hxxps://primordia[.]en[.]softonic[.]com/

Analysis

max time kernel
750s
max time network
725s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
01/04/2025, 02:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://primordia.en.softonic.com/

Score

8^/10

steam discovery execution motw phishing

Malware Config

Signatures

Downloads MZ/PE file 2 IoCs

flow	pid	Process
553	5956	msedge.exe
984	5956	msedge.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation	Drehmal Installer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation	Drehmal Installer.exe

Executes dropped EXE 6 IoCs

pid	Process
6920	Drehmal.Installer.1.1.2.exe
6692	Drehmal Installer.exe
6468	Drehmal Installer.exe
6932	Drehmal Installer.exe
4492	Drehmal Installer.exe
4084	Drehmal Installer.exe

Loads dropped DLL 14 IoCs

pid	Process
6920	Drehmal.Installer.1.1.2.exe
6920	Drehmal.Installer.1.1.2.exe
6920	Drehmal.Installer.1.1.2.exe
6692	Drehmal Installer.exe
6468	Drehmal Installer.exe
6932	Drehmal Installer.exe
6468	Drehmal Installer.exe
6468	Drehmal Installer.exe
6468	Drehmal Installer.exe
6468	Drehmal Installer.exe
4492	Drehmal Installer.exe
4084	Drehmal Installer.exe
4084	Drehmal Installer.exe
1104	msedge.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
998	raw.githubusercontent.com
999	raw.githubusercontent.com
1000	raw.githubusercontent.com

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc	pid	Process
435	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html	5956	msedge.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs

Run Powershell to get system information.

execution

PowerShell

T1059.001

pid	Process
6364	powershell.exe
3012	powershell.exe
880	powershell.exe
1540	powershell.exe

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
734	5956	msedge.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1444608609\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_572423962\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1157928117\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_572423962\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1103888670\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_2118690310\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_960910917\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1444608609\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1157928117\data.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1103888670\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_553072135\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1103888670\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_553072135\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1103888670\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_2118690310\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1444608609\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_553072135\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1502411053\_locales\af\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Drehmal.Installer.1.1.2.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133879487987296114"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3342763580-2723508992-2885672917-1000\{F633A343-E088-420A-899B-ECC2EEA7F628}	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2196	msedge.exe
2196	msedge.exe
6364	powershell.exe
6364	powershell.exe
6364	powershell.exe
3012	powershell.exe
3012	powershell.exe
3012	powershell.exe
880	powershell.exe
880	powershell.exe
880	powershell.exe
1540	powershell.exe
1540	powershell.exe
1540	powershell.exe
4084	Drehmal Installer.exe
4084	Drehmal Installer.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	6920	Drehmal.Installer.1.1.2.exe
Token: SeShutdownPrivilege	6692	Drehmal Installer.exe
Token: SeCreatePagefilePrivilege	6692	Drehmal Installer.exe
Token: SeShutdownPrivilege	6692	Drehmal Installer.exe
Token: SeCreatePagefilePrivilege	6692	Drehmal Installer.exe
Token: SeShutdownPrivilege	6692	Drehmal Installer.exe
Token: SeCreatePagefilePrivilege	6692	Drehmal Installer.exe
Token: SeShutdownPrivilege	6692	Drehmal Installer.exe
Token: SeCreatePagefilePrivilege	6692	Drehmal Installer.exe
Token: SeShutdownPrivilege	6692	Drehmal Installer.exe
Token: SeCreatePagefilePrivilege	6692	Drehmal Installer.exe
Token: SeShutdownPrivilege	6692	Drehmal Installer.exe
Token: SeCreatePagefilePrivilege	6692	Drehmal Installer.exe
Token: SeShutdownPrivilege	6692	Drehmal Installer.exe
Token: SeCreatePagefilePrivilege	6692	Drehmal Installer.exe
Token: SeShutdownPrivilege	6692	Drehmal Installer.exe
Token: SeCreatePagefilePrivilege	6692	Drehmal Installer.exe
Token: SeShutdownPrivilege	6692	Drehmal Installer.exe
Token: SeCreatePagefilePrivilege	6692	Drehmal Installer.exe
Token: SeDebugPrivilege	6364	powershell.exe
Token: SeShutdownPrivilege	6692	Drehmal Installer.exe
Token: SeCreatePagefilePrivilege	6692	Drehmal Installer.exe
Token: SeIncreaseQuotaPrivilege	6364	powershell.exe
Token: SeSecurityPrivilege	6364	powershell.exe
Token: SeTakeOwnershipPrivilege	6364	powershell.exe
Token: SeLoadDriverPrivilege	6364	powershell.exe
Token: SeSystemProfilePrivilege	6364	powershell.exe
Token: SeSystemtimePrivilege	6364	powershell.exe
Token: SeProfSingleProcessPrivilege	6364	powershell.exe
Token: SeIncBasePriorityPrivilege	6364	powershell.exe
Token: SeCreatePagefilePrivilege	6364	powershell.exe
Token: SeBackupPrivilege	6364	powershell.exe
Token: SeRestorePrivilege	6364	powershell.exe
Token: SeShutdownPrivilege	6364	powershell.exe
Token: SeDebugPrivilege	6364	powershell.exe
Token: SeSystemEnvironmentPrivilege	6364	powershell.exe
Token: SeRemoteShutdownPrivilege	6364	powershell.exe
Token: SeUndockPrivilege	6364	powershell.exe
Token: SeManageVolumePrivilege	6364	powershell.exe
Token: 33	6364	powershell.exe
Token: 34	6364	powershell.exe
Token: 35	6364	powershell.exe
Token: 36	6364	powershell.exe
Token: SeDebugPrivilege	3012	powershell.exe
Token: SeIncreaseQuotaPrivilege	3012	powershell.exe
Token: SeSecurityPrivilege	3012	powershell.exe
Token: SeTakeOwnershipPrivilege	3012	powershell.exe
Token: SeLoadDriverPrivilege	3012	powershell.exe
Token: SeSystemProfilePrivilege	3012	powershell.exe
Token: SeSystemtimePrivilege	3012	powershell.exe
Token: SeProfSingleProcessPrivilege	3012	powershell.exe
Token: SeIncBasePriorityPrivilege	3012	powershell.exe
Token: SeCreatePagefilePrivilege	3012	powershell.exe
Token: SeBackupPrivilege	3012	powershell.exe
Token: SeRestorePrivilege	3012	powershell.exe
Token: SeShutdownPrivilege	3012	powershell.exe
Token: SeDebugPrivilege	3012	powershell.exe
Token: SeSystemEnvironmentPrivilege	3012	powershell.exe
Token: SeRemoteShutdownPrivilege	3012	powershell.exe
Token: SeUndockPrivilege	3012	powershell.exe
Token: SeManageVolumePrivilege	3012	powershell.exe
Token: 33	3012	powershell.exe
Token: 34	3012	powershell.exe
Token: 35	3012	powershell.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1104 wrote to memory of 2044	1104	msedge.exe	86
PID 1104 wrote to memory of 2044	1104	msedge.exe	86
PID 1104 wrote to memory of 5956	1104	msedge.exe	87
PID 1104 wrote to memory of 5956	1104	msedge.exe	87
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 3516	1104	msedge.exe	88
PID 1104 wrote to memory of 5400	1104	msedge.exe	89
PID 1104 wrote to memory of 5400	1104	msedge.exe	89
PID 1104 wrote to memory of 5400	1104	msedge.exe	89
PID 1104 wrote to memory of 5400	1104	msedge.exe	89
PID 1104 wrote to memory of 5400	1104	msedge.exe	89
PID 1104 wrote to memory of 5400	1104	msedge.exe	89
PID 1104 wrote to memory of 5400	1104	msedge.exe	89
PID 1104 wrote to memory of 5400	1104	msedge.exe	89
PID 1104 wrote to memory of 5400	1104	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://primordia.en.softonic.com/
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x298,0x7ffa3f3cf208,0x7ffa3f3cf214,0x7ffa3f3cf220
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1804,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  - Mark of the Web detected: This indicates that the page was originally saved or cloned.
  - Detected potential entity reuse from brand STEAM.
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2240,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2512,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=2636 /prefetch:8
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=1800,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3520,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4908,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5208,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=5376,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5528,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5688,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5924,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=6028,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=6104,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6540,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=6432 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6732,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6836,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=6852 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6844,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=6992 /prefetch:8
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6972,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=7032 /prefetch:8
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=7332,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=7372 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7600,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=7388 /prefetch:8
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=8160,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=8184 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=8332,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=8348 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=8520,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=8504 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=8636,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=8672 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=8788,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=8804 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=8952,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=8168 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=9088,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=7336 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9080,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=9320 /prefetch:8
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9080,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=9320 /prefetch:8
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=9472,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=9484 /prefetch:1
  2⤵
  PID:6200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=9416,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=9428 /prefetch:1
  2⤵
  PID:6208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=9728,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=9752 /prefetch:1
  2⤵
  PID:6236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=9892,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=9916 /prefetch:1
  2⤵
  PID:6516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10148,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=10300 /prefetch:8
  2⤵
  PID:6836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=10280,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=10320 /prefetch:1
  2⤵
  PID:6844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9848,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=7776 /prefetch:8
  2⤵
  PID:6428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6256,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9860,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=10260 /prefetch:8
  2⤵
  PID:6456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=8832,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=8388 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=8664,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=7824 /prefetch:1
  2⤵
  PID:6812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --always-read-main-dll --field-trial-handle=8768,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=8684 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=8732,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=9636 /prefetch:1
  2⤵
  PID:7112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --always-read-main-dll --field-trial-handle=8724,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=8708 /prefetch:1
  2⤵
  PID:6824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --always-read-main-dll --field-trial-handle=8516,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --always-read-main-dll --field-trial-handle=8968,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --always-read-main-dll --field-trial-handle=8772,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --always-read-main-dll --field-trial-handle=6920,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --always-read-main-dll --field-trial-handle=6900,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=9016 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --always-read-main-dll --field-trial-handle=8316,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=7492 /prefetch:1
  2⤵
  PID:6240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --always-read-main-dll --field-trial-handle=9788,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=7468 /prefetch:1
  2⤵
  PID:6680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --always-read-main-dll --field-trial-handle=6828,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=7748 /prefetch:1
  2⤵
  PID:6336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --always-read-main-dll --field-trial-handle=7488,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=9536 /prefetch:1
  2⤵
  PID:6204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --always-read-main-dll --field-trial-handle=10744,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --always-read-main-dll --field-trial-handle=10360,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=9956 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --always-read-main-dll --field-trial-handle=5248,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8640,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=6156 /prefetch:8
  2⤵
  PID:6276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --always-read-main-dll --field-trial-handle=6788,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=10512 /prefetch:1
  2⤵
  PID:6732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --always-read-main-dll --field-trial-handle=6204,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=7792 /prefetch:1
  2⤵
  PID:6536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --always-read-main-dll --field-trial-handle=6392,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=9468 /prefetch:1
  2⤵
  PID:7084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --always-read-main-dll --field-trial-handle=6928,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --always-read-main-dll --field-trial-handle=7900,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=9544 /prefetch:1
  2⤵
  PID:6888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --always-read-main-dll --field-trial-handle=8468,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=10804 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --always-read-main-dll --field-trial-handle=9984,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=9420 /prefetch:1
  2⤵
  PID:6688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --always-read-main-dll --field-trial-handle=9144,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=10812 /prefetch:1
  2⤵
  PID:6308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --always-read-main-dll --field-trial-handle=6532,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:6148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --always-read-main-dll --field-trial-handle=8904,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=7584 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --always-read-main-dll --field-trial-handle=8292,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=8288 /prefetch:1
  2⤵
  PID:6284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --always-read-main-dll --field-trial-handle=10900,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=10832 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --always-read-main-dll --field-trial-handle=5192,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --always-read-main-dll --field-trial-handle=8644,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=10908 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8452,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=10996 /prefetch:8
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10844,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=10920 /prefetch:8
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --always-read-main-dll --field-trial-handle=6888,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=11024 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6000,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=7060 /prefetch:8
  2⤵
  PID:6552
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6000,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=7060 /prefetch:8
  2⤵
  PID:6740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --always-read-main-dll --field-trial-handle=5908,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=10264 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --always-read-main-dll --field-trial-handle=5960,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=7092 /prefetch:1
  2⤵
  PID:6380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --always-read-main-dll --field-trial-handle=8252,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=8704 /prefetch:1
  2⤵
  PID:6780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --always-read-main-dll --field-trial-handle=10752,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=7444 /prefetch:1
  2⤵
  PID:6708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --always-read-main-dll --field-trial-handle=5728,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=6796 /prefetch:1
  2⤵
  PID:6720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --always-read-main-dll --field-trial-handle=6576,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:6220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --always-read-main-dll --field-trial-handle=7188,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=7416 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --always-read-main-dll --field-trial-handle=8244,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=8436 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --always-read-main-dll --field-trial-handle=8688,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=7740 /prefetch:1
  2⤵
  PID:6316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --always-read-main-dll --field-trial-handle=8200,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=9588 /prefetch:1
  2⤵
  PID:6856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --always-read-main-dll --field-trial-handle=11052,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=9140 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --always-read-main-dll --field-trial-handle=8392,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=8424 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --always-read-main-dll --field-trial-handle=11236,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --always-read-main-dll --field-trial-handle=8108,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=7792 /prefetch:1
  2⤵
  PID:6508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6044,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=10424 /prefetch:8
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --always-read-main-dll --field-trial-handle=7740,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=10380 /prefetch:1
  2⤵
  PID:6848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --always-read-main-dll --field-trial-handle=10396,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=7708 /prefetch:1
  2⤵
  PID:7160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --always-read-main-dll --field-trial-handle=5868,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3760,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=3744 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --always-read-main-dll --field-trial-handle=6004,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=8572 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --always-read-main-dll --field-trial-handle=8660,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=9600 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10856,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=8352 /prefetch:8
  2⤵
  PID:6680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --always-read-main-dll --field-trial-handle=6644,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=8920 /prefetch:1
  2⤵
  PID:6832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --always-read-main-dll --field-trial-handle=9132,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=10572 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10884,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8940,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4004,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=9948,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7624,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=7392 /prefetch:8
  2⤵
  PID:6552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9592,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=10104 /prefetch:8
  2⤵
  PID:6388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7264,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6820,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=8428 /prefetch:8
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3468,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=3624 /prefetch:8
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1032,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=7568 /prefetch:8
  2⤵
  PID:6800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3252,i,15715342882480538070,12139104939090059514,262144 --variations-seed-version --mojo-platform-channel-handle=7216 /prefetch:8
  2⤵
  PID:6904

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:376

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:6360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:6492

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4b4 0x340
1⤵
PID:4344

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3100

C:\Users\Admin\Downloads\Drehmal.Installer.1.1.2.exe
"C:\Users\Admin\Downloads\Drehmal.Installer.1.1.2.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:6920
- C:\Users\Admin\AppData\Local\Temp\2pJlSadLyK3H6M8N73uTV8tS7X9\Drehmal Installer.exe
  "C:\Users\Admin\AppData\Local\Temp\2pJlSadLyK3H6M8N73uTV8tS7X9\Drehmal Installer.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:6692
- - C:\Users\Admin\AppData\Local\Temp\2pJlSadLyK3H6M8N73uTV8tS7X9\Drehmal Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\2pJlSadLyK3H6M8N73uTV8tS7X9\Drehmal Installer.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Drehmal Installer" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,9783437532055263867,2556500690525670820,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1808 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6468
- - C:\Users\Admin\AppData\Local\Temp\2pJlSadLyK3H6M8N73uTV8tS7X9\Drehmal Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\2pJlSadLyK3H6M8N73uTV8tS7X9\Drehmal Installer.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Drehmal Installer" --field-trial-handle=2064,i,9783437532055263867,2556500690525670820,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2060 /prefetch:3
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6932
- - C:\Users\Admin\AppData\Local\Temp\2pJlSadLyK3H6M8N73uTV8tS7X9\Drehmal Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\2pJlSadLyK3H6M8N73uTV8tS7X9\Drehmal Installer.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Drehmal Installer" --app-path="C:\Users\Admin\AppData\Local\Temp\2pJlSadLyK3H6M8N73uTV8tS7X9\resources\app.asar" --no-sandbox --no-zygote --node-integration-in-worker --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=2524,i,9783437532055263867,2556500690525670820,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2520 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4492
- - C:\Windows\system32\where.exe
    where powershell
    3⤵
    PID:4588
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell "Get-CimInstance -ClassName Win32_LogicalDisk | Select-Object Caption, FreeSpace, Size"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:6364
- - C:\Windows\system32\where.exe
    where powershell
    3⤵
    PID:1084
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell "Get-CimInstance -ClassName Win32_LogicalDisk | Select-Object Caption, FreeSpace, Size"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3012
- - C:\Windows\system32\where.exe
    where powershell
    3⤵
    PID:6732
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell "Get-CimInstance -ClassName Win32_LogicalDisk | Select-Object Caption, FreeSpace, Size"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:880
- - C:\Windows\system32\where.exe
    where powershell
    3⤵
    PID:1904
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell "Get-CimInstance -ClassName Win32_LogicalDisk | Select-Object Caption, FreeSpace, Size"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:1540
- - C:\Users\Admin\AppData\Local\Temp\2pJlSadLyK3H6M8N73uTV8tS7X9\Drehmal Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\2pJlSadLyK3H6M8N73uTV8tS7X9\Drehmal Installer.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Drehmal Installer" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1172,i,9783437532055263867,2556500690525670820,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3276 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:4084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1103888670\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1157928117\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1444608609\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1104_1444608609\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1104_2118690310\manifest.json

Filesize
118B

MD5
cd1d4274760a18d1f06020875ed4e124

SHA1
ea252982d53eee1c8836745044006608f0bc3da6

SHA256
5ea4457e970f9096c4a5b204324e33cd6dd51aba345ee3d0e9da0a4220409c27

SHA512
aaff1c564bb6e949e272c7df4a64f775e369c8a49511297992892e15092be6f83ce84a28afd6360dd6d76c9a503d452bcd8904f947c975b32e7f695a6818bfbc

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1104_553072135\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1104_572423962\manifest.json

Filesize
141B

MD5
811f0436837c701dc1cea3d6292b3922

SHA1
4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87

SHA256
dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d

SHA512
21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1104_960910917\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1104_960910917\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
df2d1721cd4e4eff7049314710dc7c11

SHA1
f5aed0158b2c0a00302f743841188881d811637a

SHA256
ba336ffd1b01965d7ab0e5fac5415e43cb594139c76b19e4c0d9b5b3b67c1e93

SHA512
11fd520176193f284563c7d050e6a7ab4e9895bac49fdc05759bab2c8a69f224858ccc784b351fc1d3ee5d39345430f9234623c9390978d7daf6a08ff5576ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
7KB

MD5
a89c5bee4bde2290a2d7079d42991c1f

SHA1
b9fa7069684c69d8e3fffb3030cd0ec398360fbc

SHA256
8b83b4c7735e013d3c2fbe037a2affb3ed1ac679868dcb67caa0e9dbfd4cbcb4

SHA512
98b387813c779b73846934e861986a24756122f104de17dfaf504777b59a79330560bacb52fa393171529eda665f5a7aff36fc0d669a0f95968482f940905236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

Filesize
17KB

MD5
29b8ae1d50ef8543dcebf4e9f53089ef

SHA1
90297279de99683b3903534459bc9962924d79fa

SHA256
2dcbd24e8f78b008251a1a0499c981a79be59fdf154ff9938a28ecb7e64cf12d

SHA512
6de295089b62bd50ff955c2e381be6bb0e59b1f0776946c5d3b5109fffb84ee2a673f49d2d5a56e5600d3b09fd8e9cecbcd0e677234a6f96c1194dd1e1c27c94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078

Filesize
20KB

MD5
b30f82421cb38e73c0311b00edde7793

SHA1
706b493febe99d9572401dbb11d7475eedd007e1

SHA256
e3ee5ed4f65a7ce1faafe6632786ce889f52dd28d5ec52eae58983edcae3f5c8

SHA512
6112857a055a0223aa40891d440e84945296ca60469a57c9498b02baad2b1aac1cf1fe03ecf4f371c7b98729f959f4e561a68f5118a89174ba3d52d0a91e2481

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000079

Filesize
16KB

MD5
bd17d16b6e95e4eb8911300c70d546f7

SHA1
847036a00e4e390b67f5c22bf7b531179be344d7

SHA256
9f9613a0569536593e3e2f944d220ce9c0f3b5cab393b2785a12d2354227c352

SHA512
f9647d2d7452ce30cf100aeb753e32203a18a1aaef7b45a4bc558397b2a38f63bfcfe174e26300317b7df176155ae4ebaee6bdf0d4289061860eff68236fe1bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a

Filesize
21KB

MD5
d34daac1416addcb0c3f0e3f5ace2387

SHA1
7fdb9aade7104f5ad38c008641b9a8b0d07782bd

SHA256
88972e0656d30fac482046f5f0b437cf37a3896f8c25434ae337b7c0c30e110b

SHA512
8cb5d3aba105cba15fb6d6e4e0539f8d581ddbbf8d1d1d27a125ad7012cbd097a4ddd615e7486bac8ddb7d547f84a5b78291699c95b007535c4fadebba8a0435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007b

Filesize
102KB

MD5
539ef47890432b608f2bc4803074fc7d

SHA1
245934e9932bc226759302c4ff3a02da84e70dd2

SHA256
522ce1713264256e8eae2f340529a4b98a2e59da4c71d7f1e301911ed1c1a023

SHA512
bbb0fcadf102e5a5517ccb880149ab7cfe3a6c8f3eb5dc83c6a612102a80dd9d9a23159603d83ed3fc79b4ee6fcfe21b0f0c7be074665868378db766efd65f91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007c

Filesize
103KB

MD5
5b3628224127c88c84a28f6482d5c4c4

SHA1
0a8a2ac08e43ad5dc7832093f88ec0e2f1048e9f

SHA256
0af91e44d8b4a1e8380f0634edceef078f56990fa62e5538e315638208ccf526

SHA512
83b2dea7204f79f9eb11f6f24b187e559a39c5956a02e8a5b361820ee52ed4bc3c0c51e787ab40b28d4fd2743fca7b899225397a38ed900753e4df82c8e91639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007d

Filesize
16KB

MD5
11825cf6da869d7589201092299231bf

SHA1
b650151674a230700dc66352a0f002ad5db6d195

SHA256
2f315c341e2ff775fceede3d1b5dc2f8124a866a382a2c30b760ac6c2abe7bdd

SHA512
e5902c14769efb05fa457dcaf62d4b0d126cf3b71aa9be596e3609e1b63f83d6bc2ab3d1aed9a077a6fbec3e7f6a633b3d0b1a8b77d7d0161af60ed7d260a6b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007e

Filesize
146KB

MD5
4ed27081288baaacb43a01c7bed13a40

SHA1
fb1941be0827ded801076374493a430daf4cb51f

SHA256
22ea4e7b22050dbf0d26d1d30fb71397668f364cd2b37373cedfe15f0132d3e7

SHA512
fc05fda292f09b847c31d33af5a96efe4582fc8713e1a1726ee3774fec09cd205f1974c4197a4806b2d6be5ba7d6eeed28b777406dcdbfaaed20cacdcfcea887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007f

Filesize
32KB

MD5
d900267409b2e688fa616b76d4241d2c

SHA1
3ebf00dc967e9b0f11350df2bb64c73a3f61bd10

SHA256
5dd841745a2b0a3cc0881005dbc5820ca760fd25f15d1e7fbaec9d9537ce3bc2

SHA512
6d3664826b06d2550cb9903ec16697e8fc5f20c0ebbe05c6f473213de9a781bc2a6536d4d79233acd00bfbcb317d031ec68795d1d84c6925c28a12c45a9acc96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000080

Filesize
73KB

MD5
c9503a8859a0defa39c6c0bd0acd6687

SHA1
ee4d9bd4d3d00d065622bb15f62c1928c39d57d6

SHA256
9615bc2b063044e8a05996815548a27963b1ddc0c836d784e4c60e48876b8a98

SHA512
16384fa5ab2f95f60a1125e4451c4281d86b6b90f442d7cb6b8a833f798a61f105cd8c6b07d3a541e40f65ad5074358d50b46680ffd5e2343582127f464f774b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000082

Filesize
42KB

MD5
23d5f558755a9d58eef69b2bfc9a5d99

SHA1
fa43092cb330dff8dc6c572cb8703b92286219f6

SHA256
6e5bec69b1c6424972a7f5481ac57049811f0f196535b707613126c11292c5cf

SHA512
9c56c94d059a27dab9f69c9dfd718382a8eb192b8c0ce91cd6db6ec0769b8756acf9c0956a35561474b87d6278b13fbe88a6e4df6260c278b1ae06e9be55dd6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000083

Filesize
97KB

MD5
a463ca6799589e072a62a42d7ad433ad

SHA1
ce362b528c7ae5decd2bdfc0537d44a8b243a62c

SHA256
e1b6749f0c4aa0e74e53549232d16d7872392fb4c96e7ea290affb09343c850d

SHA512
dc11d995aa76b2329467798ce0d3f253fd0290ea65d2f65a41da3e0869edfd237a32282f612f578ce3e4bb81eaf8388ceec6741d52b9b0ca41e65065491da130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000084

Filesize
17KB

MD5
d4c32bc1117ca8f208cf39886b8cded6

SHA1
5e6ca06c9c192ce0c6e8e664c33e2075819fd594

SHA256
7f0b1b19b5321ba233e76d976abd50348c4bd17af17da3a2e70741d8678ad5d0

SHA512
bf3d4778140d3a4c46ff8acade8b2ec14b79a9c09eaa7fb8bac88c25b93e96fa07353bf9e1ec9e66361208875ea4bd62032b8b1e5b60f369a4442a24e1c105be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000085

Filesize
97KB

MD5
4b169be91356e40f0fec23c5c41f652e

SHA1
a533882fe97630116388f00b6266a26823ad87fa

SHA256
cc29369d6747fa25152e5074d96ac51ccff8a9aeb56848b273c30daaa6fcfa5a

SHA512
1a1af0dc47a8adfd9cc2747522e2003c1b62d48198c6e7ee0a0e49e3b2b6cbc4f4511cbf62e13d1b497a0aa5a936bea5943d8b28dbd4cd9dd047955ca35e4c3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000086

Filesize
165KB

MD5
ba0702c4ced5e394d82b952997b4c0d5

SHA1
3c4088e0fdca5da192307d529dd8f326987dd61c

SHA256
f44d8c4f808bd6835edd975f9be5c810130e74c38d7a11e02550f350ca331b46

SHA512
f92a78f90b4b58f05c732899318b6d79b2f58df610c0915f38b79c89e2d9ea12427c553e7499cb4d553f94f511f1a95d19b135956db45a735495492046c89127

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000087

Filesize
21KB

MD5
fdaac7c912846eb60cb84e62ed7b1845

SHA1
f22ea5775fd962644599362c911595b044080ecb

SHA256
50c7edc392384ad3b580d27304c969eb02375fbe40ca853b696a20abe5b0bc70

SHA512
31e62ee9ec1ecde3b70471c01e29e541a9778bbbccd1376ef9792ad9f5a022a74ef97b2eddcb0bee51f224f71f9c1efe00c89a2ec2a1bc88f45a699efa91d870

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000088

Filesize
22KB

MD5
280d0dffcf08dedc8ce52f25270bf1e8

SHA1
e9566fd9372120a6fb9760a131f8919934954f35

SHA256
ed51e026d37d510820ca0b811d1f774fa8eb13ce09775c5a891853ca072fb58f

SHA512
1dd8a347348a3d211bd8f03c30d7dfcf160d62ade9c354dd9649ef4591c874bd466d864ac0aad454a0b0e01f1149c1c5a95aa365affbd7d81f79558c7ddc39b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000089

Filesize
92KB

MD5
d626ec3739866173075150f44ee983f5

SHA1
98604999e83f80bfc6112e863ce373c0143a64d6

SHA256
61f3b07632bf360a58b13832575150453c26df0d75b114a6ffb72e82a57e228e

SHA512
0610dc3ebfc16fb3cfc67aad8033a73ca7a96fe3a74a57a3726d6ad471c9119cacca008d4efc887a434b45f4a0b844a7c5a02d16e93fca57958f30990c4a6a75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008a

Filesize
97KB

MD5
9d3b194acca1483050df0f0bab33bf4c

SHA1
6835f762c5c2e310e23710a4bbb1cf8aa979c781

SHA256
9f3ac769cd96a96a201efb3b83e028b971c2a98551ee67195780e8d28848a558

SHA512
b9ba59c53063a2d05f5370bbb18dbcca769f11ae8f8af41709c1ce12407eec67f395ffaef8d1b908238b109c9f7947a27e492e6a13294afedb2ec325d7ae06fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008c

Filesize
29KB

MD5
4f67bddea4a4b56fa44f7cfe3d8e17f6

SHA1
438d0068eea5ebebe51681e9a99f4ea32cfe15e3

SHA256
b12c446b6906a8955e13fba049813b7367342208f2f605e636bae8cbb7c2a847

SHA512
341ad30b36804ec19a0299e99e95ca576474ea85eb853f986f0e8199481e5e5f6826d71ed660f408b0dd7bce3e2d28e873e64799a24c5803247b7ab356a276be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008d

Filesize
29KB

MD5
dd2277a6d1e1e954e5113e303f2bc02d

SHA1
548467e88248f2a0754448c8950f722b4d989d48

SHA256
16f385f9dc7dfad044bcc67f7fbb1f028ca125f6462256fd905e7c4eaa4b2950

SHA512
81ffd0411ae559ae25f9845293a09ccc5e49dd513366f9a44b476d1013032530a3b4cfd3eb0953a2f92acfa008da8fd1a036c1d1cdc593efa8b834da29d51039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008e

Filesize
59KB

MD5
876842ca6a563581d88b0613f24cd11a

SHA1
66f1e7120c86e5ad237010f60f51754dde177947

SHA256
beb5d66d8f007b065d48d07b282d45d8f31e7a5f8368a07413b33c6a52d14b09

SHA512
e8f1ffcc9f8966ec89e966eb6dff92b486b723d7c29ccd6d765424e0486b5c83ad580b04d1325c7b83eb0916e34c54247bf8acebb9cd6b14101f9b61a39bfb0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000090

Filesize
28KB

MD5
e92402540216e30704b8f6cb82c666e6

SHA1
62cd8f3d834dd1d079b6bd39fcd39050869519b7

SHA256
28c2d7dd95fa77e4c55661acbae4c094ed26a4383e733c397c87405a1eb07022

SHA512
b17a727c189ca861a9b079a733e94d6858b0f1daa079252dcae1cfee2a1c99fadc63998f196d626167892cde36b57a32836b4efca30022298f314a573b6a11e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000091

Filesize
135KB

MD5
eba16f3af2fb7ffdc1f8a5a276e9a24c

SHA1
2dc5b5abef675cdc968806d6ef5dd0048a5fa32d

SHA256
651738b62a1123833b0d52e2fe66dbcd6683f57afdf2a0ef9b1470efa40be5b2

SHA512
654825514548ba1a72e0b8732db1a3cdf4cea0efde93abb85f192c331d3fef68a7c9029073bb7c402c151544c328194b50d3bf396ec4723a29db201d8e614e44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000096

Filesize
67KB

MD5
60a30ef624fad5be472ee5d1acd1b2ab

SHA1
5dbb87bbc2e8a6143308e7928536ae778610794a

SHA256
d0ec8a13c2eb6a38d628cd7adaed308116164ceee003f816889b4db1735bfccf

SHA512
315e3ea4d4c6ccf6c14fc509933b01cb77c964b608cb95ce2ee8c331011adaf618e41cf4b8c499c4f6c9e137b88a34caaa7aaa44a69fdabed84df550e178d60a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009a

Filesize
62KB

MD5
c610514e5756020cfb3c727b77b2c83e

SHA1
4083cc96db7af4deac95b32329baa78b7a584f49

SHA256
0148f8f91e2ef35d38ba66c9e01f3deeab27bfedcddc77cd782908c401ac9ca8

SHA512
039625607b59612a9eefa3bd00a07be62cb531aa201d1413da190ecc9ff33e35a8c7a4d095615dc3d08856de1c0ff6c4e080bee8b7ca53174f78d349a2fc6572

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009d

Filesize
20KB

MD5
b07da7aa3e4f363c5cdbc11312239e8c

SHA1
47bf5b2f24ea4a4caafccc89b9d2a6677ef9e3b8

SHA256
e44c11f4834bdd4d6b6da7b8ee5eaebc8acb41250cd6bce5cc82ea8262140eaa

SHA512
420729406b315d8af34b62b78f39e763f5cf33cbf94467457b393fde0573dd7ffc6a23f25680988f9b82a4a3b719876ff76f3e1db047ce82615f544fc3a82532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009f

Filesize
20KB

MD5
a63669a9f7aa865fdbbf3b214a0a4c10

SHA1
7fb46868a1ccb4f883027c92c0068413373e1585

SHA256
0c493b0b71e4dda226b6f1ebb737ce48ce568a87409e59bf6334dc9f508fa34e

SHA512
745a00ca65da7dbcb3a2f0aada81b3d7b96f77908c8a86f4b030ed9afcfcc60b292deb60534291d3269bad8e381ee7fc87d64a222f1c8b77d7c8a198971dc155

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a2

Filesize
66KB

MD5
3ee71c74a95785500f5532bfcf3f4a5f

SHA1
959d3471635270c9408d935d77010ac66da99d89

SHA256
cf0cde04597f023218d3dcbf795a7c37dbe1571a9e9bf060e6378e0ac7fc6f31

SHA512
7a04d207a079e20aac27733464c02247083a79b8a829b71b6c12aa06a938cf6f15b32a42a1f82e6d9dee0ca495bebc331fd8b28c8f2e1533d78b3f7c75d52f27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000114

Filesize
22KB

MD5
38d8c0768b0495418f9f6189a774d2f1

SHA1
a945a3200dcb0ba4175b4433130efe7d91e611d8

SHA256
57a374b6ebd7fd7e458d2c2a233591d4fc60cbd68cbe60d1276cf97cd175131b

SHA512
1449960ac6e0ef334f325b7a4e657c423106ba86ba9adecfc3cd4f933f9dd3f9348c7712428572a37076430f80d79abb9af05236c9ef8cc623ad62e65944dfa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1f78b3793e730d1c_0

Filesize
289B

MD5
d0d1af7041b2273b02421afc089e4f24

SHA1
4bfdb95aa46eb9f507a137d7e3196a381170b886

SHA256
e1d7d5f4a80803580340aa8b3b532b9e3e12a397e51db816c41324c8e042e6ff

SHA512
7ee699822b9963888b4103a556994484025c41015d786d85a0b6255ec07022736ec05ac5982e0ded148bedbe58e676c1cdbb30901d9bd42df6951488ac6adece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25edbc26ae064498_0

Filesize
3KB

MD5
6fbb5a78f0b5a2987c0778c13c986a1b

SHA1
eaf9accf4c5df59b49022cf22f97eae0c9aee3d2

SHA256
8d45295cdca7b6f2fede8eeefe083ff8896a533c2073f253a884485b438cc18f

SHA512
3bf4d78fc6955658cef2e28ddad17b478a0e502db87d6d5f4b99dae766dfcbcbeed189397117df29bbe82956f0d3377eaaa8129c92b1076b62f12033234bce85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8946f4d3301618f4_0

Filesize
30KB

MD5
8c8286eb79f4521a4223f172fcd19454

SHA1
38b8878ed3f2b15b571dd4a4117e75355791b5ca

SHA256
4fd79be546de3b926cf8d685468ec2236b6b8d3c2de259f96ddf6a75336bbe6e

SHA512
7f3f2f5eb9e87d95d7d91bc6a2661c77451c2af521d85584dae0bbbb8c26fb1a0ec282903cb5d72d62366c2b45182b1c8719427f447d57c669909df8b19ff220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c5fc9798e6d35eeb_0

Filesize
449KB

MD5
4ae4ea2253af13ecea8d2800671e27d6

SHA1
83760a776f31eb95cbb8e852171643845647d653

SHA256
4e024905652ac6e2fd9e0bf2e392b508af03cf624e9e2ca058418ceeddcaa7e1

SHA512
c21712e262d5c1ca28bf2ec018a352ea257aef1d0c4570194e44652840ac25bf05bbda646e494594c941eb6ea6a64375713b9831ef3aba06b76d5770952a1744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d782f305bb50c377_0

Filesize
300B

MD5
3612176b4dd12788bae025c4f0a37c47

SHA1
d8d4647e7cb991b44d162c2bc00c882b5dc83db1

SHA256
06240d5cf5fbacdc027f0007ec127c2ae34a7bc7b73819628d575d4468824714

SHA512
8408766476c97905bcb91a5d57b04ad38f084d2d1601e644d457ae852ce759c3c10e112c36d08becc7681638482950fb61453e310e8887a6af93d3aa280a16b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
10KB

MD5
35cda87c021192caa46cad78d1ce01d6

SHA1
32880e0e50ca591b8578d94e1686afffd648bb66

SHA256
7c63c38cb565c6a4d9c0cfe4d907bc50396bb74f5f867dbf82822fc098004d4a

SHA512
625271b115f37fd3167f774ddb0a2ccc605f887b559d17ca00dabb8988001e9067489b3f7bb25b05ec585ade32766d732b9446e6cd6dfa89df57f6e58b71e1e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58f78a.TMP

Filesize
3KB

MD5
14cc661f310dc0ab787a91be74762404

SHA1
aa19c2a9a1b9ea4367cb23618c9b52145b91b0bd

SHA256
823b8767e973b70026051fa0ddbedc7177bd6ee969292940eee73456cacff511

SHA512
ab632f6fefc5c87d5c9886f62786ac4f25db7a84a1fa9262e159d9fef0c1480053edf25a713b7b80b424fc95eb07d8d9cfea944fc65bee3923a00fcdd2ed869a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
27KB

MD5
b4764c1fd600b1da55bd77826991406a

SHA1
3d0f551844d44145f7132044f15c4dd2b2ecde3c

SHA256
84a9a73dc6fed9095c9ba6d535beaceed31615340de401e99ca3c09a9d944414

SHA512
410f1641e43edd0b0292e53d93b22e28cb2b07a9beb66bb5a3477325dc11639f83adc2e760a8f833b82425ca4e40313291b362c4a6b9d9497ace3dae9f3b1fb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
29KB

MD5
77f25347fa849480c96fee06f4b3fa03

SHA1
a672db2d060dde86707fff333e11c924a9cf1961

SHA256
ea2d6e2c08aca61f3dcd414381f24814107e81643d4ccb334ce55603a5424de0

SHA512
b45228751e44b27dd87c5ad0639f90a7f411a87864b37afcffb38e175773f0933680e0fe29b57294504d2bbe774cecfc3662452e7784b647bd2a7e4d6354c87e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
210B

MD5
3f200e29425e6471178f4d9e8febd723

SHA1
523df2efaff7dc4e7b8d2d9a2f48a9ff23e5d9ba

SHA256
d1a0ed8cfa10ae6d44b01f76ad4e10e736ab3f6c60735848ba6a33d4829b66fe

SHA512
66602f3b7a39bf0ffb8895e077f0f57438b4fd093a1d48ecf87b4be55f191fb95497b6d9e127e83dd7801062fd4ead7f3da9d2f2f976de9ad4b6060e3bc76668

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
26KB

MD5
0f53818cebf3a7333d18a5ad66c14152

SHA1
15f91e478f766d471b564a282b687395f9e21de0

SHA256
1ed38461278237fffde5d3eb763875f32337ded5e422ca18b21704baf01e1788

SHA512
8802b55e639f3a3161f2a38e1c2c74913c1ffec5a5688211cb316baed40f5d1f02b5e690e38941f3de2cfca1e2fcb2c51a9534ed6099486181db3542d6a7b4fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
23KB

MD5
188b42c09b1b93e440a8d70c1006e1d2

SHA1
8c7dffdac42259f5ac7a3838033e06d7df8fd2ac

SHA256
0efc9d7b82a69b86d5aa4d5971e3f09d4efcef7d1b0537cb3699a21e4235b38b

SHA512
f9bdfe90918fce83b885dd5081967567543979be5bc98b5b0b0c8527282d81079e606f8f73b31cd498cd0773d15a663e8a0d92506486a8273a8612609de7b596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
26KB

MD5
1f23ae64462cf1b1843c8536afb0d22a

SHA1
2115eeb2f278cfd43f4aeae7428bddbf1a5147fa

SHA256
2eb271a4444385246a7940718e3883a7112410312c022de4e3fd9ec05c174fac

SHA512
ede5f670936744db1db68dea965d52b3937a245952a8b1b757e5c4f533c9989e45138608d063fcea815f11d2f97b014733b2465da24e093a5459e9cb99e2e9b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
27KB

MD5
a6dd5f162de1f38b3dc6997556773065

SHA1
708b33004a981b2000eb99feb24f5108b64b7206

SHA256
37612c677eef502b14fcb4f1f151da2e30aedba73d440ecad95686c9c4e77632

SHA512
3009d046b5207c5a2e638f527b8620f47b5d34090aa7c7f148f6e7f47a54df4809fa410b343e534db04a30341d5cef4414d0e97a28d448c190e20f34bc4f02bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
cf678063cbcce6071e09389106e44957

SHA1
8ff610cdfd02102c0bd66392dc697ac572bcb450

SHA256
4d4b1ef76037e91f953ad0981e8cd703df1216294d2f8d2ac45406471e447a7a

SHA512
e5675cde096f67e921fd4825d1fa57454dcdc8496806f59c709d8fb0369e1e90be10416f4a5b21e0cbb3041f497e9a7df58fc5b3f7686756cbbc4104e517c5c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\672850e0-716b-4785-b971-03b7429b7632\index-dir\the-real-index

Filesize
2KB

MD5
6c103474f3f6b3fda8fee3863b319554

SHA1
a9e555832c99894d3f1d9bdcbdbb75c31efe295f

SHA256
896a198ebe8319e790840beaa8643acec8287273830d6c550a83e9a0601ab5c4

SHA512
55b834223019cb14cf39516f49658eefe61fd15fa70d476472d22b6b6c652f77aea4636bc0a418d713d20860255fc85d9f127b4f1fefc80fa0b5f8f9ac7664ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\672850e0-716b-4785-b971-03b7429b7632\index-dir\the-real-index~RFe5c214b.TMP

Filesize
2KB

MD5
3b7a7542e32daeb7025205740aa3b4b5

SHA1
54eb3932065665ce7e6a2c1eb2f581d17260c4a1

SHA256
f7c8ffe8f8b9fcb55dc6580d6c5b50b7915cc57d663288c1c3b466d1aad5806c

SHA512
e97214b3b778ae50cdbb7424dfe9b3237cf6b212d8b43529a020694d27bb92fdc33d0ac10ac11da875f9bf521b6baf446ae09e0005c1358af0438cbdc58614d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
d2df1160aa82d0bc78529389c0ccb5e6

SHA1
1eab3797dbd302ca826e0fe64431ecc0e2290232

SHA256
57189f4f5e217ae4fd174edc10c2ed08ec38f9d80b263def715cf8e3ee209916

SHA512
994db6b70585dfccf879b77b9a75afe03241220240b925977901f72f6c93428f5c0d6c17cdf216956984b722ea1368e855cf4c680c86ccefbfdf0b03708bc104

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
da666788bf92bac6add69d2bddeb4d63

SHA1
d5a09d28bf9a9ae04a9b8cd7e207c020d9aeb659

SHA256
2c5d3b8d02082e9016c4e7b9dcc76d60365467faa6f3e040b69107af1bc69665

SHA512
d2f74e99e7a624c26918bfcfedfad56aafc8ab17b7c1584a1dc5d67be4fe126392351dcf7f86f518e5b4f375b83ba42ea410fe6b0a094b386bffe9cbb1b2eef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
d6ef6b7b5dea0c916821e3d44e220521

SHA1
48009b2fcc557afd28eb0cfcff0b3005cb950905

SHA256
1005a234d9fa8f8a1cce084045667224a25081ac5a68984df907aa0b594de46c

SHA512
ca7595c5725be992b779ae81af367a0cf6e2eb74ecd1d8508a8f96e3a52ff5463f66cf47bbd2a6f98ab874b0a67353ce54d6fcff26e1bfcffca2872c4e110337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
fa217efdae4c2b0e8fdaa99265652417

SHA1
2566cc85a47d3861fb89582eec25453786404eeb

SHA256
649dee0a8c0d4df89fb4ae254887a45b2245587640b2e8c0ec930ed1712c3d2a

SHA512
7813793c9593853211b705b91d1de47b94967622724c0f38eb2ce7b287ef6f529948b6dd05f5f78940f26eab03dba403d2418dfc628ef4b738afe646a6260700

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582268.TMP

Filesize
72B

MD5
e9b3104cff9de70841387029f8705fc6

SHA1
b0f4f4a298935d5dae1705db88817359aa850571

SHA256
7c54099895a679e15eb656ff856ae42691388db804b9220813369baaa70aab41

SHA512
d573fcc8924a7ab72d01b0bd924f8ecdc6b8fbba4669a561c08d56dc283eb68504dbed68e137eaa7c4e8feedd598def049bbcb966c1259d51a62c595f2f09e0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
401e78bc4c3e3f2fe7b12625696952c9

SHA1
f9ab4a46dbf4e5d78f5b871be9f06fd9f0eef23e

SHA256
bb80c8ed8d7333a9fe0779f4d4219430907df35d482e8ae669323787d911c688

SHA512
286889d28695273764850081117812413272906a5811b8e3a8e492ecf45ce236af3f3451c65314025a841e224726bf460cb78c0c50002b89adcc4bcaa7f82a9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
465B

MD5
a09bae8963248de3a6510810f8fc6fff

SHA1
dd0e847ef69b0b86dfe45bea9b2e447ba861f2bb

SHA256
33bbc3f885decd77f601fb46e1757516628a8482138a0f738850eab0dca79af7

SHA512
78436bb5492990253cc109f3f2917d325fabddf51ac3f70c2e6213a6d1265003979ab76009c6a90ff4c6b5d50ad237a3be2f0418b1b85bede22b05e797ea5464

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
896B

MD5
0f45d716b8853d791c13cf44aa4c2309

SHA1
b904a812430a99cd6df9eeace765b9c4f3e7f20a

SHA256
5321f3dbbbf29daa4421c87dcfa3dfb03b278ef2b7f7108ee8abd9bca24b20c5

SHA512
a8a25b7f867b2c36f23a269157077bd44ce263161025416918021b6cb40c3944094e3a01073102907445642659b3ea510692bda16df11aed37397a9414aa1dae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
75fab040bb285b3a25110f6d286e837f

SHA1
6f48534c6b9028a001e985392639d466751b3fa3

SHA256
92acf9b4251253c7e20306dabbff6f3732686ada90c3008d84ba68d85bf7582c

SHA512
897d7db7a94311b6d1f29435c17137c960f4b89db5d20a986016a5a4c962f9edfe2b99066894e40d9c90822c021a67eaa5239e49cb556cf9a8f9d733b221b5a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
afd17839bd6577d034091b307517811c

SHA1
3ad08ba5df5e385a4bee1fd8307293f0959ce057

SHA256
ee71e0e9e584414ee63e205ca80ae22ee31112040c802e05af2a920c6f088646

SHA512
b188b459b85621d66b0dba6c29c706b9bc0b306b8608e5a14222c685c7004994ae6a9b57e1f0befe12e2ef5845c9c9f62fb11548c10fc90802d08d0eceed4251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
b91c2bd1b6075715e37a72f76bd1d83a

SHA1
47d051facc299f9e7a01a0481c5f692108475f0e

SHA256
27980b1ee77a861c1fdf569ae8311fd2c7b31292b4a57914bf27df129cefccfa

SHA512
7d7efd12cc725965270a2812504b9e169c27c280fdc3992a116fb948286444d25c266096e851605b550c30a61b8a73fb275be4da61f28f478ab9a67f570cbb18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
5dfd75c612187a136c529b7df1fb995e

SHA1
98e1863b32e6722c0700cee6777fcadf1ef6c3ac

SHA256
5455d18d6490d69f1fcc47b4e92885826608d78f6a737a3051130ef0373719cc

SHA512
d38152b295e3a045077db11e50ba64699c09d038c7819b87b01e6647e5320b5086b68b83cd445bb39da2565f30eb8a831d6ced96a27017af790902949c2e13e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
3615187bcbe69b9c19ed3656344df7a4

SHA1
90fc3549a6605a4d9abd9557c4a65f47e95f8f15

SHA256
5f949d2f3cb442493ecb930326edc8ad67e523ed0c4ee29aae0ca9175fcd53ea

SHA512
3d0e3e74b51d752ead779ab91d4bd105b0563242b355e9867b3865d27238b139c20db50f2aaa607235c732cb31455e160252379d0c4488b751d983ef9e68114c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
bf843c5ee912c7dc15005b3c9d39cd8c

SHA1
bbe599a4048551d53201129915ef41979a379e2b

SHA256
0ab13e48af27da9d5408a31246e010ffddebf1f87272182360592920ef7b4d3e

SHA512
8cfae859fbc3af3a87620848343c4aa949d8abf8a5549bf3e5a8ed35b209f6d9a1a45baf9d891a84aca66049b93cc29dc2fb9c680b2fcd8710cd1b2195a610b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
4f3d06600753817617ee08b4a5a40f90

SHA1
9f67ec15994d7a45e011daa96d1b00330ce7cc1c

SHA256
0ea5f8cd1e953ab399cc6922650b1450ded4a85b0fa8877918e9e8462c74eb1a

SHA512
cd00c5fc9c595d0b2a105d5e035a0d296ba420358ff45a8fde3372e5e0537527502854255ab7479a2c1a398451438d5f0eb1ab19e24b783458450ab7c88b1002

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
d1b8b6be6a9ca8fa8bea040016650c64

SHA1
3c6e1645def5e6ea63c4e668135cd82a57ea9235

SHA256
638cf75bf9e4174ff84c3eaa071b49b50e09b8b000374eb1a538dc7f0a58cff9

SHA512
841f29135d7e4e114c57cc0b0b22e8f3b2e0c223debb8d448da1a7b5e9ecb314dafd994c4c79a8dd62b1c1ae8665304a5f0740f4c91143031848c3b43dc7aabf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
320e1cb1281e2252c0e32bf7447cfa56

SHA1
6f3ac19335c65a411be43ba448c5a75add4f7ff3

SHA256
d068aea354f80663e330e6f4f508101474551a43a1184a74da1acd697d86abf6

SHA512
da9b093f531478793248b61811aa75dde92f9cd4a000119ac2ab81690b2a98c3eee170bfcc2b8af8236642bd19037a83b3ef5823bf48b6da75353d1eae30f043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
a8b8b2aa54b69e4e98d3720b99f236e4

SHA1
903824d7f1a213e1c698a0744e6ca565ebab4e86

SHA256
702729a194dd5358d0ce2781f9dc659ef7344b9b52e6dd131949fa22954f0425

SHA512
bc06b55c795dd717d4d6bf9b1d16381a1f990e66ccfcda9640a5d845e3bd29a4a1b7c7b91453a0e25d7febbaa9a64deb7a31cec55b5cb6ae50b1b70023b2bfd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe57fb67.TMP

Filesize
392B

MD5
95142c39e6d5aaf048c4d04373503526

SHA1
c74947546e7a14df28b404433ce916ac1e19ac90

SHA256
849169ae188273c2bfdb97d580112d8e7b5a669aa3a70e0e439f42c120dd9071

SHA512
7c7527f1f613d16d681861778005963004aef09f33c3a2bea4db3e5cb07d71b7b34812b461310fee37fb00c4569289082ccfff8a01dbbc81016dc98d4aed3b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.31.1\typosquatting_list.pb

Filesize
628KB

MD5
c900ffe1b28b9a4314051c8511e6877b

SHA1
72a51a35e83ea5b3258a820b0a2b51e49e06a17f

SHA256
cfb1eb35033af3f46053a42f4fbf4756e7e64fb6fd2b66a14ba9e5215262421d

SHA512
b9598a8fe3d9d3ce2f614b3a5074d60edf3c96b5b4139325c33fe08f05e395934b1c14704cf3e51eb8bf9a4e4d1a54f9144710b18fcde0d5d763a31c27c3d598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

Filesize
572KB

MD5
f5f5b37fd514776f455864502c852773

SHA1
8d5ed434173fd77feb33cb6cb0fad5e2388d97c6

SHA256
2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e

SHA512
b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
19f4d9281a00d1412647c95be28763e9

SHA1
184e4a5c7d7564b6ff4e828de1f62357af093dbf

SHA256
1eeb8874cb5fb70ba097b2e23e88fbfbdc3265cf5ba3314dad8886b3914abc54

SHA512
227873b4955b85d99de2cad142dcca2e0f3c9b5cde8ac1cd32cafdb29f0f5b7b188d1e42f1871d2d75d21825c017e34a8f5d0540dd781a020370b2df5ef5bad2

Download Submit
C:\Users\Admin\AppData\Local\Temp\2pJlSadLyK3H6M8N73uTV8tS7X9\chrome_100_percent.pak

Filesize
148KB

MD5
cb4f128469cd84711ed1c9c02212c7a8

SHA1
8ae60303be80b74163d5c4132de4a465a1eafc52

SHA256
7dd5485def22a53c0635efdf8ae900f147ec8c8a22b9ed71c24668075dd605d3

SHA512
0f0febe4ee321eb09d6a841fe3460d1f5b657b449058653111e7d0f7a9f36620b3d30369e367235948529409a6ce0ce625aede0c61b60926dec4d2c308306277

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_z1vs1d0i.bct.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\LICENSES.chromium.html

Filesize
9.0MB

MD5
aaea51a605688fcb2f178fd60e4ca64c

SHA1
69d4791bf3cfedb68bc4d8f766878103578171cb

SHA256
96837a4a521a61bd3d34f2f660e29902d228aaec501eeb2a84403f1926c3df9d

SHA512
d328bf2f9ff7372a716a09e5882b9e3c0051b0135412b3258453085db1de2c7699c8aae24edfaca7798f468802db975977c9976e19fca84fffe884bf8594c33e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\chrome_200_percent.pak

Filesize
223KB

MD5
e9c1423fe5d139a4c88ba8b107573536

SHA1
46d3efe892044761f19844c4c4b8f9576f9ca43e

SHA256
2408969599d3953aae2fb36008e4d0711e30d0bc86fb4d03f8b0577d43c649fa

SHA512
abf8d4341c6de9c722168d0a9cf7d9bac5f491e1c9bedfe10b69096dcc2ef2cd08ff4d0e7c9b499c9d1f45fdb053eafc31add39d13c8287760f9304af0727bf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.7MB

MD5
a7b7470c347f84365ffe1b2072b4f95c

SHA1
57a96f6fb326ba65b7f7016242132b3f9464c7a3

SHA256
af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a

SHA512
83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\ffmpeg.dll

Filesize
2.6MB

MD5
97215129895c1442e3a8fe8921cd1757

SHA1
2f409b5791196b63d392a32ac0d9fb18dd476401

SHA256
10ad04ca665f7a05bfd0d217d9a09340a05593960f4f83b45c8104d567a293d5

SHA512
c9c98aa44dd26c8804286c23e290905e50f55189e46884f7ecd601f2a8829966fdb5cc8a3ebb89cec032528df355a87d2915ddab3e7cf5f2dffbd7b9d14c7f3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\icudtl.dat

Filesize
10.0MB

MD5
ffd67c1e24cb35dc109a24024b1ba7ec

SHA1
99f545bc396878c7a53e98a79017d9531af7c1f5

SHA256
9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92

SHA512
e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\libEGL.dll

Filesize
470KB

MD5
354c9bd2cc37b6bf0ddc4a1b08a04728

SHA1
6fc80a622c4e5073791228754ea58f0e51936177

SHA256
66f8c76a063f893d102839de1b90a5501e9c7d86106f37ac9e862259a76cf48b

SHA512
9e2529a4f1f213f239a91296cfbcc6ca9bb5d0fc8cc3c52f12412b7f59dbd19c5f835f0c6e6db418a2ea0086ac648eeb34029b8fb33e0c68f753fb628f32047a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\libGLESv2.dll

Filesize
7.7MB

MD5
6de22ae9151fa723959afb776aa79ebd

SHA1
90451e1ecb38aa2e466346dfe5e0e9c5e44f1c63

SHA256
6e7d1117e2d45c9ac2b28bf7ad8cff802943e81b974956567f5ef27a09a1956b

SHA512
d49f5af91714a4cf5c13688fa3374a56edca62648131ffe849010be77f9c1721d105af30c31ab94b6e92f8e52d51d36ec20e6ed36c1dad7d30a82831325fe3ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\af.pak

Filesize
494KB

MD5
e48860fe82ef022ffab38cbc4c96dffc

SHA1
a832fa66bfddabf3ae7f219cf379f66d2903162a

SHA256
e2470090a09ca500679e68bb5e3b1acc35a5873fea4f93af25a23c82122f2c13

SHA512
e4d0973ca7e59091c482d2acc384aa48ec87d3ce72d8d42a03a183b230fd209e085a4e907473a05d02d41e15ebc527df942774c23b4804c150367fcd727af7b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\am.pak

Filesize
799KB

MD5
5d55f8a437e65dd7962337857e78970b

SHA1
b83d6a98718459951dc9272344cfde8f1291c05b

SHA256
f7d24b9cd21562665ba250caee9c280a1c95efea4b5f37d1afdd36c369a61b87

SHA512
02cb8b52a58dae796decbff871c45311396b29a7ba1737320b73c817cb3c417c447169940148958d7b741456b009c08461fb43f89a3a0205606fb407579341ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\ar.pak

Filesize
874KB

MD5
c49f4afca050466af21212e88860f8fe

SHA1
adddf85ea75a24b92f1fcc4fe07a81a35d08f2c4

SHA256
11df77de069364d7f0e2b42fd2b7291abd8da5e4fa2d69a1b82c12a98a89dd00

SHA512
6060d96a59e424f9a630e70efced6866c074f8bf0c89273a28f9766e8c2b625bc80ea5c691a8c33c1f11a3cf1c4d34d96cdacb19a2ca61b61fcd45365d138843

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\bg.pak

Filesize
913KB

MD5
e6608ecc589e87a6f78f9ce553ec2609

SHA1
9fdb2ff6291549df773ba243b3a92b984b15bdf6

SHA256
97ef7984074775282b68dca5d5a469efdb2b22474ee6669fdfb5197d3f1b3768

SHA512
25450b23acc962be85977ef08be9b484c2a9127775039c521158c1801cd57d5781bcd8d5b8784f8a8b9403ce44b59964a20dbe36ce181f1d239143b22b53d5e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\bn.pak

Filesize
1.1MB

MD5
e9d2d6a60e167ad6fc9617b3f82247f2

SHA1
3d028cc6b04eb6879a5c01fa24f280fba43a656f

SHA256
e3f2a4b955b9a701829cd71d22bdcc562a67bc7926a3a349d99dfa2c5863bdf5

SHA512
e588eb68b853b9d39a483081b7d622dc3d7d4eea0292bf15e8462f4fb3936bd803a3f077c3583a93de42468cf53fa1898625e11a4e358729f50136f818d2c7f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\ca.pak

Filesize
556KB

MD5
2c116e3a86dbbd83a0c4c3ded4ef4ab5

SHA1
c88668807d5bcffef0fd8fb379dfcbd33c2a8a2f

SHA256
07c60044a97a4df15d7061b2833e9cbe11efa26b095fc7aec269770eb36431bb

SHA512
235eecd6d39fe01e1a88d391b3040f8b62a31eed91e6d0923b3d0c20aa7951c3cec8a4e3299046ace03cd095bb0a97f471e3c7bf40be0fd2b0a2f6a96f2804a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\cs.pak

Filesize
572KB

MD5
3607f223a1fdd2d016fa7a3761f26c54

SHA1
90a50fea74a4982abba1ae86cdb08533d4180325

SHA256
85699626522c2a8eb1efa3354c570057c3f665217d9d02a5d366a7c9048db59c

SHA512
80d5230fca6398732b8003bbc73200c724682d05a743572997323cbad2f43de483e7840daa748e069404d5fef84a48958254c49edb799742822c499990e2b85b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\da.pak

Filesize
518KB

MD5
c22b2477e29ddbd8bcf1df1b51b738a5

SHA1
482f5591e4938ee86ab2c2339fe63ed84d17ea8d

SHA256
4738f526d617a8eae389e239925019ba73a7ab9d584f512b5e1000c9c3e81af6

SHA512
cb23d13ab54de8b232530ef5b9ac8aea6be942c32375323c5a88438ab79860d5b38c94642a35f2a42be233dcf3d1f1d7ff7e2675de9daababdfbd27b73b90fa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\de.pak

Filesize
553KB

MD5
112a6f63c2964d6b5502da3f3f5cafed

SHA1
e4590d638a3f18aaf282f33a42221716cc9f8330

SHA256
a6a0ab85e5fb2988778ceab4fa526659574f1077ea063bb585c9185b12eb9874

SHA512
f902f2d92ea2d377f9223710e732a71f8127af92c3ff9709315538ae29d50fbbdba4f68376ecee89735be53d44683fb6c9050bcc8ca5adf87ffc87c0e32f8d22

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\el.pak

Filesize
1002KB

MD5
f86feba0f29bacae666e5daf69c99c3f

SHA1
4b1a3cd58e455d9c9a8e6ca9ea8e26556295642e

SHA256
6a2db5d60532c50501f247773aa225cc463772925fedd6959af4f64d69bcfe33

SHA512
745f9c7224253f13090b6ccdadb629e3920f601a2cba05939c372a30c3d05b93e7912b709f02b4c312facdd044969804b8e221a53b4afb5d725b6d08d54b9102

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\en-GB.pak

Filesize
450KB

MD5
5ab73db0270109c3331b6026a6af105c

SHA1
ac4ce9ac70cd9d69580e21919aefc4aa98d7efb3

SHA256
210e37e95d20f65a0d414efeea4a2bf2929c6d58c0c69f6b6e78742ab07bf09b

SHA512
eb70d001a5ac01144124f807af033b1618ebda032de62b7565ccb2f64dd2ced003af6922313e192934ec93ed23003324a3e03beab88e68f177d689632abbab52

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\en-US.pak

Filesize
454KB

MD5
9bce1a4c9a06d63e8b4f7eb40535c080

SHA1
11bc263876228d22b0bee57c6ba80c523c79e5cc

SHA256
0013a8efed8a17a93b0e718fb41652b8a2a6ed38128575cee89a258134167e41

SHA512
b6d1ea3a81cb1b32eba16a1cb4f337cbd15f28efea1e31ebf12efb795c33f6eea70abbfa4fed1b241103a8f0865cb2dd138db598c9cfbdce34497d46119e7566

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\es-419.pak

Filesize
547KB

MD5
bf24b0e8f3b5216a513d43e2c02d30e0

SHA1
53b76e36c7ff1d3d7b3b0c782c9933ef1fa5d0e3

SHA256
dd5fd63219fd11da697687b6ddeaab517109d2395762088c41c19573e7edfe0e

SHA512
f5c5332717b3ab7f93bab35d20770883d4d4979e89cacc64254ff5d7ec884a48ac70273f47cb1362097f273762b746fd0548c7f9a6979b464419a05c93455e35

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\es.pak

Filesize
547KB

MD5
4d7ad9f98967f3636b98f3ee3bc9befb

SHA1
777df13bf07fbb06c2151ced861f32f3f2ef34a5

SHA256
0e6e9b2f7810d1e69b5c4cffa86a8f356bc3530f89db59b6278e06a563b21135

SHA512
5d8a1667d13006c4c9f7bcf5b37bfe2f87044cd7302fbfe566580a5e6f9e4b339b5bd117312a59052e83c3f63e51623fe7fc6165f30ac67e07b2f29486b40eae

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\et.pak

Filesize
497KB

MD5
c0610f85a202bca2f540756ace2323e7

SHA1
f770e638e59fdd47484ca51f1c1f42cd933616ca

SHA256
77822b71398a329c43b57d9d8c0b27fff7f30c3a35fbd7850161549a23b0b9b2

SHA512
386b65ce118ee0602dfd195290f922c5abb7b38bf974b04ee4477f765d507cb4c41a0b443930eca2aae5b4e1de23d8013ba241ebbb99713da4d26df46e9aa29c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\fa.pak

Filesize
813KB

MD5
fd518ebba4a93da744a4d9e81e5f350b

SHA1
7c166d73fc2acfffa02d90cdaa2bc9d021432bef

SHA256
be53bde0194b76f8324b21b3528644a7a59c40579266c1a837a95b962e9e70df

SHA512
d1dcad09f342c1c7d41678b9aff7ec342151349d203de9fe8417906ef632d297fff58c34ee56ac9f4c7117cf9709a7d7cbc26beb0f7ff7911a5b5df03891c092

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\fi.pak

Filesize
508KB

MD5
6d7aaddb1365b3efee94d4c510a3002e

SHA1
2a970204894c5ac163c980ec0fac2dbd1711e5b5

SHA256
11b0b9b0f74d01f16db7aa49be9dceeb55fde9da56f17419c4bca159cdcae274

SHA512
f44bab9cee552dddac17d4ac1949870943cf138b3fdb0e649e8827acb6de9528dd9cf738757e5b495587e165d1c750b8bcc6205bdd029a01eb92aecab22ba49f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\fil.pak

Filesize
573KB

MD5
c744b92c8feff1c026034f214da59aca

SHA1
95780d3374841efdbc0d8a46cddc46bb860a26e0

SHA256
d7fdc7fd08dcc421bc8aaae3fdc72599c60a3b96f05989a3e46736f0de06e745

SHA512
eeefc73474642e75da61056f2841e7cfeb8d8475be55a39852dfe7de8a972f7d86e9d1df4614b3ca3ae4fb01b68e5ced664bc8e46ccfc94f44b06e29a5035b43

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\fr.pak

Filesize
591KB

MD5
77d7bad0f613b4c433986d03c5b7fc50

SHA1
6367d81a1cfd3e9b09861461036b70ff708eb83a

SHA256
6d669ea88e1fa4b253bf27e36be05c9eaea4286fef6d4930518ba97ea7b2ab01

SHA512
2eae203462366f70fb05a9c11016180ba76128937d0df0a162c73bacbe1e7b0337f4d655e761daf6e05f5cbb51ad296897871ae8fcbd3d87af4f989923915c77

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\gu.pak

Filesize
1.1MB

MD5
7667d758f90e0d3c147da74ba06425de

SHA1
a453e2f358095849612756a1fe6e2849e1f3f7fb

SHA256
94cb050bd6ed8e588fc0148123c0440f3a1bc8b459ab4ca54f954d098eeb2a46

SHA512
0b469fde98b8558a8a037a7cae1066ff343d1355168e12fcfd80e9aae9c870525fbf4113d7a282728a2e40b606108430e967b574104e8d192be234a3eda4d09a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\he.pak

Filesize
713KB

MD5
a4c49de130cc39ec8454a03171e0af2e

SHA1
be70fc9c3096fde83e90a78dea655d4f20db545e

SHA256
1713e7cd1b63853068d3a8cb15d8c11da417ace8be914c27789086726c40da94

SHA512
a8855e65850364e488ea047489108bd133cc280ff6aa689e5a409c6c46a138f8d3209b9650557d9e47e62217230d89d5db71d256c52100c169493364cc4ea894

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\hi.pak

Filesize
1.2MB

MD5
b6213bc189d5d80607e756707dfa9f67

SHA1
8249b93bb4f6a861f0d42a5d950e0e0f8c03df04

SHA256
af4f84011a174aad128b5801a5bd19c96364b984af20511bd61eed9f1aab0a33

SHA512
1eb734ea48a8ed03aaf939315792ce9ec6a58ddf6ab9c4801c8018f43a27cdb1699f3ec28ada7b8ca649ae7f134f9a313835aa8240e3f85962535a898c6bec7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\hr.pak

Filesize
551KB

MD5
d71fe557583c8df4ed043233b9c2bf19

SHA1
a7c86ba07a8465888b17ba1b7b9c212c28e6d989

SHA256
723c65592d15311d33fe35b2865849cccffbbf58a280859af972c77df96e14d0

SHA512
d4a98e9d3c80d3cf1b71d3e63fa402462ed06e65cc7449d7253064d7b913140d49da8d01bc45d5a6751dfeaed751dbfa4205d7f14a6e10f746783896e262310f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\hu.pak

Filesize
595KB

MD5
2515bb367f56f282657b3dd3b9ffcbc3

SHA1
8cc350e359f1cfefdf0ce3b016109dd483d45a8e

SHA256
b4e6a1135de8bdc42c04f4db4eb1ce48256f18eb46a5146a21010b6165a90e7a

SHA512
779a77b3380f08dfb1d1e9bd65806f3d5ab56619d040bd6ecc9726c17944f4d0c3a619edee06d638549250fbf4c6a2be46cd6196a3a8862d184a68d45d6f6d72

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\id.pak

Filesize
490KB

MD5
766e11f881396ecd982f0b9dfeb0675d

SHA1
210812c8c853ae2ced85aa8486e9872844201add

SHA256
e95ac873b16983ef8a9019fc7141bd56315e082f531d37c5b8377645226fe5ee

SHA512
fab3ab4e70137cfe73f883a407f40d6b22afd2461bfdccad720fb4e3e37b50c56cae61ffd8044f6dc463cb8cbfa03be989ab42304a29ff9432a6588580d31c87

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\it.pak

Filesize
539KB

MD5
94c772c21818f1df64179d69695a89fb

SHA1
54ca1a6639f92f9d43cfe2adaa3eac2f1764292c

SHA256
e950434e4449edec533bb63801a8affe17cda7bb998b7f9fe06be15e7e94111b

SHA512
078f14cb61ba69d2904dd9fc1946a053866a47741cbd7d6a336e4b39749c21bd8d1d096bd832b6864d15e0e142014f23f347ba082dcc0d2164468dcfd3e4615f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\ja.pak

Filesize
659KB

MD5
876eff616b8be74165d98af07a44a89d

SHA1
b36bef68c8299abb376396299b6bd5a972789047

SHA256
0e658ee3d63263b3a298de006de50f47510083647312191f2a8706ed8a48cedf

SHA512
3865d8e9b6e0cbcee0e837a014ecf6507f56488b5b64f18fdef13646cf5da00ae0e6f5dfb26de28e34ec857cd83780e7db2db17195c775bb953bae228178c8bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\kn.pak

Filesize
1.3MB

MD5
bb4ca36f22833dbaf5c471b27b9333f0

SHA1
3f066305d5ab4c10f41e62e45eb657698a4ea6ac

SHA256
945a5c32c9b5a11eb710bf20f8e66fec770f470527c4c995bde82c13e48f80fc

SHA512
8d5ea3ae608a10aaa2516542bc94d347a90437accbfa56fa9de68432486d70aeb9d7df51775340219a21c53a16b3357d9acafa4543e28e8ee9681db12e51d282

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\ko.pak

Filesize
557KB

MD5
bb86f92aafa4fa6a5a43dc836c51cb2a

SHA1
8ecc78b69ade046f6bb18529682a800596484b84

SHA256
7234a1390377451087a764bd31c817a5ce6695fa517119e7dccba642fac65e43

SHA512
1cfa9afab366518f6e13c8ed4ce8addb3984e360263412486b7920f4b20c35b3e9dd7479b09fa879942e83bc112c6e9fcc70a56b72f261540648c2feca2ad4b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\lt.pak

Filesize
597KB

MD5
20906aec4a21bcbb8bc8bab067075ba6

SHA1
369da9c1567d4376852cebdb87cd9213dc4bd321

SHA256
a1257d10e673311747363e6929832e70f36668b1fc0d6a5ddd550fe88007aa58

SHA512
8d1ee40bff980b889af83b95fa408bddf2ff5d257f532d2da46bfc3ddbcc31b9cf14b473fdfca1a574c0316fd689a424ae241e9bcc533b7dfe0c7203d4b252fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\lv.pak

Filesize
596KB

MD5
9f9d09b8e8b943733574c32e924cc834

SHA1
cd68a843884aec9eeba36a287902e5b39f128f82

SHA256
3e3c9953e679f391167a5d5536a4ace4d56558909ac8ad5b9f08650254d99f40

SHA512
8062ec8f8ca2507ac8e10d0a9a8a76ab02feab8993989043dbdfce3807d216087017ed14e6e9f52d87a2deb87ae5a69393e5d6c6963472ed98ecb22fc45d594e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\ml.pak

Filesize
1.3MB

MD5
39d4a5ed8cf7c8e0df946220fbfc0f68

SHA1
70794849b41d00f2b895f1211a6baaae3fa7d261

SHA256
87384db1ddcac012b0b40ec89daf47ebbbcf1497705f023a6983fb2470e4abd6

SHA512
ac992b9cebc2fd51f7477b36f1aa4d9157a84c3023949c02ea236d909c78fb5ccce28dd213c089820131ee3f669164529daf58901766630ebcf40546d33e132e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\mr.pak

Filesize
1.1MB

MD5
649e76b6666096a2258b942745ff9fe1

SHA1
82edf8ca68dff0caa36b17901c1e12a17172fa51

SHA256
039f4e0176c38867fef57482825d043fa63bf1356c85eab0fc665f118db125e4

SHA512
92f51140416cd6dd53109ddcc1ee24c1d26999de5cd48a11e6954dbbc985298c1b90c0b4a7bbd8701a2737b71340e8a257e8b1ace85ff3b4876b714c60befdce

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\ms.pak

Filesize
514KB

MD5
10a8463902589cfdc41c1580373b7728

SHA1
a2dd9ba97dad457826f6043d80f756b8c13dcb1b

SHA256
354d7a3fc5c9f6e965f54da155d66eafc8e5b5eab08cd782e9fdc379a5829e48

SHA512
02ba5c950e2be0c3e5f087d25e4d80ae544e53940a93a6381833bdf6538dfcb6fe51261b60aa376c2aae8654717560094fbfdd29821183f1b32068f26be092b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\nb.pak

Filesize
499KB

MD5
8ff27e7560b021587c15eb125c067a54

SHA1
8056ce2f55e940ec18d54b9ef75e8793c9a9ce66

SHA256
56b4c3973462a81f8eeb3ff84843e039940589fc62a128fbe5d91462f9092095

SHA512
b7179c9aaedeac82f7efc699e2b3fdf6e5500f10e87aa6fcd1f378e68a79e39c26758f0de4d69c07fc8bcce145889635a1df0324eb35bd1d3d1c11f5b0220347

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\nl.pak

Filesize
516KB

MD5
d59fed8986eee2b9d406ad52d88cbcf5

SHA1
f7e409e17723e21174361bc81e54bcef269f40f7

SHA256
619c61701b3a142733d23ad8c7117bc013867a842d3d1d572faa56895ad8257e

SHA512
234aaddaa7677b39667b4078dc3a630d67b4f2ab7df5ce763d509183a4d88e8f7bd1a231113b8a51418d577e4aa630860a7f2735c34ef59e0f65966cef825597

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\pl.pak

Filesize
574KB

MD5
4dcc61567580814e3b121a966a29b81e

SHA1
4bfb71f05b9818ff59d8c7b116bccc27bf9a7109

SHA256
0913c3b10b593fe25c27a4b2c22d4a1f67098abea6cdcfbbb8ead03d9b546de6

SHA512
a160d965de34a2454355b7fa889f187c94868f809802ebd840d941e9748c88158fa1941e8c372dbb2413056b74676817c7e405182237ef176071e908540d551c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\pt-BR.pak

Filesize
540KB

MD5
7c01408447b075044ab34b35bd369678

SHA1
968d8d819f47fb191d25a3df6e9cd7a54811508b

SHA256
903a50517e3b6afa8e17687f6c154fdf8c097e09088975a7cb0e243f682e3386

SHA512
5e582670fc9318c442541f0b235c9f24b5be9cf73850d4a97441e0c75d3c1abde36dbea7880a5c69ea62e37eed38dfbf5054c1d728786cb6e74c66d06eb94f6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\pt-PT.pak

Filesize
543KB

MD5
f2eafa0bd70b7ff64c64fa0d5590ebb3

SHA1
9a945c61d79e886f05f3b13cad0420b020e7019e

SHA256
8ba5d7dd9100e14a51a9e77e2f8cede706978bfd21eaa6f334140d12af6ba974

SHA512
ed032c0373ccc59f64ae709f3c462f1c1c55b1abaf5b16398c9b64480ea5df94ab35e6897dfd1f98e18296e12528e3f27150948849b0bbb0e91bfef140c0bac5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\ro.pak

Filesize
562KB

MD5
15dcb56e5a1bbcf32f6503d63b88dd16

SHA1
d234839aff1e18845488f47f04b7568e226c3124

SHA256
f360247be07a19a0a5a2f4a46195ab2411ea3f634e86cd884ef59fa60e9b6b7b

SHA512
62b7e37f2bd9a3977ace1d19fdfa76bf764719e670c2c0e887bfdde5b132a3abedcbaadbeda28883a5a464b0cfd9f2d9ef5bf85aa07f4ddb2156f516944e4cc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\ru.pak

Filesize
924KB

MD5
e3fb9da109ed5c909dc5b0e9fcdfeb31

SHA1
fe85fcb1b7d5b9eec082f793c617dd6ac36fb4f9

SHA256
22f6c531e4660c6fa2be6cca19c4e617ab40d5ae47a9d3425df811b88b989130

SHA512
cb28b7fb674beaf0274ccf08a023a8094d5f3408741656f4149e1e531253ac80297ddec11ffe2f53a8d38e24a48c01dccdff946f0383d7133927639bf7c2f00f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\sk.pak

Filesize
580KB

MD5
7773015adbfd66d42b4a9cb11a29a7d4

SHA1
bd96538a2ff6c8884a545a7b10495107fc1f8395

SHA256
bfd5b52a544428c5aaa4f418903610f1373c808c20110c145d95b34c51c7cf80

SHA512
e8abceffff4fe1b6b1957ad99288bcf562fed2ccaa8ec20ee369fc5d50a3fad1ee823045860ad1028503f4dc730c5e816861ba5b2e0417433000dbe2db6be795

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\sl.pak

Filesize
556KB

MD5
33aa83936f6fc0ead34f2d89a3f6d3ce

SHA1
7e3a1df02daa63760e689f4a4bd6fb47fd888de8

SHA256
f7539df33ea860bc42a76047fa4fa0dc75044df6d602f8735c9acfa5d7995198

SHA512
f37979e94063ef24897657e33d3aab5cfe6258e071cbef13ac01dee1647353071f7e269f986d45e750013cde5ecf69599e94dd27fcd097cafa7054684018a684

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\sr.pak

Filesize
859KB

MD5
449ad5559d52df02f3474e2fa4272a7b

SHA1
da675fb589e5b872f61a18fac70a3d3bd03b16fc

SHA256
3aed83391c97ce05aab07239d0cbfe5a2b596d7a3bec39dbebced4e43704b8b7

SHA512
6af98bd5d58f73ff9724d171d56a6b844ebc01874765f1b322630b6b5571882511c2ab371deb941bb71466e18502eb81f7082d9f7aba4ddb358fc3b274de341c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\sv.pak

Filesize
501KB

MD5
f4e50ea270ec5579d0e14d9554fcd85a

SHA1
c912c576549dbc1b82dc891e7a0743bd2e2463db

SHA256
99a330ebeb222556d96d087e27158707ceb5b9050db5ff0ea09cdc2b0137e6bb

SHA512
e687db806a3c984049dafe646b6560c2002833b38f74d956b54da60c1b9c0ec5205a6b743d9a8b54b2d9e61849c6a416810e145fb97483782121189fa934dbbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\sw.pak

Filesize
529KB

MD5
d3ae31b63eb14fc353b6e8b872d266f8

SHA1
011647736ea51490cd7ccd49433f4529b708ccbe

SHA256
462809f4337c1d6511d53e496937828ed07d64e7144954da794c36584c94b543

SHA512
aad3c37beaf1224478214623f95a549b6167d1d061baf6c2e2adf8b8d034e44e8bc4a1e9409533f2830ec3bdb06208a1e144bbc4e3ce2a6cfc6bc82002d32b04

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\ta.pak

Filesize
1.3MB

MD5
52ee28471f2f9d01ef3f57233496554b

SHA1
abd7dd9989fac90636626a41f007eb6aa5ec7a2e

SHA256
1cebac8d758298ed2763e62b9bdfb17351831e691ff3e1ba85252c9a66d66242

SHA512
af2e9593faf60319244c90e9c06604dd3830705f14c18cd380dc2338aaa0c1e137bf751603ab9beaf7f1783839f83bcd4fda357b7cebc66ee94155d560b6f691

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\te.pak

Filesize
1.2MB

MD5
3a71904057869c23d1bc108f1e8d0d31

SHA1
6fb6e60c80bc332a2bb66d02a1e3db69961a9c41

SHA256
8264244c6de861817f5b19cef282844a18ed8cb7d4e059451489652749fe931e

SHA512
7248058b2d357c4a8b9c2e95d580a2000a96d9a5adb0b822adeeba5c4422e08cc12ef84b9b9a627a1f6cd07a08698ec000510885d14d64afd40c6e8d69376022

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\th.pak

Filesize
1.0MB

MD5
879a881174501e22c3de65b9f80bc19b

SHA1
a2e020d5ed1be7dee50a495a2f8581e751cbf735

SHA256
647ad394e92e7610bd0f6c4e08d28748408fcd5a816a35e4622ea7f71cfa7a9d

SHA512
b8961a90036b94340283237da57659cc277e65e545764251f7d3e406dc5f70c9ae29366184d0aa8831aaa0a7cb5c12ff825078bb87528606cae223fba58c73d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\tr.pak

Filesize
539KB

MD5
67c502d240b018fbf93c83ac04350f2d

SHA1
0a4af68147ba51ffe67e480bce2a34f4c1618e62

SHA256
4f4f9b81c22aaad9c2e2383acc8d968bbf1d8088c2abac05bf64f262111615dc

SHA512
8942b33910ce97a95ac40f224ea21ff8efcc620523aa6b82e92027bb43e04e95b37cfe2b0ed45b385d8b0a9d8ab06e6bdd7a297a98402ca70c64f0c31689444d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\uk.pak

Filesize
923KB

MD5
5b0e0cdc5bb5439cea7bbf22757c15c5

SHA1
131f7b5f72f1ff0e9d71d667674773766534c0c7

SHA256
7de252bb6f453c371f9bbf1ec51f96582c1637cf290abd6f3a6c7f940d34e5cb

SHA512
838e8228d2cbfbe03490c96fa7ea93b4b61780b34eddb5064f0b367c4670ae7ff775e28ad55011354de2a9f23ee505bd6105a3500a00b1c5553ce05be3f0daf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\ur.pak

Filesize
808KB

MD5
fb978b7d211112a0774ce09ca54ca96f

SHA1
fb0c69801230437dcd20e3803db81ee60fc042b0

SHA256
60310f9a3457fae0395b447a30646211ef4160ba84bd7c36d291af4c8ec2b79a

SHA512
abde8d79f46b27e0e315034025837a3126d6e5d2bc52504d49c946fe96828bd9b20cc4a5c05283fb9f8813e6820a28249cfd68b30cb27fba216970c16ecc8d44

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\vi.pak

Filesize
639KB

MD5
9da50df23181f5c2036dd20e2490111c

SHA1
06a9c9f4c7e820df7743a4b0b6326ce538140cb7

SHA256
6e771fe02ec40375844c17c5b60389ebd46089864c24df7fe9755ea916de9469

SHA512
16d2aaf019810e3bfe000b73f5cad3c52c225d9debb43aed15df60f3995cbba66eee44de675d642e8bbaaf51bd1c2925078191d2954a0cd4a3de4cfc1151e05f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\zh-CN.pak

Filesize
460KB

MD5
271d3a6dace38055212286d872596283

SHA1
a660d98324966a9f76dabf8e3bf565363323d4cc

SHA256
ea08c31a5d4e6aafbc5b657c5960135e64506593729fdb759874e55876580666

SHA512
d7bbb76a2b601b925d3bfc2d91534b0876459cec6c8be859adf4890d68c2ff7dc882b0670976aa0fb2b1fc83c026eb8446476e8afe443b2788928944a2ce1fb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\locales\zh-TW.pak

Filesize
455KB

MD5
e302e1102f3f5a21860f38f41b3c30f8

SHA1
78b5d1c451cf674a7641dfcc815f966fc920cf57

SHA256
d4033cb3264c7c4cd2636ea2a202421650c449e5bfb10f29949e4c44e91ca93b

SHA512
1f96b197eb7ae6b7983ed38d4ce33ea0c845ffe527fedfbc9e53a6009871dd3c39084a04cd1d43fd6dd24e7f26e3ec4845d4225df828de0b9ba346cbc98efea4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\resources.pak

Filesize
5.3MB

MD5
6175c560fbbd33d77bb402792d32d0eb

SHA1
ca2928261a2bb621dccfdeccfa40b6a8a6e4a186

SHA256
c5ea37d00531012e538eaa4d8388deee41d3104d0a0800ec720f5f6edf4405bd

SHA512
322d1cfb8f04c7b3502089f1ba4bdecb96624cf401f9146ae4e6f7ce8445ddf7b31af7208a222698f781bc2cb32b61b6a34c9398711f54ea4ad6a3a388b5c677

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\resources\app.asar

Filesize
30.4MB

MD5
880b035ebd348d5498c0257790e1cba0

SHA1
9d2bd20080d3c1814d60e4502e5adbd6b6e142e9

SHA256
c6e56ba23c450be0f84af5b8078b31ab1aa07e6a4d82853fa9d43e66cd69bf2c

SHA512
0ec4a42edcb8ae1f161d3a70785a601e779117ee51fc11f10682424d0f7dcdc381e7c1719ca0c19cb53e14e86c1e8b2a3f6a6d2a695004d2e714e9cb80780cab

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\snapshot_blob.bin

Filesize
302KB

MD5
8e8920b608b962e073ba3a15b7bbb1fe

SHA1
60995eea8977bf2efa21d35464d7b93954332aa3

SHA256
8e105f7073c063e658e245ef779fc2dc98504c2a80af1a699cd7eb8958572aff

SHA512
56151b21182ba409d9f74def2927c3f19f6ab09f2581ecc62e7b8cc24891adcfe043a9de8887e4abe267df1e17ffa4747b651cd6a9515a66f1543ee2fa84063b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\v8_context_snapshot.bin

Filesize
646KB

MD5
95fbaa11048d03e4205eefe0a631b694

SHA1
0b96fcec99112dbf855ec23001e231c11187633b

SHA256
0c063d0737cbd70d3029324c213518ddb8ca40ef4417609af05973aff1fd24c9

SHA512
bc0431e120166b0be912d55478159d89f4dd15055520de4b7323457825ac507e21b3b4ea690950e09e267f2dfd4d9df23d91c4c4b1b70b1bb3ce10bd047a52c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\vk_swiftshader.dll

Filesize
5.2MB

MD5
11f434e400c98b389529c785807385ea

SHA1
490154d919b6e9d1df9514a89b5f22f274f503b6

SHA256
aa433b4c2bf311df116a89903718f7bac1c9a8bec506563282cb28c9649300f0

SHA512
243152a66f7fe1818be5bc9ebcfc249c597fc1cb42615132a4a1c8213d02b441f4b11491d739ad5b294fe1183ec6394c756a8191fe117cc034f5be38e339689e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\7z-out\vulkan-1.dll

Filesize
938KB

MD5
269482aca0cfd8896022d3f5d1694260

SHA1
08fe87a6c8fc365ac283c9996ec56dd5312cca74

SHA256
8e01e040129c0386a83448c0bff70320cfbb03d345e07c8f0fbe6df58ae7ffc6

SHA512
a420486cb7a683542a3f24c5f694a54d0c5cb3b4a5fdf97eb5ee4b52159d62d93d38481d1486ffd8a8101e40ebc4f1986643418e6d18da341673ad7a8745eba1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh14B8.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Roaming\Drehmal Installer\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\Drehmal Installer\Network\Network Persistent State

Filesize
387B

MD5
3bb4baaf459a632754fad2b790890654

SHA1
7182a43cd536741204357dae986cf5f9b1e77af2

SHA256
25b73173c5a277dd5748fc0db10ca40a8948c69811f70a07a13e6de52468b2e7

SHA512
16098591ae7e2ef88c646f07a643a0321a11170b9b9b9f5019a4d131d52612bfc66130674bd72353a7096025028bea43d625b6a29f4c0b6a5efc87dafc0f5a74

Download Submit
C:\Users\Admin\AppData\Roaming\Drehmal Installer\Network\Network Persistent State~RFe5a5267.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/4084-3231-0x000002454C4F0000-0x000002454C4F1000-memory.dmp

Filesize
4KB

Download
memory/4084-3230-0x000002454C4F0000-0x000002454C4F1000-memory.dmp

Filesize
4KB

Download
memory/4084-3229-0x000002454C4F0000-0x000002454C4F1000-memory.dmp

Filesize
4KB

Download
memory/4084-3228-0x000002454C4F0000-0x000002454C4F1000-memory.dmp

Filesize
4KB

Download
memory/4084-3227-0x000002454C4F0000-0x000002454C4F1000-memory.dmp

Filesize
4KB

Download
memory/4084-3220-0x000002454C4F0000-0x000002454C4F1000-memory.dmp

Filesize
4KB

Download
memory/4084-3219-0x000002454C4F0000-0x000002454C4F1000-memory.dmp

Filesize
4KB

Download
memory/4084-3225-0x000002454C4F0000-0x000002454C4F1000-memory.dmp

Filesize
4KB

Download
memory/4084-3226-0x000002454C4F0000-0x000002454C4F1000-memory.dmp

Filesize
4KB

Download
memory/4084-3221-0x000002454C4F0000-0x000002454C4F1000-memory.dmp

Filesize
4KB

Download
memory/6364-3018-0x000001DCADAC0000-0x000001DCADAE4000-memory.dmp

Filesize
144KB

Download
memory/6364-3017-0x000001DCADAC0000-0x000001DCADAEA000-memory.dmp

Filesize
168KB

Download
memory/6364-3016-0x000001DCAD700000-0x000001DCAD722000-memory.dmp

Filesize
136KB

Download