
Token: SeDebugPrivilege	5284	powershell.exe
Token: SeSystemEnvironmentPrivilege	5284	powershell.exe
Token: SeRemoteShutdownPrivilege	5284	powershell.exe
Token: SeUndockPrivilege	5284	powershell.exe
Token: SeManageVolumePrivilege	5284	powershell.exe
Token: 33	5284	powershell.exe
Token: 34	5284	powershell.exe
Token: 35	5284	powershell.exe
Token: 36	5284	powershell.exe
Token: SeDebugPrivilege	6844	FREE FN.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe
8156	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4752	OpenWith.exe
2300	runtime.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1308 wrote to memory of 2856	1308	msedge.exe	93
PID 1308 wrote to memory of 2856	1308	msedge.exe	93
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2828	1308	msedge.exe	94
PID 1308 wrote to memory of 2844	1308	msedge.exe	95
PID 1308 wrote to memory of 2844	1308	msedge.exe	95
PID 1308 wrote to memory of 3684	1308	msedge.exe	96
PID 1308 wrote to memory of 3684	1308	msedge.exe	96
PID 1308 wrote to memory of 3684	1308	msedge.exe	96
PID 1308 wrote to memory of 3684	1308	msedge.exe	96
PID 1308 wrote to memory of 3684	1308	msedge.exe	96
PID 1308 wrote to memory of 3684	1308	msedge.exe	96
PID 1308 wrote to memory of 3684	1308	msedge.exe	96
PID 1308 wrote to memory of 3684	1308	msedge.exe	96
PID 1308 wrote to memory of 3684	1308	msedge.exe	96
PID 1308 wrote to memory of 3684	1308	msedge.exe	96
PID 1308 wrote to memory of 3684	1308	msedge.exe	96
PID 1308 wrote to memory of 3684	1308	msedge.exe	96
PID 1308 wrote to memory of 3684	1308	msedge.exe	96
PID 1308 wrote to memory of 3684	1308	msedge.exe	96
PID 1308 wrote to memory of 3684	1308	msedge.exe	96
PID 1308 wrote to memory of 3684	1308	msedge.exe	96
PID 1308 wrote to memory of 3684	1308	msedge.exe	96
PID 1308 wrote to memory of 3684	1308	msedge.exe	96
PID 1308 wrote to memory of 3684	1308	msedge.exe	96
PID 1308 wrote to memory of 3684	1308	msedge.exe	96

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
3080	attrib.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\servermake.py
1⤵
- Modifies registry class
PID:3136

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd03f746f8,0x7ffd03f74708,0x7ffd03f74718
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,10657128843338811138,5470101007174703905,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,10657128843338811138,5470101007174703905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,10657128843338811138,5470101007174703905,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10657128843338811138,5470101007174703905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10657128843338811138,5470101007174703905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10657128843338811138,5470101007174703905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10657128843338811138,5470101007174703905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,10657128843338811138,5470101007174703905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3500 /prefetch:8
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,10657128843338811138,5470101007174703905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3500 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10657128843338811138,5470101007174703905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10657128843338811138,5470101007174703905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10657128843338811138,5470101007174703905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10657128843338811138,5470101007174703905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10657128843338811138,5470101007174703905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10657128843338811138,5470101007174703905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10657128843338811138,5470101007174703905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10657128843338811138,5470101007174703905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10657128843338811138,5470101007174703905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10657128843338811138,5470101007174703905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10657128843338811138,5470101007174703905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10657128843338811138,5470101007174703905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,10657128843338811138,5470101007174703905,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10657128843338811138,5470101007174703905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10657128843338811138,5470101007174703905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10657128843338811138,5470101007174703905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2132,10657128843338811138,5470101007174703905,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6564 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,10657128843338811138,5470101007174703905,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6484 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,10657128843338811138,5470101007174703905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4548
- C:\Users\Admin\Downloads\FREE FN.exe
  "C:\Users\Admin\Downloads\FREE FN.exe"
  2⤵
  - Executes dropped EXE
  PID:624
- - C:\Users\Admin\Downloads\FREE FN.exe
    "C:\Users\Admin\Downloads\FREE FN.exe"
    3⤵
    - Enumerates VirtualBox DLL files
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - NTFS ADS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1928
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\runtime\""
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4900
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\runtime\activate.bat
      4⤵
      PID:2944
    - - C:\Windows\system32\attrib.exe
        
        attrib +s +h .
        5⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:3080
    - - C:\Users\Admin\runtime\runtime.exe
        
        "runtime.exe"
        5⤵
        Executes dropped EXE
        
        PID:856
      - C:\Users\Admin\runtime\runtime.exe
        
        "runtime.exe"
        6⤵
        Enumerates VirtualBox DLL files
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:2300
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\runtime\""
        7⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5032
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell (Get-CimInstance Win32_ComputerSystemProduct).UUID
        7⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5284
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im "FREE FN.exe"
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2588

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4276

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x328
1⤵
PID:2044

C:\Users\Admin\Downloads\FREE FN.exe
"C:\Users\Admin\Downloads\FREE FN.exe"
1⤵
- Executes dropped EXE
PID:6264
- C:\Users\Admin\Downloads\FREE FN.exe
  "C:\Users\Admin\Downloads\FREE FN.exe"
  2⤵
  - Enumerates VirtualBox DLL files
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5184

C:\Users\Admin\Downloads\FREE FN.exe
"C:\Users\Admin\Downloads\FREE FN.exe"
1⤵
- Executes dropped EXE
PID:6900
- C:\Users\Admin\Downloads\FREE FN.exe
  "C:\Users\Admin\Downloads\FREE FN.exe"
  2⤵
  - Enumerates VirtualBox DLL files
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:6844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:8156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd03f746f8,0x7ffd03f74708,0x7ffd03f74718
  2⤵
  PID:8172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7022574762571682060,3683194730703519319,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:7172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,7022574762571682060,3683194730703519319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,7022574762571682060,3683194730703519319,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:6704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7022574762571682060,3683194730703519319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:6612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7022574762571682060,3683194730703519319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:6468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7022574762571682060,3683194730703519319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7022574762571682060,3683194730703519319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,7022574762571682060,3683194730703519319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,7022574762571682060,3683194730703519319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7022574762571682060,3683194730703519319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7022574762571682060,3683194730703519319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7022574762571682060,3683194730703519319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7022574762571682060,3683194730703519319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7022574762571682060,3683194730703519319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7022574762571682060,3683194730703519319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:7468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7022574762571682060,3683194730703519319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:7480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7022574762571682060,3683194730703519319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7022574762571682060,3683194730703519319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7022574762571682060,3683194730703519319,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5584 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

File and Directory Discovery

T1083

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a1a2994c0a0901a48a0c1cf403e0af05

SHA1
6f197178359387ac0dcdfbc01140a04fc604223e

SHA256
737bcbd14d31802e2d253dbb6c95e425b62b308345d7ec654abf1ab1da4b934e

SHA512
42ba075df3f1b669e4443b84df2e0201745eb9b46716cfa3d2ca4099adb174cb79c9b0629815f5d71f3bd739c8339e18672ff328901fd294b61d6ae7438ced28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
288B

MD5
2dad9c3a5db8fb1c0e25a69cf9141975

SHA1
fac95032d14671ebde3029b8760d47bb4ddb9d50

SHA256
1c9bf15d30d2164b042f6aaeb8fc16287adb7c3b32842a959477b1453bc9501f

SHA512
59a2b57d4122a083b6d13b9fab748d0a2ab39667c61b5a6ac8e5f0f7a7f782e7b8005065977136943fdaf3edce8170b2f2a2f60a91b51058b59eec74b312285e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
e941be098591dfca346669ad205eb662

SHA1
88426a61b937281b036503a8a186fab3078b3fe7

SHA256
2ee57b068bdce327fa7e4d30f749ba8bbc6fd06995ac7de743b3b944ba773e63

SHA512
efd73e7de51e7829af6393629483982ecbf6cd48899a8ca2f53b75989d7eab72c9d2e0990937fdbfb6416c9b76018be3000bc49c476eee3d03419f07585a7866

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e5427aeb5f95383935bd2b166a6d5cd9

SHA1
c0b3198621862ec2ed21378aeac3f6b2c8801d8f

SHA256
2e69de155f480dab93bae6ab8aa756a6e036a93aa3261453f87b80a753284889

SHA512
aca0fd768cd0a369ea2e309a676106f49db82971f08cfe628a459a30a3552b1376d9923bf295658eafc2fb0ffb0f24a564733c4bf70561cf4655599ac5f256a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
247B

MD5
828159c2bd7f7b0e2ab1ddc37802698f

SHA1
68b1295a1122e91632b31a0b5aaec5bb063030fc

SHA256
0a4a66818f9ec52d9d6d5384ccc54292a73e602c8c2949c9ce34b1b1b947f6e8

SHA512
5d9be242c66976fe16af8a8aca16f1b2e0182b0f145049b3ba7fcdcb9304e94287c7b381c78443a40e88285b6d0857041a391754d7c926361b1f4978999a1e9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1000B

MD5
82a71fe8a6f060504635f78100813dae

SHA1
390f26a18302636ed3a6b5ec2dae0a862884d8fb

SHA256
7d3044a4a57936da01f9059a7743fba381a47f3292a851b295c376ae4d0bc00d

SHA512
1458f002d539c66ae14bc2c9254ed73db5b9119e4864570b4ff5f2a2cfd53b9d8bd518d9a5348942deeb3d60695272ca98754408cab271550329653ad822adf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d3e42aeae2435eea8a243c70ebe79fd3

SHA1
90f002ec47103838f3aa4f1e9783843416e64096

SHA256
19900e55d7337a8eeba259c105fec611d19fcd22b914c9f8e7b1ab53ef49fdda

SHA512
9f6ab0c359b6fe1524d0260fcb419a67ebb41b915a68982951629b7d31b195bcba334c63d46aed95a937f7002f21ab834c5c6afdbdadb45e3787c09fbce5476b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8bcba355607c6d3ae1d0578fd5fd29a1

SHA1
f91cb50badbe9e8853636db087a585724b68ce82

SHA256
6a377be83cf1ab52b75d31bb4623be049f856a85a8e4b4a2f7a472b970e030c2

SHA512
d56bb414d70a87d6f882b1a630e548060c27cac1d883b6fdf5d1987486275efb3a335556035ec1b37015abbe40e8e74014811105d60444385fc2134bd45358dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f15a965e826f834cbb70c6c4bf0f3ee4

SHA1
40802fb12a2fcfb55705ff387cd74faeb989a516

SHA256
40748fca74324abefdb06a13a6fddfc3a609d27490d2859f93dc57423d57933a

SHA512
24196c7863e2eaf1cc9706592327600aa3d3711754007c799b402e68ab6ff7f47b0c355c358980bf430a0b06d8ca69609dac28626270b05f64d0fabdac8d2de7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
45318e37184ceb821e56155e0497576f

SHA1
23beb556583ca399c07bc0dae6160d7788935160

SHA256
326ce3a04f92bfb9b728a30176cab2ccb72c9fa16db6eb74eeab142f9177eff4

SHA512
2fe8d1050467508ef907ad4a7ad822b610e04b9735ca6214bc085d7bd17fda5c51289cb5654b51307e8fd6f3aab5fd3e8e4302f0884249f50d141ef8cc767c59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
267adbb024b1217dab3df6a4cc95ce22

SHA1
61199d95b4cf51dbfdceb358c91457dfe0c6e17a

SHA256
10352f72c8b0da39ec9491fbd7cf62e47bd50752504b4a006dab80bdfa8719dd

SHA512
62996463b20cdf3efa5d216063320089b146df79cdaf5fd3a0e4933dc4144931d9b87faa68a31392c1ae91170b3f8674b02f56efe8b473966b37f9360b699850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c128e2938c618a7b883d84838d1fb5a9

SHA1
a3b34969626d499c6da6a0d047491368aa19693b

SHA256
5eb67ce7c2e8d6f0e673ede2b203f81baef30d614de9bea91b0f1617a44b7c42

SHA512
9abb19a6496132862934d3c13a3d9f813beeaf165588cdb759af644af65239b2a40e1d103a7f9b1a0f51899de63acde1718fa8e36988ff425d08ee0e3a9efb45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
37c28706753bd7f6061b9e5d410ca362

SHA1
5a322c71b96fee7574f5d87d92864ad8689479bb

SHA256
642d38a2201cc498c540d7304851f1866bf8856907805c71bb0de949a48b8efa

SHA512
0f19d5003d540bb9701b1926d09641f397399e929dee38fa8fc1133a83077ea44ed5fa39f9a8e1be9dd5f0f80e3b8f0d25d8703a60d52abb05bc5368680cfbaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a8b5727624e6303f6608b202b04ca48e

SHA1
1c6f9071cdaeaa7f5350ae71e4099c519e8d261d

SHA256
58ac8a80e216a5910c91508343128ee02ff40456db3bee19798b0412319b9514

SHA512
81b186214b90dbe77efaecfc62d9011085b7a6ad8ccc2cb4d6d41775c20386b1ad21b1a6ee1c23f45a1b743be1e38b4e5b7951a53d060729dc8e7d59225f27c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4eaae89d3a4f828ccaf5fb627b60b01b

SHA1
409a355e910284b63952d685f42dc22acebc521c

SHA256
cfd1256be9d094cb9a6790e479bba23aac290f82752064ace7b4cd728ba12cff

SHA512
a7fc5890fd052f177d52bdbca61401c2b001874c620013b931a3e5a68aefee907e54043fd7594ed20cd67924eeb780e1a920aab42a69abbb4fc9f7c63010c4b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f911ff7b0aa900c499179d200f812a79

SHA1
7e91702c2a170b5b3fc408c3aef15f65bd1a5eb2

SHA256
6e780024ec9c495be0bdf2e2a6e757491c8b3bb1df66c598539a5ec54651f6c8

SHA512
0d433b245ec21539ea4464167c1fa3cc22eacc75d064647f8bf370ac4ad30a523846ba4149d8561265d454434b6e8dced5a6b2a65d9b2fd776e1384a155422c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
02076b09b9dd23419aae42ee5a11773e

SHA1
06113ba03b549dd2ac7d2053dceb049e7116f5db

SHA256
6fd22a774af4d9b87e40dc9b8a01775cc99ad249b771abaf19e34a8d6213bc8a

SHA512
7bb930491adb1f329272bcdd0b8b3f354308c376e1f3a61f2226b30aa0ee5ae75316591e1fdf7c9f53dec8cb02a4ac304f9a544abcca6ff8ba602b44d0194878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
362B

MD5
c320bf09131fa7daf1606ac7db1f6074

SHA1
711187cf643c9020b20fd20fd58ccf10c86cd625

SHA256
0c802a5c6110e508dbc24c45f8d1ad9509d7fa8c1eb4eaa22d013ff8eed3dfc1

SHA512
cdc91a3a0ffd33047d03df0b5222e91500e5bdb29a2fb72d4963e02f3a4dc810eb6df10194646ea4d362c7c0cc36401075600b7872bc6ae71ff2f47d6517150d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
2613aeae7340c4f98b502b7edf37028b

SHA1
5a4121097493dd38404bfe06c9710b8c96260c3e

SHA256
72e5bc8d673e392be6872598c46b02f77c5fc97dfb8982b73f206e36cd91fe74

SHA512
19ad2d9f4dcaaaa032dfbe43a7353217ac836f50bf294d64801ad56640527c1455cbdd7b1db37416ddc2614f2e0b6e45ec701e18e945b262d9222289e0a1df33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2e03fd34326b76ccde394193f1cd489d

SHA1
c473d16d7241024e9fd35045dcaeb28cb7dba6d3

SHA256
3d4d3850237133d10622632a5e7a8e7d48ed79773e0a48a21ad3dab45fffd6a3

SHA512
46c2fa6d2a70d2b9cf2246891d166caa1a4c64a909a6f6159963bd5bb0974e0a7ce089ecd470331aa9d0433e580577ca0b3af1f022947b1aba57e3de82374de4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7d902f6794dcefcd160e4de2193fa435

SHA1
be3d2602b233e467d81a10b9dec553d3a81064a1

SHA256
ad6a9eabe8af824423de88d56f2787b134083801535eb088c04adc08fc10bf6d

SHA512
705299b71af569d8847c2480a2bda4af6950d1dc65322a88dddd11d889a42319508d114c5ce00f9b3afa1cc2132ac41ca276880402634f2eb9aa218b834153d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
a07718f5a87170f619cea60144486ad4

SHA1
0eeb7c6c1386962c651dc7b8ea7549c72aa766e7

SHA256
b45ec92ffdb240690901620d45f12cfe919ef1816820307f64953ddfbc0a021a

SHA512
f8db1fbe4f6198f64db4ef216d99bb20de90207af70c27e72abd7edebd7dda35beae47b1f9a93e18ecfdb855ce6c557960757f1ca73e0267dca5e2cdfede2dba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b9b6.TMP

Filesize
203B

MD5
d7ff7934f26b2fb3fbd01adb92194e68

SHA1
3f3c802e8ed786f67a26bab0254d4b99d08b7e68

SHA256
03159abca1289d7104ac550bc4d15eca1bafe9ca3d9fb938de43ef9c7233273e

SHA512
af9cbf9917505da29551fb15f08243593309503b490c60b083f91c55c934f6f2efc49e971eb2ecca970b0a5b3eacfb0cf55d7bf2bf864d85b984b6b130ea6be3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d25c14d4846f97987bbb01e36b484620

SHA1
99094fbfdfb7edf12657e76203b357a4dffa9583

SHA256
36813cb4a995a88391143e8c3012c9dc88894a5af5fbb91d4ab10114feb5e943

SHA512
01118706fef2b45375ff69af008de900a4f41b36e80de3db5b321ef58b981813c46fc78e33c159173d694665c410ed1ea7dcf1bcc9a9845e07f16be656a8ec42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b630e0d0c2503fb99ad2ef469028cbb1

SHA1
70cf4b1a93287989d8c75f0172496b6d6a36d41b

SHA256
f69622bbf600e537d8a6f7a903efb5e81cdac7ed21bdab4c374edd71ce8505fb

SHA512
ee62a4beaf010b867417abdcb53446c3a473b35cc72fa03b3c6b1cd2e224fd46760fb14f2821f38a64b1fa20f8078b995ced7fe4052543a0fe382f7d23003991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6b5b60e01219e20be139d65d0037e321

SHA1
e8954e14dcad27520b696335bf06adc9e6eb64fe

SHA256
bcc2e47e0684131a2f4bad0c1082b0bb3fa6ab0743976a02967934d33b9e6be6

SHA512
51371f0a9a0a6793d738def4b928b3b8f3da39a249fa3620e5af2c62f3470dec028887e08168bd918c5b6eb57e2cf4dc539ff7bba38d4d8cff0eee39258fb1b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e7b9d09d466d684872511c5e95262712

SHA1
52a1163424908fe01e0cf647c4a07a5b9c921b5e

SHA256
e2af354e29d539bedec8b373c45c211e45dc54276c316520111353cbb2ab29c0

SHA512
9107bc7b1c206fce879d7617994c8efd39407ec0639a81988b9d3334737d4515d5bcbccf11f5ef2ef877a8b8c9e3822884f2a992bf1d8a295066f71c61a56071

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
657960b5f618c8e465ee975f3d5f3ddf

SHA1
47ee80fcaf816cd185e3873d4c0f76574b6fa714

SHA256
c9f6698fa62f395eee302060321177ddc22e4a932fb8de131a890377f102c202

SHA512
eea023ad462b1a205b419115979b00668f6f7c83938d4cc35200fbcd3909b2175bcf8ceb755a2e64193d7c87a80588a90d1828f2ac9caf455bd794c7ea717bf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ac7ccde0f0464bce29808a13d8d2a041

SHA1
d4921ade3047ca9e58db0e31a0ad37ed5bdfdedd

SHA256
d791a87928a1d64ea67186cad63a3735534189e213595196749379b34cf82d78

SHA512
fec2e6cb4af5020df7afb30e59ceb03caf9283c0d66b5edf985dd17fa3e7578342e3200f5ffcd6ea7febbc325c7608d92faba752b9494c8b639611a3fcb77fc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6242\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6242\_bz2.pyd

Filesize
48KB

MD5
075ae3a74a32bb5386c3524a19e3927e

SHA1
8d832da3344e5958358c24d4d31e51f6a8ddfd24

SHA256
d581bf9f92031f73ae75e21328597906db970714430e6dc44ce525cf04d5e77a

SHA512
455cbe95a369562e56bf76e2c287c52cc5327872151b1797ba3636196dc9231c6d73557d28ee1e3cf2d1c233edb61587cae41498f5d1d8b9cc9c0fdecfff3f1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6242\_ctypes.pyd

Filesize
59KB

MD5
1a546aaa7d44f48daef4750a679fe22f

SHA1
0aaa6657b15c79b3713229e61aec5d0e16e5b404

SHA256
b1ed56b8aab1dc0e4021bb08b53ac82fa9bf0c56f171287c55241617dd90bc5b

SHA512
338b6210bbde57ac6bbd032f8d65b90fe43d1509c74d138766a50490ee0ff93b5c94ec29fb8b8575f602304a342aa195dfff7b9bc22bb20e78545521ce0cd2e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6242\_lzma.pyd

Filesize
86KB

MD5
385a812072bc56d47823360908c2e5ca

SHA1
e8f758dfbd6ed8a82d614343116d9e9c164ce021

SHA256
4943f6912c4ddd1f6d11fa6ea7f619bf852569efe013558105e7a26518d466fd

SHA512
adc6ebda1eb2a51d5bb109c0019150827a3606399f450c250309fce50ae81a820a5a813657e8f4fa6eb7ccc7cb2a5f332aa23db6f12baec156ffc3dd1a32879d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6242\api-ms-win-core-console-l1-1-0.dll

Filesize
21KB

MD5
4a8f3a1847f216b8ac3e6b53bc20bd81

SHA1
f5aadc1399a9da38087df52e509d919d743e3ea7

SHA256
29b7d786d9f421765a4f4904f79605c41e17c0a24d7f91e44c0b7b0dea489fc3

SHA512
e70d2b719517c413fa967ca1a8d224299af55d988b3cc28013aaa3677660fae9ecb6f858d31c08cd8a0888f932af1384f0eaa928c002200f0710c2d5bddced1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6242\api-ms-win-core-datetime-l1-1-0.dll

Filesize
21KB

MD5
d7ad8db12ff42d620a657127dada1d88

SHA1
0ca381c734a3a93dc5f19c58dadfdca9d1afccd8

SHA256
26054d8febab1aacf11aa5cb64055808cd33388a8e77d0b3bcbc7543b0eea3bd

SHA512
7e2d6b60adbf97b22ab4b66691e483827d5755cfc6fcb5224369ada53cbd8cda43c4694a000ea4b5cebc69a475b54df0e9694c20afd9ec62b4db7b22241bdc45

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6242\api-ms-win-core-debug-l1-1-0.dll

Filesize
21KB

MD5
c68a86c180ff1fcac90d1da9a08179c1

SHA1
c287951441c957931dc4ebbee4dc9426a4501554

SHA256
2c91c4861e88c92693a1b145ebe2f69ffb90797cd42061e2d84f3d7fc009a941

SHA512
857fbf9852596ef7263d8faf970128487413c859246f58b15cec32d11576894c47211a3bd9005f86c2a28fa6b67fba96831c4953c0fa24e2373a6daecb85e121

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6242\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
21KB

MD5
a17ff429442d4e5298f0faf95950a77d

SHA1
522a365dad26bedc2bfe48164dc63c2c37c993c3

SHA256
8e9d1d206da69da744d77f730233344ebe7c2a392550511698a79ce2d9180b41

SHA512
7d4e31251c171b90a0c533718655c98d8737ff220bcc43f893ff42c57ab43d82e6bd13fa94def5bb4205caec68dc8178d6b2a25ad819689f25dad01be544d5ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6242\api-ms-win-core-fibers-l1-1-0.dll

Filesize
21KB

MD5
73dd550364215163ea9edb537e6b3714

SHA1
c24fcadfee877d5402e2b4f8518c4f5f4a2ce4b4

SHA256
0235c78780eff0bd34fce01d1c366e5e5936ea361676cb9711a4cfff747d457a

SHA512
2406d9d44d3ed86a95248b25cf574e0c06533cd916048a2facd68f4db48e49e8e8ce1917091bcfb273d0acc210697ceb659930c896e51464c300ec06476d8cc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6242\api-ms-win-core-file-l1-1-0.dll

Filesize
25KB

MD5
ecee1b7da6539c233e8dec78bfc8e1f9

SHA1
052ba049f6d8cd5579e01c9e2f85414b15e6cbf8

SHA256
249d7cd1c87738f87458b95ace4ab8f87b0de99eeefb796f6b86cba889d49b2c

SHA512
ea21fe20336b8170b2a8cd13df217e9ee87aa1d2b0ba476bee2a97c3fce57648c9ab664b9ba895d5bbbcd119f2bb6633bedc85dafbd7bf6853aa48b168a927f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6242\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
3473bc217562594b5b126d7aeb9380e9

SHA1
b551b9d9aa80be070f577376e484610e01c5171a

SHA256
0d8190fd619feb20df123931108d499132f7051f1ebb0ef246082f4c52c88b22

SHA512
036b93457ade632ad68264d81ff26ee1156038e234c606882386d6babcbe722a18e9ced1655f97caecaf5fd514e261dafe999a3e9fec00cc677e177f0bf8e203

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6242\api-ms-win-core-file-l2-1-0.dll

Filesize
20KB

MD5
50abf0a7ee67f00f247bada185a7661c

SHA1
0cddac9ac4db3bf10a11d4b79085ef9cb3fb84a1

SHA256
f957a4c261506484b53534a9be8931c02ec1a349b3f431a858f8215cecfec3f7

SHA512
c2694bb5d103baff1264926a04d2f0fe156b8815a23c3748412a81cc307b71a9236a0e974b5549321014065e393d10228a0f0004df9ba677f03b5d244a64b528

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6242\api-ms-win-core-handle-l1-1-0.dll

Filesize
21KB

MD5
53b1beee348ff035fef099922d69d588

SHA1
7bc23b19568e2683641116f770773f8bcf03376b

SHA256
3a52229bf8a9df9f69a450f1ed7afc0d813d478d148c20f88ec4169d19b0d592

SHA512
85c7ffa63483d69870cd69bf40e2b4ea5992d6b82607ee9bfc354c3bd5079e18cfe2ca0bcaa2fe493b42226f4a8097737116ea023823ce3ef177596dd80edcdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6242\api-ms-win-core-heap-l1-1-0.dll

Filesize
21KB

MD5
5846d53ac41102bb6f7e1f78717fea7f

SHA1
72254f1b93f17c2c6921179c31cd19b1b4c5292d

SHA256
059dfa16c1bbe5ff3a4b5443ba5e7ad1d41e392a873b09cfef787020ca3e101f

SHA512
0c29c0f562f1cabd794d8bf7f5cef0b0213fcf52a71eb254e0122f88c6e03558cb2259caff6b46d3b055101ef5422318e48d6c7568cbf2423212b8ed4e8f0f7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6242\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
21KB

MD5
5a1569efa80fd139b561a9677a661f8a

SHA1
fb0c824688e65ed12f52fa961ef3bae5674f32af

SHA256
41c1eaf5545109e871abef7386ab1abf9d2de1762cb4720c945afa8424858b00

SHA512
1d2594c7f9757a95b41a9e6496f89c81fc96448b32cacb0c10d0db8c28a95cf33b3ad23348bcd8fb37d82bd72865d3c60944206f2e795686440de49bbcc39d7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6242\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
21KB

MD5
5eb2d8e1b9c9bd462c808f492ef117c2

SHA1
60d398ec6e72ab670a2d9ef1b6747387c8de724e

SHA256
db85f9aae6e9a5f1664326fa3fb82fe1002a3053857724d6c8d979a07c1221a1

SHA512
df0ef770368f153104f828f1c2381bea9a79e69defd43af53bdd419b7d80144831e0c4cc8695baee9f26928f0c4a00fe4837c872313c37bce1b23e6690a93bda

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6242\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
0414909b279ea61ca344edbe8e33e40b

SHA1
4ece0dabe954c43f9bd5032de76ec29c47b22e10

SHA256
05b0c773a77850f3d50ddb4b82cc4d5f19316fe1aaa65e21b4709ae73f60a28e

SHA512
edbd33540cd1ef69f2ce824cfb991903ec6e4edda815f07d610247594ceeb2ebc78f05a44b4de8c5c937191b7e8b2ef221423c06df303d73deea721c25d15eed

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6242\api-ms-win-core-memory-l1-1-0.dll

Filesize
21KB

MD5
5e93bf4aa81616285858ca455343b6d3

SHA1
8de55be56b6520801177f757d9e3235ec88085f7

SHA256
c44ec29a51145281372007d241a2cc15b00d0bacc8adfaac61e8e82efe8ea6a3

SHA512
e6a46dad1d7125dbaaf9d020100d7ec321620e38fdd1c931af74e8ec25e841c52555ec9646a895ad4450de94f70e82e9a237c2895ddfd16769b07cb73ad827e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6242\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
21KB

MD5
94fce2f4b244d3968b75a4a61b2347ab

SHA1
c5898af5fd941c19fcdd949c6b4e2bb090d040d2

SHA256
c513bdc265654d2e9a304423f299fb46953631f0d78af8c1d397cd58b491475a

SHA512
1afe1f3a9b803c5758ff24376fe040d856b5ca814717b490464260c9c78e70ce6c166efbcc98e26ac12dd6173285b4863da7df4ff644d1d8150f8ac4b47113e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6242\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
21KB

MD5
df64597430e1126c3ba0fe5ecf995004

SHA1
3e32ad558501fb9d108f885a55841605be641628

SHA256
9638950211cbdcdaeb886cab277573391bf7dda2fbdb24fc18d31125dc8a7c24

SHA512
e16c1f5468bf2fc90b66b4b66dbad62cdbe29180f8da8ab8ad28d1b0c418cb96eadf24bb54f2ee9bcfe3176256d05f7eb591b6f908e47bd420ba22768fe0ea61

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6242\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
21KB

MD5
d21be88a58960edfe83ccbbdf5c4103d

SHA1
3cb0d010837b77102e77ca62e1033ef4eb5473ac

SHA256
3e909b4951e485de391f9a101e513b32c6d3507674c4d666ad3105b939b25c24

SHA512
99b1fda3ec9292a59ed528ab243b4f8ac63e2d7b219135f26050bb7dd124a5d5dc4a14a69383a8aa0b03f0f0a3bccf0c233ef09b8e3d3bdf43d0aa1cfc1a3992

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6242\base_library.zip

Filesize
1.3MB

MD5
763d1a751c5d47212fbf0caea63f46f5

SHA1
845eaa1046a47b5cf376b3dbefcf7497af25f180

SHA256
378a4b40f4fa4a8229c93e0afee819085251af03402ccefa3b469651e50e60b7

SHA512
bb356dd610e6035f4002671440ce96624addf9a89fd952a6419647a528a551a6ccd0eca0ee2eeb080d9aad683b5afc9415c721fa62c3bcddcb7f1923f59d9c45

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6242\libffi-8.dll

Filesize
29KB

MD5
013a0b2653aa0eb6075419217a1ed6bd

SHA1
1b58ff8e160b29a43397499801cf8ab0344371e7

SHA256
e9d8eb01bb9b02ce3859ba4527938a71b4668f98897d46f29e94b27014036523

SHA512
0bd13fa1d55133ee2a96387e0756f48133987bacd99d1f58bab3be7bffdf868092060c17ab792dcfbb4680f984f40d3f7cc24abdd657b756496aa8884b8f6099

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6242\python3.dll

Filesize
66KB

MD5
8dbe9bbf7118f4862e02cd2aaf43f1ab

SHA1
935bc8c5cea4502d0facf0c49c5f2b9c138608ed

SHA256
29f173e0147390a99f541ba0c0231fdd7dfbca84d0e2e561ef352bf1ec72f5db

SHA512
938f8387dcc356012ac4a952d371664700b110f7111fcc24f5df7d79791ae95bad0dbaf77d2d6c86c820bfd48a6bdbe8858b7e7ae1a77df88e596556c7135ed4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6242\python312.dll

Filesize
1.7MB

MD5
36e9be7e881d1dc29295bf7599490241

SHA1
5b6746aedac80f0e6f16fc88136bcdcbd64b3c65

SHA256
ebef43e92267a17f44876c702c914aafa46b997b63223ff46b12149fd2a2616e

SHA512
090d4e9092b7fe00180164b6f84b4bd1d1a1e12dc8fea042eaa0e75cc08bb9994c91c3853bedec390208db4ef2e3447cd9be20d7dc20c14e6deb52a141d554cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6242\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6242\setuptools\_vendor\jaraco.functools-4.0.1.dist-info\LICENSE

Filesize
1023B

MD5
141643e11c48898150daa83802dbc65f

SHA1
0445ed0f69910eeaee036f09a39a13c6e1f37e12

SHA256
86da0f01aeae46348a3c3d465195dc1ceccde79f79e87769a64b8da04b2a4741

SHA512
ef62311602b466397baf0b23caca66114f8838f9e78e1b067787ceb709d09e0530e85a47bbcd4c5a0905b74fdb30df0cc640910c6cc2e67886e5b18794a3583f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6242\setuptools\_vendor\jaraco.text-3.12.1.dist-info\WHEEL

Filesize
92B

MD5
43136dde7dd276932f6197bb6d676ef4

SHA1
6b13c105452c519ea0b65ac1a975bd5e19c50122

SHA256
189eedfe4581172c1b6a02b97a8f48a14c0b5baa3239e4ca990fbd8871553714

SHA512
e7712ba7d36deb083ebcc3b641ad3e7d19fb071ee64ae3a35ad6a50ee882b20cd2e60ca1319199df12584fe311a6266ec74f96a3fb67e59f90c7b5909668aee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6242\ucrtbase.dll

Filesize
1.1MB

MD5
3b337c2d41069b0a1e43e30f891c3813

SHA1
ebee2827b5cb153cbbb51c9718da1549fa80fc5c

SHA256
c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7

SHA512
fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI62642\SDL2.dll

Filesize
635KB

MD5
ec3c1d17b379968a4890be9eaab73548

SHA1
7dbc6acee3b9860b46c0290a9b94a344d1927578

SHA256
aaa11e97c3621ed680ff2388b91acb394173b96a6e8ffbf3b656079cd00a0b9f

SHA512
06a7880ec80174b48156acd6614ab42fb4422cd89c62d11a7723a3c872f213bfc6c1006df8bdc918bb79009943d2b65c6a5c5e89ad824d1a940ddd41b88a1edb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI62642\SDL2_image.dll

Filesize
58KB

MD5
25e2a737dcda9b99666da75e945227ea

SHA1
d38e086a6a0bacbce095db79411c50739f3acea4

SHA256
22b27380d4f1f217f0e5d5c767e5c244256386cd9d87f8ddf303baaf9239fc4c

SHA512
63de988387047c17fd028a894465286fd8f6f8bd3a1321b104c0ceb5473e3e0b923153b4999143efbdd28684329a33a5b468e43f25214037f6cddd4d1884adb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI62642\SDL2_mixer.dll

Filesize
124KB

MD5
b7b45f61e3bb00ccd4ca92b2a003e3a3

SHA1
5018a7c95dc6d01ba6e3a7e77dd26c2c74fd69bc

SHA256
1327f84e3509f3ccefeef1c12578faf04e9921c145233687710253bf903ba095

SHA512
d3449019824124f3edbda57b3b578713e9c9915e173d31566cd8e4d18f307ac0f710250fe6a906dd53e748db14bfa76ec1b58a6aef7d074c913679a47c5fdbe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI62642\SDL2_ttf.dll

Filesize
601KB

MD5
eb0ce62f775f8bd6209bde245a8d0b93

SHA1
5a5d039e0c2a9d763bb65082e09f64c8f3696a71

SHA256
74591aab94bb87fc9a2c45264930439bbc0d1525bf2571025cd9804e5a1cd11a

SHA512
34993240f14a89179ac95c461353b102ea74e4180f52c206250bb42c4c8427a019ea804b09a6903674ac00ab2a3c4c686a86334e483110e79733696aa17f4eb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI62642\_tcl_data\encoding\euc-cn.enc

Filesize
84KB

MD5
c5aa0d11439e0f7682dae39445f5dab4

SHA1
73a6d55b894e89a7d4cb1cd3ccff82665c303d5c

SHA256
1700af47dc012a48cec89cf1dfae6d1d0d2f40ed731eff6ca55296a055a11c00

SHA512
eee6058bd214c59bcc11e6de7265da2721c119cc9261cfd755a98e270ff74d2d73e3e711aa01a0e3414c46d82e291ef0df2ad6c65ca477c888426d5a1d2a3bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI62642\freetype.dll

Filesize
292KB

MD5
04a9825dc286549ee3fa29e2b06ca944

SHA1
5bed779bf591752bb7aa9428189ec7f3c1137461

SHA256
50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde

SHA512
0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI62642\libjpeg-9.dll

Filesize
108KB

MD5
c22b781bb21bffbea478b76ad6ed1a28

SHA1
66cc6495ba5e531b0fe22731875250c720262db1

SHA256
1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd

SHA512
9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI62642\libogg-0.dll

Filesize
16KB

MD5
0d65168162287df89af79bb9be79f65b

SHA1
3e5af700b8c3e1a558105284ecd21b73b765a6dc

SHA256
2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24

SHA512
69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI62642\libopus-0.dll

Filesize
181KB

MD5
3fb9d9e8daa2326aad43a5fc5ddab689

SHA1
55523c665414233863356d14452146a760747165

SHA256
fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491

SHA512
f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI62642\libpng16-16.dll

Filesize
98KB

MD5
55009dd953f500022c102cfb3f6a8a6c

SHA1
07af9f4d456ddf86a51da1e4e4c5b54b0cf06ddb

SHA256
20391787cba331cfbe32fbf22f328a0fd48924e944e80de20ba32886bf4b6fd2

SHA512
4423d3ec8fef29782f3d4a21feeac9ba24c9c765d770b2920d47b4fb847a96ff5c793b20373833b4ff8bc3d8fa422159c64beffb78ce5768ed22742740a8c6c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI62642\pygame\zlib1.dll

Filesize
52KB

MD5
ee06185c239216ad4c70f74e7c011aa6

SHA1
40e66b92ff38c9b1216511d5b1119fe9da6c2703

SHA256
0391066f3e6385a9c0fe7218c38f7bd0b3e0da0f15a98ebb07f1ac38d6175466

SHA512
baae562a53d491e19dbf7ee2cff4c13d42de6833036bfdaed9ed441bcbf004b68e4088bd453b7413d60faaf1b334aee71241ba468437d49050b8ccfa9232425d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI62642\setuptools\_vendor\typeguard-4.3.0.dist-info\LICENSE

Filesize
1KB

MD5
f0e423eea5c91e7aa21bdb70184b3e53

SHA1
a51ccdcb7a9d8c2116d1dfc16f11b3c8a5830f67

SHA256
6163f7987dfb38d6bc320ce2b70b2f02b862bc41126516d552ef1cd43247e758

SHA512
8be742880e6e8495c7ec4c9ecc8f076a9fc9d64fc84b3aebbc8d2d10dc62ac2c5053f33b716212dcb76c886a9c51619f262c460fc4b39a335ce1ae2c9a8769a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI62642\setuptools\_vendor\typeguard-4.3.0.dist-info\METADATA

Filesize
3KB

MD5
b6daac02f66ac8403e9061881322babe

SHA1
9a94672ccfea06156a5f8a321cd0626cfd233ae8

SHA256
cf675c1c0a744f08580855390de87cc77d676b312582e8d4cfdb5bb8fd298d21

SHA512
9c6b7326c90396aa9e962c2731a1085edb672b5696f95f552d13350843c09a246e0bbf0ec484862dff434fa5a86de4c0b7c963958ade35a066b9d2384076dd47

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI62642\setuptools\_vendor\typeguard-4.3.0.dist-info\RECORD

Filesize
2KB

MD5
d680b2881597974acd91750e5ab61010

SHA1
e00ed2416b5ce21641e3946905504d62d536972f

SHA256
48a51959582478352275428ceecd78ef77d79ac9dae796e39a2eaf2540282552

SHA512
112172acb515b0712ac58d78898eb159580ada3dd3f16aabb37cb7a8d964f9e4badf2869a245927b83b208d56904831c0f04ed925c95dfcb705801734fb0c7ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI62642\setuptools\_vendor\typeguard-4.3.0.dist-info\entry_points.txt

Filesize
48B

MD5
aeab5bcf8bf89a51c97c4cdf70578848

SHA1
2e9c1617560ab66431aab90700db901985293485

SHA256
aa9ecd43568bb624a0310aa8ea05a57c6a72d08217ce830999e4132e9cea1594

SHA512
2be73e99296df26a28835f91dd8bc50eb104af06a3c54666175faf322e0ad4620453db0388531c4113b052a92c1d2e4c3088e25af43cde42aa852cf7b0cb5b05

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI62642\setuptools\_vendor\typeguard-4.3.0.dist-info\top_level.txt

Filesize
10B

MD5
004a2a8ce1ab120a63902a27d76bd964

SHA1
a4e367ab40410598dadd1fc5f680ed7a176beb09

SHA256
e33dbc021b83a1dc114bf73527f97c1f9d6de50bb07d3b1eb24633971a7a82bb

SHA512
0d8ff9a43897ab390ab41afe5bac8bd38a68c2bef88e844e5b49bf70e3164b226975cc2717ae3dc3428d1cfbb0be068c243f104915fee1ffa58c23fbe76fdb89

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI62642\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txt

Filesize
1KB

MD5
7ffb0db04527cfe380e4f2726bd05ebf

SHA1
5b39c45a91a556e5f1599604f1799e4027fa0e60

SHA256
30c23618679108f3e8ea1d2a658c7ca417bdfc891c98ef1a89fa4ff0c9828654

SHA512
205f284f3a7e8e696c70ed7b856ee98c1671c68893f0952eec40915a383bc452b99899bdc401f9fe161a1bf9b6e2cea3bcd90615eee9173301657a2ce4bafe14

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI62642\setuptools\_vendor\wheel-0.43.0.dist-info\METADATA

Filesize
2KB

MD5
ebea27da14e3f453119dc72d84343e8c

SHA1
7ceb6dbe498b69abf4087637c6f500742ff7e2b4

SHA256
59bac22b00a59d3e5608a56b8cf8efc43831a36b72792ee4389c9cd4669c7841

SHA512
a41593939b9325d40cb67fd3f41cd1c9e9978f162487fb469094c41440b5f48016b9a66be2e6e4a0406d6eedb25ce4f5a860ba1e3dc924b81f63ceee3ae31117

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI62642\setuptools\_vendor\wheel-0.43.0.dist-info\RECORD

Filesize
4KB

MD5
44d352c4997560c7bfb82d9360f5985a

SHA1
be58c7b8ab32790384e4e4f20865c4a88414b67a

SHA256
783e654742611af88cd9f00bf01a431a219db536556e63ff981c7bd673070ac9

SHA512
281b1d939a560e6a08d0606e5e8ce15f086b4b45738ab41ed6b5821968dc8d764cd6b25db6ba562a07018c271abf17a6bc5a380fad05696adf1d11ee2c5749c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI62642\setuptools\_vendor\wheel-0.43.0.dist-info\entry_points.txt

Filesize
104B

MD5
6180e17c30bae5b30db371793fce0085

SHA1
e3a12c421562a77d90a13d8539a3a0f4d3228359

SHA256
ad363505b90f1e1906326e10dc5d29233241cd6da4331a06d68ae27dfbc6740d

SHA512
69eae7b1e181d7ba1d3e2864d31e1320625a375e76d3b2fbf8856b3b6515936ace3138d4d442cabde7576fcfbcbb0deed054d90b95cfa1c99829db12a9031e26

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8562\setuptools\_vendor\importlib_resources-6.4.0.dist-info\LICENSE

Filesize
11KB

MD5
3b83ef96387f14655fc854ddc3c6bd57

SHA1
2b8b815229aa8a61e483fb4ba0588b8b6c491890

SHA256
cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30

SHA512
98f6b79b778f7b0a15415bd750c3a8a097d650511cb4ec8115188e115c47053fe700f578895c097051c9bc3dfb6197c2b13a15de203273e1a3218884f86e90e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8562\setuptools\_vendor\jaraco.collections-5.1.0.dist-info\top_level.txt

Filesize
7B

MD5
0ba8d736b7b4ab182687318b0497e61e

SHA1
311ba5ffd098689179f299ef20768ee1a29f586d

SHA256
d099cddcb7d71f82c845f5cbf9014e18227341664edc42f1e11d5dfe5a2ea103

SHA512
7cccbb4afa2fade40d529482301beae152e0c71ee3cc41736eb19e35cfc5ee3b91ef958cf5ca6b7330333b8494feb6682fd833d5aa16bf4a8f1f721fd859832c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8562\setuptools\_vendor\packaging-24.1.dist-info\WHEEL

Filesize
81B

MD5
24019423ea7c0c2df41c8272a3791e7b

SHA1
aae9ecfb44813b68ca525ba7fa0d988615399c86

SHA256
1196c6921ec87b83e865f450f08d19b8ff5592537f4ef719e83484e546abe33e

SHA512
09ab8e4daa9193cfdee6cf98ccae9db0601f3dcd4944d07bf3ae6fa5bcb9dc0dcafd369de9a650a38d1b46c758db0721eba884446a8a5ad82bb745fd5db5f9b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bpainvgw.nfo.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/1928-1880-0x00007FFD00920000-0x00007FFD00956000-memory.dmp

Filesize
216KB

Download
memory/1928-1970-0x00007FFD13FA0000-0x00007FFD13FAB000-memory.dmp

Filesize
44KB

Download
memory/1928-1830-0x00007FFD133D0000-0x00007FFD133F2000-memory.dmp

Filesize
136KB

Download
memory/1928-1829-0x00007FFD13700000-0x00007FFD13717000-memory.dmp

Filesize
92KB

Download
memory/1928-1833-0x00007FFD04120000-0x00007FFD0416D000-memory.dmp

Filesize
308KB

Download
memory/1928-1832-0x00007FFD13330000-0x00007FFD13349000-memory.dmp

Filesize
100KB

Download
memory/1928-1831-0x00007FFD13350000-0x00007FFD13365000-memory.dmp

Filesize
84KB

Download
memory/1928-1834-0x00007FFD13310000-0x00007FFD13321000-memory.dmp

Filesize
68KB

Download
memory/1928-1835-0x00007FFD13290000-0x00007FFD132AE000-memory.dmp

Filesize
120KB

Download
memory/1928-1837-0x00007FFD00A90000-0x00007FFD00AED000-memory.dmp

Filesize
372KB

Download
memory/1928-1838-0x00007FFD0F9E0000-0x00007FFD0FA18000-memory.dmp

Filesize
224KB

Download
memory/1928-1836-0x00007FFD13B10000-0x00007FFD13B26000-memory.dmp

Filesize
88KB

Download
memory/1928-1848-0x00007FFD00A60000-0x00007FFD00A89000-memory.dmp

Filesize
164KB

Download
memory/1928-1849-0x00007FFD00A30000-0x00007FFD00A5E000-memory.dmp

Filesize
184KB

Download
memory/1928-1850-0x00007FFD13700000-0x00007FFD13717000-memory.dmp

Filesize
92KB

Download
memory/1928-1851-0x00007FFD00A00000-0x00007FFD00A24000-memory.dmp

Filesize
144KB

Download
memory/1928-1852-0x00007FFD133D0000-0x00007FFD133F2000-memory.dmp

Filesize
136KB

Download
memory/1928-1853-0x00007FFCFF950000-0x00007FFCFFACF000-memory.dmp

Filesize
1.5MB

Download
memory/1928-1855-0x00007FFD13060000-0x00007FFD13078000-memory.dmp

Filesize
96KB

Download
memory/1928-1854-0x00007FFD13350000-0x00007FFD13365000-memory.dmp

Filesize
84KB

Download
memory/1928-1858-0x00007FFD0DC70000-0x00007FFD0DC7B000-memory.dmp

Filesize
44KB

Download
memory/1928-1857-0x00007FFD12FC0000-0x00007FFD12FCB000-memory.dmp

Filesize
44KB

Download
memory/1928-1856-0x00007FFD04120000-0x00007FFD0416D000-memory.dmp

Filesize
308KB

Download
memory/1928-1863-0x00007FFD0A250000-0x00007FFD0A25C000-memory.dmp

Filesize
48KB

Download
memory/1928-1862-0x00007FFD0F9E0000-0x00007FFD0FA18000-memory.dmp

Filesize
224KB

Download
memory/1928-1861-0x00007FFD0A940000-0x00007FFD0A94B000-memory.dmp

Filesize
44KB

Download
memory/1928-1860-0x00007FFD00A90000-0x00007FFD00AED000-memory.dmp

Filesize
372KB

Download
memory/1928-1859-0x00007FFD0A950000-0x00007FFD0A95C000-memory.dmp

Filesize
48KB

Download
memory/1928-1864-0x00007FFD00A60000-0x00007FFD00A89000-memory.dmp

Filesize
164KB

Download
memory/1928-1867-0x00007FFD04670000-0x00007FFD0467C000-memory.dmp

Filesize
48KB

Download
memory/1928-1879-0x00007FFD00960000-0x00007FFD0096C000-memory.dmp

Filesize
48KB

Download
memory/1928-1828-0x00007FFD13720000-0x00007FFD13734000-memory.dmp

Filesize
80KB

Download
memory/1928-1878-0x00007FFD009A0000-0x00007FFD009AC000-memory.dmp

Filesize
48KB

Download
memory/1928-1877-0x00007FFD009B0000-0x00007FFD009BC000-memory.dmp

Filesize
48KB

Download
memory/1928-1876-0x00007FFD00A00000-0x00007FFD00A24000-memory.dmp

Filesize
144KB

Download
memory/1928-1875-0x00007FFD009E0000-0x00007FFD009EC000-memory.dmp

Filesize
48KB

Download
memory/1928-1874-0x00007FFD00970000-0x00007FFD00982000-memory.dmp

Filesize
72KB

Download
memory/1928-1873-0x00007FFD00990000-0x00007FFD0099D000-memory.dmp

Filesize
52KB

Download
memory/1928-1872-0x00007FFCFF950000-0x00007FFCFFACF000-memory.dmp

Filesize
1.5MB

Download
memory/1928-1871-0x00007FFD009C0000-0x00007FFD009CB000-memory.dmp

Filesize
44KB

Download
memory/1928-1870-0x00007FFD009D0000-0x00007FFD009DB000-memory.dmp

Filesize
44KB

Download
memory/1928-1869-0x00007FFD009F0000-0x00007FFD009FE000-memory.dmp

Filesize
56KB

Download
memory/1928-1868-0x00007FFD00A30000-0x00007FFD00A5E000-memory.dmp

Filesize
184KB

Download
memory/1928-1866-0x00007FFD04680000-0x00007FFD0468C000-memory.dmp

Filesize
48KB

Download
memory/1928-1865-0x00007FFD0A240000-0x00007FFD0A24B000-memory.dmp

Filesize
44KB

Download
memory/1928-1881-0x00007FFD13060000-0x00007FFD13078000-memory.dmp

Filesize
96KB

Download
memory/1928-1882-0x00007FFCFF670000-0x00007FFCFF950000-memory.dmp

Filesize
2.9MB

Download
memory/1928-1883-0x00007FFCF8C20000-0x00007FFCFAD13000-memory.dmp

Filesize
32.9MB

Download
memory/1928-1885-0x00007FFCFF620000-0x00007FFCFF641000-memory.dmp

Filesize
132KB

Download
memory/1928-1884-0x00007FFCFF650000-0x00007FFCFF667000-memory.dmp

Filesize
92KB

Download
memory/1928-1886-0x00007FFCFF5F0000-0x00007FFCFF612000-memory.dmp

Filesize
136KB

Download
memory/1928-1887-0x00007FFCFF550000-0x00007FFCFF5E9000-memory.dmp

Filesize
612KB

Download
memory/1928-1888-0x00007FFCFF520000-0x00007FFCFF550000-memory.dmp

Filesize
192KB

Download
memory/1928-1889-0x00007FFCFF4E0000-0x00007FFCFF511000-memory.dmp

Filesize
196KB

Download
memory/1928-1890-0x00007FFCFF490000-0x00007FFCFF4D1000-memory.dmp

Filesize
260KB

Download
memory/1928-1891-0x00007FFD00920000-0x00007FFD00956000-memory.dmp

Filesize
216KB

Download
memory/1928-1804-0x00007FFD17310000-0x00007FFD1733D000-memory.dmp

Filesize
180KB

Download
memory/1928-1817-0x00007FFD13FB0000-0x00007FFD13FBB000-memory.dmp

Filesize
44KB

Download
memory/1928-1818-0x00007FFD13FA0000-0x00007FFD13FAB000-memory.dmp

Filesize
44KB

Download
memory/1928-1948-0x00007FFD172D0000-0x00007FFD172E4000-memory.dmp

Filesize
80KB

Download
memory/1928-1979-0x00007FFD13700000-0x00007FFD13717000-memory.dmp

Filesize
92KB

Download
memory/1928-1985-0x00007FFCFBBD0000-0x00007FFCFBC45000-memory.dmp

Filesize
468KB

Download
memory/1928-1984-0x00007FFD13310000-0x00007FFD13321000-memory.dmp

Filesize
68KB

Download
memory/1928-1983-0x00007FFD04120000-0x00007FFD0416D000-memory.dmp

Filesize
308KB

Download
memory/1928-1982-0x00007FFD13330000-0x00007FFD13349000-memory.dmp

Filesize
100KB

Download
memory/1928-1981-0x00007FFD13350000-0x00007FFD13365000-memory.dmp

Filesize
84KB

Download
memory/1928-1980-0x00007FFD133D0000-0x00007FFD133F2000-memory.dmp

Filesize
136KB

Download
memory/1928-1978-0x00007FFD13720000-0x00007FFD13734000-memory.dmp

Filesize
80KB

Download
memory/1928-1977-0x00007FFD13AF0000-0x00007FFD13B02000-memory.dmp

Filesize
72KB

Download
memory/1928-1976-0x00007FFD13B10000-0x00007FFD13B26000-memory.dmp

Filesize
88KB

Download
memory/1928-1975-0x00007FFD13E60000-0x00007FFD13E6C000-memory.dmp

Filesize
48KB

Download
memory/1928-1974-0x00007FFD13E70000-0x00007FFD13E82000-memory.dmp

Filesize
72KB

Download
memory/1928-1973-0x00007FFD13E90000-0x00007FFD13E9D000-memory.dmp

Filesize
52KB

Download
memory/1928-1972-0x00007FFD13EA0000-0x00007FFD13EAC000-memory.dmp

Filesize
48KB

Download
memory/1928-1971-0x00007FFD13F90000-0x00007FFD13F9C000-memory.dmp

Filesize
48KB

Download
memory/1928-1827-0x00007FFD13AF0000-0x00007FFD13B02000-memory.dmp

Filesize
72KB

Download
memory/1928-1969-0x00007FFD13FB0000-0x00007FFD13FBB000-memory.dmp

Filesize
44KB

Download
memory/1928-1968-0x00007FFD13FC0000-0x00007FFD13FCC000-memory.dmp

Filesize
48KB

Download
memory/1928-1967-0x00007FFD13FD0000-0x00007FFD13FDE000-memory.dmp

Filesize
56KB

Download
memory/1928-1966-0x00007FFD13FE0000-0x00007FFD13FEC000-memory.dmp

Filesize
48KB

Download
memory/1928-1965-0x00007FFD13FF0000-0x00007FFD13FFC000-memory.dmp

Filesize
48KB

Download
memory/1928-1963-0x00007FFD14010000-0x00007FFD1401C000-memory.dmp

Filesize
48KB

Download
memory/1928-1962-0x00007FFD140E0000-0x00007FFD140EB000-memory.dmp

Filesize
44KB

Download
memory/1928-1961-0x00007FFD140F0000-0x00007FFD140FC000-memory.dmp

Filesize
48KB

Download
memory/1928-1958-0x00007FFD17130000-0x00007FFD1713F000-memory.dmp

Filesize
60KB

Download
memory/1928-1957-0x00007FFD04690000-0x00007FFD047AA000-memory.dmp

Filesize
1.1MB

Download
memory/1928-1956-0x00007FFD14120000-0x00007FFD14147000-memory.dmp

Filesize
156KB

Download
memory/1928-1955-0x00007FFD17140000-0x00007FFD1714B000-memory.dmp

Filesize
44KB

Download
memory/1928-1954-0x00007FFD173A0000-0x00007FFD173AD000-memory.dmp

Filesize
52KB

Download
memory/1928-1953-0x00007FFD13740000-0x00007FFD1380D000-memory.dmp

Filesize
820KB

Download
memory/1928-1943-0x00007FFD00AF0000-0x00007FFD011B5000-memory.dmp

Filesize
6.8MB

Download
memory/1928-1949-0x00007FFCFFCD0000-0x00007FFD001F9000-memory.dmp

Filesize
5.2MB

Download
memory/1928-1819-0x00007FFD13F90000-0x00007FFD13F9C000-memory.dmp

Filesize
48KB

Download
memory/1928-1820-0x00007FFD13EA0000-0x00007FFD13EAC000-memory.dmp

Filesize
48KB

Download
memory/1928-1821-0x00007FFD13E90000-0x00007FFD13E9D000-memory.dmp

Filesize
52KB

Download
memory/1928-1822-0x00007FFD13E70000-0x00007FFD13E82000-memory.dmp

Filesize
72KB

Download
memory/1928-1823-0x00007FFD13E60000-0x00007FFD13E6C000-memory.dmp

Filesize
48KB

Download
memory/1928-1824-0x00007FFD13FD0000-0x00007FFD13FDE000-memory.dmp

Filesize
56KB

Download
memory/1928-1825-0x00007FFD13FC0000-0x00007FFD13FCC000-memory.dmp

Filesize
48KB

Download
memory/1928-1826-0x00007FFD13B10000-0x00007FFD13B26000-memory.dmp

Filesize
88KB

Download
memory/1928-1805-0x00007FFD17130000-0x00007FFD1713F000-memory.dmp

Filesize
60KB

Download
memory/1928-1806-0x00007FFD172D0000-0x00007FFD172E4000-memory.dmp

Filesize
80KB

Download
memory/1928-1807-0x00007FFD14110000-0x00007FFD1411B000-memory.dmp

Filesize
44KB

Download
memory/1928-1808-0x00007FFD14100000-0x00007FFD1410B000-memory.dmp

Filesize
44KB

Download
memory/1928-1815-0x00007FFD14120000-0x00007FFD14147000-memory.dmp

Filesize
156KB

Download
memory/1928-1816-0x00007FFD13FE0000-0x00007FFD13FEC000-memory.dmp

Filesize
48KB

Download
memory/1928-1811-0x00007FFD13740000-0x00007FFD1380D000-memory.dmp

Filesize
820KB

Download
memory/1928-1812-0x00007FFD14010000-0x00007FFD1401C000-memory.dmp

Filesize
48KB

Download
memory/1928-1813-0x00007FFD13FF0000-0x00007FFD13FFC000-memory.dmp

Filesize
48KB

Download
memory/1928-1814-0x00007FFD14000000-0x00007FFD1400B000-memory.dmp

Filesize
44KB

Download
memory/1928-1809-0x00007FFD140F0000-0x00007FFD140FC000-memory.dmp

Filesize
48KB

Download
memory/1928-1810-0x00007FFD140E0000-0x00007FFD140EB000-memory.dmp

Filesize
44KB

Download
memory/1928-1800-0x00007FFD17140000-0x00007FFD1714B000-memory.dmp

Filesize
44KB

Download
memory/1928-1803-0x00007FFD04690000-0x00007FFD047AA000-memory.dmp

Filesize
1.1MB

Download
memory/1928-1802-0x00007FFCFFCD0000-0x00007FFD001F9000-memory.dmp

Filesize
5.2MB

Download
memory/1928-1758-0x00007FFD00AF0000-0x00007FFD011B5000-memory.dmp

Filesize
6.8MB

Download
memory/1928-1774-0x00007FFD17310000-0x00007FFD1733D000-memory.dmp

Filesize
180KB

Download
memory/1928-1771-0x00007FFD17720000-0x00007FFD1773A000-memory.dmp

Filesize
104KB

Download
memory/1928-1770-0x00007FFD1B0B0000-0x00007FFD1B0BF000-memory.dmp

Filesize
60KB

Download
memory/1928-1767-0x00007FFD1A220000-0x00007FFD1A245000-memory.dmp

Filesize
148KB

Download
memory/1928-1792-0x00007FFD172D0000-0x00007FFD172E4000-memory.dmp

Filesize
80KB

Download
memory/1928-1793-0x00007FFCFFCD0000-0x00007FFD001F9000-memory.dmp

Filesize
5.2MB

Download
memory/1928-1794-0x00007FFD17150000-0x00007FFD17169000-memory.dmp

Filesize
100KB

Download
memory/1928-1796-0x00007FFD17700000-0x00007FFD1770D000-memory.dmp

Filesize
52KB

Download
memory/1928-1797-0x00007FFD141F0000-0x00007FFD14223000-memory.dmp

Filesize
204KB

Download
memory/1928-1799-0x00007FFD173A0000-0x00007FFD173AD000-memory.dmp

Filesize
52KB

Download
memory/1928-1795-0x00007FFD00AF0000-0x00007FFD011B5000-memory.dmp

Filesize
6.8MB

Download
memory/1928-1798-0x00007FFD13740000-0x00007FFD1380D000-memory.dmp

Filesize
820KB

Download
memory/1928-1801-0x00007FFD14120000-0x00007FFD14147000-memory.dmp

Filesize
156KB

Download
memory/5184-6073-0x00007FFCFBE30000-0x00007FFCFBE3D000-memory.dmp

Filesize
52KB

Download
memory/5184-6074-0x00007FFCFAFB0000-0x00007FFCFAFBB000-memory.dmp

Filesize
44KB

Download
memory/5184-6067-0x00007FFCFB8F0000-0x00007FFCFB904000-memory.dmp

Filesize
80KB

Download
memory/5184-6066-0x00007FFCFB910000-0x00007FFCFB93D000-memory.dmp

Filesize
180KB

Download
memory/5184-6065-0x00007FFCFB940000-0x00007FFCFB95A000-memory.dmp

Filesize
104KB

Download
memory/5184-6064-0x00007FFCFC410000-0x00007FFCFC41F000-memory.dmp

Filesize
60KB

Download
memory/5184-6063-0x00007FFCFB960000-0x00007FFCFB985000-memory.dmp

Filesize
148KB

Download
memory/5184-6070-0x00007FFCFC360000-0x00007FFCFC36D000-memory.dmp

Filesize
52KB

Download
memory/5184-6071-0x00007FFCFB180000-0x00007FFCFB1B3000-memory.dmp

Filesize
204KB

Download
memory/5184-6072-0x00007FFCF7E30000-0x00007FFCF7EFD000-memory.dmp

Filesize
820KB

Download
memory/5184-6068-0x00007FFCF7F00000-0x00007FFCF8429000-memory.dmp

Filesize
5.2MB

Download
memory/5184-6075-0x00007FFCFAF80000-0x00007FFCFAFA7000-memory.dmp

Filesize
156KB

Download
memory/5184-6069-0x00007FFCFB8D0000-0x00007FFCFB8E9000-memory.dmp

Filesize
100KB

Download
memory/5184-6076-0x00007FFCF7D10000-0x00007FFCF7E2A000-memory.dmp

Filesize
1.1MB

Download
memory/5184-6077-0x00007FFCF7D00000-0x00007FFCF7D0F000-memory.dmp

Filesize
60KB

Download
memory/5184-6079-0x00007FFCF7CD0000-0x00007FFCF7CDB000-memory.dmp

Filesize
44KB

Download
memory/5184-6080-0x00007FFCF7CC0000-0x00007FFCF7CCC000-memory.dmp

Filesize
48KB

Download
memory/5184-6081-0x00007FFCF7CB0000-0x00007FFCF7CBB000-memory.dmp

Filesize
44KB

Download
memory/5184-6082-0x00007FFCF7CA0000-0x00007FFCF7CAC000-memory.dmp

Filesize
48KB

Download
memory/5184-6078-0x00007FFCF7CE0000-0x00007FFCF7CEB000-memory.dmp

Filesize
44KB

Download
memory/5184-6062-0x00007FFCF8430000-0x00007FFCF8AF5000-memory.dmp

Filesize
6.8MB

Download