umbral | hxxps://anonfiles[.]com/W1F8V6X8yd/XWorm_V3[.]1_7z

Analysis

max time kernel
2700s
max time network
2705s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
16-07-2023 06:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://anonfiles.com/W1F8V6X8yd/XWorm_V3.1_7z

Score

10^/10

umbral discovery persistence stealer

Malware Config

Signatures

Detect Umbral payload 1 IoCs

resource	yara_rule
behavioral1/files/0x000e0000000235af-5242.dat	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral
Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
1692	7z2301-x64.exe
868	playit-0.9.3-signed.exe
6008	7zFM.exe
2288	XWorm V3.1.exe
6112	7zG.exe
3860	XWorm V3.1.exe

Loads dropped DLL 7 IoCs

pid	Process
3152	Process not Found
3152	Process not Found
6008	7zFM.exe
6112	7zG.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2301-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2301-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2301-x64.exe

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	7z2301-x64.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ms.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kab.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\descript.ion	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\vi.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	7z2301-x64.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	7z2301-x64.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	7z2301-x64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133339636885031795"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 57 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	XWorm V3.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2301-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	XWorm V3.1.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff	XWorm V3.1.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	XWorm V3.1.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	XWorm V3.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2301-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2301-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 60003100000000004e5666a4100058574f524d567e312e310000460009000400efbef0564f36f0565a362e000000e632020000000900000000000000000000000000000041831d00580057006f0072006d002000560033002e00310000001a000000	XWorm V3.1.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	XWorm V3.1.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1722984668-1829624581-3022101259-1000\{567CD4CA-B591-40D3-851B-EA5388A9F8B7}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	XWorm V3.1.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	XWorm V3.1.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	XWorm V3.1.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	XWorm V3.1.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	XWorm V3.1.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	XWorm V3.1.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	XWorm V3.1.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	XWorm V3.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2301-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2301-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2301-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2301-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	XWorm V3.1.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	XWorm V3.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2301-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2301-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2301-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	XWorm V3.1.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\NodeSlot = "4"	XWorm V3.1.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	XWorm V3.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2301-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2301-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2301-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = ffffffff	XWorm V3.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	XWorm V3.1.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	XWorm V3.1.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings	XWorm V3.1.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	XWorm V3.1.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	XWorm V3.1.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	XWorm V3.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2301-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2301-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	XWorm V3.1.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	XWorm V3.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2301-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2301-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2301-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	XWorm V3.1.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	XWorm V3.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2301-x64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	XWorm V3.1.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	XWorm V3.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2301-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	XWorm V3.1.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 713304.crdownload:SmartScreen	msedge.exe

Opens file in notepad (likely ransom note) 3 IoCs

ransomware

pid	Process
2044	NOTEPAD.EXE
5044	NOTEPAD.EXE
1388	NOTEPAD.EXE

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2236	PING.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1004	chrome.exe
1004	chrome.exe
1528	msedge.exe
1528	msedge.exe
452	msedge.exe
452	msedge.exe
5336	identity_helper.exe
5336	identity_helper.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
3420	chrome.exe
3420	chrome.exe
4848	chrome.exe
4848	chrome.exe
2884	msedge.exe
2884	msedge.exe
3760	msedge.exe
3760	msedge.exe
6120	identity_helper.exe
6120	identity_helper.exe
6000	msedge.exe
6000	msedge.exe
6000	msedge.exe
6000	msedge.exe
3860	XWorm V3.1.exe
3860	XWorm V3.1.exe
3860	XWorm V3.1.exe
3860	XWorm V3.1.exe
3860	XWorm V3.1.exe
3860	XWorm V3.1.exe
3860	XWorm V3.1.exe
3860	XWorm V3.1.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2288	XWorm V3.1.exe
3860	XWorm V3.1.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
2288	XWorm V3.1.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1692	7z2301-x64.exe
3660	OpenWith.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe
2288	XWorm V3.1.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1004 wrote to memory of 3788	1004	chrome.exe	84
PID 1004 wrote to memory of 3788	1004	chrome.exe	84
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 4612	1004	chrome.exe	88
PID 1004 wrote to memory of 2544	1004	chrome.exe	86
PID 1004 wrote to memory of 2544	1004	chrome.exe	86
PID 1004 wrote to memory of 4172	1004	chrome.exe	87
PID 1004 wrote to memory of 4172	1004	chrome.exe	87
PID 1004 wrote to memory of 4172	1004	chrome.exe	87
PID 1004 wrote to memory of 4172	1004	chrome.exe	87
PID 1004 wrote to memory of 4172	1004	chrome.exe	87
PID 1004 wrote to memory of 4172	1004	chrome.exe	87
PID 1004 wrote to memory of 4172	1004	chrome.exe	87
PID 1004 wrote to memory of 4172	1004	chrome.exe	87
PID 1004 wrote to memory of 4172	1004	chrome.exe	87
PID 1004 wrote to memory of 4172	1004	chrome.exe	87
PID 1004 wrote to memory of 4172	1004	chrome.exe	87
PID 1004 wrote to memory of 4172	1004	chrome.exe	87
PID 1004 wrote to memory of 4172	1004	chrome.exe	87
PID 1004 wrote to memory of 4172	1004	chrome.exe	87
PID 1004 wrote to memory of 4172	1004	chrome.exe	87
PID 1004 wrote to memory of 4172	1004	chrome.exe	87
PID 1004 wrote to memory of 4172	1004	chrome.exe	87
PID 1004 wrote to memory of 4172	1004	chrome.exe	87
PID 1004 wrote to memory of 4172	1004	chrome.exe	87
PID 1004 wrote to memory of 4172	1004	chrome.exe	87
PID 1004 wrote to memory of 4172	1004	chrome.exe	87
PID 1004 wrote to memory of 4172	1004	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://anonfiles.com/W1F8V6X8yd/XWorm_V3.1_7z
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcff39758,0x7ffdcff39768,0x7ffdcff39778
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:8
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:2
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4656 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:8
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3436 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5432 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:1
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5572 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5352 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:8
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5848 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4764 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:8
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4828 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:8
  2⤵
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4708 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4792 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4692 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:8
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6340 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6348 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6632 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6576 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6076 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:8
  2⤵
  PID:512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6504 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:8
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3852 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:8
  2⤵
  PID:5052
- C:\Users\Admin\Downloads\7z2301-x64.exe
  "C:\Users\Admin\Downloads\7z2301-x64.exe"
  2⤵
  - Executes dropped EXE
  - Registers COM server for autorun
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5744 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6212 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5512 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:8
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6968 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6976 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5016 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:8
  2⤵
  PID:4840
- C:\Users\Admin\Downloads\playit-0.9.3-signed.exe
  "C:\Users\Admin\Downloads\playit-0.9.3-signed.exe"
  2⤵
  - Executes dropped EXE
  PID:868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://playit.gg/claim/ec1267e275
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of SendNotifyMessage
    PID:452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffdbee446f8,0x7ffdbee44708,0x7ffdbee44718
      4⤵
      PID:800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,12764477457133180916,10755646940880316756,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
      4⤵
      PID:5048
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,12764477457133180916,10755646940880316756,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,12764477457133180916,10755646940880316756,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
      4⤵
      PID:4504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12764477457133180916,10755646940880316756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
      4⤵
      PID:5052
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12764477457133180916,10755646940880316756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
      4⤵
      PID:2480
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,12764477457133180916,10755646940880316756,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
      4⤵
      PID:5324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,12764477457133180916,10755646940880316756,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12764477457133180916,10755646940880316756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
      4⤵
      PID:4736
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12764477457133180916,10755646940880316756,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
      4⤵
      PID:4648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12764477457133180916,10755646940880316756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
      4⤵
      PID:1824
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12764477457133180916,10755646940880316756,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
      4⤵
      PID:5148
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,12764477457133180916,10755646940880316756,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6128
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12764477457133180916,10755646940880316756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:1
      4⤵
      PID:3644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12764477457133180916,10755646940880316756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
      4⤵
      PID:1196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12764477457133180916,10755646940880316756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
      4⤵
      PID:4424
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12764477457133180916,10755646940880316756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
      4⤵
      PID:5852
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2020,12764477457133180916,10755646940880316756,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5296 /prefetch:8
      4⤵
      PID:5728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12764477457133180916,10755646940880316756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
      4⤵
      PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6328 --field-trial-handle=1908,i,13102045146472565321,9672257454915294618,131072 /prefetch:8
  2⤵
  PID:4424

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1836

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5292

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6040

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\XWorm V3.1.7z"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6008

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:1124
- C:\Windows\system32\PING.EXE
  ping 181.ip.ply.gg
  2⤵
  - Runs ping.exe
  PID:2236

C:\Users\Admin\Desktop\XWorm V3.1\XWorm V3.1.exe
"C:\Users\Admin\Desktop\XWorm V3.1\XWorm V3.1.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2288
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ke5kuncc\ke5kuncc.cmdline"
  2⤵
  PID:1908
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3209.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcD26EE26FB237428B9F31A915DCC8CF62.TMP"
    3⤵
    PID:5352

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:320

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x478
1⤵
PID:6136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcff39758,0x7ffdcff39768,0x7ffdcff39778
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:2
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2916 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2284 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:8
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4684 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:8
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4844 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4992 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:8
  2⤵
  PID:5348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5140 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:8
  2⤵
  PID:6052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5288 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:8
  2⤵
  PID:5888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:8
  2⤵
  PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4724 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4024 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:8
  2⤵
  PID:5968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3808 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3264 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3412 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:8
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3144 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2972 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5724 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5488 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5892 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:8
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5360 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:8
  2⤵
  PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3388 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6088 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3532 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5996 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6056 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:8
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 --field-trial-handle=2028,i,3693880998787229491,16234282987323341824,131072 /prefetch:8
  2⤵
  PID:1468

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5876

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x478
1⤵
PID:1068

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\SazInjector\README.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:2044

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\SazInjector\bin\New Text Document.txt
1⤵
PID:1468

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\SazInjector\bin\New Text Document.txt
1⤵
PID:3956

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\SazInjector\bin\GunaUI.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:5044

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\SazInjector\bin\GunaUI.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:1388

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap3231:72:7zEvent8335 -ad -saa -- "C:\Users\Admin\Desktop\SazInjector"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdbee446f8,0x7ffdbee44708,0x7ffdbee44718
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,9326676357824098,5115233367658549240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,9326676357824098,5115233367658549240,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9326676357824098,5115233367658549240,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9326676357824098,5115233367658549240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9326676357824098,5115233367658549240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9326676357824098,5115233367658549240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9326676357824098,5115233367658549240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9326676357824098,5115233367658549240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4152 /prefetch:8
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9326676357824098,5115233367658549240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9326676357824098,5115233367658549240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9326676357824098,5115233367658549240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2944 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9326676357824098,5115233367658549240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9326676357824098,5115233367658549240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9326676357824098,5115233367658549240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9326676357824098,5115233367658549240,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4204 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9326676357824098,5115233367658549240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9326676357824098,5115233367658549240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9326676357824098,5115233367658549240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9326676357824098,5115233367658549240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2112,9326676357824098,5115233367658549240,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9326676357824098,5115233367658549240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9326676357824098,5115233367658549240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1880 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9326676357824098,5115233367658549240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9326676357824098,5115233367658549240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:4336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5888

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\XWorm V3.1\ClientsFolder\DCC9D084F1A5FB6BBAA4\Recovery\All-In-One_07-16-2023 07;28;35;764.txt
1⤵
PID:1080

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\XWorm V3.1\ClientsFolder\DCC9D084F1A5FB6BBAA4\Recovery\ChromiumCookeis_07-16-2023 07;29;11;295.txt
1⤵
PID:1072

C:\Users\Admin\Desktop\XWorm V3.1\XWorm V3.1.exe
"C:\Users\Admin\Desktop\XWorm V3.1\XWorm V3.1.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:3860

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:3052

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x478
1⤵
PID:3204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbee446f8,0x7ffdbee44708,0x7ffdbee44718
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,11393632553043827795,18174966745685391858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,11393632553043827795,18174966745685391858,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,11393632553043827795,18174966745685391858,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11393632553043827795,18174966745685391858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11393632553043827795,18174966745685391858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11393632553043827795,18174966745685391858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11393632553043827795,18174966745685391858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11393632553043827795,18174966745685391858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11393632553043827795,18174966745685391858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11393632553043827795,18174966745685391858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,11393632553043827795,18174966745685391858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,11393632553043827795,18174966745685391858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11393632553043827795,18174966745685391858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11393632553043827795,18174966745685391858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11393632553043827795,18174966745685391858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11393632553043827795,18174966745685391858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11393632553043827795,18174966745685391858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11393632553043827795,18174966745685391858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11393632553043827795,18174966745685391858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11393632553043827795,18174966745685391858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11393632553043827795,18174966745685391858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11393632553043827795,18174966745685391858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11393632553043827795,18174966745685391858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11393632553043827795,18174966745685391858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11393632553043827795,18174966745685391858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,11393632553043827795,18174966745685391858,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6052 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11393632553043827795,18174966745685391858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,11393632553043827795,18174966745685391858,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11393632553043827795,18174966745685391858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  PID:1808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5292

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

T1064

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Scripting

T1064

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.dll

Filesize
99KB

MD5
956d826f03d88c0b5482002bb7a83412

SHA1
560658185c225d1bd274b6a18372fd7de5f336af

SHA256
f9b4944d3a5536a6f8b4d5db17d903988a3518b22fbee6e3f6019aaf44189b3d

SHA512
6503064802101bca6e25b259a2bfe38e2d8b786bf2cf588ab1fb026b755f04a20857ee27e290cf50b2667425c528313b1c02e09b7b50edbcd75a3335439c3647

Download Submit
C:\Program Files\7-Zip\7-zip.dll

Filesize
99KB

MD5
956d826f03d88c0b5482002bb7a83412

SHA1
560658185c225d1bd274b6a18372fd7de5f336af

SHA256
f9b4944d3a5536a6f8b4d5db17d903988a3518b22fbee6e3f6019aaf44189b3d

SHA512
6503064802101bca6e25b259a2bfe38e2d8b786bf2cf588ab1fb026b755f04a20857ee27e290cf50b2667425c528313b1c02e09b7b50edbcd75a3335439c3647

Download Submit
C:\Program Files\7-Zip\7-zip.dll

Filesize
99KB

MD5
956d826f03d88c0b5482002bb7a83412

SHA1
560658185c225d1bd274b6a18372fd7de5f336af

SHA256
f9b4944d3a5536a6f8b4d5db17d903988a3518b22fbee6e3f6019aaf44189b3d

SHA512
6503064802101bca6e25b259a2bfe38e2d8b786bf2cf588ab1fb026b755f04a20857ee27e290cf50b2667425c528313b1c02e09b7b50edbcd75a3335439c3647

Download Submit
C:\Program Files\7-Zip\7z.dll

Filesize
1.8MB

MD5
4e35a902ca8ed1c3d4551b1a470c4655

SHA1
ad9a9b5dbe810a6d7ea2c8430c32417d87c5930c

SHA256
77222e81cb7004e8c3e077aada02b555a3d38fb05b50c64afd36ca230a8fd5b9

SHA512
c7966f892c1f81fbe6a2197bd229904d398a299c53c24586ca77f7f657529323e5a7260ed32da9701fce9989b0b9a2463cd45c5a5d77e56a1ea670e02e575a30

Download Submit
C:\Program Files\7-Zip\7z.dll

Filesize
1.8MB

MD5
4e35a902ca8ed1c3d4551b1a470c4655

SHA1
ad9a9b5dbe810a6d7ea2c8430c32417d87c5930c

SHA256
77222e81cb7004e8c3e077aada02b555a3d38fb05b50c64afd36ca230a8fd5b9

SHA512
c7966f892c1f81fbe6a2197bd229904d398a299c53c24586ca77f7f657529323e5a7260ed32da9701fce9989b0b9a2463cd45c5a5d77e56a1ea670e02e575a30

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
930KB

MD5
30ac0b832d75598fb3ec37b6f2a8c86a

SHA1
6f47dbfd6ff36df7ba581a4cef024da527dc3046

SHA256
1ea0839c8dc95ad2c060af7d042c40c0daed58ce8e4524c0fba12fd73e4afb74

SHA512
505870601a4389b7ed2c8fecf85835adfd2944cbc10801f74bc4e08f5a0d6ecc9a52052fc37e216304cd1655129021862294a698ed36b3b43d428698f7263057

Download Submit
C:\Users\Admin\AppData\Local\GMap.NET\DllCache\SQLite_v98_NET4_x64\System.Data.SQLite.DLL

Filesize
1.6MB

MD5
1b1a6d076bbde5e2ac079ef6dbc9d5f8

SHA1
6aa070d07379847f58adcab6b5739fc97b487a28

SHA256
eaadfbcafd981ec51c9c039e3adb4963b5a9d85637e27fd4c8cfca5f07ff8471

SHA512
05b0cb3d343a5706434390fe863e41852019aa27797fe5d1b80d13b8e24e0de0c2cb6e23d15e89a0f427aaeaf04bf0239f90feb95bfc6913ca4dc59007e6659e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
880c21cbeec4763c2329dcc899884778

SHA1
ce117bbe995d618e50d5aec8770325669b9994ad

SHA256
419f688b81c7080ee8f92fd23d0db8786ae07df431e1f60adbfc314a6e5b043a

SHA512
95ee960bbd1b822aa7ffa35bb23e374df7bdfbda1ff0d401b0c329c0af8dd8d2b6689464f66829f71829e77f012848c69e12c8b5837bad140db73a3f16bd530b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

Filesize
46KB

MD5
2f3a9bf38d1c62f7d98245ce5e624243

SHA1
b717005992581c196a3b45b30f0827060e605c41

SHA256
624275866abfbd84a28615d768575020273c2dad86e7431ae3de34c9fd305cc7

SHA512
37c9e46570e62533d913b818a53aff01e2bfeee78178ca6d99a9be95985584c778b66b738b40c1d58fa475c01c479b3cd9b7b26454fa757ef5387bb3ba51240d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

Filesize
740KB

MD5
90db4e75fcc680453fdb447e500901fc

SHA1
d5ecd7d4fc4235839a96e990135c1979f494f72a

SHA256
6720deea83dec9aa4c16ba145f6395d5a649a5f80128cc7d6f7f5934327160c9

SHA512
cf4d56f00525959e89036be400d3c8bd2cf2dd817ec12969bf59221bd6c937c49b3f1ea02a57fc2692fe5a81437f54a92f40d39b39b00be31815f22a1f18cda5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

Filesize
32KB

MD5
6321aad92f5c73b012005800adb11869

SHA1
d17deb8e6f613ac4fd692bc5c395f8266d958a02

SHA256
bceb3a61424b96fa25eef0a87b6cbc1d05c9a519f82f6917c3ad10410c77c2b3

SHA512
48b2bd6e217d7861dffa1868cc6179a16d167a25aca6605bfd543aac95bcd585558d396374b2b19e14278297f8fe25d78f4519af169c6fb5cbeec454f0959a76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045

Filesize
317KB

MD5
e6174261482e3dde0a47cc6ab0859e61

SHA1
422add0a6d95dbd715c096d74d18845b592b1b94

SHA256
646dfd6cc319f9798ec61d6db3dd60eb10eb9de9da1000a5385d4e9648e1fdbe

SHA512
16e1e301b1663360e44dbf72efb2f9f35d2981361a4fdd6219a5f882230b827352e3818d68f3fcddd5098af82542638d2fe430b80465f2d00924da6ea0b3f90a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047

Filesize
42KB

MD5
3cf44eff2da9427f46f679875d873147

SHA1
ab8168e58fdd8db4749cb8c6f6a699c53af1925f

SHA256
abd4b89f9916cb0673d9977dcad128b4456bae2b6036881df996ff0d40442fe3

SHA512
03ab548b17892dd2a979bc3425904534ca97d209a67e6eeb4e1455995a60c10d99e09a3621836e9ccf3d512e34d02f2ae7654210e388bb7b7545c72eca87fa81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048

Filesize
39KB

MD5
74368ec8b67c68703ea2666435050c84

SHA1
d33f29626f1923635bc1735cbd0212bcffea75c7

SHA256
d311a6c56d00b54e99125f07fc7ecc3b1de40d60271991736eb3398f257eb83d

SHA512
4b3d1ff745f6bc517f15800fad1dc3c285c6a545b9ac16b9fcff069f3ddcbe5a23e0e3a966e9194a3f9d38a35523df29ed6424ff9c243f65b1f90b9705c696e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000049

Filesize
32KB

MD5
c967968a175db49d0658db25241a8dbd

SHA1
2cc09dc7d0fa17063a119f84c6b91e8031349a31

SHA256
c662a6b643cb43c5abc464afa5cc9f9484fc77535a0d4ca6c390c04d6dfde083

SHA512
dabbc31c2b9ab4aab7d24a93c4801b6a4fd5763bda43ca64d69549ec1a27f43a6fe38e4f9ea5a506868a3984d4a95eac170480c9928b8f062b2a3d8c6253c7cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004a

Filesize
82KB

MD5
dd47a7415682476e9a59248b49e7cdb8

SHA1
9fb45760c45371289190e4ac150d84256a84eec0

SHA256
8cbd2e0c969e7537c2a8206bed393a40b270aec32fbd493d54ebcc2b76ede7e5

SHA512
a89e3e0ce71fdaa68edc0412c4fdf01eea74308bb9f937a836a2e50d680dd797ec7b77d6de56387ab3500db78e4a7c87b661c344352dc69d7157fe0258ab8981

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004b

Filesize
22KB

MD5
ce5f8af146b2bab234eaf0222bfdba4f

SHA1
5f3b11ca1261dd50aa83ff056dbdeb858d3cddea

SHA256
3eba06d8a5a66b209d8cadd7e7215290d5961d7649a458ea7c9be40acffc4ce2

SHA512
9b2f42053ada800c33135cee04b21fa07c6f9dcb7521517be67e37956e83a0f14bc97319e4f882b3f38300ca7a9c5f3753f088cd223f3dbc5e5658a865ef59a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004c

Filesize
19KB

MD5
49943bc015e9713f646c021a2f9a7f48

SHA1
7bcd637eb823b04c425775fa8c914e8b8f2ac2a5

SHA256
f6e0b13ad81727a0d9317a3049fd06ecf2c473060e9d6e4f8eb564a1d82ad289

SHA512
2203c2dbe9482b0b351a3f70ea0ba9f63dcc87a66d4a4db63a060dd7dd04cb73a73bced407d57c2bcf26cf7ed78b18c7555c87b22db9bd744cb6491cd040305d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d

Filesize
59KB

MD5
bd7d3718eec41214d0e6d4d828e1cfde

SHA1
be505011345ac2c2f1c4776c79ec327be955dadc

SHA256
1d401b64876b2174de22d945698d3d8d750fb83e6df1e0bed01ea2569feadb7f

SHA512
875ae5cc609f0ea5bc079879c1dc56a3da4207f411e09c9456a50b0c6248ae9f4a45362a70ce4731a0484b0a821a93a60233376f254eec3f3a8611803f397f1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004f

Filesize
147KB

MD5
7de4dbcdd5424a0af6d25e0d30b4045b

SHA1
1b0598d14a987f7587321041487fbf2703d1e1af

SHA256
c8bce089e50994e893b9eacb9ceb47d18e7c23bc7f53e2095e504d2bdd19ebf7

SHA512
95828b43b5c6d4859ac09e9c3a1e85b59346d27900b9f3effb7cd4e0b5c825e4b7160274eb8fe4dd3a1ae70fb866e6db3d862e2b3865d15c686dc4b5ada8de7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000050

Filesize
82KB

MD5
8b36b954e5a8947dedbc720664fbccb7

SHA1
0310a60a8bbd7ac385b6e94aec8dee9aa05a6d24

SHA256
069b3e224154172e3c385b5ebbdde887253d596776b74b9fb2a326b875fb718e

SHA512
c2827251585fbb5e24bc38ef58822e8892d952c6e2a90743453502254550384cfcc9789858d66706c86f51c483fc28c23c796ba6285747689940460402b30f29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000051

Filesize
104KB

MD5
349a150a869d4c03c452e94b920df5c1

SHA1
1fcfb0121646054d1d53425d9fc40e4184bfca26

SHA256
85236af550ccf39746755911aaf8c7f4588295d2e90b3afafab7dbbd37510ada

SHA512
3dfc6420dee92350057a6fab990d560e90243690c8a8a5249ed09ed96c0220673b762deaf490f0bf8a6bff7547fd0c35e0af51917f52d137e3cbeddf1b93d279

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000056

Filesize
56KB

MD5
98f731fedc69bacf233d2fe760c44452

SHA1
ca96d2aec478481c9b0e6cb7ac1fd8f957cda8b8

SHA256
bc93a60c92ec3f26caf3403c8c8bc5a945176f2d67e6693c71e3336eadc22cd7

SHA512
c9beee673905e0fb742ef761df422ba5738c125d36c45b2f74b1097d0d935c6679f5e92e0622cc32688f43ce6fd422395239867cf0d559f587883c84203f2053

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
70f4223d8933fb198dbbb0820c577029

SHA1
e37c098d04482a84eeb21f440c88b8c7f74d527a

SHA256
a5e4377b9948f861b75f9770483eadc75b3577cfce3777cda0c64bd5fc2bbb2e

SHA512
d5405d823c8b767292343ff4ae114ef6654d2d28a1b7c5d0ba184e4f9c10f74e1864a195e9a94d427c51b7b086dc6fa6b055d9bab083490d82c0af15e58e9983

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1bd431e228b2a83fa78787f6301d0f75

SHA1
e59dbca0474ad0c276863cd6c5fbb1ca7b365bc4

SHA256
eff9629bc41b678a357b3254e86fe2f2cc0aebb1f4b1a76c35622d4c8b06b8f4

SHA512
881693e4d0c7e99885ca47637a26c68c0587b99ba549aded67741c72c259483e09f6c6cffa6ba8f2d2587d9aacedce9acf25479e582cac2a3e7f31f5a27c2647

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
aaf2d639c60f5755e952de7f7135bc0d

SHA1
46875e5a74d8ceffedd88a21e23a6b7fcb5f793c

SHA256
1ac97e001c5e17dd93480ff77be313a554be7df0dc99afc3bd55db78a3a5ae88

SHA512
3e4fd6343b1c2d3226d98c7ffdf9f61f3d9d2322d7267abfc7b611d453b1d380809579e5063258929d657bb2e522e9a98f3180198310408e87a16a776a829fe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
87378f0463af47725830972a55e46e53

SHA1
f599b6a31a4d5936a2fb41a0a9bfa93348946feb

SHA256
94ca4d3cb8aa9fe85a8791b27b65e1e1a10447b597afa686314ac7c1125a2633

SHA512
07583160f15dbfbbb0b2e07d10db3c509210a9a93bfba9d1b5c3c64907718e27d54f696a78d6de7cdb42161d474f30bfb62e81c67db6a210afc7c0983b4181dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
eceed2e95272ed02da1e42de738aee30

SHA1
3077d0d9fe9d2e7a6404cd2fd92d1b709ce4de3d

SHA256
522fa87860331380b971c87a5eee71328c9f9e958e070cb7fa3b7fab204b2a01

SHA512
57641adf6311d8fefd92c58c9a90c1750462d9dda66c8a70794b1c85c35be717c13e98aa4c8e5be2caf6f05a3c2258c4965377d294af5e2c8df934bc83d54ae4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
9dd44d78ef63fa0be5a7223b9e38f5cf

SHA1
1f3ad7b0fe72254e944983752de8003b55ce7d7f

SHA256
0e01e7bdb68cb98756529129907c32c648f4fd19b60dc1d5c8756301aad7f9dc

SHA512
e1a97ddbd93d6e6cecf958381f45e71a5933e9eae2b1225839721efa7ab8cc2a8f8df76a75bbaa524c4452da5b13ccfa0e584f9403fa52f1d4cce598f02cd1a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
d667fb29e90329b6878d0c1a2191a35a

SHA1
4db4e80c6bb7c7f1d87dbc08c454f423dfd02d10

SHA256
0b9cf1d167cf05c14e1cd3564152c06c34590778e9ae4055c27348b914a8cd36

SHA512
bf7d6cb4d0fd659b0b420738edde689544de836f369f8c49da48c88a1717cdf84fea5425b1ddf6bf5e848b63c6e585e491874b03624db07329cb099613c22c6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
89f6cd4e210498cfcc98bb6b07f6a3d4

SHA1
a71bdff64204a97ff4c65c7db656771933274df0

SHA256
0a0295514c302417f66534a152707cf3d9bce10f3325d06d95a2ba4f85e0b32b

SHA512
7418bddb86c0b30bac0c36e42aea04a578e185debd912d03d01ba6cb0b7083767858d1b3df385faf784a3f8ab3e37cf920f0791beba0c51e2d88a6e0ff0a250e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
e198c23b69f08bd828bf6be1c27043ec

SHA1
46f9f6a486c95fef543bfaaf313d8b1be2283e60

SHA256
80a50ca0571f284d96058ca27bc4d2eb65a33aa777b522cca09f3cab471ea9e1

SHA512
951fab9d0f71a572b3c98d7fec5972bcbe25125a7ba21f7ae694cc058ad24d8ab82c29f628b5e74cb7013fef6daa786ca7ab9c58494fe53e6ccf09d81b380d85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
d9f09620b399c4d5507cce6c5f75eb3d

SHA1
c646f33b0596d0709c756e24e0c1e09e63f1c114

SHA256
c19eee317835f1ca78aed029e0ba9deac9e284f023eeedabf6a03fd0bf0099d1

SHA512
6fd6ef64735365e03bf5f54872b4803c2686a7034c746a4c53b6102c847c4c96d7e218e2db34ded18540aa808be1bcac70732d793bf0e673aefd67c2f63ac802

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
875B

MD5
7656c313f001852f2c783c7e71326592

SHA1
ec70745bd15f50ed45ab98331c528f512b662ba3

SHA256
5269182fa86f148e830feac2953704cceae7bd613261e181f6869e445e51dffc

SHA512
8e466b12b8d5840d57e296650958fc549f158af67afaea32bbb329c1a9d137e067b1272fa12223fb3e8e097d1e9c5f1e7b15ab667d87f031383817f15d67998b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
6f90a0b30d13e22a3b162dfe9166f33f

SHA1
724a10217d6703304daf74276a1289ca3f395651

SHA256
7a9df02c64717541ed351a8e5f70575fb341be4b7932ed49e1da93d892b994ee

SHA512
06ea5649715ac6464c22ca0193a1353b50268bc36b8d76e838cfe7ddb283c99aa33910e1d62418a0cdcb1c0e2c2a549191c899da18a8210c0fd3dcfde6f41c2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e75556e1f4dd95199ac53cc7539c6013

SHA1
7c14bf89d6a2f9faeaf9eb27e1bbc26ef8cc3bec

SHA256
17cba351881cfc6003f75d298dff092493d17477d8cd717a11aabf02fe46690f

SHA512
4d721eeece66d3e72699a56bccf79a834cc192f938e2518d782bc36e41e442e00c20ef9a49e2d757dd222783085ef185892a0ecf10abf9491518e5cd317fb1cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
b2ccab5c99e74566ccfe9cf4ee16faa7

SHA1
438761baf12269972a6f78b7d7497ed8d7089ee0

SHA256
9d17126f193f3227c3b5d00e434b550d660f107dbc43111a215f17f5b7163211

SHA512
d779956ae2b52177aaefb70c9aa7004874f2bf7fac032e31bafb7731a0d5ac501d020cd4094369cdb0f345425bacf867c6ce3b0dcca5c6320760a8c2e9e64a9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a7059af2ef5ad87e32bc52e8960f0af7

SHA1
ac3bab6b4403036f066b98f87473f89f52f8ca38

SHA256
7b941d39eece2155b30eabf2cb63f6cda3a80e48588879c29a8746851fa2fbcb

SHA512
81695a7ab2d6c266e91b587e02e58129f8b5561531792a24d10168a693709bd05a8d42a02db9e3874542be65425dd955fdfda958552765b74603b95ac0f38e71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
03b7836e4cf8d3ff37bc7fcea5f9837c

SHA1
3004d825c19f10db27ffae8e3731d302eaf7ee15

SHA256
ffb7b78d0b5125a69f4a8f78c3851e5f1076ff83cd487f270319706ff646840b

SHA512
4087834898ce6591b05ab49be32925bff2ae17a9b71243f95e243e2c70e72398aad76c43a03728fc1b7340c8b3ffc8317c0fe10aceca2a47544418d5d9187ff9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e28104fa30599e485f0f923b2605311a

SHA1
299becea64bf62a322459d49415b6026c3e43600

SHA256
0822235101224c74f9afef21d60ab49f4cd2c8b996b9bf2a8bc0ff60529a6418

SHA512
746d85c222c9d70c6d355605a3406e60b0cae340d2186a1c4529e7220df6dd17985dbc345cfb042af048276dcf5dd419ffdca58dcfa97835b2d2f1900c977e54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
84544eb5f4583a0fbaed3ed5ce50926f

SHA1
d791c0464bc903e19c362b3c686b00efa2984611

SHA256
962d1dbd79bd9bd73b399276684230b8f910a0c791b1c193bf6e66cb4979d39f

SHA512
d947adb9ec701b3f3bbc669f2dd7455c219d920ca39b6e7d7a012b6f1014cdd2cc82060ffe23d45d9a1167dfe89edb94b0125122f6144f542d44d6ad3762f783

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0a3e5a8604a26e36e20b4b7f9f961048

SHA1
f978a868ec5fa8daee901236832b19e44698790c

SHA256
89f243186e051c66712e3761986ee86ef2c2aa08a2749eaef0885ab7a96781c4

SHA512
7eca8b049052845a3876b60889f8c58304ce13661bed6f0bed488737ff8299869f1a0a53e25ccc6fb2d619e74685801f1de58811979819d472e5befd093703d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e55e20283f578928493f40bc228f3d8a

SHA1
2d1c48a8063f93b7988d3dad33a418104bff87f6

SHA256
fa91303d7f7fc78d98125689d5f2260772a312337b2379a078c03cb6ccece898

SHA512
d14f47f6a4c83fccf9e536d14c7d22f70e36ca82de3bb5d27c75c1064efcebe81ad78d9e9d74d8528ceac0795673dce11463fdb74084a20da7b45bf8f03f22e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f87928b314061d26a5bda6d4b2b83b20

SHA1
5ae0daa05b4c91392fd15519c1d64cab3f1eca4a

SHA256
feea97a3cb7e422c8f65d0964f3ef93fdac1ef29aafeba0ad991e18e61684c20

SHA512
67202bc03bfd3945ad4467fe2cb66202e58a7f23a5fb9d67a64543d6797e57d4e60630f46408815a775f91c41ab709a44ffce9aff3c9cb584c418535673136eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8ae113d721dc9365eec747ad74e7fcea

SHA1
49298fa65014635182f342d3729a9d914745020b

SHA256
52a3d330edd1ada3997b35fcb9005f4aed6e79c1a393f050a3646d94f6ab6968

SHA512
09af9f577d3d51e34751edbe5de2451059fd9d39056fcf4177a6cc6ede3d818e2ff8e7ccb43c412065d29a7f909fa73db41def7f2bfb090b7ff7983c3999b0c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
640a7bf7a77e9d9bd05ef662cea44038

SHA1
3e88337c7a37371caf11fcdedf86765fa36e9744

SHA256
5f17f5bed1d5b0273f436728831669961569e91146f66aadba4282ec1054ef00

SHA512
45f6104e0f5fb1d0189264f2a29a96a45c4cfbdd9797c548c2cfa59e442da5a04d1b910c9718bbab1436363f17d06840769a43a2215bd72d7b5425b783f69027

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8c5b33eac612f22c18dae34291a0a01d

SHA1
4bb2192811736390a4f6e84b1d1b8586bed678f4

SHA256
29450ed4e916ab5af7d4e8a636d50e44e7a84323cc9abf582be138b29b4658b8

SHA512
cd8e5a352eeb7b486fbbf043d25b02ab2499eec866feb8cd1cc67d955ff8744c1bab968e115e773af9b8fcbee55c380b6413311307c15881caeeff2c69b3be4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5c807064fec633a3fac5420cec55aee3

SHA1
17bea57fba2a6dec51d7b87e7b3927766fcfffae

SHA256
6d31990f74d39385356a8299b3d63856ece19aa082fecd78f6df96de447961f4

SHA512
89dc498b7e322b07827aac459048bcad33396fbaff37af45db0874a9268a363f1023538469f753372ad1fa8c7f4115ebb4e18efaa3ca6a426811850db80aa555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5b1265c46c48b3e8c266217368fa00da

SHA1
90276abfee7ec9fc29e4edb32e6f4bab4dde16b3

SHA256
89df2efd2796153866328c8f238d24ae9c76abec0ee22c968a35cd242c959640

SHA512
b4bbd48607d35a2058398f092b28b6e2ecfa61b6bdea0d3842aaa5b6689af2360304cd22048bc76134e7f890279be2bc1c68e2b0d9394e762dcab142e1d14ba8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5f2fd088c71eb1ff3bef8ce6002e9d54

SHA1
98d5c7f1ac95a6d3d1760738740f5bb6e71644c3

SHA256
134212b00514fd26d032d431efd2dd3d183d6f868a5bec01b7431daff1117136

SHA512
b2611934b9f2850b46ba1ab3b2132628ac4052db944b16def04f72d5a79ca89557a1e850ed9aa8a2b9bd2f816b0e62fb7e6195d525e6df76bae243713f6960aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3edf86a76da8a50b87ac50b300c7efb4

SHA1
93f308c9a81c1f82b8ce4e42f2d8302f5bfacf4e

SHA256
257a5f35ec4aae806285d6b0eebb62a70214513b4767737eeda1a285a9cbd9a5

SHA512
04559b7e3969ca47294b371b79c951ed8b99fc8a07a139c8bb16229da7c102d6e973772124f7e8dbb557267001cf0105498e796f2571806dbf2c5984c0d20d5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4ddaa6721a279b35abc1193bc16ea737

SHA1
a782a9b73514bca974496c442b6aa4589bd719ed

SHA256
7591fe022070a83ca6cf74a60b8d6348aae582918e84ffb169b8ff39bddf34b2

SHA512
a8b91f7944a5e8361f33c89f24ec251584f84a8bb0b8488474cd7a25fef84f4cf370aadc1b6a4138bdd457fd1d6906a0f6962a4d591cd27f46a6c4c0bb7693d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
51cb3db1547158022f468d20f3b776e9

SHA1
a9fa9341821887e263a69e1d01843802b8b6e0c3

SHA256
3fdff12d13921a2f88da55844b8474ac8dca1067aa982e6791835e8bb83ca86a

SHA512
9b4b90a82dd905bc3bfe3ff1f91374159c5dbf796dd59e87a7be4c03e6f8fcfb41f76e7b5786fe63d6a42dcacf81ea497e14f1ea709e7a621e3f0d335713dd58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9b7a8b2d2d2754e8f7aee0cca0cdb9e9

SHA1
b2514924533e203f5c1429d5feec2cb458897f96

SHA256
92ddb3357325c62af3764605d662febf8cf0b89315503bcd847dd2e8881eb730

SHA512
05823f2dcf97044670b8258978f2dbd7b3db15ce21719921e75cabda061619d0432bf445e091b72c2814dd47086c0293400878845da98fbfbeb93dde7957860d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\83ea555f-92b3-4e3e-b222-f8a5a4a73037\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\83ea555f-92b3-4e3e-b222-f8a5a4a73037\index-dir\the-real-index

Filesize
624B

MD5
64bb86999ae24bb0a46f105f9cd796ac

SHA1
565a4dd4c55e5916a7a5af1f6a542de5a77199bc

SHA256
022d94003dd5ee644374f375659462da9d28e183bcd9d76b225f3df3a6d10365

SHA512
4dbe91946db39bcd4525291c360726f561d781a2389813a3062f236b6a21ae27f1a105b783fcf01cef235156a6940c136516e33b62c761e3561e1bd5efaae318

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\83ea555f-92b3-4e3e-b222-f8a5a4a73037\index-dir\the-real-index~RFe6cdfea.TMP

Filesize
48B

MD5
11702927a8355e6b796e324cb9d91e3c

SHA1
d3a823d93a60db15d1a2596bdcfa45dd9b303ba5

SHA256
0b87916658b8abeee76857a648c54919388d921ec9482cc8cf1b927d9c499e67

SHA512
36eb2f40b970fa9d7ba41483a55fb4012f61055f1cbde2b4092171628453456cccdf1ef700c9e395fde3cfe9e86d12491bdbb6dd2239ffc3759b34c5b8070523

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b3db2a3e-938a-4b5b-b716-d710b9172487\index-dir\the-real-index

Filesize
2KB

MD5
17f09840f18e1fc007fd16d25a088e4c

SHA1
1d18fcd4107cbe92accecb13c13527ebaf7cd779

SHA256
b05361dc68ac0931e1989e0a449737bf9bc17d5c8131d8675705d47cdef99647

SHA512
27afd73ca50d6f4c2346fa04db93bd72155a64d95d6b647aeb06a06b23917d5d40e0a7971415b432c4e5d4554604ea1056df827c98789ebf12bdca74081722a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b3db2a3e-938a-4b5b-b716-d710b9172487\index-dir\the-real-index~RFe6cdae9.TMP

Filesize
48B

MD5
cece5b30ebb0b864c61d9647967627dc

SHA1
fa9a9869efa7fb867ec64698dd1e49f31ba8f55e

SHA256
59879983db0ec40559c8702a6ee758e5fcfbeb00ee48fe3631769712991cde34

SHA512
d31f41138d8ae56c090c761df96bba2635e6db6e177bd1a9d67e67fc7a077d3ac14d9a6321ee5e4cc4d86aded2aa4e36bdfc6093dda61dceee2bdad74c384dc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
119B

MD5
06c69966add70529470e7040a751a189

SHA1
444812e1f92af563ff542cdcb746aa1053e85569

SHA256
f577ff59a36dbed4c0ef74a0623edf9c2b37297dd5f35465e32309629bb03a41

SHA512
551c30b6a324cb15d673e3e2b7655fc4ac4e34b0c8a5299f7622cf282bb332434b667d0b3fdfd4e3dd4f482773a2b90f886246f969ec88f8130a9a257629f1ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
c773540c99d2681dda52631c5cd3190d

SHA1
04509fb878fbe3eda9fbbac1c0849faf841e5f0e

SHA256
73ff0c3610ad53e781633f2604be54fe5d5a2d52e061478b4964b8c9ab8ed807

SHA512
84827885f1d89616e0a30b044417a0a83c76dd6ec59cb79a89db2b0fa33ddf6c62cf399768af4be501e8e506734f855447041db3d20c15d3055cead8cbd72b43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
58ffb0238366e415c968e7f7b3063b09

SHA1
cb50d3d368ce068d00d62acfe2521a191b55aaa9

SHA256
22aa19650e76e9d171185c034be4d15b49f2e3e32a25140dadcbcfcf48e2c7f2

SHA512
53e0898b25ef1bc1921fb777da31457bacfa2a33a41f21eb61e9b9659f4e397d424f26ac8b8d7125024e7a1d81c2283b7843a46df53d1e552862f5de9153cded

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
185B

MD5
f3792fca9b56772e75b461d5dcf22852

SHA1
2482545a36558b4617fdf7fac9faff943f272e62

SHA256
790e705c1c6f761f722c5c14ce3df2c125b47cd82aa56d9ede802271b902c2ff

SHA512
76b76b1697bf329bd53286265f19e60af039b8a60c0e5069a5a03904048d07187b8df94b57efa4585847dc06e5fae83220125b9ab40103a096db0ef4508ee810

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
dcb8af55398e253149e73b05d5a782e4

SHA1
1765d713590aa6d031350386420b3f3f9d6d3b6c

SHA256
d4f57d93b2c2a44c10a868d07a02421f61c12ae656a01c71c53cf86d7ae5d27a

SHA512
8a561bf30309bb94a82e4650cbbfd85bfca8bc439480fd4bba34facc6fbf0f1ce5648661f00751497b97298906170197b35f6f53550b6ead96706f5735187250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe583d23.TMP

Filesize
120B

MD5
8f026a76bd8dde0b050b79031db1c936

SHA1
72a886371aa8ddf17f65f285170d068fa210d1c4

SHA256
21d46e9aaa5ee115e0b554533cb1be207740aea798874638e77a167da7870fa8

SHA512
a47ea74d9c413b57a6f7b322c70f6cc74d12c6c757b97ae38f5cb6a6d62e30b84da74f9e7fce98b46bc6b79201d9856770244279b3dd2b268783811c1ca1bac2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
1a919ba269b408635e85a8f6f2183e4e

SHA1
b271035996df91a0358c27fbb719e89770d1efd6

SHA256
b807beff0126ee60fa6a97050f95d8aea573273643a2762adba54861e899f250

SHA512
998b7c3435855660430374c500d6dc8b065da5437e00d6495f1c9dee02cc910ed52ed1c502511d1bf1558b20ba764e3fc2dd3b1b26683080e80e9f6832ed4501

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
a2459739f4a380f699bdab95c470cc5b

SHA1
3a9f066e017b4698cd6bbba706bfd951224bf4f3

SHA256
a261da5379caee698f58572fd0e8fc4f278ba170a8e40309c3e87123068357e1

SHA512
2632ad91dbeaaf8c40ae78bb33be19a0ca5c55701baed9b47934042234569f6bf71e0b27ae142e1986c42af09406fb2dfda1c196bce1c9c77aff4084d0347c5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57cdef.TMP

Filesize
48B

MD5
cb486e5b2499e048b06d689287d82495

SHA1
cfdf5bd0543b680f917c2f2fb18f2a10ae92bb75

SHA256
0b66bcd68b994f9a05c467e6b01f3d3f5ac1b42722b9f21dc15fdfd683146521

SHA512
9ee196940f252f47facdbaf6185e038155bc1618f9e5bfab63aafb323b4a861fc43e4727859b233d7ee9f509875c83fa6a30e20531eda1f76c9ce09740aba5a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3420_1175255015\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3420_659909322\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3420_659909322\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f6f86635-c5cb-42f8-8ebf-6c03dac78223.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
175KB

MD5
24ad9dd89a9e6fa4284b1b796fa3b0f2

SHA1
101bf9381f0bb1ae3b36e529a08c49cabdf49ceb

SHA256
b11abf7caf214db3a0caa98f1988692636da9726674697310da77db4921fc182

SHA512
422837c719a88062e7444c655bf332fccb978adf0fbea5920afa39d7ba689d345378eebbe03570677a2c1728b0fe59fcf4fd3503cebf2697a73d7e9a26b1e97b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
ffbadb30d3200acd4ba03b2a45ec8156

SHA1
9ccde0af9e829b36a58efb0b156da753bd5ffd39

SHA256
a427362edfc43fe71a2aaee26dd533d48e4b23ea441e6dc40fbbbd819e2669b8

SHA512
6c9643e44d91e05e339dc5662d886f00d8b0d7b977899b31610f35a6c756ccf587ea7e0d6f6c78ab3550c23e5aafb654519ccdc38be77e70e314c6d67b571d00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
d46582382eae7659c53e544e104062d4

SHA1
683097a061dfd4ff1894fead74086eda24c72bf4

SHA256
857a550b32064169badb929579a6706e228b236d33837e43f8c8656fd26abb0e

SHA512
e37896ccd02c8efb65952511095d9a160eb35e1d5acc13f4cec297997ac541d2bb74c863a87de1c248ede13b43f9630ca90e6f3b87fed8534cf5699dd5f65d9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
7ef9df608b7814d5e06d2a2aeb627d46

SHA1
7b21b41ebe6671e9abd9a4ca88dcc801d5db2982

SHA256
8de7c502b41bbacb44900f5dfda4faa650e156b9bfae847418a4f3e08f2d3f1c

SHA512
356bb896a9cbfe0184079241fa391cbec9dd62de3dba71974d18245ea69f3b323a6eb11b0f7a1006b00b393062dae055d5a59fd22c37c2f95314425ddf402aec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
175KB

MD5
93dc025ba581ab418aaeb92ac52e6323

SHA1
65fe0372b999c83c9d2b9a222ab306142a287283

SHA256
580c287e7e17e96ef1ff7e0caa6c3881299f94b2ee2af841287043dafa220bc2

SHA512
4f799009f0446e91c88fc4a90807b9c1c0a9d1eff68db8d254902c8a0497de90bbb29938f1ebb34bc0694314d7a269a1fc06f70958d4794f9e9b96c08ae8c62b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
b88133c86ea31841476b4f53b33a9f9d

SHA1
f62cbff120f8dbc60dbc16552c743f9bc97b0af7

SHA256
e25c1e937a69796aa3499e069af5abf876a3cbb276744b65cc04d2cf33d5f9e3

SHA512
099869ac538a4a2a6a238d98d6e1e860ecd02e5b9f34d7082160f8d574f25f1df764de044eecebf22e333b6c8b2a7f086fec4a93e90039d14caf17683b67e91b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
699ca31713a8a5775ff97ce82711c4d5

SHA1
dcacad62f769512c7acdc021a2b92165cb328da8

SHA256
71fd28e1c5e0a57c921849b9f6cf94021acbd010b6530c8002201bda8d334189

SHA512
f542d74c2e8cfad1f3cebcfb13c6237ae8f39fbae77806f7dd926111d026ba341687760cbc44bafa8fa2e4002ee688f696a7c0b591ea003566c073ef22693cbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
175KB

MD5
2c47a58f72b699b0b0e5ed0ce1a98836

SHA1
52b6a5b745d8eeef3747ec018a1470895e1aaa36

SHA256
a2f2692f03b80c8e49464797d4d0a22ac254fe8a1b535fd14d284529ccfa3950

SHA512
efd3a22e3f96c9730aa02d7bbcd2306b537ddcf6b453f5253ce83c69619e8a5cf95c64dc195af6d2569fde11ae6f3954bd3988f4e3d03b50817e4d59d901bef9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
117KB

MD5
828ccbe1017f9b658bec6e68df4e6395

SHA1
3da338885f9d6b2333157f045cdcc1b3cb89bcb2

SHA256
403311619732e4a81e09e3a08303ecd1f8ef2d0a94f857540f8c4c251dd24879

SHA512
6159b207eb641451e15c1b3a1e69f26bf2d85826112c0079a17ba5daa9f695b071f54962f17454942b7f2a904655db08f6deeca5e90070bcc1d2203832b6620a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
b3cf28d22f0d6ff6fe1223e4491aa4fa

SHA1
4d77836480aa12056050f649fe62d5de0086ce5f

SHA256
78971fcddecbc5944f16d20653183b147d0ac5973f78b26c98a1db1d7e0036ee

SHA512
b97c102b16772596328e3ea7cbbb612131b8fde325a243fe5eef7db92760d55854cbd160e7a58148b2100828d674bac95f07f57215f855616761c96db87a0a84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
609b046e1a7cf55680825484f7403eec

SHA1
98077754a710e3d5755fbb4034e7bda4bbd92f87

SHA256
46f4cdffe60a1b7b7851c50dac5504a036e005b06590346e072b106c1a3382b3

SHA512
be0f0467a60fce9ab4e46efd67461f5e0d9440301bdb546df339f2df83577c1cf7212bd47b01db584fdcb50de6a6845351a756e678bad5f78321f7ecdc420899

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
119KB

MD5
4abacd6d05d856256206bfe2ddc5a20d

SHA1
b640434d5fc3bee55b8281c43e5ae5eab27dbf38

SHA256
3a7072f23e7864cc5e9116047d75e2a4bfe70d2a5513e8154ecc2bb0802396a5

SHA512
f32c8bda62285fda8d867c935fe58e0ed5baaafdbdfdf7028863d5a07eb630a8112f82b830eb92e08622aea2c5e04a3ce6898d45a300684ae1aab168c2cea3e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58363e.TMP

Filesize
101KB

MD5
a6fa7ea7b5ad1f22f306311e3935ef6d

SHA1
c0582131e8f0bdcf0584220ddf493df13c7e4156

SHA256
080f77c3854f0c60be1b180f6b9843acdbc4e0190a7818b07a9d10fc81967071

SHA512
5ffee3fdf103446cb473d0a1ce522c40a175b74e95615350b5d87df226b32edc17173493691e18c71e4fe958f2169f527fff902a1ac1c460c41ce9704d64dab0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
abe090cd17173ba5242d8c640deaf8f0

SHA1
1bd4f20f68ec212f4203fbe883d762d7c66454bf

SHA256
64cab75096dc7d93c9f2bad9906d4ff0d7043ee54dbe34809db6d2d45ce8fbf8

SHA512
0490632d4138c9f73613e0a323a034cfcb7be4a6920e6b510cd3fb8abf3730e4fbb5ef4b889f48d053b3ece4fdbc974dfe1253dab6ce625dacb843d3dd025474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c04e0085b8904a7a9031a458bd2e7160

SHA1
952cf4bd5e43fd7281cb60ccc829c71d647a5999

SHA256
9ac6fda17460b86239c17f2f5c2721d011f772adca1559787c7b750b4cdd76f5

SHA512
0925af33f4904c9d3539e0bad32fd9153ed15b2b9376b48c04a32116a41be5289ace18ad229ec0d078b8c546ee8b59448d380a6111b71c6b4e1f32ba04ab47ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f6f47b83c67fe32ee32811d6611d269c

SHA1
b32353d1d0ed26e0dd5b5f1f402ffd41a105d025

SHA256
ac1866f15ff34d1df4dafa761dbb7dc2c712fe01ac0e171706ef29e205549cbc

SHA512
6ee068efa9fbd3c972169427be2f6377a1204bf99b61579e4d78643e89e729ad65f2abcc70007fd0dd38428e7cd39010a253d6f9cd5e90409e207ddaf5d6720d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\157f5ece-4a1d-4f26-9a26-e5c512394d81.tmp

Filesize
9KB

MD5
2a3250eb8eec7246fa742382c0a5909c

SHA1
fc6b48b4d8833fd88f518c2dd11a1daf9b78f1e3

SHA256
bc3591b55ba42e9810c3f78e7852c1b8437027c3b5a2e17090df398bafcaa0aa

SHA512
c7294edc05aa7729088cc49b4cbd2afa0d8364616b390838c8da6dc88e5a6a1b90b581060e16ad58160d1ff3e52273471a06a78a6411abf2bc4e28d9aa84e22a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1776d583-3375-4a19-99ba-5b168eb6958e.tmp

Filesize
7KB

MD5
59483bfa3f811ca54805e560213b02df

SHA1
8309e4dbe51ba352eb915cc4662f66de1273d48c

SHA256
dcf770f2930f6d76211d1d3ef42728eb01a7e3522f0596b76f1b8714324cfa06

SHA512
22cdbbb683b39d3e7bed725aecb2ef0363bd24e3898923418750fdae9e34f8317723152233ef1d139e69951a9de03986c20b707037a4aaddee504ad3088f657b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7333a554-0a3b-40a8-a4a5-8d33ee29bce4.tmp

Filesize
10KB

MD5
cb4e683811f717939aa8acf4d3cbbf2e

SHA1
7e1f0ba6c005f514285e37f9960e0d37b06de2d0

SHA256
a2fba3c2d8cea7d5a7f8997d398bc26e9a413f40652cbf64d11012a7aeb4f86d

SHA512
257c1815225b9b00caefe13d19cb75d71cf98453359d548cb6609c48466b1b94cf7c6e5e2d11f2e126411360da31df9a3b6a5ef8254da4153d2b54f8ef8ebeb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
17KB

MD5
b16fe16341cfc5d5706c5c32c74288d4

SHA1
ede08fafca0c938aac4e857f9d6695e77e50533f

SHA256
9a945fa143b6bba59643b0392b518c7b6f8588df824ea17aef80ec1051fff8ab

SHA512
7d61330b8981c39fdd68112bf1086b93fe5e196bc9b8e346aa30d27caaaa8aadd81838b8289c57ba64ccc68c99586d91d64c85ecdd57dc30f8585348c417e279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

Filesize
18KB

MD5
a11683f8a357e6209a75a8b370a64d0e

SHA1
e604d87484993764c8355c7c41f0f2958c66b5d4

SHA256
a12464c93e9fa5a774b30b54a10472c109e07fd924d1f5caa0512aade93968a5

SHA512
a57e75969b1f99bf1ea7d711af37320e52076eaaf6424eed252142c3b93e0224cccf6a28364323e1525d737ec6333093b3df33d8d35d7807e2c3d007fea33085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069

Filesize
18KB

MD5
18f6b64d836005500de26c468dc2e791

SHA1
387028ba4f862ab97177c42745f964e38a33ca44

SHA256
dc7317d3509d6c72a038e815786b50a0f48bab6caf76c959b39dc4947669c70a

SHA512
d569c35e02ca226df0cff4bc7c65c960eea7c954291fcb0d2efe927ad32c5fff7f36978e8a43f7f584219baa84cabaf77ae0a9bae7c3006483a743d1c1137d54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\73ac5e392c27f225_0

Filesize
268B

MD5
e5f5a5bcf4ee37e57d50b361ce48f696

SHA1
3e22808a75b7984dd60dc7f9cf6bc9d70362e61b

SHA256
e2402cadfcab16d333d1707bd4f2a2aace2284574bd293a135f9c34152bf2325

SHA512
60954ef260bdb659ecc7190f51ba0c8ded7a4efe23cd60e089e5c2fd31c291caf136f2b57b59daa0600b1925f6e7823e39290e47b6a56d3f47dda6d8e4afdce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
b35572bd3061565b1880939e4fb4f627

SHA1
450ccf4f1b26a11f5c9b5b0128845e393931fd33

SHA256
c8b4281a4b12d76d00a4dc3ea85455a7520d8e354cac95672a7c678606bc4901

SHA512
84fc4cd5bde3fefb27ade7201b20934387eae2b3ad24b48a45c557602f42a73acb51b5975c955e47780b6127ae953ea82afc7793beaf29391a42670afd4b5cf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
a915bbaeb0ae05cec85cbd04235c5ebc

SHA1
082912ba153213b8c5782c0e2cf1480baa03625d

SHA256
3599c0d603555755a0641020ef33c9d9462bfc537f760f652e1ee6564ee57df4

SHA512
349d7f9936e267c68eacebfca216de087279f4f7ea6280cad163ed9b401eee44464aba33a387f491796f3d84515e0fd83448410f9c44d9150616a6a429c13edc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
857eb184bedc5bde01987965279a3888

SHA1
5fcebaa90dc72fb53430e83e6da20b7713e05cc2

SHA256
21a0a528d329a5db8b56a9c0510bbdfe3576c4f30334f729cb243ffd023ffe56

SHA512
8cdd2f457e10b866957948f3af802d2060e30ee81908a646e841433ac46fa517786e5763754df72607d4eace804623bef7015c5f64745e51e12f3729e4216ae1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
fe83267633c6c07575d8157c1b819b04

SHA1
6b23bf4a02a134ed2ef30d36233c5394060e09ab

SHA256
d9120e7f866d65a046ba95038e23bd64a65ac2c01e146251da0acb98d5e8c816

SHA512
9c18b798f44a962ac6e04a7ea75109f153bda6d0c3bf07cc4225ad1e7199b060fb610e06a23b47fb772b718f1295d233e9351d5505a8a44d76d6bab4b026c6b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
f6b211094c9099ce8efc6d59f5ce8da7

SHA1
1b75904680900d2436b4b0da31417ab7938d20a1

SHA256
eff2128409619843a8f79b22689772d1654168bbe27309b23fb021f244895713

SHA512
acbd36101ee76ca1211fb09fe397a99b095b6342758fd6eb9be8dfff0139d47112e02097ec06bfb47b65ce9c2bdaf09055b818518cd18a154da70326975f77aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
aaf7651579bd79cb2612c08e7de93beb

SHA1
8ad58605dd31fd33f7433db2fc8ec4031ade580d

SHA256
8f04c56b5c048c62c37e44b2b46a5f0de28ca8baafcb91d3d712973789b1dfe5

SHA512
a5b8ab97f77959b6c6a9abbc63e33a86ce864c2d648493476eda79d54a5b3ac8363874fc74096199efd24cbef9404f43080ab85645ce0691017097c14bfb24f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
9721718e5df1a5228999ba6f085cf951

SHA1
6f914d14fed4764a6e84c31ed26bd89cc64e96cd

SHA256
f80910391061df390706d50547037fb5a7b19ca6a87af25763f8c5ac65e26b0a

SHA512
bd7a13631e18fb0d4a74ae8baecabead817ddbb8588ab0b58a94d57b2fb4f22ac483a5d91541e5a48486f7b6cf4ef31ff9d09170d195238345cb288795645f73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
df1894292d5bb2c0a551b988c3fabae5

SHA1
7c839312e610606d8dd39f1fde4666be8beb4990

SHA256
d70af3c25827b858cb0ef5c4e70a175d097f5d22a3b529ab9529ae2e99bfd751

SHA512
218bb80baa30546b3b68f75e7fa2b6edb370ce2101e0ec0c987ba0a7b987002577c8e89b58c0e482fdbe79ec2e3480dedc3e70e026c8a7cb7256b20b6bf9a1af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
9b304338a15e420664bb57dee1077d9b

SHA1
316ff8efe5762784ddbe403b05b25a16530c7780

SHA256
99cab548b815a2fd43c82e252863802fa9ab76a4b07110b9d47a15b728fb52c6

SHA512
4d1dce4cb5ff38a4dc335387d5fe857d69457edc55474b80b80ab98bd3d6b365d07df7b5b9649624efda1c217b1750738ec5ca1b68d54f74ef79192f13244ba3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7e7674ddc1e9cfb0b07c9c6129737ea6

SHA1
cacff1f07a5989b04fa7b55d195e68bfa89dd9f8

SHA256
946985cfa7f1e53aa9c508fadd8fbe674904e57c19752fa5d224038060e71af6

SHA512
b61fbc8e962047128407c4e1a643f8c8892b0d606db2afdb6cdcd16ddf36c863392738aacba37c9a68010f6f78af33604fc83a33eaeed5d8182ccd50cd104ed5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0aada7219e6d865cf38abab13bd563aa

SHA1
95f181c7ccad9a89ab174adc0cd6f8d1fa4feff6

SHA256
c674e56e3a2e769c2978a64e68e02106ce39f52439da7ff27e9db16c85387c68

SHA512
c451ec050d04acf33675228e608380fafab4f102356249d790cbecae1be57aa7636ab4d60299b5c402ff85a69d32c8e2cec9a7aeb8da4100b4c6572bd4ff480e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6d589dd8014f661127e40cdb0b96de7b

SHA1
288cfb57b5222689c9f51914c6de86df144406fd

SHA256
808cdd9d00486ccdc7f2000b6a43e8e0d31c56fb45b5a386670e9fb605255cd7

SHA512
ece776234a42a6ff7324a6f1115a931d3f35e7864e125d6a1cc8b56cbe6148ea8b830843ba4b27f65e164609592768a69d80264ed9d0cddf70fcd33bda4400a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
29948376cb5bba15878335103d869acb

SHA1
554269ed38f8d9573ad3cbbf0bd89e34fab7f84b

SHA256
0b9bde98ae4bd1760d97397351d0e9a601d80776c905f4023513662e40a4a264

SHA512
b6bcac64cd2fdfce93ab5d0ed1abd40908866eb2fd5a2143a837f695439d668881a04e8176e8e88bddefa951ed7f24b8ea8d523bee62878d449ead71e4611723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9f7d1320f95490441deb77a03ca9eea4

SHA1
b5555b8de279e3d4f1da3dd6acb75447cdb3d2d7

SHA256
860b10f166c8b876dabfe967c423a5d9b308254136887855f6d4b626faa8635a

SHA512
d56f865c5ff081f988264e12c1e9fd1763fb07ce0e564f95bc1cd64bb91965c324f04ac84d0f48a5ae78f1d0dfbfaaf2f63521699ca2b4d96c4e49150d8bde0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7812dbac8e1fae643bca68bb2de059b4

SHA1
e059c80d7a09fd0050d6cab5991cc4d455067a6e

SHA256
fe012e1be040129e72d4306c338759deb176e60ada936c99736e14824def0526

SHA512
3caeb27ade0af54aa910d2203fabd2f0fb9b8e161777d1e00f57b361aab6a8371391d4c6d4943b85a20718d44fe4c51c500a68ec82ef867418390384e263cab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6bc7e52f4bf6c9f20f1235243374ee27

SHA1
8fa33977fa644cfe13a8f30d7b9cf15391d09006

SHA256
713b9aaef16e2fdb743dfed53f742f23ef9b60086778108768365d76a3de9076

SHA512
5bd77429da16f131018ce7e4e6c3e358c972f2fc3df6046eafe580fa106045dc7be01bd2d73f9c7413e3ed30c33cb26ea3ddd07bc6024cf15e8061d019cf912a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6c98e01ff088a2e7af8e9cc440bab64f

SHA1
4f07a57f9db9c902d0ecc3255aa68b6629e4f0b5

SHA256
768efefafca9bee78b4fa2cfc4f993ed64a968d2ab90af66db303f7060ccd8dd

SHA512
dc08df0f4f57504c663bf7f9d0c19a3d087c6b059f57e980ce80667e4c33f1426d75c92c898d5be1024653155ae5507b3a6b93bc15144b2965de51a4e4dcc2cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
326b1d138ecce88689fe4c4b767e25df

SHA1
6142766e86708bfb553338d9359b166cf5a1ad83

SHA256
463f7a64730cc50a71b03f8d3316bd8babfe16d2837f67dde03eddbf0cef0a15

SHA512
32fbb154390f671f323aaa4b2763a88c0767024c7813999d94a0da9ce17619d0626efcb27f6c4c5ac9415b23b1369dfbd792ab61c1b555614f0f00df1e1ff5d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e7de523eb5f7df3b47b51de74cc6761a

SHA1
f0d3a9f80ed4bc9c8ec816a7796b31ec85561e8c

SHA256
80c9aec64d38a0b39547080766f4c7e0b81b0411b0d1aec90fb1faa736dc91c1

SHA512
18e4bff247801d4b789685c969b6048210fa96cfb98fbab286f167ee2533d9c07447bed61ad563d3d94dceca5be219e59b8789ce69ea0a25c798d81a3c95a2e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d00e9af96c2e2357a9bc04e57c9e3231

SHA1
3bed7fd293e56792053001aa61e963042e6dcfd4

SHA256
fcfda591ae320d680d1f928424a0f7bc5ed14de1c238a66847938d465dd0ed39

SHA512
225b5261c38eb9beefbe9eb25a61b3bf6d69ec482c57f2b1431732fb5de75d232030f6f365d03536787bc0765e253313b4c9bd0edcae99e8625252d2aec0a308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b31bb18656c6ca0598ddd4f6d0c3c38e

SHA1
d3f72c8b1612c464cfa456bd318dbe6652ce89cb

SHA256
08287fccf152c4601f7d7f0229a0575e901e14806a39b42b7e9623b2fc97be7a

SHA512
ec3d9f4b0b4577c4f7fdec2ff935a3a4db936b4eec8390f082548bbd67dec9a6d47a72f2d1e01a3a77f58a7bb40258ecfb418497dd0a391f4736aae66e582cf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
b5739b2dad8ba27cd86938a6c4d725b8

SHA1
7adfc02f2827b013666e4d428caddf542dbef7aa

SHA256
2ab01cc2d75069066b197e7c8bb986860cf1ad2ab209a1c5f35f183006bdc4c9

SHA512
3a8de5969f20b372e3cf7ccd3c7b00c86f91ea99c11c7e4284f282babe695fa2325ef96016c4a5ceadd4ba8b8d450ac3c23048639f1593849a694416938b0c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
3589e5bab2ffd4c56d711e647c627ba9

SHA1
772c3b8cffdce956b761081d70e89490d74f1c27

SHA256
05031135aa2e98ad8cf77ee99db9edf26e428558bd43df4ebd32b8f206b66dcd

SHA512
3e24264f544e695c6bff6069197e7d070d2be029fda224f45674688dd73a04e346ddcdd6ee5fc1493ea66fbe463dacb6bc74c8fd1df287b1e932a89b79faac42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d0154d45d04f1d5507949264ff5bf58f

SHA1
292c95e0ca17c1b4c4cd7f61ed0d5957d6b2139a

SHA256
d2a8d366cd93113ba2cb27b35455d5deb8ce50f3860605fbc108181c8c11ca7a

SHA512
e3061e3898f6cb016ac0a8f509d3a7f32f2ccb4381dd7291a977c55c0642789754ce5d30e13b655fbf9c0a6c322a647d99884c04279b5e5ed309894549917016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
fedd3d60710bd04af52d9e601bb677ed

SHA1
71deedcf72f311197ee27bb859ec1e27fbfa789e

SHA256
be8a670aee4b358107540c767c2881243d0d958701b9de03bf5fdb34c47b945c

SHA512
5af459e4a5ddc94e30613befed3e523a0575936a3f540187485986de0c2c7e586e7b47443e60a8854f70dda88f65b6edb6318d408a4f2739b2ccb6b04e91d570

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
56603b6eaa725d0876e5fbf0041e11ca

SHA1
91ab83e9acf3cb33b8b96063813bc38da669d1a1

SHA256
f218fc7153fe9c0bfa87db4d21994ba064ba6ffeceb829486c8278af0a95d60f

SHA512
f5103b950360c4c1d84291182fac6d6501fbe0794c917b84c4c75fe3e33d74c618005cbb539e262f3dbf5d50dfd670484098ca3902b25a62f9743e41fe3f9b9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1add5086086e88f2ff22a2642fb94fa8

SHA1
d4423690b8c4f7d53dc37b4b6edfed90392b83ac

SHA256
ab604e07fa877001f3d24a5f1a2ce10a99da1776bc31df24403ae3e2c9237aee

SHA512
da894bde446838ce5e3eeeb9319205a421e992e79071b1d2520c5c5edbfe4e1447d035064c15c1bc5d7d6db3a77097e88302a6b65502765e44e06712fe7605c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
80939ad03f24c32b5218c68e57e373d8

SHA1
d39754e683dfc076a2d7eecc45c5dfb837ff9190

SHA256
106bb242bb77b200a16dad0a6e4fd137b2422bfa4a0350f445d2cceeb958ab2c

SHA512
24060d3f57e58cc5f700e1d0dfe38277d2d742d4bc82cc8f49338f1926a1175a681e457ece1817c2e89b235a11ee47214002e1640482cf42cb94e60a2040350d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a8977537493222f0925192043af81b6f

SHA1
727614b71a99c1d72e5d7547873a69b2ec3ea377

SHA256
4cbc84ea3992a4cfd78fd1500a8397c6752562411c330d128bdac70a5e2ec1c1

SHA512
61ae5516248798901bb56d29781cb5f3935ccd7affb7b70227d7b131be1512e26d4c52826209c68ccb1d7b06f5b8d9fd5cff3120cc63bfba6080c89287426cb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
edb08195905bda61750e92ab07ce9a1e

SHA1
f2e297725ddd78cbc89ef553eb88256b1beb572c

SHA256
ace3ac8db2cdf02e08157d18917d547ee872bef4fbe3db46b5258ffc39957852

SHA512
5f8b39b8d24e00a99c57fddc6104b53325f19c129545bc6485da159bc2b053f0c6f84e88b10b3a32a8392c3ce84fb3d90bf08c93a1d759bcbdbc35ba07a871cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
baf17edef5733c3c089815f4fe4f50b4

SHA1
ff568a8f427652deee51456a1a978ec47fd14dca

SHA256
d182f5ae885fae3f83a3c380abe20b96b2b3c7c037a93100dab9012d3a462f57

SHA512
799fd420f476433d0afbbc6c79f8ec75655e842448982bdd4871ba9f8d76343213e7c13f4f0453503fd6b0f114792ff0bdf27a873a28cdf9ea9f92cecff88f9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2bd8a93eaf58a3b0b6945ddb7c007cb5

SHA1
26a151f7346c9794a3753cbe849c29a8f9f8b0ca

SHA256
95d303f7398c20206044377868f2787a7e88197f8c5b87ae7adddf7c7bf58f7d

SHA512
558050fcb42203b64622660743449dca3acf5d02777004fa8826c5f589e49a34d6b08bed58ca76f380e31306c5c3af34fea69b43bc42b644ffbf822c9f42a94f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9d3fd26b0e9e84a43dd6a2e090897cab

SHA1
dfe75b479bd35b74ee5a1f84347628af0ef21087

SHA256
9c866ebf85b830061f85083680f623339c090564a85172f98fd8d57944442ad0

SHA512
22b4767e837f178b11ed0b49eacde5257a0d6c3c3b4d9584594a3523095a06a989f8101c8e3aa64443380830ac43677594c6d612960cc9b3d3cd027a9546cc81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
3aa569bf634489adc6b6599aa6883bb5

SHA1
219b86155f19ca25700fee33c7d5f7cf032da1fa

SHA256
75906814ae42cb12d31b38d6ccafd46a1508c42b24fca78d384e85a79ae2c008

SHA512
2485cc5a18ec20245670aba43861c1822dd37a57d0071ad829f08f58500f938093af1ed9bd0bd865a4759bcef554b30b22ec24585e33459c2911cbcd9f22d30b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6343744b858837963cab534553920c4d

SHA1
eb0634a4d904337bcd12c808100bc49860acc5f9

SHA256
b7157a963805faa6969c3535bf80bfb91479dfa1cb73c77c86a13f89dc412f9b

SHA512
8dc3fa28aa79b457761a49ed1109e96986ca31131b90c828c66444f1441fa0f302fb772e97e713df56adac2d5834810be075845705b5665bdb580ffcb6d17616

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a9e6ce831c15026cf4dc40c935c3e09f

SHA1
bdff0b1c3c61b766370b14c48824c7d9d09795e5

SHA256
f6f8101c9e39bde7d03b7b36a842e30adeb36650e6ab948b1169c047a19c09b1

SHA512
5e1fa7df51c4f659152f255eef8254f6bfefb2398027bda63dcfeba9e59c0b054746fb9210df373806148c844257cf1a8615ad18932a92794b3ab335f121399d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c39a8eac138b63e386ac45a91ef1fc98

SHA1
1905bd2208ed2d29623a539b031e7884ab78180c

SHA256
335c8d9348e43eb62398856b39ff590764aca11e81258a2fe1bcc6e5f912d4d2

SHA512
78bbecfcd7790dcb09328a818168ca8079a3b22177fc287a167e8ecff2e1d02807216831006d755c9732566b183a7333345cf3547d603aee8ab7dac1c1d6b859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ad6d3e4e74b4faf169175009bc8a1516

SHA1
b513342ade265a2ce9cab5000b261b53f0a56732

SHA256
cf31cb4a5afe0e6b4c0552c14d9c0dfdcb5245e43646263cc38c6292366d271c

SHA512
b7692c9421c819573a0dbb83eaeca88f76fcb6420653c0d29411b6cff55cbd0c9646d9a11d1d7d53e80d5a4ff9afcf89c434bf2fc24745bc24e9827c6cb0d160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c51af42e38172c46243348b8ded09b2a

SHA1
273cb47412960be5419701e47b92d40bda4e65fa

SHA256
1ff532b1b4994ff4ce974c081c146e7ad4fad894ef1055b54665923abd60ee89

SHA512
f0a6131e8de1e1d6d847b6e60f371c8e49095f7ce7e6b1888363c8533e34abee79b904d170e5ab4d314bcaeaf7d4eca7e8aa0b6380bd0ca07144674b46df86aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5544c64f2a8f49dabc19eb84267b1c9b

SHA1
c5b78d63a8bab1c7b985f7ea2f268d0d7809071e

SHA256
a1fcfee2974a77e76a7431a2069db301861ab42dd41769cead8697f41f5a497f

SHA512
38c80d7c810441fc87beff38929473088cf426b0a25a30820d8a060f493350d99bb8521b314afe00578ea54648fce2aa4e55880a83a4f1048c56307991726565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
48KB

MD5
471e264c4e1d32b0e90e08ca06fd9c7a

SHA1
56bb0e9bf7fb43d55ab4184094831f51de0250ed

SHA256
d60b46e722d4672a9f51aa1e41644d07c160c0109ef50be42ae743ac6ecf16d3

SHA512
a3f4784582b6d460577cb85ec940c2522be4ccdc9ce83289c548355fb35d49ab6c37a2c257cb67d1faed7e503f39415800be76bd3253b4e00547db6b71d327c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
33KB

MD5
6f396cc425bf828b9db6ef08e7555304

SHA1
024cca1e8db388baf8d053c1f79858005168ab07

SHA256
9e4322ef70aa2a5868379a4bca7702d7c2127aebb5549b8c753cdfaa9421ee9a

SHA512
3adbc3b8d613771941dedc0ec15d4c05b84418fe59e158d67ec676ab20d759d62964da514ed960f057659f8679233b6ec08152d3070aabd9d41fcde5f3d5c56d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
670d56ebb76c5e559074004678d4580c

SHA1
e9f762bc0740889c038bff37902454ffcb90ff0c

SHA256
83c39132921f484bcd2b213ede4f7ce521613e65f3fd83723ff76d44245acaf2

SHA512
e0df11fda4e785b64f2975453d8441798c3a66c1df2511ccba43c0ab56012238cad29b513607dbe13c0b41f50067e674c945bbf55cda92a0791d05243f319478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe807ff6.TMP

Filesize
72B

MD5
3818c61b796cb3fb2edee253d5bf8e5c

SHA1
cc998333aa6b39ca258600b03c516896a8b841e9

SHA256
785876e12d3e6b02b148de240e619af99d01ba8150800762d59fb5fed6e19a23

SHA512
e127b0ff8e83697502de57c749c56bf29004a9083eed9b572ecebdbe910bf8d9550f763293e8b03343d0881d7b3d1bd81072f9a5e12b65f27b82dce1740d724c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3f5fa2196e98eef8c6703cb9849be7bf

SHA1
ed42f9fa02ab8898e502bf75ce0a4f104ecd1f60

SHA256
b91162743cae621e42a7e8105262b47f6f88b33c60ba1f07e07f2546adb5653d

SHA512
2b958d01654fb1c3170b23f2307c53aa3d9d76b3a9404bd756b00eee332dd8f5ed48d6e1954dcfd6b44e39ab4c76ac96c91db9c1a31e08a04155782245dc70d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
58d66a67e95398cb11eff881821f3b77

SHA1
b6b3831067987e22db68a85d7844caf039ba5e85

SHA256
e6e315630ad2d143ab012bba9aa48bb14cb1861cc2eaaa5cacdad120275de378

SHA512
54ed4a0136a839e58f4a4f4df2e7b49eb390e0d4cfdbc53d6a773e30f6f361b282b7b84687a8116a482bd707fe86eae5953d5cc0965f7f6f804f09fd6f07fa5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
10f5c9f4f0ff4f49352c69ff4febc614

SHA1
e7946001e4229aca19f5581044c4b0e4cce005cd

SHA256
de32200e1b50736ddb3a5d292582a1b2bbade8a326f3d406f02c495fe09d13cc

SHA512
f62d9bd91c2752a4bc1c8e97ca75f1766557b5e7e45c7ff535147a7baafad258f3b5ab4f5886eeda253e31eda6f7c91c320aa4c8987ae63261073e128263ab14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
25794c160536c4ded883a2bbbfb1d6f0

SHA1
647886fcc2d2f4a5db0c79aeeaabd81c0292ac7e

SHA256
0b2c624b8f5ff39c1ecba0579224aa1ab7ff2e3942e86a6a6acf4824092b994c

SHA512
c7a0a2530b4e3d600b919491ea30a4e60dd3a50f42715578520dd283866ff9dcea8e450911185eb7af8ba4f58a88fb4e12eeddf1a93557ab4bbf3204f4545abe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
33da373bfe1bcade014b74d3b46b1b1a

SHA1
037cd966a45a367a0197e3c0c0b77f6cbc3917fe

SHA256
d5d99651b53e35af57fe373f0e02c794675e3cbbccb8e682908c4024fcb9de24

SHA512
16fcfb794797e556c4c05baa9b50b7fff1dbbe947d3dfe202cf4e2c8c8258440d3e5b3de3f65b4c77d3efc815da4cf92748e64140dc620c1cc5fdebae714beb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
59772d347f43d6a4ca9a0204a851f3d8

SHA1
0240da67c87f480cad4e2c70cbce64bb35714acc

SHA256
22d966e53a3c489b47bdb1b4f9b75aa5d6cf5aa8d000a88a2ccd25eb3935037c

SHA512
82005a979d92189138c4620eec2851bc2952b704c68f5140d6d0383d4c964bd134685f86d6f360f251979b5016057e142b103973c3082ce447c600aee744a8e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ee2ed62b9cfc13bec5bd0ad4539b72b5

SHA1
97c91d5825ce9dad266228fcb2b3363df0ec65a8

SHA256
c2b755be0d586b8908c3b481e03457a6e3588219813cdce7a7bab8cfce173a33

SHA512
bf945e9ce6858d4ecf4cee0e6cf3c9c500362200a79dd0053ea5c2609f14150f167aebe30deac0a957c052c9e7258705cccf1ca51e78d9d6e40bc9a2e2610176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
35381199375b26357b815c4a3bf5a942

SHA1
a34805bac29a5e7e9f52b49b95fd65700fdaf86e

SHA256
2f31e8bd9784cd03b512ad9978de354483115b0491e554d81a44919d63c5f825

SHA512
8a9794331b9b25bed3c62f634284f2d24c3201cd00e95c2d2ec5bd53fde831fc9bdcf7ce76d455dc1facb928d2964c6fe0d1104009a46e881640833062f9a48d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ae1e29bada49de5b6ca8f3a4ec7f257d

SHA1
c4ab3a0a90cf223ae770b908729c404de4d7a887

SHA256
bdc17fdd699131cc7ffeec41d77bbf1c5b9286f616c1b1d927b0a6146c91b1ea

SHA512
e93d3aefd8a4188a8a56d834abb3868adc02ab789439da48151868bc8c623e370ed69ef83a1dc4bdfded9372409ecccf46791681f037b42c68f06baea3ad675e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8c7ae7a3aae0a397ad85bcca853e6130

SHA1
55339af231507bc60b641ff0ea43324dc94db305

SHA256
d56d1e4f36c97b1e44b89df57a621f512d63019b1af93a5e9cf75b9b4925196e

SHA512
a982d9c80320ed57df6285fe6c0bfd08b77fdf883d7c032b94adf6b502defd7b25ae602158d5b068033f95f3ca892e3856aab4f958fa7c212ec94ff3c4425109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4686b30a4ff1ffd20283a5b97e5d9681

SHA1
4417e17776e6d6ee5024a534ffe731aafea28083

SHA256
128402766628a3ce6d94c258545c98c9fe5a2bc71d73479229de8304f602236b

SHA512
9655f48c026951bcd6e00a2dcdc15ccbc481df81e497ace1941ccdd31ffa9b30243de7671656d4e4ebc73d95d2a07a116f86847cf55e100cfe48fd6be824955f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9446a60cb537d24dfb40f817e97d0487

SHA1
907971ac6b91b2499e134d284a802b2cf2724aa4

SHA256
5e7bceeb8f1de6ea07e40907d63ddad9d0f8360595d4bb528d48c4637a54e455

SHA512
0bf078acf6b9631f15dbf045676e66684fc4472e9552afa423b85119c1cf78382951a151531162d686d40a74f7fc76112e98df43aab4e2800f2af34a8d42e92a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
154695b42df1be00e01e6cb59b360737

SHA1
5b2c4cba14499c4329e0c57428bcfa24cd6b1385

SHA256
634ff525563cffeab5f86d5899cc7cbd96d1dcce97e95aebeecc529a668fcc5f

SHA512
112894ca082667194b31cd06fdb4936de4441bc17de39b31639b3d4d6b76f5b032cf890d06d085866a945e36633183151473cabdba76251f12eba5e6c20cefd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8cda03e6246fedfe469c9732fd63c47e

SHA1
13c32e4c2e20d288fe851a671c2be2496709ee54

SHA256
4fedb70c51e30c35cfaf253006b6422f9b3436db1101cb07da538b221efc6940

SHA512
e18355820aa84e4cf2675d3ac1ca5976e52858470044ccc14654ff27e13d73a925763ecd8a3284f1b612c6193b5bbd2ebcfc86e4e6ff9f206cddae45af0d1d99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a8776ed5d7da2a54b9e9331c60098a53

SHA1
48763d25281c968bb451c4367b0e4ec32627fbb7

SHA256
d6e2235b6db6ea23a5cd4e14d0b0dae8e4900b25012c8c3d8c1168278c5bbea2

SHA512
765eac8362b1a065242663b5be35999f60b883af54856260119eac3a67f246e9c73686fa12efdaa89698fc00d512abab8c1ae5783a21f17087eb724f14d65656

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a02c66d90866bd1c35a8cdbb0fe809a9

SHA1
45d8cfe74bd6822df3eb94ab4eac77cb6f6f1d3a

SHA256
1dda4be1ffa0e2ad0ab9773b479883391a2e5f5ba542fe50ffad53c392c8287d

SHA512
8ebd4a9f1b0c85f494b0c55ee52858b0ffc09fb53401cf8720d267a482ad61ab5dacb579e674eda8fb3ef4923b163541c853a8444cce60c6b502f73fefecedb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b6bb7.TMP

Filesize
868B

MD5
6263121b89aa2c8de51905095f48ffbb

SHA1
e4c2ee5deceffcf121a9dfd54601ad5e85d87b03

SHA256
4a9b3c283f30fd4075184df8e17a90511f0d6bbc61d0f12128ecdceda9bf09d8

SHA512
76836579be4fd2670aea5c261ba85cc41c67dddc469519aeec1e15a105601371f9830de7ee74bdc506775b45166b41cad71fc8a936536875d0d49dc1ff4b5c85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2e918919b05d92104ca4881d8e8e5718

SHA1
550887fda728ae8ff7447bd3536fcf7c6ce69fa8

SHA256
b1276fe1edfcb1c92e3df16ec8066378122b5dfc707d7ec52a98e8d0def2dba8

SHA512
01ac455f457b178bc6e0dad6012d3feed352b41b2cf3a2522cfd7b6371f8be448b9ae7a600fd95e5145783ee3c01064126f517504a700547acdc3dcef6e79697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
a852da7fe4bfd283a48d04cfe1f54de9

SHA1
4a5ef4d4885b4559b88cf91370b4a3bdfff59cbd

SHA256
5f5a5709e5d7e6e5f9bd6882347b9f9ed5d751c044718b00d09bd0de6cb05641

SHA512
8449e85c59f022fd75802cb71e08115618bccf67a7729e8cf3c336a02e92332861a81c70d60f7385cd0ba7409623cd2a1bff952fae98e7dd12d8ca548b540662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4b010d6d810db3022af2537f0d9d787a

SHA1
8401235fa6fd8a20e9d473fb46e3d9a73ce9b7e6

SHA256
89da60705dbc3410964fdd74b3a5ad14981e8d877e634ba7a158bcbb3986bed5

SHA512
cf356aafa6a9113a0e9ac9cdd3ac0027cc32f34859bd8a908ec40f8fc3f1393cde4ac3adb59c7cfc53ea48bac533409890e768b46f6309cf8f4999ed5d35fc54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
14KB

MD5
8160e74e7ecb1a80be38e3c68ffd3c70

SHA1
9019b4bb60ed205cbce4c13365677806acb7c0f9

SHA256
c5cc8a2e6b5bf658035d0cd5f4dbc1c2c032f71c9d8d1b1269dbff6c0da964f1

SHA512
bd26d0aae8d8cff5669255290f566f08c0b4844457e79c3bea82844aff4401b18eac641c1c4a178cc6ae6ab3416c8c775576a82776eed5a91b024354e3acc205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
d254035df7efdb711308a65b66a262eb

SHA1
5ebdb401c61dd93fabc1e001b4932686288859b8

SHA256
aef5b163d90f893198de5ab93afbd0f1fb02835429ae97cefbd195714ca775fa

SHA512
d8805eb156af8a24fa8b968a0002188ee2ca9542ccf4798177b837803707803e9fb52aa597214c227a834dff025c69c6b99dfa8b1fd7c62a4e63a40dc9e10967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
14KB

MD5
1dea3f2354943de87f2e240c65b6f24a

SHA1
150270d4e124ab5b55b28abbd3ff0703e4304671

SHA256
2864fe79af1454c6411bca00db72cc412b483bc543f12669c19a42fd6b5923a7

SHA512
80774979c60f5416a6c339287bd9af85d1546f048ff507bc02c9606899e2ff9f3e606f9f71133144a9d18e1c7f49b2280e15d95e63186ee940c6fc72fa3b865b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
e90a9be8b09ed993ddeb2f546d2c7bef

SHA1
fde4beba09beaf44eee9c9df54f5662618932f51

SHA256
16c827298d285708c138194def19f49100211bd73d06bdb6250fbf2fe93c5a37

SHA512
9acac6c25d08f1f2d99ec4f8d7af47153e4a2b36fd51d8f466ebb322637d2f03ed87a1ee008c67ece6ad591c68da70bc370459eddd0a03b30848a144bc3d2683

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
46a20cf4581849d6007e3f6996dbd029

SHA1
1dcd07071fbdac3d222717aa8f5366f9b90be1be

SHA256
aef978d3a0ce870045626026613da4e7ff1b8992bff69544525f63ed19ce3bc3

SHA512
efed59df4c36067c3201f439dd68c9e4e353cb2ec92ca191f76692fca6252c2fa0c51c43260e6424ae52845e5862f9432faf184afee75dee2d2c4c8f8f4ca4ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
14KB

MD5
48b016be09bfe139c9793e6f0b213ed4

SHA1
44708d42e2faa487371637d4fbe7ab08c0d0725e

SHA256
fa13c1b358ae24881d92d6cdbaec61fc92017df0df995d18524784dd3ef57ef5

SHA512
fca5a9d644248b0784130098a572c823f66238913e8e5e874a689db3e50687ba2dd72b8bd5025372de2f5aac1414b378c34191d62c7e9965870206eb7e2eb4bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE877FF4F9\XWorm V3.1\Icons\icon (15).ico

Filesize
361KB

MD5
e3143e8c70427a56dac73a808cba0c79

SHA1
63556c7ad9e778d5bd9092f834b5cc751e419d16

SHA256
b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

SHA512
74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Desktop\XWorm V3.1\GeoIP.dat

Filesize
1.2MB

MD5
8ef41798df108ce9bd41382c9721b1c9

SHA1
1e6227635a12039f4d380531b032bf773f0e6de0

SHA256
bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740

SHA512
4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b

Download Submit
C:\Users\Admin\Desktop\XWorm V3.1\Intro.wav

Filesize
1.7MB

MD5
dc28d546b643c5a33c292ae32d7cf43b

SHA1
b1f891265914eea6926df765bce0f73f8d9d6741

SHA256
20dcc4f50eb47cafda7926735df9ef8241598b83e233066ea495d4b8aa818851

SHA512
9d8c1bb61b6f564044aad931e685387df9bc00a92ab5efe7191b94a3d45c7d98a6f71d8ae5668252d6a7b5b44ab6704464d688772aedac8bdb2773d5765d4d56

Download Submit
C:\Users\Admin\Desktop\XWorm V3.1\SimpleObfuscator.dll

Filesize
1.4MB

MD5
9043d712208178c33ba8e942834ce457

SHA1
e0fa5c730bf127a33348f5d2a5673260ae3719d1

SHA256
b7a6eea19188b987dad97b32d774107e9a1beb4f461a654a00197d73f7fad54c

SHA512
dd6fa02ab70c58cde75fd4d4714e0ed0df5d3b18f737c68c93dba40c30376cc93957f8eef69fea86041489546ce4239b35a3b5d639472fd54b80f2f7260c8f65

Download Submit
C:\Users\Admin\Desktop\XWorm V3.1\XWorm V3.1.exe

Filesize
6.9MB

MD5
37a9fdc56e605d2342da88a6e6182b4b

SHA1
20bc3df33bbbb676d2a3c572cff4c1d58c79055d

SHA256
422ba689937e3748a4b6bd3c5af2dce0211e8a48eb25767e6d1d2192d27f1f58

SHA512
f556805142b77b549845c0fa2206a4cb29d54752dc5650d9db58c1bbe1f7d0fc15ce04551853fb6454873877dbb88bebd15d81b875b405cdcc2fd21a515820d3

Download Submit
C:\Users\Admin\Desktop\XWorm V3.1\XWorm V3.1.exe

Filesize
6.9MB

MD5
37a9fdc56e605d2342da88a6e6182b4b

SHA1
20bc3df33bbbb676d2a3c572cff4c1d58c79055d

SHA256
422ba689937e3748a4b6bd3c5af2dce0211e8a48eb25767e6d1d2192d27f1f58

SHA512
f556805142b77b549845c0fa2206a4cb29d54752dc5650d9db58c1bbe1f7d0fc15ce04551853fb6454873877dbb88bebd15d81b875b405cdcc2fd21a515820d3

Download Submit
C:\Users\Admin\Desktop\XWorm V3.1\XWorm V3.1.exe.config

Filesize
183B

MD5
66f09a3993dcae94acfe39d45b553f58

SHA1
9d09f8e22d464f7021d7f713269b8169aed98682

SHA256
7ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7

SHA512
c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed

Download Submit
C:\Users\Admin\Downloads\7z2301-x64.exe

Filesize
1.5MB

MD5
e5788b13546156281bf0a4b38bdd0901

SHA1
7df28d340d7084647921cc25a8c2068bb192bdbb

SHA256
26cb6e9f56333682122fafe79dbcdfd51e9f47cc7217dccd29ac6fc33b5598cd

SHA512
1f4da167ff2f1d34eeaf76c3003ba5fcabfc7a7da40e73e317aa99c6e1321cdf97e00f4feb9e79e1a72240e0376af0c3becb3d309e5bb0385e5192da17ea77ff

Download Submit
C:\Users\Admin\Downloads\7z2301-x64.exe

Filesize
1.5MB

MD5
e5788b13546156281bf0a4b38bdd0901

SHA1
7df28d340d7084647921cc25a8c2068bb192bdbb

SHA256
26cb6e9f56333682122fafe79dbcdfd51e9f47cc7217dccd29ac6fc33b5598cd

SHA512
1f4da167ff2f1d34eeaf76c3003ba5fcabfc7a7da40e73e317aa99c6e1321cdf97e00f4feb9e79e1a72240e0376af0c3becb3d309e5bb0385e5192da17ea77ff

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 165942.crdownload

Filesize
1.5MB

MD5
e5788b13546156281bf0a4b38bdd0901

SHA1
7df28d340d7084647921cc25a8c2068bb192bdbb

SHA256
26cb6e9f56333682122fafe79dbcdfd51e9f47cc7217dccd29ac6fc33b5598cd

SHA512
1f4da167ff2f1d34eeaf76c3003ba5fcabfc7a7da40e73e317aa99c6e1321cdf97e00f4feb9e79e1a72240e0376af0c3becb3d309e5bb0385e5192da17ea77ff

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 713304.crdownload

Filesize
228KB

MD5
530c9e3eed72b4aea21b13539acc3c01

SHA1
8faf96833ba9fc6aaf04c17df4815342a7e9df77

SHA256
a13a492528ddd70d591540680891454202092f1902e36e0d3965706c68a339d4

SHA512
5d9caa4be3202804b31effcb0007e447990df2c88cd7638622aa338a30d27aae4ff530bc510b77c85486e6a8fff28c419e873230d49de2d504b94a3292c08ba0

Download Submit
C:\Users\Admin\Downloads\XWorm V3.1.7z

Filesize
24.3MB

MD5
f4b95b060e71f05763c0a5363f90b63c

SHA1
4a4b2cfdd2747b064530791e9dfa4f0876b801ab

SHA256
6af7c1d2ba55c41f36d87b0affa35fc396e8de2533d33d3e2ef6d4e0dbd16919

SHA512
438274ffc58d746aa2c3087aff6d9922cd9b0f4dab59c78ed9f57dacaa1f0f373012541fd65b5f9f6d442841d5ef2335f4292ac71de60b8d3d2cedac45e5646e

Download Submit
C:\Users\Admin\Downloads\XWorm V3.1.7z.crdownload

Filesize
24.3MB

MD5
f4b95b060e71f05763c0a5363f90b63c

SHA1
4a4b2cfdd2747b064530791e9dfa4f0876b801ab

SHA256
6af7c1d2ba55c41f36d87b0affa35fc396e8de2533d33d3e2ef6d4e0dbd16919

SHA512
438274ffc58d746aa2c3087aff6d9922cd9b0f4dab59c78ed9f57dacaa1f0f373012541fd65b5f9f6d442841d5ef2335f4292ac71de60b8d3d2cedac45e5646e

Download Submit
C:\Users\Admin\Downloads\playit-0.9.3-signed.exe

Filesize
13.1MB

MD5
da0750733bf36c61222eefaba4805dcb

SHA1
304e90d123300e646b768f1f358e59ba506b7dce

SHA256
c9ff8f05cdde137cb0e1e386184a42d4889988c4cfd235fd3340fe545f5e06ac

SHA512
f9a8e89f294257f785388e237a6da1f363f8d78af7c9b473d67261b99526224eb84598eacbba17f01a9f2eb2f6fea0740f7e37df92891df8fa39a33820287454

Download Submit
C:\Users\Admin\Downloads\playit-0.9.3-signed.exe

Filesize
13.1MB

MD5
da0750733bf36c61222eefaba4805dcb

SHA1
304e90d123300e646b768f1f358e59ba506b7dce

SHA256
c9ff8f05cdde137cb0e1e386184a42d4889988c4cfd235fd3340fe545f5e06ac

SHA512
f9a8e89f294257f785388e237a6da1f363f8d78af7c9b473d67261b99526224eb84598eacbba17f01a9f2eb2f6fea0740f7e37df92891df8fa39a33820287454

Download Submit
C:\Users\Admin\Downloads\playit-0.9.3-signed.exe

Filesize
13.1MB

MD5
da0750733bf36c61222eefaba4805dcb

SHA1
304e90d123300e646b768f1f358e59ba506b7dce

SHA256
c9ff8f05cdde137cb0e1e386184a42d4889988c4cfd235fd3340fe545f5e06ac

SHA512
f9a8e89f294257f785388e237a6da1f363f8d78af7c9b473d67261b99526224eb84598eacbba17f01a9f2eb2f6fea0740f7e37df92891df8fa39a33820287454

Download Submit
memory/868-1252-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-1945-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2483-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2479-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2476-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2470-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2467-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2464-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2461-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2458-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2455-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2452-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2449-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2446-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2443-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2439-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2436-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2430-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2427-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2423-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2419-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2416-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2412-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2407-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2403-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2399-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2395-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2393-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2389-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2382-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2377-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2372-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2368-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2365-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2232-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2228-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2224-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2218-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2214-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2211-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2196-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2156-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2108-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2075-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-1984-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-2489-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-1911-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-1830-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-1514-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-1498-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-1478-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-1050-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-1088-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-1111-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-1146-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-1171-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-1189-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-1219-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-1388-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-1401-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-1420-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-1447-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-1457-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/868-1465-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2288-1421-0x0000000001E90000-0x0000000001EA0000-memory.dmp

Filesize
64KB

Download
memory/2288-1445-0x0000000001E90000-0x0000000001EA0000-memory.dmp

Filesize
64KB

Download
memory/2288-4184-0x0000000001C00000-0x0000000001C2C000-memory.dmp

Filesize
176KB

Download
memory/2288-1463-0x0000000001E90000-0x0000000001EA0000-memory.dmp

Filesize
64KB

Download
memory/2288-4186-0x000000002F950000-0x000000002FC32000-memory.dmp

Filesize
2.9MB

Download
memory/2288-1455-0x0000000001E90000-0x0000000001EA0000-memory.dmp

Filesize
64KB

Download
memory/2288-1454-0x0000000001E90000-0x0000000001EA0000-memory.dmp

Filesize
64KB

Download
memory/2288-1448-0x0000000001E90000-0x0000000001EA0000-memory.dmp

Filesize
64KB

Download
memory/2288-4187-0x000000001D420000-0x000000001D4A2000-memory.dmp

Filesize
520KB

Download
memory/2288-1419-0x0000000001E90000-0x0000000001EA0000-memory.dmp

Filesize
64KB

Download
memory/2288-1443-0x0000000001E90000-0x0000000001EA0000-memory.dmp

Filesize
64KB

Download
memory/2288-1432-0x00007FFDBB5F0000-0x00007FFDBC0B1000-memory.dmp

Filesize
10.8MB

Download
memory/2288-1464-0x0000000001E90000-0x0000000001EA0000-memory.dmp

Filesize
64KB

Download
memory/2288-1502-0x0000000030110000-0x0000000030278000-memory.dmp

Filesize
1.4MB

Download
memory/2288-4847-0x00007FFDBB5F0000-0x00007FFDBC0B1000-memory.dmp

Filesize
10.8MB

Download
memory/2288-1416-0x00007FFDBB5F0000-0x00007FFDBC0B1000-memory.dmp

Filesize
10.8MB

Download
memory/2288-1415-0x0000000000EA0000-0x0000000001596000-memory.dmp

Filesize
7.0MB

Download
memory/3860-4876-0x000000001B980000-0x000000001B990000-memory.dmp

Filesize
64KB

Download
memory/3860-4857-0x000000001B980000-0x000000001B990000-memory.dmp

Filesize
64KB

Download
memory/3860-4856-0x000000001B980000-0x000000001B990000-memory.dmp

Filesize
64KB

Download
memory/3860-4853-0x00007FFDC0120000-0x00007FFDC0BE1000-memory.dmp

Filesize
10.8MB

Download
memory/3860-4860-0x00007FFDC0120000-0x00007FFDC0BE1000-memory.dmp

Filesize
10.8MB

Download
memory/3860-4867-0x000000001B980000-0x000000001B990000-memory.dmp

Filesize
64KB

Download
memory/3860-4863-0x000000001B980000-0x000000001B990000-memory.dmp

Filesize
64KB

Download
memory/3860-4864-0x000000001B980000-0x000000001B990000-memory.dmp

Filesize
64KB

Download
memory/3860-4872-0x000000001B980000-0x000000001B990000-memory.dmp

Filesize
64KB

Download
memory/3860-4862-0x000000001B980000-0x000000001B990000-memory.dmp

Filesize
64KB

Download