hxxps://i[.]getspace[.]eu/cloud/s/tZKdnzKDa8SeCWC

Resubmissions

25-05-2024 14:55

240525-samjqagd2y 7

Analysis

max time kernel
225s
max time network
234s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
25-05-2024 14:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://i.getspace.eu/cloud/s/tZKdnzKDa8SeCWC

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 5 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral1/memory/1520-558-0x0000000000AE0000-0x0000000001D8A000-memory.dmp	net_reactor
behavioral1/memory/1520-626-0x0000000000AE0000-0x0000000001D8A000-memory.dmp	net_reactor
behavioral1/memory/3428-627-0x0000000000AE0000-0x0000000001D8A000-memory.dmp	net_reactor
behavioral1/memory/3428-628-0x0000000000AE0000-0x0000000001D8A000-memory.dmp	net_reactor
behavioral1/memory/3428-942-0x0000000000AE0000-0x0000000001D8A000-memory.dmp	net_reactor

Executes dropped EXE 4 IoCs

pid	Process
1520	dotNET_Reactor.exe
3428	dotNET_Reactor.exe
1684	REACTOR_HELP.exe
4276	REACTOR_HELP.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 14 IoCs

pid	Process
1520	dotNET_Reactor.exe
1520	dotNET_Reactor.exe
1520	dotNET_Reactor.exe
1520	dotNET_Reactor.exe
1520	dotNET_Reactor.exe
3428	dotNET_Reactor.exe
3428	dotNET_Reactor.exe
3428	dotNET_Reactor.exe
3428	dotNET_Reactor.exe
3428	dotNET_Reactor.exe
3428	dotNET_Reactor.exe
3428	dotNET_Reactor.exe
3428	dotNET_Reactor.exe
3428	dotNET_Reactor.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133611225735129479"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 36 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	dotNET_Reactor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	dotNET_Reactor.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	dotNET_Reactor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 00000000ffffffff	dotNET_Reactor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	dotNET_Reactor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	dotNET_Reactor.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	dotNET_Reactor.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	dotNET_Reactor.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	dotNET_Reactor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	dotNET_Reactor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	dotNET_Reactor.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings	dotNET_Reactor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	dotNET_Reactor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 8a00310000000000b95827771000444f544e45547e310000720009000400efbeb9582277b95827772e0000007aa902000000070000000000000000000000000000006d0bde0064006f0074004e00450054005f00520065006100630074006f007200280041007400200079006f007500720020006f0077006e0020007200690073006b002900000018000000	dotNET_Reactor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = ffffffff	dotNET_Reactor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	dotNET_Reactor.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	dotNET_Reactor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	dotNET_Reactor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\NodeSlot = "3"	dotNET_Reactor.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	dotNET_Reactor.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	dotNET_Reactor.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	dotNET_Reactor.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	dotNET_Reactor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	dotNET_Reactor.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	dotNET_Reactor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	dotNET_Reactor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	dotNET_Reactor.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	dotNET_Reactor.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	dotNET_Reactor.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0	dotNET_Reactor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	dotNET_Reactor.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	dotNET_Reactor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	dotNET_Reactor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	dotNET_Reactor.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\dotNET_Reactor(At your own risk).zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3724	chrome.exe
3724	chrome.exe
4472	chrome.exe
4472	chrome.exe
4500	msedge.exe
4500	msedge.exe
4376	msedge.exe
4376	msedge.exe
4992	msedge.exe
4992	msedge.exe
3240	identity_helper.exe
3240	identity_helper.exe
4976	msedge.exe
4976	msedge.exe
5068	msedge.exe
5068	msedge.exe
4464	identity_helper.exe
4464	identity_helper.exe
2936	msedge.exe
2936	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4376	msedge.exe
4376	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1520	dotNET_Reactor.exe
1520	dotNET_Reactor.exe
1520	dotNET_Reactor.exe
1520	dotNET_Reactor.exe
1520	dotNET_Reactor.exe
3428	dotNET_Reactor.exe
1304	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3724 wrote to memory of 5116	3724	chrome.exe	79
PID 3724 wrote to memory of 5116	3724	chrome.exe	79
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4796	3724	chrome.exe	81
PID 3724 wrote to memory of 4612	3724	chrome.exe	82
PID 3724 wrote to memory of 4612	3724	chrome.exe	82
PID 3724 wrote to memory of 3908	3724	chrome.exe	83
PID 3724 wrote to memory of 3908	3724	chrome.exe	83
PID 3724 wrote to memory of 3908	3724	chrome.exe	83
PID 3724 wrote to memory of 3908	3724	chrome.exe	83
PID 3724 wrote to memory of 3908	3724	chrome.exe	83
PID 3724 wrote to memory of 3908	3724	chrome.exe	83
PID 3724 wrote to memory of 3908	3724	chrome.exe	83
PID 3724 wrote to memory of 3908	3724	chrome.exe	83
PID 3724 wrote to memory of 3908	3724	chrome.exe	83
PID 3724 wrote to memory of 3908	3724	chrome.exe	83
PID 3724 wrote to memory of 3908	3724	chrome.exe	83
PID 3724 wrote to memory of 3908	3724	chrome.exe	83
PID 3724 wrote to memory of 3908	3724	chrome.exe	83
PID 3724 wrote to memory of 3908	3724	chrome.exe	83
PID 3724 wrote to memory of 3908	3724	chrome.exe	83
PID 3724 wrote to memory of 3908	3724	chrome.exe	83
PID 3724 wrote to memory of 3908	3724	chrome.exe	83
PID 3724 wrote to memory of 3908	3724	chrome.exe	83
PID 3724 wrote to memory of 3908	3724	chrome.exe	83
PID 3724 wrote to memory of 3908	3724	chrome.exe	83
PID 3724 wrote to memory of 3908	3724	chrome.exe	83
PID 3724 wrote to memory of 3908	3724	chrome.exe	83
PID 3724 wrote to memory of 3908	3724	chrome.exe	83
PID 3724 wrote to memory of 3908	3724	chrome.exe	83
PID 3724 wrote to memory of 3908	3724	chrome.exe	83
PID 3724 wrote to memory of 3908	3724	chrome.exe	83
PID 3724 wrote to memory of 3908	3724	chrome.exe	83
PID 3724 wrote to memory of 3908	3724	chrome.exe	83
PID 3724 wrote to memory of 3908	3724	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://i.getspace.eu/cloud/s/tZKdnzKDa8SeCWC
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0x88,0x10c,0x7ff85ebaab58,0x7ff85ebaab68,0x7ff85ebaab78
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1788,i,9695827364974774383,5031438868967602231,131072 /prefetch:2
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1788,i,9695827364974774383,5031438868967602231,131072 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2156 --field-trial-handle=1788,i,9695827364974774383,5031438868967602231,131072 /prefetch:8
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1788,i,9695827364974774383,5031438868967602231,131072 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1788,i,9695827364974774383,5031438868967602231,131072 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4940 --field-trial-handle=1788,i,9695827364974774383,5031438868967602231,131072 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4052 --field-trial-handle=1788,i,9695827364974774383,5031438868967602231,131072 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1788,i,9695827364974774383,5031438868967602231,131072 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3020 --field-trial-handle=1788,i,9695827364974774383,5031438868967602231,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2912

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4660

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff85ebaab58,0x7ff85ebaab68,0x7ff85ebaab78
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1512 --field-trial-handle=1708,i,11301403015620685851,11473021087363621258,131072 /prefetch:2
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1708,i,11301403015620685851,11473021087363621258,131072 /prefetch:8
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1708,i,11301403015620685851,11473021087363621258,131072 /prefetch:8
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3164 --field-trial-handle=1708,i,11301403015620685851,11473021087363621258,131072 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1708,i,11301403015620685851,11473021087363621258,131072 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4264 --field-trial-handle=1708,i,11301403015620685851,11473021087363621258,131072 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4396 --field-trial-handle=1708,i,11301403015620685851,11473021087363621258,131072 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4048 --field-trial-handle=1708,i,11301403015620685851,11473021087363621258,131072 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1708,i,11301403015620685851,11473021087363621258,131072 /prefetch:8
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4688 --field-trial-handle=1708,i,11301403015620685851,11473021087363621258,131072 /prefetch:8
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1708,i,11301403015620685851,11473021087363621258,131072 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4580 --field-trial-handle=1708,i,11301403015620685851,11473021087363621258,131072 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4248 --field-trial-handle=1708,i,11301403015620685851,11473021087363621258,131072 /prefetch:1
  2⤵
  PID:1008

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1052

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\dotNET_Reactor(At your own risk)\" -spe -an -ai#7zMap685:122:7zEvent10579
1⤵
PID:1584

C:\Users\Admin\Desktop\dotNET_Reactor(At your own risk)\dotNET_Reactor.exe
"C:\Users\Admin\Desktop\dotNET_Reactor(At your own risk)\dotNET_Reactor.exe"
1⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1520

C:\Users\Admin\Desktop\dotNET_Reactor(At your own risk)\dotNET_Reactor.exe
"C:\Users\Admin\Desktop\dotNET_Reactor(At your own risk)\dotNET_Reactor.exe"
1⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\dotNET_Reactor(At your own risk)\Help\License Agreement.html
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of SendNotifyMessage
  PID:4376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff867763cb8,0x7ff867763cc8,0x7ff867763cd8
    3⤵
    PID:2116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,15385983719089196868,14751081056676353118,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2
    3⤵
    PID:4260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,15385983719089196868,14751081056676353118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4500
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,15385983719089196868,14751081056676353118,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
    3⤵
    PID:2304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,15385983719089196868,14751081056676353118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
    3⤵
    PID:3464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,15385983719089196868,14751081056676353118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
    3⤵
    PID:568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,15385983719089196868,14751081056676353118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4080 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4992
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,15385983719089196868,14751081056676353118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3240
- C:\Users\Admin\Desktop\dotNET_Reactor(At your own risk)\Help\REACTOR_HELP.exe
  "C:\Users\Admin\Desktop\dotNET_Reactor(At your own risk)\Help\REACTOR_HELP.exe"
  2⤵
  - Executes dropped EXE
  PID:1684
- - C:\Users\Admin\AppData\Roaming\Eziriz\.NET Reactor\Help\1_0_0_38\REACTOR_HELP.exe
    "C:\Users\Admin\AppData\Roaming\Eziriz\.NET Reactor\Help\1_0_0_38\REACTOR_HELP.exe"
    3⤵
    - Executes dropped EXE
    PID:4276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://localhost:64591/help/
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of SendNotifyMessage
      PID:5068
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0x78,0x10c,0x7ff867763cb8,0x7ff867763cc8,0x7ff867763cd8
        5⤵
        
        PID:2460
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,14315479634117375823,5000717758687613266,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1996 /prefetch:2
        5⤵
        
        PID:5104
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,14315479634117375823,5000717758687613266,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4976
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,14315479634117375823,5000717758687613266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
        5⤵
        
        PID:460
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14315479634117375823,5000717758687613266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
        5⤵
        
        PID:2108
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14315479634117375823,5000717758687613266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
        5⤵
        
        PID:2604
    - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,14315479634117375823,5000717758687613266,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4464
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,14315479634117375823,5000717758687613266,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4268 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2936
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14315479634117375823,5000717758687613266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
        5⤵
        
        PID:1120
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14315479634117375823,5000717758687613266,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1
        5⤵
        
        PID:1960
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14315479634117375823,5000717758687613266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
        5⤵
        
        PID:3576
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14315479634117375823,5000717758687613266,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
        5⤵
        
        PID:1368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4792

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\92f1680b-8848-4936-912c-e335d921bc75.tmp

Filesize
130KB

MD5
731cfebe7a81e1bdb1babbc4f44b6ec9

SHA1
cb48b30114939d8564105bdfca14bb12a14b7a5a

SHA256
0a6b26ab1deae4a0af8f9425fe0c8b0e3b2e4ee2a8cc9e0e59fb3927953d825f

SHA512
695d77e296833e937f878ed99dc62ca188cfedd4b86bfcefd4b989284ecfdf811cf516ac6e4af3b21b20d2db722d673b0e32a060f8ff9aadeb9840e1706ea039

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
70d71a8e6de346273f661713fef08260

SHA1
77e16840ad31f349b12bd2ac26dab516df0d214e

SHA256
4ea985719d0c20e08ad74f0c00cbda357ee9809f332c3ffe6094829c698104ed

SHA512
e57c5c4697079476cbc0bbd7384cd778c9861917da2eaaee20f48355ff9b0568b949dcfb82948aca619867e3cc23cc40156f897a7bc539c7b6382a5e4419ebe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
0e500b41184247f63fdc486cf3ba9c5f

SHA1
d9a9352a07de5b59396d9a78ee862371a236ffc4

SHA256
8c3bf0ac6014506a97c365b97bc4ec4dbaa048deb77e7d35d2161b02bcfbcf38

SHA512
5c1a274362f9f51f6c51932b07c6a63deab81575c3a4103170fdc03142538bd8c4c562d086f4a8b27ca36e8134a83ec2ac37780da6410c586e66ea339221e5b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
0e3a10e647263626daf89b7a1580dbff

SHA1
fc4f9588783aac9408701d4aedaa1f76b9eba4ef

SHA256
4ef101320fc76f827622e74111117f92306fb072b2d84deab533979cf2655e31

SHA512
d97404c28bc05a80f8d6cf6a02a411a16002b210c2ad466c5aceb38a878df96778438b673a693ebfeb345ba994a8370cb7f9d4427abe1a1a29ee5b50f960a8d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
5c8f32ee32fba57de2748c75e107ba20

SHA1
efd4d7ca5d7fca139df5ed91221abf3b334b0fd5

SHA256
ac1d6e5472759cff6298d1021766849baac34e4a785faa61278248b194eef083

SHA512
7907d6bb3d023f33aecf43a1892e063d90af8cc7d62330707d9880429c5355bb7be40c7caab8cccdcc2339064ae1ad0c7e35d9c8f7eb43ef043c8a5d2f276242

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
0dd0a8ca79412f0d80c1dbd4c0b82a69

SHA1
434e72874fa5fe0cc54aa60694323105120e2cdd

SHA256
9e4358b391ffe3f15f133acbb53611d9c9b39357200d55cd7b52d0607f321092

SHA512
2932a4fc47cef1c604a89c5e55e2832f2a79ffca508fe35aeac44cb49b99dede2a37a82289cd22f357d8feb33fa02353b378c48e2b94a1372120aa31c7591698

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
18KB

MD5
a7fd7c1ef7ad81b3215608489fb40072

SHA1
b81c34712bb1b463b098e34048f375b16f06d67f

SHA256
13b5208b65ae94808b799af4f3066111acbd10f26d5e3ff55abe3daff60fba24

SHA512
1bdaa2f40b0be1c5762e9264ea1458a4db3cc842e4ff5e2a46ab9ec7d7177b90fe44a04e3261d1e3e64041bcc6b49602cc1059e8474c98e7fefe8c17cf3bf934

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
30KB

MD5
833ecd6f49e48fd1a18071b3767107c0

SHA1
c73e46a3be2743c7d76475a450d5e9570c68d8cd

SHA256
fe6ccefddd691e079bfe174a1944dd45ae6fefc65981568460d6a1bfb9579755

SHA512
cfccc4331fff0c13eab3a68e0d63233ddb98ac088f051ddf2af8d178df3b066a4438d4a8a8d6f7d288cfcdd6e5bd17b72e92655dca4c87aff7403c1b457729f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
18KB

MD5
0a6991062d61235465ecc99878611022

SHA1
805cd1c103f32ddd928222e743e0ce9338e87b79

SHA256
d5543eaf6e71a728ff0fc71f0e4c3af674198488d7466b6c682543fac54925c6

SHA512
0b5a4110c7b8974c0fb525909c104254d4069ab64901bf37d554bab535d3ee44e05fa2fb3961cc788192d10442e170ebe69bc13b975bdf20158a70fdf8056221

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
27KB

MD5
60cbdb09f729cfab435514332f330e42

SHA1
675e97d259446c9248196abd94d4182c73a5e193

SHA256
3254372b750bac20464334005b7a9c534c55304debec4df9d377a0e39d5ec535

SHA512
4166dc783fe619cab5c6fa10fd55454671bfed53c558fc53e38dc07deaaa49b8687050a516b84599e2c914cbfd3d8799ba07f600669f7006e2ac206b891f3885

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
113KB

MD5
43c543e9ce43bc6b9779a338dba1d135

SHA1
865ac6a5f26c9acaeb317828b9084d00969636d5

SHA256
d842712cb861d575b59a28f876bc89d1dee62e62da7a240dd3a5ceb6506cbcb6

SHA512
0f053a65c756d663a92af8f9053d5ceb0ba93193d9ce70894cdb18d9276e6892e425ac9496c8dc7a567485fb30a9e6c4d2a2c09235975edf5a5808f1319988f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
282KB

MD5
aa55bd923075101eded98e95fbb9fe4d

SHA1
8e9c318ed05700c2e4c94f705bc10a5cf36e0001

SHA256
91c8cadd0063ff837babeb3ce4044f6d6d2a7232499278d035efb73f98daf764

SHA512
8c6200db0a98387af5f0610fd17191b21e8d81d8edad68c516e706b91f264fec596a05052573fdf86aebf3c6471e34fde12f0d125c6beb9d95087970642de321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
103KB

MD5
9fe018ffe7281ad7680de7a96b8093c2

SHA1
c985d342e13e7249354451e755172a428eb7a43b

SHA256
f5b07fbdfce4a9698d7f3c76bad8cd521c8285e123ff0ac33ebd08c30df7db71

SHA512
238b362f2a4d98746fbed1fb9e9db9eb10130ad37a793184ff91d3d3c2d5ad1ca8b13313b0ba8cbdf95759049d482bbb0b3cf58903bf50cc7723fe0e4d6dff3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
169KB

MD5
1bb42c5fa0935fdc816a12efd4e78b79

SHA1
f30717e103eacfea98e5d2733e132a0fc06eb0d4

SHA256
1913fcbd85d08de3a10f51bb4c1885e4239387fe194771305c8022f1108733dd

SHA512
c51274e59745a69b09a0c6a32959a4dd3a5c6696e55e16860bf28d5993dbd33ec70b54ffe2ae5f9bffe2a68bb68ec63ea0d6f032a2cfefffe2985deb0ecc5e38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
906KB

MD5
f71747dedc50264c5305035bcfbbf8ed

SHA1
7133c1ab7b36ed377f7f88b6d57d20d900dda17f

SHA256
3acfaf1d9f745bcec5f8162ad1dad411c3fa13b6f2e884a751ec5f45a120c7bc

SHA512
4814210e56f176e4dc2ef536e042ec60f0e8cac570b3b4da5d7f7090f7fddfafff9515eba479824ee09934fee5899e7f5bac41fe4e7d1bf91ac95ab57d17cd02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
778KB

MD5
1b65842249a3d21fcdcb953449381cb3

SHA1
01cdcf9c83e7c3e02903604dc58990d85c4854dc

SHA256
5d2538a0756a5843d2811be65771601a90bf84d0251da2996ba78af905c399ec

SHA512
1829ec10eb39f859a8ea565d03a15ccd8db8ebb74bf2e9ce70cb7ce61eb702127ac7dc627a5247e9066de674c83643b5993a7cbf72fbfc134b9f76bcb3748a7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
807KB

MD5
7511f392fe7e904b50f544e5ca437da7

SHA1
de58c537a2e4f5e809c307ef8f9c6f9269c5d101

SHA256
b8092b40c262e9af8e8b8e05bb50e1f02785736436c6c7f6ef03a8d899a90c52

SHA512
240160c08e31d3388ef14b695bdb61ad8fc9231a72c03a00e425f30fe35a13238374eb121f79b8352e536a83639d90ca72959a6fa00096f151315fc810d1fc46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
866KB

MD5
0d0bb6cffd7fbc4e0475bd339992b130

SHA1
d5a7324e40fce1bd4150ae10e9cf9ec2208ee173

SHA256
fcc5835cee4f74b9e39d1dfb4a7e6e337e6b8237bbac4bff809343be7b3e2d12

SHA512
a4435297ac7497e8ac5fbc8be0a390692b744eabecdcfd0275d4a37cd84dd7ccf16dbb12a654f94368a9905f23394b34ba3e3306d472cc30a4d8db16ed86c7a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
1.0MB

MD5
a26528c573c34fb2903056187f01cd25

SHA1
020b1160f5c60e11c0d9cd6f2360a36ded6b3106

SHA256
8fdb8e865c3e6f485a14f8d7f56fd1105709757459fb617bae71adb95a68a768

SHA512
e40efce44a99d7dc663a91953c856e30973e2a4c42195577b28a208f4288e74ab5d1703354f6509a1dedb3691bbc68574a4b8790b9bcd8fe2080ec1c98ebafb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
26KB

MD5
fef390851e3c9395080bae3dadf01fd6

SHA1
6ffb2f0dd4c5a03e4b0674b751e81699f45ce88a

SHA256
9c73dc52239681dff20b0b201a88ab2818185bc7482fe6c224ac1829f2e52eec

SHA512
7450bcfd101d95251879e2edd8b057a9487ac3b2a910fd0d2e5ff06fecb80286ba14516a4ba8372c56e1be32c021d9dfefe39e3f2c6886074f962d5eba4065e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
ecea48558109b69b26ab8fdd65bff9b6

SHA1
7c19a590a97af6521a972857e64060921a212030

SHA256
aef23834fa2742a004249cc47745fb32d4d3e8c70256ec6d47134a3a58773825

SHA512
94e6825eb47a8c92def25247a43a61d42668a3b0c40a9adfea3a18c652249914582668daaaf1304a44c6a9722e344c5c104320f3d56d5c6db95894c7af02f1a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
e4b82d2f8a73949278a47db9c518d9c9

SHA1
12a9f2ea8a8e48f3e5ed233c44ee5ba2796f4154

SHA256
932b69ca294fb2e7103ed321fa2919f381b82f70f3434a93ca161f2352bb463e

SHA512
cb8cce898488ab8eb9752dae1675419877e7c22d803e995e4cf00f58ef1cfdb91b8bed64ef5c70bd606c723bd180bb5a58fee1619378537c22f8a0ba684a8c89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
04e52d884438c2a043fa6b4c334f189a

SHA1
838439a6ce654ff45036537b9f0c8464be57080e

SHA256
06a65350872c89c94ea5589c07371ef88a75db8dd0d49ab66ce42b56c8b1b5d9

SHA512
a085563a6fc3af3c5e2f7c06a397ae59b71f4b64f14e1c653de1ad510a37b8aa87f4974534a56d34fff82d485c1b08c61191df870b9c0efe66ae79d5d88aa332

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
854c1e1b500c320615f50d80d1789906

SHA1
75bf02074af45610b798b03ecba7b3cf4467501a

SHA256
265e2bf09c957adb0fec53fee14e9d7b96792bd19190d40068be7b913bf8afca

SHA512
023a7a602d4863cca24c25dbe4350a6921956fde6f8c8ed7ede9c57d22e787676c908a68fef3e2d10ea103f38c75aa90a9d0c1c2d7421e399cc028a9ecf6ee00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
152KB

MD5
91b3afc3064830d014e2759c913f8562

SHA1
ca30780c739acb824f705678373517c755baf96f

SHA256
9fc4c222fd943c957b59fb61a7d41444869b359457e02346cf17b2677856edfb

SHA512
eb77cfd9a9df94549c175bd33b680cc30fc5cbc8c2cb2f0813ccbe8626f714eeb917221e66293b8f9f4fb317284538f44bba843fc0d28e7f22a3421e2a4919a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
226c36209fa503523d5f5a79cb139388

SHA1
e7a6f0468a2dbce278439fa7d36935f0b42a0af7

SHA256
8f00870fe07466b55fd388c2ebd01333c7dc6e38a176af36bd60a64831cc5169

SHA512
27e982538ead1fac86edf61394edf3696b14eaeecc5a219f4777d8dfcb133faef611fb797ed12c9e1f848090baac6c9fe6c7457c18f47e886be9f4b4280e3abf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
b3ae61420a27979cf7c4d8f1cd519bb3

SHA1
b8cee16c9535098917e8e467bc6355b2bb938ca3

SHA256
776768e053f2bae8938c97eddf574c17ff05dc65f281129e3a4a358c007ed356

SHA512
0f5108040480c9a6c3ffb97d152eb1f70f927931e7bfd914714cefe082ee29cbfed109c6329392bef6c1aa9d1baf1c71b3570d306a8f84bb0d1e198df320657d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f3a160068317f7cf2a4aa8297c778a57

SHA1
e2610b3a8af6a6d030d537e85949354a3c3ba104

SHA256
43d4b7e9f0d78fb2a34e49d7d41df1d89bd1d22874440c23e0f7462585b8a92a

SHA512
f1514a718682a785e282b493336d680744bc91735db8ebc80c17a8c277d8cfd59cdffd3fa138cd87d312309054940c0c5b2e38a8dadea851d79efac12f976b72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
34151c7b579e90a4beac9ec0c0184537

SHA1
1d3c985fee1794c32941255ba6178165d34c42ca

SHA256
14d2ae6ae09f2b9db44577b5256107f8a2d27a7c406f2cd7905ccc313ddfb79c

SHA512
8e1257b7e7f50f0102de45ddbcb452cd6900b49c0c345166fb3177a6ea44b8f6a24bd391aa231a77217f123e785ae2172e49d258109546b822d5cee07b74c1ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
2586631879f31995ee15b467e563373a

SHA1
68b8b2e2f6638075d5fba51b757e643203e23c2d

SHA256
176458118c4406672f49a7334bf8d76044285a39ea3f413949f9a20ec68b8294

SHA512
ed1ec5d2899a3c0c005401a997217a96dd7904b719227eb6fd50c59cadba8aa6daff0bf051645d5e383d3fdc531112c4823872a244601d4d1457d3113f1ba5ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG

Filesize
334B

MD5
c63e11f15498777755f1fbf4224a6507

SHA1
596c8c3d2cbcc015f93df1b0af0f8cb841584b81

SHA256
bf4ebc17d95e695ea1da0d5f6e45c2c947fe1a416bd81e4b1a2e685a26380d42

SHA512
7788dd382f6c8bd74153650146dc0ff60179d7e376aa27cbf2eb21f8d9d43f18283df2242fe4198a303ab6169659f041e6a26f88ed6e6bdbca149859df72f4cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2904e09eb3188516077999c599eca8f0

SHA1
713b1823b5c5b57f7500820f7dbdc3026ec20156

SHA256
63b521645d0acb0d73f9c9d99348d378e2bd40a08abe9f8b6fff5b75f324c024

SHA512
ea58cfa1b9349754e5b795e274fb04d80192370dce1d4385c351dd076cffa62515a1a6c1722938eaef77cd4bb871b3911f530ed35a271b81e0ab5c2f3ba12175

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
849db046305d313a746b4c9b0162682f

SHA1
b1ce924364f53b8fa43f1d0bbb9a0f74210742f6

SHA256
4d76f878e749cf39901218d85e11b7706b9109192b88aa111d0ad6a4e463344c

SHA512
5ab58853d39c48b6b03f1dcef5054316137ead92fe2ce69b88cb62a1c6e435a8eb816a201400af54f5e0c042151ec2082d234d83bff702268af5719f62199a8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a1b3ebf440a55dc37f0be76c2667ff15

SHA1
1f1bba5e3ac9ad824c4e4e74dd61e35d17825512

SHA256
fbeaef3d64fed512e6ad70e5ea8e19b68eea119809914413acd2d60d05050df4

SHA512
dea73131a2ee3549a03d05b9ba55432334abde0cf56eff29aac52b0b220d35dca184f35a6547e438502989e7d4836b4450c1e4cf5c952ce3fe4d4024b90eda92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f24ba632442368e510a0df30071d53c3

SHA1
f846d8165599b0279ab7cb81a34d94a338553907

SHA256
d3651b3176d630dca742e035225c9b59349df9fcf42d9e2ff51b782590dba22c

SHA512
b0ebbdcfd811b549b3e2fb4d1d64bcdc0527b80d9fb852308274f4dbf79d5b73dfc51c0244f5c54694f8d9525d2d6f6d2d56439f82bb9607aa56474c204f743e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a61d1da92feea68c1005c2eb3ebe532a

SHA1
0689154ec6938c68d9483cede4e82525070565f8

SHA256
66d06e706258022a038c6fa0c28b5e4822546968306b936be3905bedb49fd3e3

SHA512
0eadfbdc5025a27024274c7702c63802450cc4ce559f89ae610d3750bb6c178bca2dd1e3a19aad47ffde6e9981ad0837e0f1cc78bbe8cd089d46ab6902592ccd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
229173a78e1b030cbf7a63eb34536e24

SHA1
646c7d7767de4e32c24a3dbe6b16e295a5e62792

SHA256
b0319896c3b522c8c2c5174bf945cb967cbf47548ba0a4a0aaf659687bbd6049

SHA512
f83309a5456c53a2d41182e496e10bb439b7106d46e46c7422c6cb5742fbba6df82bf8891b961312d4c72931bac025a917da0869965c24b7abe6bb85316a041d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log

Filesize
2KB

MD5
bf1ef9ea55ae4d4c11db862adbb181e4

SHA1
a1a89e432e94a01585c6681d11d3c13ce8824369

SHA256
cf2f3a831929e3c93f5e980b102145785cef76dccf0c127fee9f3806d04a70a4

SHA512
ab9ff10fd328f7d8db5126985f2787fd99002ae471a33cce6feabe26f0bd3d5dddd337e8cea2769d6896a6ba3ccd0999ac25b3b346e13a9ae093a9afc7c41d32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
f805b0e3320ba8f8783e8e52f14dca76

SHA1
34eec331a90665c06a02b7b0d474884091dccd02

SHA256
09bd19b81113c28d28ea3413ac09157e09cb258423a49651b58e4578e513fec6

SHA512
b27dcec4b5733ba6b9a6d7b993c6d29280f49a1764c4f4fc9aa9f4e77a13e09c52c636e219fe1ec9ccbb9f13bc6c6889814b7cf2e1bc454acd12624b9a2ab1b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
410B

MD5
26f3743365dd211e4a07a937aeafcaa8

SHA1
b04cbb5206e9d63b84f33aa398a5313b44283275

SHA256
fe32bab921d1d1115a94b83f92224740147bd477a776021da8d7c8f91ef420c6

SHA512
58956169ca2fd5687f2e3e19bb8e7f1311505b2b898ea554f0163e44f2487223f2d80ea305984736feb2361bae547815532517fcb26854e3e7cc280676303226

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
f69fa7d70e2fc5681ce7583fc4b13d6f

SHA1
64e7cdd76df7b56293ec281ab99b0491bd866e19

SHA256
16ae691ea4a7ff9164645ec37a0fb9a1c9283c3ac98b97292ac42cb1644e636f

SHA512
75242782a5f4eda5cf9d5b146a3afb17050bd2747588e256209da4afdae13e4e32541f3b6415eba3da5b1c9186f41f947e85d64797abe1d1fb6c3beb76e546cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13361122575358197

Filesize
2KB

MD5
e1dfcaa74fa096afcb613910a89d0742

SHA1
ea36a31d8d32173e53353bc4777503e1172615fd

SHA256
6d98c38ef02d9e05ee5bc2ea865d4dfd57057208cef11daec173ee29bbfae870

SHA512
c0a5f830e3d303fab1f079f708cbe74d9a907a975bb2d953e2a25d8392cf5da3da4bbf76ed375b27fbd945260e57c6b21a2bc168844ade00b01734305469577c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
1a25a4eb3a878f50bbd1cb7c12e5255d

SHA1
e85260dcc798035335c684cfa344b5c385f64e4d

SHA256
d3934959631e23c20ddbbfe4ef9ef3957598d2d636943486d1a486aa4a4e525d

SHA512
5b5705af43b151f798fc2705d2f0c053888469d1f7afe6f9a21a6f0df3e52a25a632c134955bf27b7f9533b155a997211451a4e7dcaa52f49bb7a6b8d6bca769

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
15KB

MD5
b1bf3d61182e6445d106b40d0f37207a

SHA1
244becd1d92057fba0d71dbbefe40b56d0e9c9c1

SHA256
0be23f94017a11c814903bf7001e654f77623da7be76f1d626f153dca5672dad

SHA512
d72b1ac16fa534b7482f52f75ec5f327916b446f4ee5bdb32063945f284dec4ead1440e95bff786ff3c4c173642f0ae1e00478990ecf2dfb5372e9984372fab3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
fca8efc76f2369efcd500b47e56ba654

SHA1
c0df94f59aaea78fe9831a08c97051570bb2f3a7

SHA256
4600e5bbc60d8e9e3f453192bbefacc89d364cb60c3bad321508e1850265629e

SHA512
e29a3e5bdc5c23cc688f8ab9d74703e7ee539999c13d611cfcf61883399dd94781956772e0ce8377cefc277cb2bb6f82c3794c537601ee4a3cf8af76e6cac354

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
a588146d27ce5bdb4649f42387e1e26e

SHA1
2a0f08355aff2f2643235591ae5eb93d8f414dc6

SHA256
e23177ae6e8ec4eebb1adf53d924b87da51dc0b124dcd24b1bff3e0b31adb593

SHA512
d8e8a546a753cc51f8954205f948df39f2fad0282386c3b9450c9f951d9085ea52e64e3411e2677c5b660df7219f663017fa82a59545f00ee217845dc5e67b63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

Filesize
44KB

MD5
a120dd3117bee12ca71e1d4ba3d252e0

SHA1
949b68040e851cfb35e36a7d7c2ee41465f2fa70

SHA256
ad90d144e3809566f70bbdd5d17eb290d2d7bb3d2f84774c4ae77c6b1b4ff6bf

SHA512
346a8c72a647266057a13ba267be09f1cce939d190244a74c2d0b22658ddf3a7163bade52f9604a51a2849f34e3ad8a77e604f17a5d9e785a55d86715075417c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
8KB

MD5
bd896159c1fe8623b22831f435ccb93a

SHA1
eeeb6066ff346e60b6b11bb0810232ba1b713cfe

SHA256
56b9429f2cbdb45b3e1b4407592ea3b4f4afb8ae9707219b7839aafee111c31a

SHA512
d40285d6bcc57bd23e7fed0611d3606330d4231b1cb460aa78a41c8f5d9304a81941c11b3a53752d8c460bae92b50b8274c7100327588958f3002b88b420ef3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
5KB

MD5
5aaf8f1629f36da2c41a147136fed618

SHA1
2f0ee25ea2b9b0399de5ae74699262145110fd3b

SHA256
23b1a1bb304e09c16c51f4343682a09c53bafa07911008fc557b4962e4a114bd

SHA512
057e534f44d923911cfaaebb0e9e8388e10dfdc71c2fe880e9e4bded4a91640d8e212ed715edea8e399a1a3a4c26f3f1f6cdfab5125fe04917d8a0e312b92cda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
13a5494df93006807fe848fd3e7227bd

SHA1
7ec397fd378777c7f195b868113a98f77e69423b

SHA256
7f1bf06df9cd043e1ebd0bcd4f5480891a76bfabea4f64b3d46a5792f79b2f7f

SHA512
ed3ddff6dc80502895f1c99875f2b16e742a7dc3cb7dc867b3843fb8402d738a7a87e741b8faee1a557ce8c6c305489a69bcef8ca6851d9afe272a37f400c6cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
889B

MD5
04c03d8bec6f3d1b54bf8174f02797bd

SHA1
ad9f2eab894caadf24076d037643b60ccb495869

SHA256
1ba4bcec7057329b3635c4df49bbb85b1f3506056050f8cebc0347488ab5f7a2

SHA512
1d35089bd307286588614a53038bd6c7b5820d67f62dfbfa95c5402714f82641753609c46142e279eabf9d7338088ddd35a5cdc1c63703bda47fb34541e0d250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
ff9c7049602e783f2be2254751f481c7

SHA1
19fdca79bc7a26ed985f1bdc7149ea297959bf81

SHA256
a7f4452e4054deb3ec0fb2352dfc4484223c6dcd10d3817aca132d799c404eb2

SHA512
78add970e000de91a10d8fbc6f4faf98e6526f9554b805b3a3bf3769c630e086ab36be321bb13b6b06c453cfe3ebdf6e396e275247965b2667e7d498c64d1304

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
009b9a2ee7afbf6dd0b9617fc8f8ecba

SHA1
c97ed0652e731fc412e3b7bdfca2994b7cc206a7

SHA256
de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

SHA512
6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
755299742405f27472ba074eb062729c

SHA1
271620ba1f1fdbd964a45a0614eefb070c699ab2

SHA256
ca735f9ea066368844ca04a32f5d3303b294c87026cc5834e0111bf28410b749

SHA512
ace633924d85cbb2b8ed80a6da60efb24d101516f6ae387fa5a8a7fae37833e9ca5385ec1a9d5215c82993c1003eafea4200abf621aeafc2cb682b2e3bf050ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
fee4c4083717602d747b5f56114c61f1

SHA1
07882005b52e721fa3540be71e48f0f8420d1386

SHA256
5a2e4504012571ee610a454662539a0c88433e53e9bdfa7c6f04f48cb005c065

SHA512
aa0c3aaf37d82068d46d6bb1d41a8b1b75f708e057264b4a05a1d5e931cbc693bf5914ea295b1f7da3cf1435af2fa7e7c557ccae9a8a58890db22efebfb24c14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
02718349c501e6bcb88d03eb9643c8c1

SHA1
44100051cd2ab060e609ba5f1cfded813c094bda

SHA256
5a44df781788b013f52a8e100d45def2e7f76d3e38ab5f4e5bb89c69d9fec78e

SHA512
ca5924f6278989d3cb20910de60ff08f96fc7ed34286e144a5c05030c73157983c0b71a05fe7c5a2051fcf95bb0efe6f7f8a0c8968214d618fd02337cd8771e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
8de4879757506fd8b8972b5a8341c4bd

SHA1
baac9d562c6f21a7742c64dcdebc20d6f596a5e1

SHA256
79aeac3fbebadf0206baf920ab9d21327ae2647bbf546222697bb62b8ac6c164

SHA512
36de4c1bf2b4b99eff77d3d32b8baf4db66637750aacf12bdae8eda33a98e310d78c47fb1d473e2ac5380e5733398a0aeb6bfc3056a6f5a2a50b0b6f723cb09d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
0f684f4c97d9c0fa6c4d57f4e16a72c9

SHA1
e8350de84a06ca58c89fd00b4186c836fc5063ce

SHA256
b3cc7bbc4eb07e5fba7ca7e5ba692a0aa7e3a9ce006c05532470ff05c47165b2

SHA512
5dc43912ec4349d590bbb0371f22d004aec279c72ae98b5d685a33056e2570eb269c6d75beb689549980fe7d35b447cd3ac42acf012f8fe2151abb0138caf6d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0c5042350ee7871ccbfdc856bde96f3f

SHA1
90222f176bc96ec17d1bdad2d31bc994c000900c

SHA256
b8b1cb139d4d19a85adce0152fa3c4f6adfb73a322d7253820e848c6f82afc1b

SHA512
2efdb535fa6a06c4f9702b2129f2dd07c330e37fd10b492f2236007c660c1707773c22005d1e1fa580dbf633dc1a700ada3b7b611ef9accd9555a17a244f61ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e027def9b55f3d49cde9fb82beba238

SHA1
64baabd8454c210162cbc3a90d6a2daaf87d856a

SHA256
9816e980b04f1fe7efaa4b9c83ff6a0fdd485ee65a884c001b43a0cad7c39d83

SHA512
a315e1336c5ec70cbb002969e539068ba92f3ec681b6d863db95227fd1808a778fd994e2fb03f28f0e401677aa5f7c66813e315b6b99a5065384c49586f9782e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f5554d5ba2d32f3c2cd955915a6560d9

SHA1
f4ec8d111cca8147ea2acafc9801389e5a5c1cc3

SHA256
6741ba1d262edfbb6ef5e85317fc1032bb2b5ff81f6bfdef4f5d730a21663f21

SHA512
9ea2173a3c01eb58357680a35ce5281be06f98f33651143c2055e42d2c2012fce07e637957d17ce2854cc8a579cb68aaf1eff31519971a3da30fd8b56acc9db3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\00c99e62-6844-4a55-96bb-b86d84a75526.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
95f1cfa705fb01a3aa568eed87c7e67a

SHA1
0de525ba5fae1deb6544b616024368f1a39e6e65

SHA256
75a236306bffdd98f60afea891e04f037b4bb5cc8ab313e85e85c1d969b4ace4

SHA512
94e89325e52c21e35daf04c869794ff6f8c291dd14a15c3b29e57023cc5f984410b1db4b39def2743563163f1f31f92e5a5029577f37cc8df9df50bab015de7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1e181af5edf7677bede2e639479ddf25

SHA1
c6406112384e94bad61978013956b6c0a5cd89f6

SHA256
285611eeca3a26afd261b6cdb29148c5db461e04e43b6dab75936c2b40bbfc86

SHA512
07b104aeb52ce547d690c47f67b65cf270cc56b6aa3787cfe888c15fa8cca238c37fdee1fceaea21cf39543b60c8df7a7dd823c76000cf00ac62341a6c237a94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b349de1bb94cf34720654c2a142a8258

SHA1
6502aa5f4a75d1e11b6cebf06b6cb2ceb0d76669

SHA256
bdcb6ba390176087d8aa6305cc53d2e2f3ab4cff12b64999d2b81657b58b93a8

SHA512
abe69ba11dde5d5e8410b964290b4df7296ccb196758a8e7310dfa58c044e9a597030c376685d810dea02cd9b235b1c212a17ab1b4071feb8e2d5ce81215dcd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
823aab8f068e7ae531dadfcda37e718a

SHA1
4b2f08345bccc38950198d627269119be484073f

SHA256
534f6c1a29816e27d2f89b7e7035f083d2af2e193c98b96ca6df01068357749c

SHA512
c53035ebfb21137d66f8c4dc164d776f5abfb6a9ecf992a2261c5eb1d81fcd2a4e89c60ac142296035b5fb0ecb956d8f55b364792c767bfe97381d712ac32ede

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bf21df56b9238cbde3f1b77c1bd19b7a

SHA1
22aa8f0f0ba7a0456bcec520bf7d4ecbc9e01005

SHA256
e89f346a1b638891fd0fba2f738c69221a0922d8c18b308c3b9ccd43735903b4

SHA512
b4b8d09a742852c99696c1ea1432093b880532478ab6a3e1acde9efbe4816b23909761bc2b042d22238c14bcb8acb34cd9a8fa85c1ac6a5721093963810e5472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
636b1f5cdbb50f39dd65d848dc7b8e2a

SHA1
7846a0062da32d8b737b793fff5fb533992c3c2b

SHA256
ab3d0a6231bb1b9803708f6f2c7b402df15479e438d67b976dfc8edd12f7c6f9

SHA512
07e98041203eed6944b665c5450f4733071503f2d26736272bb92e5c19a91e83a860718c2a3f1d0bc5697664d5796f2ab75dff9f303492a07a678675a9c795b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
45c7821bd61d26af3dc1f4b62bf33a7e

SHA1
bc9584605ba404050d75ff513b05e326135dcc84

SHA256
5361144882c0b8102e3f1892ac7c3510c8a78f1bdecf6c140d951b352f207898

SHA512
64b9f601287e9afebcd3054e69b461568ace4c164b1c505bb18d78afb27071d66e9ea5edd77d9a94387e44a2899048b43d17ac0b56d12d4b078fef6cffe56fc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
17fd3b24ecddac061797017b9d1c503b

SHA1
4baf8399a5e77b66a957a618efcc22e993b5464d

SHA256
1cc79c8fa5ec03e489f994804775c02a53e5879c34381c2ec6704808eac25b3c

SHA512
074f82d86e8c25e4a430ebbda27c139abb87a3c1b313660a35d1cf8fd9ca02b7765c1ce8f1e06eaf0c5c77636a8a44037384cb57f28e389df27746edc086eacb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e33b33115b195dbb925b5dd96b640eb7

SHA1
2195b969603e11679e2bfe3fad7a4d8702b3189b

SHA256
566d828cb66a663c15762096902698d564b4dcb145311a22784dfbc7466deea0

SHA512
e4fffd8086ad670655cfd03cd694c54df16fefd7a9a4114768c2ee26ba657c2888d74390ebcd62e1523be1a6c86bdb6710f3d04517b0ca13380c00d7b1cc26bb

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
394f971f95da279c2ebf1a4113ce8426

SHA1
74f73a16920c5919ccb7788e3c2429c291da34d3

SHA256
5555d03ce11acdeae26b199b7bdf7220be2f8a4668800c29644740857576659f

SHA512
1ea93d43096e70a182b4a5011b20b2a0c3558b907039c8ead7c3f89cc360b8ee635789b15398ef42f6a0c74a98d9f070290d5e98f786017e4d6bc3e25a042f33

Download Submit
C:\Users\Admin\AppData\Roaming\Eziriz\.NET Reactor\Help\1_0_0_38\REACTOR_HELP.exe

Filesize
2.6MB

MD5
db1c91c8d1d7573371cac6a51bf3a1b9

SHA1
291fe96baeeca49fd4271f06b885477de284bf9c

SHA256
a3f0cebda251dcf4ccb5915d8ead90771f76e0df9fbb35193b74e4687852d473

SHA512
da066b919316ce98255562c41c4267dd3059695028d8c8b19ed1303a57b909efe0a333bb2d7a5020c5c0c88824e233242548d3673d7f8a01db11a393b92da3ca

Download Submit
C:\Users\Admin\AppData\Roaming\Eziriz\.NET Reactor\reactor.nrcfg

Filesize
130B

MD5
f6f470ab378c9af0cd72ee4d8f36f7a3

SHA1
095cefaa8a7d119fd0a28fe2b7dcbec5379d337b

SHA256
ac3608a4ba2947ef197bc12f6a6dda90e2351a6918524b0cf7b4926d47dcb36c

SHA512
f0d5841b6aa7cba57107432dde1fafb31e1bca327a0a6c57c6ab8a2d606f25019c8edf2a77fbbe435ccc3f61cf72cfd9bd438f82a7f66e381fdf6c9627f5c516

Download Submit
C:\Users\Admin\AppData\Roaming\Eziriz\.NET Reactor\reactor.nrcfg

Filesize
518B

MD5
f12f1e6d147b7520bb350ddd0fd95905

SHA1
69ab1e912d2475f1311226d34344062e42134ebc

SHA256
33e9d8ea0676f3fabd4b67e5a14c1cd172574cda800a5c059f1697a715aaabfb

SHA512
1f7e4ab84dedd52aff2a0a79cfb5350af70c71f7d80f0a7dc90bb9829327fdfa319b9a17678805e1ed1b611eeb9369d156f0a233e684224fc88c61359531eab4

Download Submit
C:\Users\Admin\Desktop\dotNET_Reactor(At your own risk)\VS08ReactorAddin_Secure\VS08ReactorAddin - Copy.dll

Filesize
133KB

MD5
b4c1e8023be1bd3af8425885ed5d02ce

SHA1
0d6e7eb3f8a6a442d7f7c030ddb0bdc5d907deed

SHA256
1952313f3a5c3b4e7a1269238dc070301c356bfb876471332d6439b6d3eefd12

SHA512
be0dec723b045afba3799435329b4c6dfa19997a4ba23725236f449990392f8531574eef1bf786bcf36777e7b72314d7210ed9e5508b114ae9a4112613436401

Download Submit
C:\Users\Admin\Desktop\dotNET_Reactor(At your own risk)\VS08ReactorAddin_Secure\VS08ReactorAddin - Copy.dll

Filesize
483KB

MD5
ea5ce37a3cefd31a2bce9064cb55bf25

SHA1
1efc4407acb8a06d595f7d94d444f03449407f99

SHA256
3380a71fdc07605c1e677c58899ee22507ee07ffd919d5fda0ff5047cb54ed87

SHA512
8648f0bf3a12f9f113e8d92bcac4ed14a3ca29b6e10f3ac9a3e05c2db5e5e7ba0cceca499c5b084368518e75904189ddc3af85d64392c1013c95a04bd055bbfd

Download Submit
C:\Users\Admin\Desktop\dotNET_Reactor(At your own risk)\VS08ReactorAddin_Secure\VS08ReactorAddin - Copy.dll

Filesize
485KB

MD5
4ce93f9b11ce504779bffdf22a508cf0

SHA1
372c4a8e9f3edf65d4482f57883d166975a8c8d0

SHA256
b3c03b447e9bc4f40c8fa442451f5ec0c499852468d75ee66a7fc7cb6649dbd9

SHA512
0e6669a819992552efbc024fc57a9eaab850b0803906fb1eec7ed725bf53d82da6dd867ae35646779562bceaa9cdf1c24e4a254f5f72715331050468408b24c0

Download Submit
C:\Users\Admin\Desktop\dotNET_Reactor(At your own risk)\VS08ReactorAddin_Secure\VS08ReactorAddin - Copy.dll

Filesize
488KB

MD5
8b47e1886755789b1fe511ddd19a96bf

SHA1
e88ad2049e08ac64f3a92af07b7284f82c3fca24

SHA256
c0535bab3e1ec3abc3a53fce9410358f5c6d11ae2b29cea79b7d360c623cb6a4

SHA512
f8b8dfe5abc88be1ed01cec02cd61ef7af596e7d14fc395ad294d8ddfc5c58ef08272bc8ddd3b8eefad262f3298dcc68ce2f02ee4b87230b26ae0c0e7f3af6c2

Download Submit
C:\Users\Admin\Downloads\dotNET_Reactor(At your own risk).zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/1520-558-0x0000000000AE0000-0x0000000001D8A000-memory.dmp

Filesize
18.7MB

Download
memory/1520-562-0x0000000006D80000-0x0000000006DE6000-memory.dmp

Filesize
408KB

Download
memory/1520-572-0x000000000BB10000-0x000000000BB1E000-memory.dmp

Filesize
56KB

Download
memory/1520-570-0x000000000B810000-0x000000000B818000-memory.dmp

Filesize
32KB

Download
memory/1520-595-0x0000000000AE0000-0x0000000001D8A000-memory.dmp

Filesize
18.7MB

Download
memory/1520-573-0x000000000C410000-0x000000000C450000-memory.dmp

Filesize
256KB

Download
memory/1520-563-0x0000000007AA0000-0x0000000007B32000-memory.dmp

Filesize
584KB

Download
memory/1520-571-0x000000000BB40000-0x000000000BB78000-memory.dmp

Filesize
224KB

Download
memory/1520-591-0x000000000CF40000-0x000000000CF4A000-memory.dmp

Filesize
40KB

Download
memory/1520-596-0x0000000006910000-0x0000000006916000-memory.dmp

Filesize
24KB

Download
memory/1520-557-0x0000000000AE0000-0x0000000001D8A000-memory.dmp

Filesize
18.7MB

Download
memory/1520-559-0x0000000007250000-0x00000000077F6000-memory.dmp

Filesize
5.6MB

Download
memory/1520-626-0x0000000000AE0000-0x0000000001D8A000-memory.dmp

Filesize
18.7MB

Download
memory/1684-753-0x00000000008A0000-0x0000000000B42000-memory.dmp

Filesize
2.6MB

Download
memory/3428-628-0x0000000000AE0000-0x0000000001D8A000-memory.dmp

Filesize
18.7MB

Download
memory/3428-627-0x0000000000AE0000-0x0000000001D8A000-memory.dmp

Filesize
18.7MB

Download
memory/3428-639-0x0000000006780000-0x0000000006786000-memory.dmp

Filesize
24KB

Download
memory/3428-677-0x0000000000AE0000-0x0000000001D8A000-memory.dmp

Filesize
18.7MB

Download
memory/3428-942-0x0000000000AE0000-0x0000000001D8A000-memory.dmp

Filesize
18.7MB

Download
memory/4276-765-0x0000000005220000-0x0000000005232000-memory.dmp

Filesize
72KB

Download