locky | 6de6b709771cde587b9bd92b137729fd7308fc852b85518a48e3c09ad1d9612d

Resubmissions

01-03-2024 15:36

240301-s15g8ahe28 10

01-03-2024 15:33

240301-szaw8ahd78 1

Analysis

max time kernel
237s
max time network
248s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
01-03-2024 15:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

1KB
MD5

f240f2cb0b7928f9900640b907a261c4
SHA1

c30214e3c3703fa5ff852b2e61b3ca3329acb994
SHA256

6de6b709771cde587b9bd92b137729fd7308fc852b85518a48e3c09ad1d9612d
SHA512

9f6b7bac8bb0ad260555ac535dc1142d857bd709f19ff730ece5989948c59aaaf0cc5c83077a6d654e77aaee34c666414c94f2321cbbba65a3f57e065109ecbe

Score

10^/10

locky discovery ransomware spyware stealer

Malware Config

Signatures

Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
ransomware locky
Downloads MZ/PE file
Executes dropped EXE 4 IoCs

Processes:

software installer.exelic.exeHRWHVHSSRL.exesoftware installer.exe

pid process

2748 software installer.exe
1952 lic.exe
2220 HRWHVHSSRL.exe
4956 software installer.exe
Loads dropped DLL 2 IoCs

Processes:

RegAsm.exe

pid process

2508 RegAsm.exe
2508 RegAsm.exe
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
2748	software installer.exe
1952	lic.exe
2220	HRWHVHSSRL.exe
4956	software installer.exe

pid	process
2508	RegAsm.exe
2508	RegAsm.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

HRWHVHSSRL.exePFFFNBQBQY.exe

description	pid	process	target process
PID 2220 set thread context of 2508	2220	HRWHVHSSRL.exe	RegAsm.exe
PID 3196 set thread context of 1976	3196	PFFFNBQBQY.exe	RegAsm.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

RegAsm.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	RegAsm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	RegAsm.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings msedge.exe
NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\twitchviewerbot__Application_65e1f65e683ed.zip:Zone.Identifier msedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings	msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\twitchviewerbot__Application_65e1f65e683ed.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exeRegAsm.exemsedge.exemsedge.exe

pid	process
4084	msedge.exe
4084	msedge.exe
3260	msedge.exe
3260	msedge.exe
1676	identity_helper.exe
1676	identity_helper.exe
3596	msedge.exe
3596	msedge.exe
4532	msedge.exe
4532	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2508	RegAsm.exe
2508	RegAsm.exe
2508	RegAsm.exe
2508	RegAsm.exe
4364	msedge.exe
4364	msedge.exe
3236	msedge.exe
3236	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

Processes:

msedge.exemsedge.exe

pid	process
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

7zG.exeHRWHVHSSRL.exePFFFNBQBQY.exe

description	pid	process
Token: SeRestorePrivilege	5096	7zG.exe
Token: 35	5096	7zG.exe
Token: SeSecurityPrivilege	5096	7zG.exe
Token: SeSecurityPrivilege	5096	7zG.exe
Token: SeDebugPrivilege	2220	HRWHVHSSRL.exe
Token: SeDebugPrivilege	3196	PFFFNBQBQY.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe7zG.exe

pid	process
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
5096	7zG.exe

Suspicious use of SendNotifyMessage 40 IoCs

Processes:

msedge.exemsedge.exe

pid	process
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

lic.exesoftware installer.exe

pid process

1952 lic.exe
2748 software installer.exe

pid	process
1952	lic.exe
2748	software installer.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4084 wrote to memory of 4936	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 4936	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 2836	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 3260	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 3260	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 4820	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 4820	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 4820	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 4820	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 4820	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 4820	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 4820	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 4820	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 4820	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 4820	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 4820	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 4820	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 4820	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 4820	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 4820	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 4820	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 4820	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 4820	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 4820	4084	msedge.exe	msedge.exe
PID 4084 wrote to memory of 4820	4084	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8d37e3cb8,0x7ff8d37e3cc8,0x7ff8d37e3cd8
2⤵
PID:4936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,2627723824619547234,6794422730567017244,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
2⤵
PID:2836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,2627723824619547234,6794422730567017244,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,2627723824619547234,6794422730567017244,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
2⤵
PID:4820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2627723824619547234,6794422730567017244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
2⤵
PID:2260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2627723824619547234,6794422730567017244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
2⤵
PID:2632

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,2627723824619547234,6794422730567017244,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2627723824619547234,6794422730567017244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
2⤵
PID:2996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2627723824619547234,6794422730567017244,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
2⤵
PID:3880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2627723824619547234,6794422730567017244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
2⤵
PID:1712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2627723824619547234,6794422730567017244,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
2⤵
PID:2784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,2627723824619547234,6794422730567017244,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2627723824619547234,6794422730567017244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
2⤵
PID:4996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2627723824619547234,6794422730567017244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
2⤵
PID:3724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2627723824619547234,6794422730567017244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
2⤵
PID:2596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2627723824619547234,6794422730567017244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
2⤵
PID:3880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2627723824619547234,6794422730567017244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
2⤵
PID:4940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,2627723824619547234,6794422730567017244,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:4532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2627723824619547234,6794422730567017244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
2⤵
PID:2504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2627723824619547234,6794422730567017244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
2⤵
PID:4984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,2627723824619547234,6794422730567017244,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3928 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2627723824619547234,6794422730567017244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
2⤵
PID:656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2627723824619547234,6794422730567017244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
2⤵
PID:960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2627723824619547234,6794422730567017244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1624 /prefetch:1
2⤵
PID:928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2627723824619547234,6794422730567017244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
2⤵
PID:412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,2627723824619547234,6794422730567017244,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7104 /prefetch:8
2⤵
PID:2700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3696

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2260

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4996

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\twitchviewerbot__Application_65e1f65e683ed\" -spe -an -ai#7zMap20736:146:7zEvent17112
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5096

C:\Users\Admin\Downloads\twitchviewerbot__Application_65e1f65e683ed\License\software installer.exe
"C:\Users\Admin\Downloads\twitchviewerbot__Application_65e1f65e683ed\License\software installer.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2748

C:\GoodInstall\HRWHVHSSRL.exe
C:\GoodInstall\HRWHVHSSRL.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2220

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
3⤵
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:2508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=UZfBnXM8WuY
2⤵
PID:4768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8d37e3cb8,0x7ff8d37e3cc8,0x7ff8d37e3cd8
3⤵
PID:4564

C:\Users\Admin\Downloads\twitchviewerbot__Application_65e1f65e683ed\License\lic.exe
"C:\Users\Admin\Downloads\twitchviewerbot__Application_65e1f65e683ed\License\lic.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\twitchviewerbot__Application_65e1f65e683ed\License\INSTRUCTION.html
1⤵
PID:2384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff8d37e3cb8,0x7ff8d37e3cc8,0x7ff8d37e3cd8
2⤵
PID:1872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4692

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D8
1⤵
PID:2404

C:\Users\Admin\Downloads\twitchviewerbot__Application_65e1f65e683ed\License\software installer.exe
"C:\Users\Admin\Downloads\twitchviewerbot__Application_65e1f65e683ed\License\software installer.exe"
1⤵
- Executes dropped EXE
PID:4956

C:\GoodInstall\PFFFNBQBQY.exe
C:\GoodInstall\PFFFNBQBQY.exe
2⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:3196

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
3⤵
PID:1976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=UZfBnXM8WuY
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:3236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8d37e3cb8,0x7ff8d37e3cc8,0x7ff8d37e3cd8
3⤵
PID:1956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,17473553151411975935,12685114035075460313,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2008 /prefetch:2
3⤵
PID:1992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,17473553151411975935,12685114035075460313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,17473553151411975935,12685114035075460313,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
3⤵
PID:2768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,17473553151411975935,12685114035075460313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
3⤵
PID:1640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,17473553151411975935,12685114035075460313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
3⤵
PID:4520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,17473553151411975935,12685114035075460313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
3⤵
PID:4608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4624

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\GoodInstall\HRWHVHSSRL.exe
Filesize
405KB

MD5
565f8f581b0cb871a22068151c49c0d8

SHA1
6be50caed7e667591044ef076c2559ce01498a0b

SHA256
293229f2e98a99750c99027e0a487a996dfb4ed9ec2a64d8a1907cf473bf0f7d

SHA512
bebcfac66524baf043acc9792389aebf3fa9249c0b671b98405cbd4006d5684b133d5ebc3cb0a4018c161c21ceca7b3b6cc0bbf4bb73f870c9e260561fb0f5f2

Download Submit
C:\ProgramData\mozglue.dll
Filesize
593KB

MD5
c8fd9be83bc728cc04beffafc2907fe9

SHA1
95ab9f701e0024cedfbd312bcfe4e726744c4f2e

SHA256
ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

SHA512
fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

Download Submit
C:\ProgramData\nss3.dll
Filesize
2.0MB

MD5
1cc453cdf74f31e4d913ff9c10acdde2

SHA1
6e85eae544d6e965f15fa5c39700fa7202f3aafe

SHA256
ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

SHA512
dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
5c48e8b68231fb5b2d7f1188b930bc0e

SHA1
1822aef5da8fdd47626fb91afcf79a2be175a325

SHA256
c3b287c29eaa57166b2ab1ba9bd0aaced13cc2f946a04b8d708ac429187fe944

SHA512
2bd09b83e44e0104fbe080a8573690217dc9fbf7fd59ff25a1a9e9ebd2d87ac533f9b99350773d081a7e748b39657115a13e94538b153bceb13ecdfc4672a0f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f2dc80f5403feb8461b7ffa09890d6a0

SHA1
d5b61e6d672e7e71571e0132e21cead181da8805

SHA256
eadeadba37eed18e5acba408d7e076270b00403fed372b77164577232232428a

SHA512
5e2119529b99b76be105c43714e4b9977ee2147172c1c44e92bd9b41fa7a66f55d4073c864aac668a912aff2898bd216fb38f2fe34ef65de69ad12965218caf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
777bd4d2b300b82fb74ff4b4dba93567

SHA1
993386e6c49ce99e7b9007728da35fa15af5edb0

SHA256
f4815bc16a5ae4a046537fb93b3ad58d0f1a994526b014bbb9e1374b66628ed7

SHA512
cc6e5973c646ed99feb1f00932b786ad4281fffde61b771128c48765d6a6d7253e9c7ffb54c43d162925d21b72c83959ad65ac8610587e8bc56f8b669fd25183

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a9b48e198d093f2d0e7a61d56650d9d0

SHA1
8415ca72da85d5b17f62258d7e557ccb88e93f03

SHA256
dc57fa27c189b60f4c6d36119344578b8469e3907cd8cd5a1d9577caa19ff152

SHA512
5c1cbad417e458c79b26c29f24564e62c31a1ec24d251f56a6cca7abd2c4295ac654a9ce9e604ce5e526e9307489f1c195b9989f796a2d57085503ad5b4958ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
504B

MD5
ae7af61575c153622b9363789619c78c

SHA1
20edb31c535b2d0047d6430af6d4a0106f336619

SHA256
1204e94741c07c86b99fa488b34bbdef213a78c41f8260cee897636a23323855

SHA512
e6a81ab34d8aa9298e2111164959333085ecbbc5dc20931602de883373ba51db884724c7a9ac4ec421fb8bdd1c98208fdb7d68f5898c4a00b1d60fa6b1b3b21e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
17953ca8b699cc7265afc30a3be82cd5

SHA1
b068757f318e96422c34b5943ca08130b243df1e

SHA256
a76b7533fb4d655dc6e850ff42dc4a7e71be23ce5a5e3f3a5fda8347a3efa44f

SHA512
e5de09a2c20dcc687564900a40d461373fda951e551df51cdceead5020267839f3f89393c26860b54717d7d0ac3e14700599c3f8f6ca086c79db65dc64df0b51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
552B

MD5
d05a6f44d5627dc88dd7403126933852

SHA1
63f789cc3cc34df1668f89d26cce7087f3e528a6

SHA256
47c6270e6aa927987d2da02d6957fc5bbfdd60febd3a9b4b951d555fb8d6cc1f

SHA512
1d055bc36dea8852a84a158954a4767302976e66a1e5dc293a58e29c2e77d53a25e68e1fa56d1497c9054e5fe1ba740a6383fd89dd6d3f2840ca037a8cbccf66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
Filesize
20KB

MD5
780d841aa657a39e2ea178220a316b8c

SHA1
eda4782f8f356ff2330f19577469810dbe083d63

SHA256
7e8c62f1e39255de0fe0b0974464e659e86899a4b8af037c1ebb08bebb9bc8fc

SHA512
912938383793b0b245f95d9bbb33afd3328da8900de7d39344c9305f9bc103de2371728625252e9f4d21f26a1188b7f367657af7c77caad81901b133e3ba15c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
e2c70f133db9968893e6eeb3c0d00a71

SHA1
9cb963292de2c93155dbda67732d15756949ad6d

SHA256
02a83b8bf93ffc4976813fc8cda18fd12b886f810447c924fa2ea751c94d3f3c

SHA512
6367d8958a496979ee9e2d9bfdc89838bdeda9b9843d5d700e105d93483ee00ada2ac6944896ab7b117cfbba3ce626fb0c5bb7c95e17f622bee6e33b9ba49afe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
116KB

MD5
90c3c77c4947714063a2e2ddcf454eac

SHA1
661318bb8991e72d168a3d05a9daf8818feac61f

SHA256
bc85597f852d28bf2f31c1508924901923b8365250d4c384d4acde7d62bcc3e3

SHA512
edccbe555ce016acc6a0256865244333849621c9cc880418dad19b5f2a57128097701ffdedf099d6a408283eee4cba884627cd3b392f46c89f43ccabbf1c21cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
116KB

MD5
512d9e599dfe7a5236494ab4f980d7b5

SHA1
7a5f754a9f9cc1f798e59d0213baaf2b5c0e2d9e

SHA256
55f3efaf9d98688d420cd54759701500e1860231039ee0bb7e6643d7f82b2d6e

SHA512
8576e962688f712e2c40e7e3ce715d5be36808f167177f16f5e5585da162722390c4f6ab0fd8509092db784cdcfba27ac69dca916e2905b45162013081e08406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
252B

MD5
ebaf8d21c0c3291511f360ba391d7442

SHA1
1559f3341b6e6cf214d9e8f54de0d598008ba2bd

SHA256
ffff31c9e4d83083862a8a27eb37fc9f55dcb0c3914442fb43e94dd58dea089b

SHA512
14811f39d9f7bdb81825e6fcdbb6386fe1071ac986b9620162e5067fc6b980e3b1ae35c5c98da7cd3063a68fcf0d969f19584a5190490288647edc21c3402ed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
05e84047ac292ce43efec09cfdb4b09a

SHA1
b97cde837210d1a9a0e9a3b978e35ff6854185e5

SHA256
f75e2723526c29514dc9d4ee03265a486fa0feb0f24758039f4ef28e04c9e2bc

SHA512
df52477e2793da7cf4ca4e11fa491197e1313c794a019161e477fa9db8cd3763ead35a997b24474b24e5b6d20ba29e7e2d444f5f7c413a61f2e6aa786bc10a98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
0352c0a1f9425cb79493e39c1a057258

SHA1
bf7ee444d77fbec53c1ceec1d7142bb9d930aea4

SHA256
64534a5ed144f697616210af447cb6d5d51afb67020abee54bbdca2d0710b5b1

SHA512
9e0dadac8a0d168aec9afa39881cd312f50d004f81a5992e3077edec8d48750095b442efc524f2313a62a96ac1fbaf262624f1650a9bf5317fbe704ce8970b82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
d5d0d61d143c7677ea8c0b4a1e38b859

SHA1
e5237b9baf6085f029e92768bf6603ee6985a3c9

SHA256
4ad3722bd330238b4e3abf7ebff982cd7dac47e8a1f9cf285e806faa898fc87b

SHA512
c0276538c83bdd836638d9b53c5e18dd2739bd5a801c23e3487f0b61c656f62dddc91dad2ea1e7154fdb7e7c600f1ee5b7ad6b2407df1cb861810d3287b50925

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
807405aba32220b73aba1479bc739287

SHA1
f6db02a0cd61d99374730f5df4a3331b6d23e6e9

SHA256
13b8877e17631ee32bf5745ada1c0e74950d35c301e227b71a6bd673f192c88f

SHA512
dfb33bd51026214e18777324cc4fc3561a0384cc87a890062aa8ed504bb130d59398df571e5620625931d90e86c957d4b3fa97ad4e7ad3bd21d8155af8f30d02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
007ae40479caa2cc3e7f14e28029c1c9

SHA1
2648df4ce54fba1a5721a9f9006a3b895e4fbd1b

SHA256
7dc11bc0f0b0ca7e0fc032b339a939b689458c56157939f12137e377de109e97

SHA512
b5911dcf1b868d2efd52d73ced2739d6fc4626684f631976d335deb45cc8960159bbf91c2a2b76c9f3a5f3c525335d5f0aac4a52447673c6df941679647ba473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
457cb4d09d8523731f25711fbd2b393f

SHA1
ac430db6c792c2c3a26c398aca764fefa18cfb86

SHA256
f3d5457965e2dccca30432b634a94db593ca99fe28c913c0e3f98236747f3176

SHA512
d1efce55d83bcf79193bf148bb35e9a2f112a2d14ebbc4345baa7ca2d549677b9b6b9628c6b9a208ab9f12338b6984c8634703d31708a334be43582c310820b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
84b20c704d61134f409159a2c93c63de

SHA1
a43785c349cfacd005e78b17eff7e229ca385226

SHA256
be24956dd05d94ded35cdcd45eacf1e81bc5ae30d743660071e5ccd0aa06ae3b

SHA512
35aa95aa4053038835a704f1b18e3bd4ff37c16b3025e1bd3c321b9eba6bf09907592e3bb90313d9183bdf3cab6e713033fe0fbc5716b98a6c853517d294cd0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
943192ae9a3529d1e555d9b03388556f

SHA1
1312242b5b852a53fe783e27f2c5d846c39eb41c

SHA256
01d575a4a9ba18e948d9696d8b5b0fed2005198fd5bf1f5be1be643d203dad34

SHA512
d23e739d4c5951b83e9376de4cd80a0617fdcfcb39d34e15ca3f8104207d9913fb6f994a91676bc91172fac5f08f5e1ee4d1b1d262a82796477ab7aa35951a78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
79eadf3fd3c23794f6ef3a81178f88d0

SHA1
e5e26cfee9c5e20be94a58a83aef350adb8ecb92

SHA256
2278df4789aa45a5345280c2446a5d4a2072a6436e32cd9ded122acb5804a2d9

SHA512
c269fe85b9ff0c9e57725394dbbde31ef0f61cd192d55bf77bc0e0c114a158231bf077c1c8758e4d4172107873cdd1b8fe9ea7ca780aa685d985f38cd1c293a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
840b79999162ce326433db3b987f2ca6

SHA1
129e31f3d7bfe755eb0aba14a9009e94af54e780

SHA256
2fa3adc29b6ca1e11a72affa5a745bf4614abaaa95fbaa2c1f375657e84502a0

SHA512
09922c500c91b33688ba28d2470acee625d813d42f7a8f032d047d0045327ec195bbf08bdf97f7bfc75a0f9d67b7deeaa6fa2558e0a8077a0e166b43d94c97ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
3ac22f5178f0f6c7c7f6a454fc835734

SHA1
ec02a50cf95b6cf60e754dd3ff4154cf1d2d6075

SHA256
5ac4c684e9b59f939fc4f01ad85acb58e8868eb65463c7d830389ad9361fc79e

SHA512
55e931af809504b6e60acafd9d46589eed9a2089578176ebdd6bcc34e46ca2cde4e3ea3d42b76f3c34828407dd21193a698ed37fb0dbc9f176ccef728e51f7ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
6033b1507f9b38b4d33ece26da9db041

SHA1
8e07758680ded5282b78c1e56e2553109f92dfb8

SHA256
f3437b1686b8237ab5bf53335189aab3133395cde3e26cff91730bccceb13b6d

SHA512
1b2773dc7aa645e60bdbe7f87a3b79471b6a19231b23fbb2235c4d7a64378313acb05ab423bbdb1eadba960ab2be68ca95ec97dda144b8aefa7e5fc38262e1db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
89B

MD5
d0ac0366518072a2b1f1c5bffe215508

SHA1
9f00cd014022e592adefe15121aec699a3b73475

SHA256
7f1f9e3d186c36cab1f67d84f9aaf1df7d30454678449960c185de4eeff3ff3e

SHA512
8af921d65dab76984e6c96e5ed0131550d96b3f61fae17869978236be4c9ca147c0090027cad4f6770d94fb16a8b336fa8545c6bb64040cfa1ab0c1e08e3eb8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
82B

MD5
f6946e9db71daddbcd0b4c2bf8c974c5

SHA1
b45c9837fb1be38fa44850b9515ff722f652c221

SHA256
8614da9205b4abd8e21a7c4590982ebddf22eae6017b08ae1a64523c338a94db

SHA512
4a4b008d2d730ecf08992628d5b987f2d50bae798df59695fe83d171d9d048d85349310580bc8c7927a3aeca8f72860592d09a49003bcfa450c5ce92e68293be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13353781018318808
Filesize
7KB

MD5
8da9ffe9799461649cf66ad4cf84179b

SHA1
2460b0ff260a3632aa56047d13d1f04749dbfcf5

SHA256
757bc83a8ecf0fc2df2d5a1035a7d0f16f1e16dd6bbe430f721c32448df2f7d2

SHA512
050d599a3762b4e1cbbdd9220e2d704e86c488cfbdf2cc14f0f7e6c1368a4d9901907242ac035e675c5a938bdbbe7ca2cd5d26f16ce29ad750d806590dcdd584

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
172B

MD5
fbdbfa3d982cfe5107808a69427f7306

SHA1
55736d1cc34c601b91dd612a262caef9160acb9f

SHA256
fbc0ee078f0a3910c9ba44fa84577a45dfcf37a500b89fa5bcdca08709c338e4

SHA512
8b63a5a3b4705edf1cddf39a20fa66ddaee5997add948a0762d6a81f172caec7073ee276654b82ffd85a91d8d8143f57f882f2ece2d3ac8fd2e8be05085bfd6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
00504c9a67a30265b7b50a378ff9354b

SHA1
926048977cb3e8ecf781e36ef6aa0001ade26ce6

SHA256
8f6f1e3458b531356e4dbcc3405b42ad6548353ac2dc15e5e771b1bcc011cab0

SHA512
c107c6ba0919d2901c32a734193a20ac7ed17632a10f9b436d2537f3b6fcc65bfad557e40b2bcca9f04741266e51826bac6969e4e9bce5937e95c05a232a7ef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
326B

MD5
83e07807fb7b0a1b21123465227dc7f2

SHA1
ed1f08f24e738e64d4c36333ae92d10e97ea1530

SHA256
80d6703ed35ace0b81a577cd447023248592a58d607d30190d6835e7e397c7e9

SHA512
7e21d797949a9e2b6127f5cf7beb356ba7cd32a9037a1fc402fc808a829cf5b9f736a6d027d4de1a53032297054654605a5d705418803e131d8e0b22c7b5a36b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
539B

MD5
045ddda33cf3a1a53a577490624535e9

SHA1
476dd58a5ce04e42795bacb4ad3920aca450ded6

SHA256
2d2ad1c6e0bef89e23132b9d1cc365a2f7e90ba49590347b9834b5ab410885fb

SHA512
10edb5d4fb1fa47ff1e702aa09cfc10cd836af442a5e79c29eb04ebd0110602cae9ae54c210af58ff437821198afcbf0e4773a888311dc3c9cdf61a06b246018

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
158566399a20dd7839e612e901524e4e

SHA1
c8fe0a674afa16e8d02061ef080ff6025a32224f

SHA256
0c082b7086f530a02f49559ba9fdb0b1b1cdcc9083875c8a5f744cf3c509aaec

SHA512
74037657868b03391027da7928483da7ce7b3efc0ba9a261827329e0e8a4384fffee12370c1c4aa64dd6aacb12303de77590addd2506db0b8c4ec791c5915a5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
0debeac33f033badc0807826f24c6489

SHA1
7de3afdc5e4295598c416983442c76fbceaa198b

SHA256
e5e0d5c6cdeb642d8ac0f013c90c8c9d04be8b66186bd1a7167e6a65cef88077

SHA512
11003df052166114ff6dc35b59b5a643cb602a61f432f655d64b84780e7046518ce2a97e287c1e5f510e1b440d38faf4c5c4f2e30e823242ad814224dc47d8af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
3f43725020977cad182fd733fb838818

SHA1
081ba1de0439984c4e24f21295f82f7eab0b1d35

SHA256
8fa4958fc0362cdc93515cc08cfb7c7addc7d761a85c784a1315851a872dcaa5

SHA512
9a429c988c11693adf905926f4c03e58a446e91d0254111f1d115fed878e1e185f946422ac2bb19afa094a19d63bf98ce7e14ad09624afd5aa9b6e7dbf28ed51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
9d2a3eb06d10b8b3c1ca4817e8cb8fc3

SHA1
023c3ca6b3bfe46a3971d89281b0d5a83cf1ff5e

SHA256
95425e8e739828f427381f658c3e56ccaf5323f759feef88375af5d36082403e

SHA512
579e98e8b5949f9d229a49036acffece762603e55562e1f1c51862236526716cf9d71155c58f9ca82bc86c562accad2d88c32ee01ad619ff51d8beb477dbb3fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
e1d6186814f696ab28a6e0e9952e8636

SHA1
085f4e2088ee03b73a5a7430679fe7cb1db09565

SHA256
b28853f4dc7341835b74faa8c34081de2e1305cdcc0f9a2661626c2297812ba5

SHA512
253c10dda8ab41d9231097a45f73896dd20eefa79ac801cd58df4a196bd9766fc996091d097db1a2b0537ddf95763351426edca89896948b4f5b91ea8b987ffe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
c62a6f99e9d35ef1f338effaf217099c

SHA1
aa4434e9a38ca85908959ff66cdbd17f03a5ec3d

SHA256
9b02e44f49cefad5b2992472b838047520e051cf8fe23e91c40565e2c5d663e4

SHA512
ddd1f13b351f1632e59fb9feb6c1ebd68392b4e323c9338c0f3d1e4d5dfe473a19e3ddb3c57beadd68d64ad9a19f3c0aa434a10cf873004609c6372f3407bcaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
a5620bc1af6673d6375a5e7060303ed9

SHA1
d7e3ebc3e3abefc6de9d6317f6c012f88b76e937

SHA256
be77ed5bd0439378524cb58f4c004662a9c5df06c7968ceee97edcca3ea964f4

SHA512
cf19275e6edcc149e31c52bd2a768b32c2b6af0acfa6b0c5f464ff1636d2af83ddda7bcd22d60563a4885565dc1cf48ed2680bbf02f5c5e4fcf69f23e8d037a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f68e418b6a6098a12ee8aacead243c7f

SHA1
0985e5b38ded8c84982223b32a370081ce67e884

SHA256
92f515cf3ba29280df6e2b861f8ef619f55c34172f36459d883dec4f8910ba17

SHA512
9b165ed7048d506e8a6f9ee80a191847577cb0adfae049d76f004e29460e7af9eeaf5319b32f1fe33868779d097db87ff1fe79b48a1f30c59eb7e8a1688b9a7b

Download Submit
C:\Users\Admin\Downloads\twitchviewerbot__Application_65e1f65e683ed.zip
Filesize
22.9MB

MD5
082b106161a8dc4aeaf47c44cd5d05d2

SHA1
26fcaf21a0ac4224a6f68f3743c104223335cb47

SHA256
eb789a76b14c5a429944cd1863c5f3b2451557a27af41c9ef0f216751a6c1691

SHA512
990ddebcb731ba9bbe2f20e9772cca794ca6c1836feaa45dfc6f7e6f8bbf1154679c0e874e7977bdbe1ebf2e43168f79e8cd7c09eed449e47741aef711c8926c

Download Submit
C:\Users\Admin\Downloads\twitchviewerbot__Application_65e1f65e683ed.zip:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\twitchviewerbot__Application_65e1f65e683ed\License\INSTRUCTION.html
Filesize
4KB

MD5
b0e1a89f526686c61c41355a30092e13

SHA1
7fdca917d70a20c3e5d3cffe14c8d45be112e19d

SHA256
eda941b8de3d4ea77ac0137d63b5c71aa0847a6eab170bf661cd19d71442212a

SHA512
acb38e40eea7d052a8b2d3bbb4fbdd3a758255f03d4974d792eeedc881c4d7c3856d3fbc8b80baa490ccdb4ed8c91a719b1f3073e6db2e2e3cfe4315dce0b250

Download Submit
C:\Users\Admin\Downloads\twitchviewerbot__Application_65e1f65e683ed\License\data\data.dat
Filesize
1.2MB

MD5
49ccee5bc322b61389bfc422fe796a44

SHA1
e2807eb3a21131a6e78955480b3d1ab714045b70

SHA256
2ecc1ada20965a4990f6337b2f43a0624723f7ccdce7aa69478cbe226fc469fd

SHA512
065b1948d6dce19569ad24a198ce06748522d55dade289d8fdb5ad4eaaf15757d8edaba17d3f192fbeb232304ab713bdedbfd44a7299d87f15ec29ef790f8ecc

Download Submit
C:\Users\Admin\Downloads\twitchviewerbot__Application_65e1f65e683ed\License\data\img\1.png
Filesize
114KB

MD5
89a33d88e2aa6a46fa4f0b7b683241e1

SHA1
b62c580644a42338302b34612e01090f0a45fa51

SHA256
a493f8b980d4e09ce1cd4e3ce156ab20d40c2ef11fa497300b76fbec2aaa73f9

SHA512
83848e65f6061b382906ba455d23054862a22d29204e5b106849537514b60d2f5222720efd8d4e7705dbf07125e1fc53cc7c3dc085414083404c546c355e4c49

Download Submit
C:\Users\Admin\Downloads\twitchviewerbot__Application_65e1f65e683ed\License\data\img\2.png
Filesize
114KB

MD5
0870c1db5e925505aa2797b5ad07a6b5

SHA1
4c579d7a0fd635199211ffce53d2e20b3fb8c283

SHA256
0f83d55e6867da94a7506ac3d2542cea30f96dc51647fe2d6639a6a1fe0dcfb4

SHA512
df23bb4ac3f6f42a530d6dd177b5d98aebd8e882f0ec513660e8ff706774260d7619fc885861311eda28d8108a44139accd0c2ff598fded090a10830d0e91a96

Download Submit
C:\Users\Admin\Downloads\twitchviewerbot__Application_65e1f65e683ed\License\data\img\3.png
Filesize
113KB

MD5
6a763d41c5992c965bf373204e61c133

SHA1
65dec8d0a7f966cb74a1b9a2c0cd774fa367cfea

SHA256
ae5ce85a742481df2a84d94c1bdcc74046a9ca395ac2d01f905afff7843d6131

SHA512
7a29d92cb621a5f9d71dd9167fff7a7610e62aa08b60d18e7f84799f05a7f3d386090f41abf6ca1ecc52ca1f4300ea348ac92aeb412e36c48063b93ad403aac9

Download Submit
C:\Users\Admin\Downloads\twitchviewerbot__Application_65e1f65e683ed\License\data\img\4.png
Filesize
69KB

MD5
bdc950c8611a6bc19ac75c5b1712f103

SHA1
3e23ca79264af842eb93253b6623b7f9d6b38c62

SHA256
883e7ea2d1b2e1bb2436b198777854d4b060ada02965002ebd61a77c590d94a6

SHA512
20636a91708a78ab37b5a47687863662fa7ebd411cf44d98a1780798d0b30e39cbf7953c4d18105579ede1bd4ce25774a13da08909500946bf7d9add8813d0ee

Download Submit
C:\Users\Admin\Downloads\twitchviewerbot__Application_65e1f65e683ed\License\data\img\5.png
Filesize
1KB

MD5
8b20bd00fdebffb9e0adde12c7c73ded

SHA1
85b43dca0348c9fc29f13f93474ff7b65a8b32ac

SHA256
24e9722b2e370cb11615aa1bc8d4576a2bb738442d5e9fb264e5a54b74ac292f

SHA512
d2e9c499c19ffe610e78911cff84584b0df74b75ceb89b4ce4c6f8bdd1b5869d185ab5ffcf212cbe1f628f7ba3e83911776d9bbe35c36a12301b11766b131164

Download Submit
C:\Users\Admin\Downloads\twitchviewerbot__Application_65e1f65e683ed\License\data\img\6.png
Filesize
27KB

MD5
7766360527c4e1dec139797a33e1e274

SHA1
e89ce902ec3f24d30f041058abb149afb3ae607f

SHA256
f681226c609dba73ec92e93b28109ab5b8417785c68b1cfddaa53f3e2915f358

SHA512
0d05727f4341ef0e097fbdefb7bf812bda3820977784b308ecb7ec0800be191c5df449bf858a08dea33dfbbd1f8cfcdb3f8152927ccbfb9b7b5772e2ac6cfb11

Download Submit
C:\Users\Admin\Downloads\twitchviewerbot__Application_65e1f65e683ed\License\data\img\7.png
Filesize
31KB

MD5
58bf9a342aef1fb74fc91d91b7334432

SHA1
1553492f93c54c63843cd79146b1dda587bb2612

SHA256
d1d3c6254d8e0f2f23a167c26d72599c574216fa0439ccea2e3790939df4647a

SHA512
7d855445fb3f4991c374970b61fc65a320e21fa216d3c966df98400f6a0a5999c413c78a8da5b5315f1697f4eff927369243d153202127bf05362171bf04716a

Download Submit
C:\Users\Admin\Downloads\twitchviewerbot__Application_65e1f65e683ed\License\data\program.PNG
Filesize
696KB

MD5
a3d4494188555fd642820346806fd1d8

SHA1
53a37fb21d1fdc91cdea14721eeecac83cc2825c

SHA256
ace20dad2b8ef82a5f8674afc8e9ca05f5f3f63efc798d66b43eb7124dc802ca

SHA512
a4265bf8fb50fbdb1b13b3d03126b2ec354cbd4c0ee9baa51911700e1be73753f549b1a8cdace269b674afaab04b03f545a2a383f3fd8a0b7898b8498a4a25e4

Download Submit
C:\Users\Admin\Downloads\twitchviewerbot__Application_65e1f65e683ed\License\lic.exe
Filesize
3.9MB

MD5
1e2d2f3f618279ed722045f6342793f6

SHA1
4b80a65885b4eb69fd6e240db592a8da8d7ad334

SHA256
400a80b5166f7ad96f834fecea54ba07244ef90a40a9878ecf843c3e140f304c

SHA512
dcec0fc10ba64fa47ea005fd9edc4b0396d613daba5723054e960766a3fa87b4dab06c522b200ab13dc135006f3f7adbb44c43c93fa9f0b2564c6d034dd41143

Download Submit
C:\Users\Admin\Downloads\twitchviewerbot__Application_65e1f65e683ed\License\software installer.exe
Filesize
5.1MB

MD5
5d2e81861ea7ad396260f75c09cb925a

SHA1
5bfedd82a703da06e97b254bb0cc9d493ef1508b

SHA256
6b17fa15720fe0bd7187a25f9f7fad3b0155d74a54eea65b440e44ec56090e5f

SHA512
2bf49d8300eed3dee3ab5c37d367b47cab1fad376d30b60b9884f87974808675c9f127febb8a922d0ba882356031dc6737f62b0b903d12e1d128b239e2fe137a

Download Submit
C:\Users\Admin\Downloads\twitchviewerbot__Application_65e1f65e683ed\License\software installer.exe
Filesize
4.0MB

MD5
0a5330f7f752b12233b25a49870b9cd2

SHA1
fc099fe86d0758a80262f89fb23f952d2c75ebf6

SHA256
1bc484970edd8a801a2509873fc22a8f07297daddc98ab4f59cd73f79cd7d3c6

SHA512
f1f9fe4823c4fb494ebfca43a8b0313150d55e9e7305196779e2706dca0699c29d1c30ed7d1ea5d476c29e360a07c57f27b47df3fcf36707af21590d5555307b

Download Submit
C:\Users\Admin\Downloads\twitchviewerbot__Application_65e1f65e683ed\License\software installer.exe
Filesize
3.3MB

MD5
01c2336401560785addc584b8ba1cc5e

SHA1
1cd7f8fd2109b5b8385e0b7583e2601abd45a7de

SHA256
72b6d577430d30cf547374f53c006685a0bf17c330b0724610c1585fe89ed769

SHA512
d1ac4336c149f89b707817f4d4da4d1eabe9f8714fe34402a2f2c7a7f57e10f1d081a9ed7af4801f2dadb69ed52d20ec2f4b82c87f9e9816397ddbb19d4b1d2c

Download Submit
\??\pipe\LOCAL\crashpad_4084_OXLVEKKUZFKCMIWM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1952-491-0x00000000027C0000-0x00000000027C1000-memory.dmp

Filesize
4KB

Download
memory/1952-402-0x0000000000400000-0x00000000007FB000-memory.dmp

Filesize
4.0MB

Download
memory/1952-377-0x0000000000400000-0x00000000007FB000-memory.dmp

Filesize
4.0MB

Download
memory/1952-376-0x0000000000400000-0x00000000007FB000-memory.dmp

Filesize
4.0MB

Download
memory/1952-333-0x00000000027C0000-0x00000000027C1000-memory.dmp

Filesize
4KB

Download
memory/1952-695-0x0000000000400000-0x00000000007FB000-memory.dmp

Filesize
4.0MB

Download
memory/1976-715-0x0000000000400000-0x000000000063B000-memory.dmp

Filesize
2.2MB

Download
memory/2220-414-0x00000000027B0000-0x00000000047B0000-memory.dmp

Filesize
32.0MB

Download
memory/2220-401-0x00000000001F0000-0x000000000025C000-memory.dmp

Filesize
432KB

Download
memory/2220-403-0x0000000073820000-0x0000000073FD1000-memory.dmp

Filesize
7.7MB

Download
memory/2220-404-0x0000000004E50000-0x0000000004E60000-memory.dmp

Filesize
64KB

Download
memory/2220-413-0x0000000073820000-0x0000000073FD1000-memory.dmp

Filesize
7.7MB

Download
memory/2220-696-0x00000000027B0000-0x00000000047B0000-memory.dmp

Filesize
32.0MB

Download
memory/2508-488-0x0000000000400000-0x000000000063B000-memory.dmp

Filesize
2.2MB

Download
memory/2508-408-0x0000000000400000-0x000000000063B000-memory.dmp

Filesize
2.2MB

Download
memory/2508-411-0x0000000000400000-0x000000000063B000-memory.dmp

Filesize
2.2MB

Download
memory/2508-415-0x0000000000400000-0x000000000063B000-memory.dmp

Filesize
2.2MB

Download
memory/2508-416-0x0000000061E00000-0x0000000061EF3000-memory.dmp

Filesize
972KB

Download
memory/2748-407-0x0000000000780000-0x0000000001049000-memory.dmp

Filesize
8.8MB

Download
memory/2748-489-0x0000000003010000-0x0000000003011000-memory.dmp

Filesize
4KB

Download
memory/2748-490-0x0000000000780000-0x0000000001049000-memory.dmp

Filesize
8.8MB

Download
memory/2748-330-0x0000000003010000-0x0000000003011000-memory.dmp

Filesize
4KB

Download
memory/2748-497-0x0000000000780000-0x0000000001049000-memory.dmp

Filesize
8.8MB

Download
memory/2748-365-0x0000000000780000-0x0000000001049000-memory.dmp

Filesize
8.8MB

Download
memory/2748-400-0x0000000000780000-0x0000000001049000-memory.dmp

Filesize
8.8MB

Download
memory/3196-712-0x0000000073810000-0x0000000073FC1000-memory.dmp

Filesize
7.7MB

Download
memory/3196-700-0x00000000050A0000-0x00000000050B0000-memory.dmp

Filesize
64KB

Download
memory/3196-699-0x0000000073810000-0x0000000073FC1000-memory.dmp

Filesize
7.7MB

Download
memory/4956-717-0x0000000074460000-0x0000000074473000-memory.dmp

Filesize
76KB

Download
memory/4956-711-0x0000000074600000-0x0000000074624000-memory.dmp

Filesize
144KB

Download
memory/4956-719-0x0000000000780000-0x0000000001049000-memory.dmp

Filesize
8.8MB

Download
memory/4956-704-0x0000000000780000-0x0000000001049000-memory.dmp

Filesize
8.8MB

Download
memory/4956-735-0x0000000000780000-0x0000000001049000-memory.dmp

Filesize
8.8MB

Download
memory/4956-764-0x0000000074460000-0x0000000074473000-memory.dmp

Filesize
76KB

Download