lumma | hxxps://github[.]com

max time kernel
643s
max time network
643s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08-06-2024 07:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

https://distincttangyflippan.shop/api

https://macabrecondfucews.shop/api

https://greentastellesqwm.shop/api

https://stickyyummyskiwffe.shop/api

https://sturdyregularrmsnhw.shop/api

https://lamentablegapingkwaq.shop/api

https://innerverdanytiresw.shop/api

https://standingcomperewhitwo.shop/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	Launcher.exe

Executes dropped EXE 5 IoCs

pid	Process
2352	Launcher.exe
2292	Launcher.exe
4180	Launcher.exe
2372	Launcher.exe
1080	Launcher.exe

Loads dropped DLL 16 IoCs

pid	Process
2352	Launcher.exe
3192	InstaIIer.exe
3192	InstaIIer.exe
3192	InstaIIer.exe
3192	InstaIIer.exe
3192	InstaIIer.exe
3192	InstaIIer.exe
3192	InstaIIer.exe
2292	Launcher.exe
4180	Launcher.exe
4180	Launcher.exe
4180	Launcher.exe
4180	Launcher.exe
4180	Launcher.exe
2372	Launcher.exe
1080	Launcher.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
86	discord.com
87	discord.com

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\devmgmt.msc	mmc.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2352 set thread context of 640	2352	Launcher.exe	130

Drops file in Windows directory 57 IoCs

description	ioc	Process
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\INF\c_camera.PNF	mmc.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_smrvolume.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe

Checks SCSI registry key(s) 3 TTPs 23 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
3904	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	control.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2804150937-2146708401-419095071-1000\{294E8C87-446A-4382-B20B-04CAFF847A41}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 34 IoCs

pid	Process
3444	msedge.exe
3444	msedge.exe
3404	msedge.exe
3404	msedge.exe
3864	identity_helper.exe
3864	identity_helper.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
2148	msedge.exe
2148	msedge.exe
2512	msedge.exe
2512	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
388	msedge.exe
388	msedge.exe
3192	InstaIIer.exe
3192	InstaIIer.exe
3904	tasklist.exe
3904	tasklist.exe
5236	msedge.exe
5236	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5432	mmc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4084	taskmgr.exe
Token: SeSystemProfilePrivilege	4084	taskmgr.exe
Token: SeCreateGlobalPrivilege	4084	taskmgr.exe
Token: 33	4084	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4084	taskmgr.exe
Token: SeRestorePrivilege	4360	7zG.exe
Token: 35	4360	7zG.exe
Token: SeSecurityPrivilege	4360	7zG.exe
Token: SeSecurityPrivilege	4360	7zG.exe
Token: SeDebugPrivilege	3904	tasklist.exe
Token: SeSecurityPrivilege	3192	InstaIIer.exe
Token: SeShutdownPrivilege	2292	Launcher.exe
Token: SeCreatePagefilePrivilege	2292	Launcher.exe
Token: SeShutdownPrivilege	2292	Launcher.exe
Token: SeCreatePagefilePrivilege	2292	Launcher.exe
Token: SeShutdownPrivilege	2292	Launcher.exe
Token: SeCreatePagefilePrivilege	2292	Launcher.exe
Token: SeShutdownPrivilege	2292	Launcher.exe
Token: SeCreatePagefilePrivilege	2292	Launcher.exe
Token: SeShutdownPrivilege	2292	Launcher.exe
Token: SeCreatePagefilePrivilege	2292	Launcher.exe
Token: SeShutdownPrivilege	2292	Launcher.exe
Token: SeCreatePagefilePrivilege	2292	Launcher.exe
Token: SeShutdownPrivilege	2292	Launcher.exe
Token: SeCreatePagefilePrivilege	2292	Launcher.exe
Token: SeShutdownPrivilege	2292	Launcher.exe
Token: SeCreatePagefilePrivilege	2292	Launcher.exe
Token: SeShutdownPrivilege	2292	Launcher.exe
Token: SeCreatePagefilePrivilege	2292	Launcher.exe
Token: SeShutdownPrivilege	2292	Launcher.exe
Token: SeCreatePagefilePrivilege	2292	Launcher.exe
Token: SeShutdownPrivilege	2292	Launcher.exe
Token: SeCreatePagefilePrivilege	2292	Launcher.exe
Token: SeShutdownPrivilege	2292	Launcher.exe
Token: SeCreatePagefilePrivilege	2292	Launcher.exe
Token: SeShutdownPrivilege	2292	Launcher.exe
Token: SeCreatePagefilePrivilege	2292	Launcher.exe
Token: SeShutdownPrivilege	2292	Launcher.exe
Token: SeCreatePagefilePrivilege	2292	Launcher.exe
Token: SeShutdownPrivilege	2292	Launcher.exe
Token: SeCreatePagefilePrivilege	2292	Launcher.exe
Token: SeShutdownPrivilege	2292	Launcher.exe
Token: SeCreatePagefilePrivilege	2292	Launcher.exe
Token: SeShutdownPrivilege	2292	Launcher.exe
Token: SeCreatePagefilePrivilege	2292	Launcher.exe
Token: SeShutdownPrivilege	2292	Launcher.exe
Token: SeCreatePagefilePrivilege	2292	Launcher.exe
Token: SeShutdownPrivilege	2292	Launcher.exe
Token: SeCreatePagefilePrivilege	2292	Launcher.exe
Token: SeShutdownPrivilege	2292	Launcher.exe
Token: SeCreatePagefilePrivilege	2292	Launcher.exe
Token: SeShutdownPrivilege	2292	Launcher.exe
Token: SeCreatePagefilePrivilege	2292	Launcher.exe
Token: SeShutdownPrivilege	2292	Launcher.exe
Token: SeCreatePagefilePrivilege	2292	Launcher.exe
Token: SeShutdownPrivilege	2292	Launcher.exe
Token: SeCreatePagefilePrivilege	2292	Launcher.exe
Token: SeShutdownPrivilege	2292	Launcher.exe
Token: SeCreatePagefilePrivilege	2292	Launcher.exe
Token: SeShutdownPrivilege	2292	Launcher.exe
Token: SeCreatePagefilePrivilege	2292	Launcher.exe
Token: SeShutdownPrivilege	2292	Launcher.exe
Token: SeCreatePagefilePrivilege	2292	Launcher.exe
Token: SeShutdownPrivilege	2292	Launcher.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
4084	taskmgr.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
5432	mmc.exe
5432	mmc.exe
5432	mmc.exe
5432	mmc.exe
5432	mmc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3404 wrote to memory of 2732	3404	msedge.exe	81
PID 3404 wrote to memory of 2732	3404	msedge.exe	81
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3104	3404	msedge.exe	82
PID 3404 wrote to memory of 3444	3404	msedge.exe	83
PID 3404 wrote to memory of 3444	3404	msedge.exe	83
PID 3404 wrote to memory of 4404	3404	msedge.exe	84
PID 3404 wrote to memory of 4404	3404	msedge.exe	84
PID 3404 wrote to memory of 4404	3404	msedge.exe	84
PID 3404 wrote to memory of 4404	3404	msedge.exe	84
PID 3404 wrote to memory of 4404	3404	msedge.exe	84
PID 3404 wrote to memory of 4404	3404	msedge.exe	84
PID 3404 wrote to memory of 4404	3404	msedge.exe	84
PID 3404 wrote to memory of 4404	3404	msedge.exe	84
PID 3404 wrote to memory of 4404	3404	msedge.exe	84
PID 3404 wrote to memory of 4404	3404	msedge.exe	84
PID 3404 wrote to memory of 4404	3404	msedge.exe	84
PID 3404 wrote to memory of 4404	3404	msedge.exe	84
PID 3404 wrote to memory of 4404	3404	msedge.exe	84
PID 3404 wrote to memory of 4404	3404	msedge.exe	84
PID 3404 wrote to memory of 4404	3404	msedge.exe	84
PID 3404 wrote to memory of 4404	3404	msedge.exe	84
PID 3404 wrote to memory of 4404	3404	msedge.exe	84
PID 3404 wrote to memory of 4404	3404	msedge.exe	84
PID 3404 wrote to memory of 4404	3404	msedge.exe	84
PID 3404 wrote to memory of 4404	3404	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e5e046f8,0x7ff9e5e04708,0x7ff9e5e04718
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6356 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1288 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3744 /prefetch:8
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16624412499654859195,9179371477210793927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:5864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4540

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4084

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4704

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap1315:94:7zEvent28683
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4360

C:\Users\Admin\Desktop\Launcher.exe
"C:\Users\Admin\Desktop\Launcher.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:2352
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  PID:640

C:\Users\Admin\Desktop\launcher\InstaIIer.exe
"C:\Users\Admin\Desktop\launcher\InstaIIer.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3192
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Launcher.exe" | %SYSTEMROOT%\System32\find.exe "Launcher.exe"
  2⤵
  PID:2740
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Launcher.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3904
- - C:\Windows\SysWOW64\find.exe
    C:\Windows\System32\find.exe "Launcher.exe"
    3⤵
    PID:1068

C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2292
- C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe
  "C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1768,i,2206491308409679753,4245654953730477543,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4180
- C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe
  "C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Launcher" --mojo-platform-channel-handle=2124 --field-trial-handle=1768,i,2206491308409679753,4245654953730477543,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2372
- C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe
  "C:\Users\Admin\AppData\Local\Programs\Launcher\Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Launcher" --app-path="C:\Users\Admin\AppData\Local\Programs\Launcher\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2416 --field-trial-handle=1768,i,2206491308409679753,4245654953730477543,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1080

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap25729:114:7zEvent10879
1⤵
PID:4092

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" /name Microsoft.DeviceManager
1⤵
- Modifies registry class
PID:2380
- C:\Windows\system32\mmc.exe
  "C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5432

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:5908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
44KB

MD5
387ffb4940d5cea54966cda07a2b82a5

SHA1
7d1a337be8558a8eb66ac5a9cce8c9d88ef6569d

SHA256
772b7c4a3c0100538ebc796f22138a55853ea0bfb4c97edec54fe777c6990060

SHA512
b5d0fba043bdb3b3ad63d1c6f9d18c00bbf91351df5dc62595bd87602d120032d8ecee65b2e91b6b6c1624bfa0a46d8c5e8ee5c8eedc3f445748b433457fb360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
48KB

MD5
47b6e3b9a667b9dbc766575634849645

SHA1
54c7e7189111bf33c933817d0a97cefe61fe9a6d

SHA256
302ed4f6c8ac4312d71205603c4c28dd2976fafe4c05533c0a08ab3bdb531aa3

SHA512
a12b74ff45f6f9e6abf459863c299e1fafe61dcf2bea8a7331ed9547de14ed29e2deba69b104c6960db93b458f83ba6a4ba454c5514105e7ffb96da96e26e612

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
20KB

MD5
357b4145c3264fe69f8c412e823adeed

SHA1
5fcaf1043bb72dbc719ce56a173b3da59db7ebc9

SHA256
4bf695f9d9be4d4e815594d2b7443042ec14e4dcbaa6d35031cc0420b8009410

SHA512
974c8b0220e6490324f5eda5590d4a895d7d67b87414ca1124dd01ac92e3bec033623bec67b4441fd6b69bb9034d4ee8210ee0f92fdf0a8efb6546e62ef8f7fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
21KB

MD5
7bd7558c173e95c0c5b265a10a26e801

SHA1
d2a3b46c9a43282a05af4704fefea1ae21dc3f8f

SHA256
48b9e792b3ddbf8ca6fce8f019ed63eca7c11f8bb5f91eb03a7bb9e79298d789

SHA512
721bf98cab1ff2206046c79de74bd7da001353213550ba35dd3bb683855fdcd0bb3808b4e7ec0e198743bf25ae7ab1bf3aa555b3003bccfac3d1ea6c7d240c27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
20KB

MD5
0f3de113dc536643a187f641efae47f4

SHA1
729e48891d13fb7581697f5fee8175f60519615e

SHA256
9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8

SHA512
8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
58KB

MD5
4b9d6adcec4cd72d94fa6875394d8167

SHA1
ea5ed417b6b5c61bf4181b28c0e2298039447adc

SHA256
1478f3842dec33cdf82627e9d06d468cbcd33d9af6c9309715012387a35cc606

SHA512
2be25e8df010b409ba6ec223530169b6502e95057da674e1456b870e5b42b63ad402def45c96bb982c9acc7202547cb3602f68920ee096db93e9f535efd53a03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
59KB

MD5
4bc7fdb1eed64d29f27a427feea007b5

SHA1
62b5f0e1731484517796e3d512c5529d0af2666b

SHA256
05282cd78e71a5d9d14cc9676e20900a1d802016b721a48febec7b64e63775f6

SHA512
9900aecac98f2ca3d642a153dd5a53131b23ceec71dd9d3c59e83db24796a0db854f49629449a5c9fe4b7ca3afcdd294086f6b1ba724955551b622bc50e3ba1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
130KB

MD5
b61b5eac4fb168036c99caf0190ec8d3

SHA1
8440a8168362eb742ea3f700bb2b79f7b0b17719

SHA256
3c495df6db16ed46f0f8a9aff100fa9b26e1434016c41b319f0c1009b7ab2e1f

SHA512
cbccd3aa5a1bdfddba5cc38956b5523a422a1151cdd0680336ab94f07aabecd1695062a0953c32c8209949ea6a4859c625c6deffe5108e8d5e48290017e51874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
22KB

MD5
9537ee99e702f4b498f7db1752c2bef1

SHA1
c8b74e2a05e98cb1dbd8aa2dad8d8ac9e65b85c9

SHA256
9b776ee3779dcae09f41fa4101b440d3ca3c9ecf8c439fb0d059f8abb7e006d8

SHA512
a29dbb72aed004652c5162278fbb320a4d62d399878a3bebc2b9d456bc2799a599ea2e956362cbde56f4365b93b275315d67dda3c43d06265c030c9208e068ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
19KB

MD5
1ec8fb7f6fd9050ab7c803cab2b0b48f

SHA1
6b831a02f8daed957b82c310cf867aa3e77b9816

SHA256
4345ede1557a49c9322e84fcfe2a20821e47003c2b3c214de6ba6d5d42bac73f

SHA512
d4ef769640f071121d07f8942533c7cfbaf4e4a29476d8977fb31d462e986246278fd599b2cb4344713f5ade2b89faed5c728093e31848c9e428601f0ea2f871

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
18KB

MD5
9df4b1790bd403fefb3e0c399256fbde

SHA1
67ceedb00af0dd8bf11a89f87a12a3c04c6cb735

SHA256
dcd287295062ade50409586db9ecbbe6de0d5cc1af7c10ad2a05b0dbd479e2b5

SHA512
09ea54b853f8bbc53046e3d59ec0fcd5503348c40908c9dc47e792207d732dd37cd7394eac559668c3781215aeb360ab16b473f00b328601d817393fb0517a46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
18KB

MD5
277fdee241a520433873c520e31bbc7c

SHA1
28ddf5b9f1353a3acc38a50d8461a791fdbabc4a

SHA256
743027653f691df64995ab146b00c862b25f3c0d97e90b25e0ba0060ead8df9a

SHA512
f2770681a541ee93d159c663a03f2421b5280f736256f44fb834fd165db9d8e0e1bee5eb484dbfedf4e324862322f0c462af0ab5b4389e366f3d716e2b1273d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1f2738d85934610ebd814aab055cfa07

SHA1
33795de4d54451ae72999bd8e23690596886156f

SHA256
35253e4e090c14653095bf6f4e9ea91f146a9e971f9f08a49332e10dcdeabdf0

SHA512
5f4cabb16a7f97fc013379d683e65cabe6a30591e46a0b148f5be836228716f19ee2769bbdfc916a092abe6ae300d287c7f4928be37c3c3085adf7b3f13e19b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
db7cb3e2f30e07c0b8aa0f3ef93cbe62

SHA1
957726e53ad7d23d595a5b84c2a952ef1ab8fb21

SHA256
7055d334864c64954654d6f1d0dc9204824fef5edba7d9354065d5e90f506632

SHA512
daf9c59781f26f21c31c562b0b515ec38d1e32908e13c9b39faa2330863c0ac2277f3a92f15987065fa20002034746963e77a22b1d27dcec1e73dec486f7626a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
96d42d98304269e47092ffd346febedc

SHA1
0a1f4482baa66278040c5491d57d5aa6491fbd7c

SHA256
a4ec54ddbe31a9d97c94d6d8bf0c2311dee8a9c632fb481c5a5620d6d08aba3b

SHA512
d14b6ac28b2c8c1bac0233e13e51d088a49832b007c1255849af9df269a85ecc39774b2223c25b34aa467b5facbe6fdcd052ba768c6228e21726eef6ef0aefc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f3bbd7fd9ee9fad7f4a45293c78acb19

SHA1
6171c81a2fa9e5110fc840950aa4bbe5288b8907

SHA256
48dfb938821cd8e8a21dba8d9ae86c9e054f4a75ad52810ada592bd0df21dc15

SHA512
72200d3115f78266c103271971532aa81c2406d9f919a9ecc1769dd00edb6342d1bdda2a5f2e71e10066b657546cd457f216079c47751a112f22155383e296e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
409B

MD5
19c290b347488e53b95ce3784454079f

SHA1
1555f572aca7019916950464f7d43f9b4168bacb

SHA256
ec5b7b06b05cd11383ecb8b8ca7d37ab608bc4756b02aece913d2d8f60c0e4c7

SHA512
0704088983a0121c7dc7be6167d5ca651d03ce73a521d8f4b1199c1378ebd3f2171837a55b1bdf1493faa8269c6c83cc7fa0b68313da245a08e282a2932b3f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
998B

MD5
f1b77bd336a5ad7c16b989def46e6d47

SHA1
c95cfcb6b3c33a96cb4b03acdca69c809687cc18

SHA256
c27cb28d3ea18b20dc50625371ed04539e5e4e227347b9faf0422db19423b7a2

SHA512
e8db5330d73273130ed950503353efec519896dd8120324de54c3b321c8ad6ca0cd51202404be178fff738d72611a4e0475bd1d0f3f5a8c39380348132defa75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f05498175399099ddaf3d094e43036f1

SHA1
43b94765d5616e042026871c6143cf6817dc20a7

SHA256
f80bebc7d7d63745038291ccfa24280cc7c8ea292d6c96ba2d3d570529c72f94

SHA512
ffaaba786a8895e868164595fde03941d7dcdf2273d549eb41a4ffcce5d97ff5005460f8c1a39a7dc219c861ceb2e1ab5627b331fe42507197affe50e51c115e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2e94e87b407e524278e087bdce0ed889

SHA1
fc89e4ccb9827b8c088544c4cc8b2dd47c30e00c

SHA256
3f7bde9b50401779c4c3e47f9245b1c5b67f9898a8d743a33bc99d12222c639c

SHA512
f01072ba7910d20095759fdaf554e750cc9a875ed2f824b419a34dc97c441c15594075c5f5561de7bbbe57ff579ef1024ef09ff2a188c6c242325a416eb43306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c76c2dac3a4ae8f5da29c4d5221b3d79

SHA1
93a76b7566da01362e2d95ee7c91b5a32a7bf296

SHA256
e0667140cdfb512b5742c53c292564fd984a6a887b079b04851fd9255d0bbcdc

SHA512
625ceffdb48cb77a3e2949e9c9941cf3680a77869fa574bc83948a39ccc9fb5819b9c82e4dea3b8cf45a5b46fceb51197b3cd20de7f7339ec4cf0801f7063f96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eebf3ff27de6e538f7af521fb13c2c67

SHA1
a2bab04dd7dc63483d0f9c94e71682589680481a

SHA256
f820612e9943c8dab603d8a757da66e1114f93406522e98bf700eccc149e5d7b

SHA512
e1e7798555ab5d4f44ef62ebade006a207cfbf5d0bed98f7f7bf468b2bfc37461753ce79642018820f9414d0e5915d7d80012af4261c4cf63bbf2b8c04a6b73a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5d4f5dce741d8c709e3c71d40965ba01

SHA1
a06e922823f0adfedef2cd1e7ba3bbde8392c56f

SHA256
cebfb3913cefb2733e3077dd1bf79362b160e7447f49efe321a451c775ddabaf

SHA512
fa209482646459d8800333fa2ca769c1bd28879614ee82cec276d2e23265af8dc2bef3308999f779885eea7a8e98e433f6d6a5633ad20a030d804b07d92ba6b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
06c5b8d1728e24e11dfb51c34d5e2ccd

SHA1
4d5d0f4f0997697812addf362d3106dfd1393a08

SHA256
f0b428dc075b69904c47680bd1c440341bd9a498d078bf22e4aed0441b6a59be

SHA512
53d799fd7d27517bf66d5b071bed1542b151bb6d097eff0fed867301d992bcd12403ab3cff716e72c8a8bf1c61a8f43162df84ec9a50328d950b3bc1b92bdbd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9b08a2cb24fd39a7bfd03bdfbbbedd27

SHA1
ab996c72225c203ce343e07b9b5f65e89a883620

SHA256
0289f1a42655e9c416fca211527e4861ad291b04fc73a1102b0a2c323a6fb678

SHA512
93143434901ed3bee1efc402b64b32e6bec3d2a911cb28fcdf42bdbf1cbf19f908f3eea7a5a3f1901981c1ff0737fb3835ff85b65155e1f483e02d7277df2f46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3a98d81842d0a4613404d1d706e58d03

SHA1
1028187adb183f65a4dffa4a327c92bfc627372a

SHA256
e5ecb2e5456c7402fcf0d81abd54f796fb951c1e6d50c2a7e9d361e223513635

SHA512
28a54ce97a11a1dc9e42a3752c911f5e14af2a173a646567134567ec1e86ba9fd169ffb1cf9d1d4a1efca00510759ba6a0c8e0bb346c898ecf68bf6da708dbd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a9b26f1ddaefcc49a401376398eca027

SHA1
98164d328203c4195dbd81c0997bf43787b2cbd3

SHA256
87c86051608d6f48bee0d968667182fa28da0ebf668a14b0bd36456266a58aae

SHA512
5af61031cac662873ee0ddc32a1033b8eaf75f29d566115719b06c2cb18254c215bcb708dfcbdc6d9b215aae3e117a6a140e128d48b08af111aa521ac6426e0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f0deb1c1987a1b3cd9e6573fcd4c2fa6

SHA1
8c829524539b6ff29e6322da9422553dca3925e3

SHA256
5e73268e4b2955c7ecf0566c37eb3111a772242c0caf23c6df9fc591cb07b610

SHA512
26ebe6e4f58155e0655bb86591ab52599f5da92598713b29c4369ba005d3395ff8214b10667ba6484098345f5a486fc9203071eab48f25e7afdf90ee7710298b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e814cd25ebf3d17515cd3e105216d3b7

SHA1
7e085f23fe2de5ee644fbe6a01fed22b35105f17

SHA256
89892ed8646d61d57b59f6c8db52415146b594e29cfe6a93c370e95786b11edc

SHA512
0e0aba9e094f1ebf01c10a8a823f52e19bb8aa7ec8828b157c952e1a0c0cfe516a2c483d26df65bbe63b35ce6d254a508b0cbf8aa8a2ece6c75fc105207bd313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6f274524d621ede7c8347e5a91a76ff2

SHA1
28ceade69b1aa93413aebcb40ea19e4f947d79c5

SHA256
c08d1d01035a9a8bd2269a626aa61b7e24927991a166d2a1213dd91c1acbf895

SHA512
bc0121c6a7347cec84cf957631678b4cb9cb50a42d0d734168d4e9b0695db8e685b1be5c9ca3eee5f120a7e2705bb5a3eca2723bfaca6367658d5b7c4c32ea17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3719283a990605e991883684adff4a79

SHA1
c1a5296634a638f0d1acb84fbe804010f3e406d1

SHA256
7850da6821bebdbfb86552e682ce265568a927eda0dbfe6e2b6c677d2039f2ac

SHA512
8a421547cb9032cd19709e68f292570e20cb6f9b4eae5e023c1f9db8d3651b801ce4751c4293317430181c1b750ec2373a2aea8ded85924ef065627f3daa0640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
825237916777c8a78097ffa28bddf12d

SHA1
6d7f82e0cf1b40b04d6da54589b6ab8aac12ad68

SHA256
f05b52528b4cb6d338f5c9ec8e7761ff04a321ca7dc6fce1c80fe18005a4b7f8

SHA512
c3611383c40223a4f7747d370806bb484eabed9baf6dfca604faad9cfe2242c23c43bda72051c080f433274c71e31dd6d4fac90d3631d2d212d41223e32a0e6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
3df7775741ccd4f0c227c06057dc9e51

SHA1
d1bf7783e814dd989267178df5ba8bdc8835023b

SHA256
07e19a7b74a8a452335b7ed6adbfb125ea89f01a3afd83bd7f99ad6f7d73b32f

SHA512
6e5ad3abbabec4e2aa7d10b9c17bb15ccb5b9d525cf96786a6cee02932cc35661a19c1a67fa2ae609757e28674443749f8dd8d03ed846ae2d2836682ded250e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
18936ec4cca20c08117705d8a08846d0

SHA1
23df7a9727e4ebaa018c12d7bd38d632b0a495dd

SHA256
605d9a8c4c1e4140ca73eabe2ab88c1daad87cef2f28c190f29bae990345c3bd

SHA512
c158d648310385c0d9ed53db17174ad8d020d07191e41b3c8525dd7c4d3a1ae0a1a5c742e9185690bce55c993cc30227e3535fdb11a95503fc8a9d9b367a88bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bae86e12686b1167c509898d02f948b9

SHA1
15ad4632e11443adbb99510afbc1bb678adb2ca9

SHA256
fc16cf8051668ef257a55f51d26fc2b9f3a2eea7cba42cd4215c592e7f0e7459

SHA512
b2c3183283c6d97653638543a547c7aeb9198cf97e09ee065a496d353d14e387668a46ba00dfe13cbe71037062d6446cb2f1e344cd8414b4f9ba2578fd398ab6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5dd4a84e64743016dad2d4fe4c927005

SHA1
4552abed96930b5ea7ae2a930847c532e6ff4a92

SHA256
889a038c98215da344bb8f88b0ef42b22e1b395e2ced6a85d48486f590b114ff

SHA512
36b5bfa2c5bd135746ff6bda72bbade941aae0cfb93ea4de979ead9cd0f74de85bcfbe5f4836d388f47976081f36b00717a1a9fb20c5facc5f3b0dd46c54fb7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5a87534661e40cb1abc1b4cfa7072650

SHA1
99399c57f4b8c593fdcf2c02793507478de9872f

SHA256
6017b1f0a26d5d9bca26b19294420a24bd6903122942d5936b1322b1edcc8914

SHA512
d7b7f2e7d869b9ac5fe9c1532027ffedea7572ec619e11363e37b13612243542f0441f0df480ea9be55ddcc7f30927bbd3b8a4ffc4287eaa5a9df3f08a210592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a5988545756da93a6018139b8f7ededf

SHA1
49670903025cdb410480d565c82eff56afb098a7

SHA256
b921c1358b9adf1d73bf2522ab1368ed4eb214ecf954a584bd4032d823a5a7e0

SHA512
e5c87c4b96f8aa028922f9c639181636848e06561045241a34689600cd2d0fa90e7c847df510dba68edcd08e4fb238146ab2d9b7b6b2f70564edbe2c9ab766e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a0c7999f4a23bc2016c3733a2f0b8c88

SHA1
f26e434fd8e6a9020a1de6d237b3fdfca3463b16

SHA256
ae0a55e6746a04d1728c4d920850cf5438b78ea3f97c6900bcc64103639fbfcb

SHA512
18c5e1d2fb6ec6a565a66a33e31530a0e66b62352da469ecd89596412f3b8c1d42db66d504bf4fd25059839aab1b040bf2fa1a3508f16e682e4f0073931db56a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
35cacc3622b3fe1f56e52e7b2115bd59

SHA1
6aa00ffb825a64fce9fc4110bd7a53961d8810fb

SHA256
bd5e30da4bb8ba8da7b8bccc9bdaa13427468eeaba1ae2551361bffa8a0424a1

SHA512
be90a3c89d30ea476eb3c639a1406c9475c3760ededec12f0e493f0db3c08bf32a009aee3f31ff0029e79155dfad9aac769e546138606e999b8a3565718c2ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
53133ed02f602fc58378400a585ac81f

SHA1
4f2052004ca129c860def99313c0fad7887a5d8f

SHA256
b9a4a1461963b1507d1002939598dd57153a692382d378221ab5d110a6c1ce5c

SHA512
8e9afc103bde0a1439407daaa0fe848ce44ce6a76eb78db7e30b468c50bfb28faca2486f6bcb4aedb3826634a934ef8804b703b2c1f180df5160ed265188602b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582362.TMP

Filesize
706B

MD5
0a078559cc8149591e9f8e9b40b49f23

SHA1
205d5545e22199dcf7503d5495a1ed8f41297fcf

SHA256
2736a20a0ef1433d48f4991f814bdcce47522cdef986b164c3fba5d438208d06

SHA512
78d1b6af0099f572e53080ecaceb7c06a5ea5cae1c15d542ca61d4d2cbf952f3dd154fc7a1f7e638701be4ea663fa5cba437f183822b8cc3306642f5be228853

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
404319316fd1f1c65b1e5de543f80918

SHA1
916c4dd55a943aa66f47d141ed0c625079f2e667

SHA256
205b67772cee6b63710ac869400e9b8e4af0c9c3a3aa6c5ee02082a159f2b03f

SHA512
bd4672ba2aca921967f628ce20be9227e8439817e8ff3d78ed34f35b404f0c52bfebd50068a7650350520dce7085b6f00ad57e4a737566e848472f99b1b1b662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c016aa02bac5d56e29caaa4d5814a5ba

SHA1
8a232cf4964dba36e0f84250fbe2b446e9fcd446

SHA256
e88bf3c376b81b18180e5a2a2175ab258cb7749bbde190210c14db5a35c2e70e

SHA512
f4c3e8a75e457cfeaab55eb1c429839ac2509ac4df4732df7656e68b70f28ba1927b89d2f3f6103c61fdb3ac066cb156f543ffe4bd7a470a68f7cbd1f8a7d091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
563478c76c277dadda18b55cc9f7d72a

SHA1
1c9ffd6034f1fb34a71e511a958e43bc8430afd1

SHA256
44018d6f8d8639a007d22e1e5ad0cb0600d3468bacbf015c61c3289ec821b6b6

SHA512
2f7c54ac9bb76a4f872344ff8cd79340f26b9f9a834e4f701df60750cfb9a7fd7767ba3d6f18546e5f6184e4b06c46dfdbaf0c0cb8db85885d3942e8060ac04f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c07a619a22837f10e7120139ed3e8c9b

SHA1
1652f4911db093a0de87b81f61c7a1adf6f6a544

SHA256
f5fea2a38f15e0299c7c713928755d8c329973acc5ed896869f807ed5466642c

SHA512
472ef154428d45bcd7206d345b41f181bdde67b5a6ed6e958e2b8c258fbe2eb7ee7f745809f94f78f1962966c52a121cc181df53d9a9eb3cb49231cc4a9d7ed4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8aab854f5e10d869786921bfb967573f

SHA1
06b3adcd227379683e1efe1e61c6f5a990a9947d

SHA256
c5fd74f162e040b8fb40eee893ed925cb8b77b17188ade0a1f3438b577c88672

SHA512
1394919e6ab985af8f9c0e2a4839bddbbdc140eff286e5250d1b81aecb9375511756c5ef467d02c061cd9853341dcf984e9ace0f782385127ba343f0c27a41dd

Download Submit
C:\Users\Admin\AppData\Local\Programs\Launcher\chrome_100_percent.pak

Filesize
126KB

MD5
d31f3439e2a3f7bee4ddd26f46a2b83f

SHA1
c5a26f86eb119ae364c5bf707bebed7e871fc214

SHA256
9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e

SHA512
aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\LICENSES.chromium.html

Filesize
6.5MB

MD5
d18c09a075cb6531d7ffd7c3da77bd4e

SHA1
571f29b6004007111782bf5727c4bc9510cca286

SHA256
86f5222580a4ab03dad8ea62e6cea22b23454dccf1c77e74ae0e0410a13b16fc

SHA512
091cd68e12633919fc6100b606f3002b16f4b9c7c6d7c820ff20e31a3b9ea690c8a1fc90529ff3e5c21e8d778e254743a8708049830c3bb046eda8f2653000b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\chrome_200_percent.pak

Filesize
175KB

MD5
5604b67e3f03ab2741f910a250c91137

SHA1
a4bb15ac7914c22575f1051a29c448f215fe027f

SHA256
1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c

SHA512
5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\ffmpeg.dll

Filesize
2.6MB

MD5
e3ab6f226a9189a456d53dd700f5d503

SHA1
0d3f467e9f36a404eb10b318c758edaf02305e26

SHA256
16070fc0fc3ae0d3d5872e5bd2194d883a1d91cf021e1fcb708c785a348c1a80

SHA512
b1d5b362489b5d26037c035c8b1e9bac24a4555b64371b41f8549ab70d5d591589ba154e163ec84d4b4b4435903db32f7ffe0f720f5e6d01b7656ed03f6757d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\icudtl.dat

Filesize
10.0MB

MD5
76bef9b8bb32e1e54fe1054c97b84a10

SHA1
05dfea2a3afeda799ab01bb7fbce628cacd596f4

SHA256
97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3

SHA512
7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\libEGL.dll

Filesize
473KB

MD5
637eeb39ddbeb3ff518ff1988604505f

SHA1
8b3d9a0d542718fb906f8fafb2583d7bb53176ef

SHA256
3c51a8e53ef7473e9a335673e909dc9c67bf962997e6e2a319c3bd70fd52b4ed

SHA512
3257f9c96665f1bc8bb39acd0d98015b7d5e32f3cf3f84e795df4d19f6bd3bcc14a4e89759cc0de83289b79cd290fd5f4b176c3e9a4cb2eca3acfba0c9e232df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\libGLESv2.dll

Filesize
7.2MB

MD5
438d089addd02af6f33b42f92cf19489

SHA1
b0de553d91c92e4d104d99a265442fbc51be67de

SHA256
05236819cd357b0f16ed2d8559a3c4da3b153ad7932ec2fd1d8e36d008a8633a

SHA512
0b6774d50becb18f471cbfb86aaa63cd360bb60f6fd77ab93b60c79f5019edcda6ccb23b6a7724f66b6ecedfefc0f0e2d098daee825185a261821903a3bc4fcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\af.pak

Filesize
340KB

MD5
198092a7a82efced4d59715bd3e41703

SHA1
ac3cdfba133330fce825816b2f9579ac240dc176

SHA256
d63222c4a20fa9741f5262634cf9751f22fbb4fcd9d3138d7c8d49e0efb57fba

SHA512
590dcc02bc3411fa585321a09f2033ca1839dd67b083622be412d60683c2c086aac81a27bc56029101f6158515cc6ae4def39d3f246b7499b30d02690904af0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\am.pak

Filesize
551KB

MD5
a2a17bdd83467a027505bc817d1ac028

SHA1
cc1266a22606a1055db9653b82e90c9d1f551d44

SHA256
f92b0299185d963337e96df1016e1cf5ca335e22ff86568c1a6507c3fea29094

SHA512
193c5db0a30a3c8ef5e8c821cafb9d0b5671b7e7821748c7b432e927bd4638ecf5bfc1d99721ce89fb3df4f6f23b5e55d753430e8ef2bedd1e1633e613321028

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\ar.pak

Filesize
602KB

MD5
b2a23f285858db5e3e53d6a5d5291623

SHA1
674adfeb57075f86f40ff4b14916c3af29695813

SHA256
7ab39416b60ee342ff2874aaa7b9b95b290828807b1395192cdbd29ee1be15e8

SHA512
92c9b31f82f62b15eed3edaf437412cb630e8deb2226ad162d7cb4c252d8cb7f0453b3121a846ffcb1547570e2eadb04cfd3877ab120496a7fefb47a6d96cba0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\bg.pak

Filesize
631KB

MD5
9dc95c3b9b47cc9fe5a34b2aab2d4d01

SHA1
bc19494d160e4af6abd0a10c5adbc8114d50a714

SHA256
fc4a59ea60d04b224765be4916090e97ed8ddda6b136a92a3827ed0fcc64bb0e

SHA512
a05a506a13ac4566ecbfe7961ace091295967ea4e72a2865e647b5fa9adac9f7cf5e80b53fae0e3917dfb0b9a3f469189cd595cc4ae9239d3a849f5cedd60e46

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\bn.pak

Filesize
812KB

MD5
fac2c752c57175a4b1f4630e3667123e

SHA1
a2dbcf1dd7b3cac499b9f782c7393ab438039584

SHA256
71f99a67bb310fab8068eeed7ce24ea7624a66051ba4e719d051cc7e67e78001

SHA512
4820704bd92dfb60736da5b84c8bc9135fca484c678585ec9d26dcb90632e382f354d03b539599f4816feb027dd285ff06ed8a520bede56d7a1c590d942e4250

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\ca.pak

Filesize
384KB

MD5
0312c87b6436e733a037bfb3084f7550

SHA1
e3f30b8f3bfc8ddbf4b8f85f845733ed5ac8c632

SHA256
b6c895fbca90c36ae2cfefefda989922162a2cc259603fbca066f0cfbf43c4ff

SHA512
24b7780211b9dcaf7cbe3915851c7b873562e0cff022c29ca1b4e159b9da152b517305f81dd33712a0224fc3b77e594405e432fe5eecf29b7a4f83f441d6905e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\cs.pak

Filesize
393KB

MD5
ff919631102a3a9ec635b3080b63e305

SHA1
e43b117ad5b2d5b373321ab0ae63dd4bc1352a89

SHA256
1b8c3add009028eb567b0094759daff29b7861e11d5a9d864071012200e9735a

SHA512
21833774413cc71ba9c0c592504ae6288e3c8ac4e5d1d62768f4b3eca09e90009abec5e8fadcb4e7d63b99a522ae48fd608aad432eb4165ec7021c8888ad7df1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\da.pak

Filesize
356KB

MD5
4bccba46add5ebaf6efd4ade3c42aed9

SHA1
e48dcc2de930bbf0ea8ee7b735ead321dadb5be8

SHA256
2497368658a988e4eb3f64cd17423ea04e7555b104d43c8996c0ecbbfed5f74d

SHA512
e2059e2a7f80353981eef6982a7da006fa3753aeba9aca5279eef71aa2fa4b7adbf9cbb17c85b8060359f9e871b1a5c665226f8d3b8a6fe49f908fd44e1b46bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\de.pak

Filesize
381KB

MD5
8569900305a5661573f7766b93909f16

SHA1
3529376f54e32c17447b065d08c77314c4db2ec8

SHA256
068ba3e34e7f253fad7dc526b1078aaa969bea044d48171925534598aa8becb3

SHA512
d544febbe20a9bc5cf31f79f7ef74c1a742cccc99136e9828187c9a643bd0317c7cc48706346ee1a3c9eda8984be9c8606e9dfa7a6ce2cff49db2d785c2aa1c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\el.pak

Filesize
691KB

MD5
8025eb8756d4bf3126d83c9078935520

SHA1
78895218a90680fe223af0b003c195da84902e1f

SHA256
e42aeaea80dabe82657983a462e4cd3ec74f71d4f08a689f5825f55fc02f3141

SHA512
f99f47e54583b60857a31648b985216713725496d8653ca04eb1d6634f2b7f7a1f9f70b8a7938529bfc6c8665360da5e6bfb6b68c314c011fef4a9817010c42b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\en-GB.pak

Filesize
310KB

MD5
502260e74b65b96cd93f5e7bf0391157

SHA1
b66d72b02ff46b89ee8245c4dd9c5b319fc2abf7

SHA256
463af7da8418d7fb374ebf690e2aa79ee7cb2acc11c28a67f3ba837cf7a0937b

SHA512
0f0f9aac8e6b28c1e116377ab8ee0ffadbf0802a4026e57aedb42d21c38fbf70159be9e0314799c1de1f7638fbbd25d289dff7cd2c9eb7c82e1b62b6c4e87690

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\en-US.pak

Filesize
313KB

MD5
3f6f4b2c2f24e3893882cdaa1ccfe1a3

SHA1
b021cca30e774e0b91ee21b5beb030fea646098f

SHA256
bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f

SHA512
bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\es-419.pak

Filesize
380KB

MD5
02452424bb0cf6ab832808d04883f147

SHA1
a8e97ee52f3d97c1a4c678f7578808416e9fac65

SHA256
1b23cda69927c77764bda121ee398ffefcf5edcb5866432aa3526c378553c9b5

SHA512
9e750b26ab40b5f1c075acbdeb15a57cda9e6bd8049488cfaf368b5cbe8cd9b6e5dc96130e4137370c90bb0777b97515ea2be0787e255cff750fb7e188e22ab2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\es.pak

Filesize
380KB

MD5
4ca91891b2d4670d02931f0ca84e4744

SHA1
85f6559b09c80af2575e3b7626842c10081e188e

SHA256
85fff1ca6bd2527073de03fa77dd013db2557a57cce1fd370caa2b185abb9336

SHA512
83eae7ab2f03598c657786bff6171803b6bbe2128d1a5b8a01d9a13337113632279712dd8ffcd3b707fa6052a936d92a57cb67d848c77ee291e75700e29f2bf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\et.pak

Filesize
342KB

MD5
74eda453b23793ced4480ea7a595fe44

SHA1
76964af9c8024bd84fa1d89f60784e7ee6569350

SHA256
e2d38131a5ef4b0e8438f45e8c74c56bcf666760d4682120c8071c9220230555

SHA512
e9928cfac01f10b040c74e63242ffa1f7f616d8598f49f0aa7ddad063e18666cf5649cc65d00b3526526af8a7b46ee3b3655da22adf46aa44c0c6a1c2ac4dc7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\fa.pak

Filesize
557KB

MD5
99de8cfda36ab9ab3342889fb6da393d

SHA1
6bdd3d627d4b6702f43725039089562af58898c0

SHA256
b93145f30e25122015373a248d6ea22a539c7d0d58c8aa853ac35cc80dc06bfe

SHA512
aa20793f9ece5823cb9e74a4a3ff97d7a1860a593f427fb5eacb0390569a48122589610fe5a02577577f3a30f981c5e3da97cf73bdfe158a6bb845586c5b19d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\fi.pak

Filesize
351KB

MD5
fa7dbd2ee35587ff31fde3c7107e4603

SHA1
baaa093dcb7eccf77ce599c8ff09df203e434b60

SHA256
5339b8ca52500bd0082e0ba5a5f440c5f04733803da47963280479760c7fff2c

SHA512
587f6d0e216d1688227345a8a75b94848ee710ec633fe6805db66bb0e8cad1b8d24a1e6a7e234061516770d881571166c78d8fa1c40e6335f3dcb1339fbffc14

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\fil.pak

Filesize
394KB

MD5
0b7d25d70a2d94a032b7ff7faea45a75

SHA1
d9d473b2ea936ffea4f751d8716cb03407a95785

SHA256
a737a14f84b10b2e3c9ad4d147b430fd30c5ac0e125d5aaaf1ea19b0507de5af

SHA512
e4dbef6fae4cb56c3cd7bd5dbb239b5136eb2534a17cacbf628f5e5d77bfca924580ad4e4d0ec580ffaf94d6e1fafad58e9c5f472c3a3ff782702ea5eae2aea3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\fr.pak

Filesize
410KB

MD5
a7c88eda9e12b6dbd432c544767acbe2

SHA1
81f1abe537870f7888431e820b636b17b5213835

SHA256
a4d0e5a39241a6326143afa4c8ec881d6edb0382c66425411881946f98e053e0

SHA512
88ca203256aaaaa26afd4a0aacb6fba2eb41618d09df6fc6aaa80ab8d699b30e73c373fa75098b1ec4912c042341dd1c79ee3d04f98b4bd59a44481d350a7988

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\gu.pak

Filesize
787KB

MD5
3268b8d9b4d4db87ec627b09f1c55a6d

SHA1
683ba367e40abb2fefd4548805e845fc1b452855

SHA256
dee5ef4f4b36fc5fe0f3b5e10c7cc3a7edc14bf948317b31a3287a95bfe0afa4

SHA512
59cff62843d35f790092f42b611e9bcd80d948c0ef27a770b2d7af859997f40c320d67df3c5a9420d28d5c8f1678df4677e01cb99b729664d198b3b95b5fbd20

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\he.pak

Filesize
488KB

MD5
6376d0a5f4273b76b1f4aabade194e0c

SHA1
337ba39f09454c0779ab64872b9fa11f866d6adc

SHA256
875712bb852c698f677c0c74e088f62d31adb2bce65648fc390607aad8705c45

SHA512
00347f16b5abbaf47fb08663d5efde26ab7de0c7a2fa42e6b5f03c41a83cecbd8e78cc3aef41d5f08658cf346e0ade732774485e8a10008a43fa41ffaf73b2be

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\hi.pak

Filesize
821KB

MD5
9b5d94450fb03c34759653deb0551441

SHA1
b9134fbc75304ca73b156e77425505ed6dc6d629

SHA256
5e8f2593dbea5a57c3a974558a3fc91b6087329a1e7b11622a6eac120a973718

SHA512
caed9535d487833bdde51e82b76d3b8d2e6ea18ec0b4b7a98552be9266ff0728bb1133d8f9cbd169345aa08b0073f04d649baa71bb487483951cfa1a92080d63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\hr.pak

Filesize
381KB

MD5
7dbd4a9de6e30de028c97a7d39f8038a

SHA1
18d68f37b3c5eea3a2fe42c4ab1694a439a189c0

SHA256
e1c793e08e062043cc65271718d9b21d5742729dfa2e076ab012e8a008d06c04

SHA512
a18c43257d26380ec14ae0259cf192257fee0c6895b82240c3b41c5d6e8bd6f8023cb39dc2da0701bbcf05e8eb2cd13c84af971c28c94099a6d0ea02ce745ddd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\hu.pak

Filesize
411KB

MD5
d6904e7d1b6750d43a6478877c42618d

SHA1
919f090a6a3aa1112916f5bb0d5b73a62be43c1e

SHA256
3ec43893c6de5ec0f9433841afd5fa9feaaf59ddcef05f7e1cab14dba799887f

SHA512
d600fedb5ef1b2eb49a0122536c642b350ce67bb7a9da205890d9d13a195ac17c14607b4489715fd34506ec0ea4c80f245e09cf048aef52dcc8094f3138b2fad

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\id.pak

Filesize
336KB

MD5
881ff04e220aa8c6ed9d0d76bfa07cb8

SHA1
cacf3620d1bf85648329902216e6cdc6f588a5ba

SHA256
9210c4c4c33e7ceb5f70005a92a4fd36ca4facdd41701fdc1d2ce638db8adf22

SHA512
9134102928aa80c49bbf2b862e8079b2ee23636ce63412a4c3813f234d623ff563f5ca1ac407ddb77cecf1224896ed59ae979dcf63435d35a4f13de9c22755d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\it.pak

Filesize
373KB

MD5
6629c344b6e5ee8fb476522627b34221

SHA1
28335e3c96a68a560c68756860394a0a86c21870

SHA256
e76c3f15529fa7cc088dc32903c6885f4cfa170a1e0144710b05965f3210c31c

SHA512
78ca2ebf40d6cc3eb7035cca78364be63b8eb69e27caf2cae57e3489b39a9e443409e800fd95e1b646d37655c37ee8a9ae1ab344b506cf65f8603a6a3ad892ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\ja.pak

Filesize
456KB

MD5
c294012268f9e611fdc2904be57e45d8

SHA1
9ba4bd190ced7ffe053fa74071fc5836bdebea53

SHA256
21cd7ae581f6d0c19e90ac7df03d7dd5305b882776a1f091573f824bd28514da

SHA512
d16653f30617e52a040c5e033896a71055fee9992e54ffca5029601bb62a41b9685a68655b9c8bf7a7ba54a914836a0f7a49cccacae0eda180a6b68c0471a268

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\kn.pak

Filesize
910KB

MD5
01e8dc084d07743fbda50d54d86ee3bd

SHA1
e0709217e1a6785706b7d14037b1478ee2a3a59d

SHA256
ae4e003458f1a8bd3652e61241e11ff91bd887f6b95c1fe2700e76a117ba2119

SHA512
7d8db84f975d778bde21253f43d174921c2c71111644a953ad8671754e5d656f72bcabf62f4b960cbf4ca0ccc5f67d1558ed250b568c1f2308a31970e380654d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\ko.pak

Filesize
383KB

MD5
ce19dea7b7d0b9472f99427de2b307f0

SHA1
9c84dbff9927c052dcb9818ed73bb272abf9054a

SHA256
586f34de2c7bb0e92fc376f3ad962bf9bae1a768398459d39f8ed06b59d8ccbb

SHA512
9a6c84ef9bb03be9ce96948bea94ec0ba83ecbd06ed648acab9d6fd27c1ab85f011a5670591da6256781dc147fc234d627cfc4bf5eb29bc2c8bfc84aaf89085f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\lt.pak

Filesize
412KB

MD5
7b6bf901352885c0699db71239b7cf24

SHA1
9e3ec5f327c0d0e54a449332061e60a8c79243cf

SHA256
9200a9509bd77834d9912f4ba8f4219d2b9bd2cdad49a11873db30e99b9d1350

SHA512
79ebef723fb4c17581eb869b4b4e1a364a3d28df0e168e7e1a3583e0c1ec5b9716dd270925c0545b8247421a64b03705f10910fe3416900de9258840c470d580

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\lv.pak

Filesize
410KB

MD5
cccbd7f8a0c34c7094ce4d7b8e7e0588

SHA1
1a08401e2dc8c59200c4ecaa1886b43b6faa6979

SHA256
7467360f9addd4d8694e1508a6ab3a3e00dce57e5897d5376ad27d8e651b23d4

SHA512
2cc43437f1cd8d5fda0e95e7dd117c9b82e90cfed58ad8f492f46b4634aa01cd1b0ebe39377231a0828fc1ccd39641e4efc2f1210d629f9aba12ea9048accd95

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\ml.pak

Filesize
948KB

MD5
00292b0801e0dd0a74091bf53f1574c9

SHA1
63a002e7a8796bc4b4459a19c95ce426fbd1ec7f

SHA256
61a372f170de0a22712be980c3c78b22035ebf40ce79332fab75cdcc4208c9e6

SHA512
e2e15f66851aa435e3bf4de6672f4aa8b01204d8efe11ec6ee9a51d9877ec4f2e71d7e9547d6eab9bfa04af1bea71fa72aa4963fa08b48717bf1c3fd21c00cd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\mr.pak

Filesize
772KB

MD5
b9a2aa88c69c42ebcc41fef00c980a38

SHA1
9e373dfa11f95c31ffdca70bd83d2f66e1ddcef8

SHA256
481faf7dd66cf10a476d8b156fb4ea452f920322d8007f7e25d41b2837bdbc09

SHA512
5f4582723429a44dd517322babae4466efb4e8723c0247754e2a9a2929133d6fee5c3533c4cf567954e2a5aab47940a136a178405de36e38b50e8d4a6d5c504f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\ms.pak

Filesize
351KB

MD5
6de7b004a86967a3433545b3b38bf89d

SHA1
113bd5b28dda669b27c798e0b46fd680f3a04956

SHA256
ead5a37549b98d55839ffcf0dc8f8201d37d71968ec9138fdea79d7c9b79549d

SHA512
239c4acd2c0b6c08fb92fd95b89a302ddefc01ea843950a0247b7310c2b024383ae98286c2d4b83b99833452c41b386e047b2ef33610ef122fcf2f439ef43726

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\nb.pak

Filesize
344KB

MD5
bbae0915edec081b04bb903b689bc40b

SHA1
6a0fc635ce1c431e512b8b3b8448176aa4025556

SHA256
d565c6c95dad89d3f2b7210de4ec3fc437633de4dcfc994fde0704b92bb53ff8

SHA512
573a9fe43213829a6a4b39e67be25bc330b417750ea6d66e26163de7a80c29f6f5deeb841d9ff8303595943a81fc01ab668aab02a5cac4eda078ed06120138b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\nl.pak

Filesize
356KB

MD5
9fdf47fef5b549497005ef8efd2a2c59

SHA1
3449de72bfc2be537f4b007c81e5bc5de6ff3d0a

SHA256
65a9c1efcdd451504e2e9b44b0c8fafd2c3c1445d760fd6c435305e2f8534f59

SHA512
3e77178dcd9e8894847039a997c87d5d04eef8a1ace1846132fde229285da08ffc8d3ba697226130bd07ab122a868cc53693981a21f8211c839ccdaba77207cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\pl.pak

Filesize
396KB

MD5
c9da926441d438b952149650c86a033e

SHA1
74ee60342bda33048570dd3c03f897668cdfc971

SHA256
ce96fd415ffcda01345146faac716e2d45e2c556e5c6c38e9a1ea5ac19dafe84

SHA512
3e718e8df695cbd80146c3e911de9b235ccc06f574739e5720d47952f69eab089b56451cdc321174da9b239c0a71a720baf9d68b46046efa0edcb2a3f1804ea0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\pt-BR.pak

Filesize
374KB

MD5
c68170e4948cf3ae6910364c1e68ce90

SHA1
420f3a392db28b6fd6be44fd702b455518b67bbd

SHA256
b26499a256d66feed42b372ea2eaceb75c279694b40a7b5d0f8c1a5c24cf381c

SHA512
29482ced2091873a8c6242a608ed641b3a4d72fb93ccc2eb58d2769c446195f717b438d5633522f457234f3d209029936e9ea4ccd65d45ba8ae0c2df71043797

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\pt-PT.pak

Filesize
376KB

MD5
9b04c89c2d17c7c00a6a4342f0771fec

SHA1
a0886040fd5f870023cc3038f5722f4ba6d7c8b6

SHA256
abb012215610178b7f8203f61f41103546d3949ac3df4acb3a622b01663f39cc

SHA512
7c4cf5e7bfad4709db49779c1e3e762b8d0bac6cd736c511711ddca7682e08bc6b3274c9872d88db78bc36b0456b29680d3c4e518d4a401830cfb37b48567bb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\ro.pak

Filesize
387KB

MD5
9b9c22a12ddce43a4a3c0c047a16a5c3

SHA1
901e072d644a79e0b18be2f4a81e6842b070485d

SHA256
3e89d43b86b2582fd7db236659af47ff459a44c5b5ebcbb0bcc9eda244c8e501

SHA512
196a5bb1b0b5093d4a18279037ef7993525c36c136d4560b7e902c815687f7992ecd2b64d96422911a3468cf3f1478b21df6465d3b31486466cbb5573ff0e7e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\ru.pak

Filesize
634KB

MD5
aa75c21bfe54bb70e7abd9fce1347a8f

SHA1
3492307cec15b367274c948beb76598f72347846

SHA256
bd981aa65536b544228ed1d60a552ff4c7800b46f815177b33b3e628b97d77e4

SHA512
0e77f1c7e4b5410e9eaed875f5dae6485d8de5b650ec44133b1634645cc3055fa7bea316e843b491f29d9c137b20623b120e014b1c74bbf4e8d1f08dbeaf5bb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\sk.pak

Filesize
399KB

MD5
72946b939f7bcaa98ab314cfba634e0b

SHA1
71c79a61712c8c5d3dac07a65d4c727e3b80ab17

SHA256
75f179897cad221ca6e36b47f53cead7f3fb4159ee196f1d10a5181b84e1b5b7

SHA512
2a8fa7108c58f4cb263900a555714d5638d961d14d9f4ddf8a9ab5b880afdbc5d2325fed1e158dbaf42a9cd20e8e372e6a8f52fce842a6940ea52e43e4a1f1e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\sl.pak

Filesize
385KB

MD5
6a2efcb886dd33a5d05a112c141c520d

SHA1
ba89d9ef7ce1862d1e9933e910529ec5a3e2a933

SHA256
4fa004d80c7e89e38cdfed3a652003787fa810256d294c16aab0bca815eb7c02

SHA512
0475df28a602ec90c4331da4e7d742eded2cb3264b41924628bfc45e2662f2ceb7b9518ac88a231da1c3caf18d176ff3a4931c2b1751f3b74bce3af73d0088cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\sr.pak

Filesize
595KB

MD5
fca817ed4b839b976ebcbf59cac66d68

SHA1
413efa65470319999032b6a25b3b2ee33b8cd047

SHA256
524acc64e70918a77cda43fd9b27a727645b28ad2d4cce16b327105101c8bbeb

SHA512
cb246d5c5cea30d6e7514841ab93803984cda37461a09b6c340ca64f7cbce4e1212951a4de421d928d433a619dac18454fb403b42581757b76c7eb124ce70cf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\sv.pak

Filesize
347KB

MD5
14ecf7684d7987950a9655258d3a72be

SHA1
b1506b3b4be332081dde72bf54a197b1ee0bde66

SHA256
690a83bbefe1e97de5d2c1c0791707e8ddc3414a12cf30b79329fa5d21840d6e

SHA512
fd9d36c63b00bb1caf6a25f2c797f3a844395f16016a9010819462d647e8e759fd8887e5eae3ef300871f4abef05f4ceca9edb5b30ffdd56efeede9c75f56e30

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\sw.pak

Filesize
365KB

MD5
9632dd7d883fa4deb3963ea663e0ffd4

SHA1
0db135be4b3a7c54c39e9df5034d5576b68ea92e

SHA256
690027c4a31c4aea00b7d1b32ec6cd3fa50b1eac412ae273ab15e72eb485dd6e

SHA512
3aac1857784dfecd2ae5f7c4056f58e27a966a6cb949e02eaba56fc1fc283243ed6213f17628d62d435e33fa4771eb43623f25da6510aa4ce6f2149f72ab0d37

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\ta.pak

Filesize
936KB

MD5
714ef30e819d791b41ab093d515e1704

SHA1
5410b58dcaa0bc82146655ed56493581d18d5c04

SHA256
9be97a18356b05ac4c3aa2b7e719eb29b47d8ad406aa50cf0f24bdde1d613083

SHA512
a35074a54dc12a68301553345c69f02ad31bc010690d5f4c4fad5d65b3fd9c3f7c3ec7e3637673d250cb33496b93a9582e28b5210d11137bc0bd5b2e219c0aab

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\te.pak

Filesize
869KB

MD5
28f500e12a7b91d91d8f99395fce8332

SHA1
885fd6c78259ae38f7dba3887f7fee783c1766bc

SHA256
06dd7ae122d6f1f394aeb85089a9c837ec05dad627b0bcc92863ab2830e971c9

SHA512
6f0fe4a527e9c53a41d20f95cafda7a2488bab310eecf68c98271a2db6f3efe5d2180e158b5018a9c56a0580b0735146f0ae07d884f564de1e8780956a10d190

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\th.pak

Filesize
731KB

MD5
d34a2993eaf0ee6bf65c3729baee426d

SHA1
d796911e57c89b11a603c645dd0e32aad7819d75

SHA256
7870b92c64f7776c469b4d19be8881ce30a5263cc8287c3d7de573aed43c7dba

SHA512
eb2f4b3cb7741c996acbd121d0c69eda6cfac6bdbd7b8036dc6394ed7e49c9a45641c7983431b5f8c5db685fc7ce958e7c9f5e79837b381caeecf009f79ca4c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\tr.pak

Filesize
371KB

MD5
0662e2b67524444e843d0104adab0b7e

SHA1
ec39112f57e28010295398c24c6a17e60a88fd47

SHA256
e8f86dc87dbf11935863efb3a5af8213a97123889019e98a7ef313b488088790

SHA512
6529083d04e777be3cdaa14f06bb6b3a3d26006ed9d067f7a1bdfcf669856cc6340bf0caf90bbceb75666062fac1bc02ca2d2cff94c6ca5627ccaece6f973a65

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\uk.pak

Filesize
634KB

MD5
0d9b7f3ce815f7bcfd63ee3492350d52

SHA1
6138b5dc296cf406b2314b8b797f9f96de2b40fb

SHA256
b86358579a9cec015c996c6ae862ddcb8cb558f30eedd0d0b9ef3cb18c3cc130

SHA512
17d874849e5eb17bff2ac98c8191f9f38a07a66eccc502122c0ed2bdd6af94eb17db1b0a2477a75c1fd4f3ed00c76b1818eac5bc4093d92eca0d0a5323718cc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\ur.pak

Filesize
552KB

MD5
6733dba4f3f0afeffc40bd87300b9d6e

SHA1
610aab026d25f2cec6c636fbaee922c099d26ef2

SHA256
d0c8ae8f4f60f04d4eee8cc639ee3b52ad073f5c9ee6fb84c774eb855fd51e9c

SHA512
40c1cb7be3709bb6ef01a4e66bfd85e20641020a800292a2a14f4cf188242aa0b8d42cabd0f323acd3d2f257243c7dc04b346a39475343c761af7a1833c3366a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\vi.pak

Filesize
439KB

MD5
5b8fc875f0b57ac7793e19e0ac6f4899

SHA1
b8ec064365fc29a70bc3a8d3df0ef222ed244fa8

SHA256
ff3cdd834569cf9f957a444ab8a51ebe673bd26d7c907a907aedfeed248d4890

SHA512
f3a9ad912823aaae0d089cf53151cfba0b6fbc2cebf826b1b7c70fec03bf3f967e440558fef94c990c87349b82c36379bf645b828ab6b69eb9f396165dd6178d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\zh-CN.pak

Filesize
319KB

MD5
37b051269289e0eaafd411d374663135

SHA1
fa94bc7fe89475f1d5e1c9a2d88161cc992a638b

SHA256
4ff334da089d2ffb9c6173de7c918b74c9326ed7bd76317b2696d57861871488

SHA512
357350ec552765df460cd66ae59ebcc771df72431baa380247750627ee974f1859bfa423461a2197d4e608063d021faa7fc94bd30c6fe2b1a0cf9b9f7e64ea73

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\locales\zh-TW.pak

Filesize
316KB

MD5
032c4f24764d531d0de876f1e9d51dc9

SHA1
6662a5e3466c1ca415e219634cd67863ff830b32

SHA256
a0a715a3ef1ead036f0f03d02a8252fbdbd52ce6f8cc5b9298fc1c4494d4e508

SHA512
3cf212a638cfe9d08e625f7f70d453263e44721be9550c2aebfb67462666a8d67b87cd2ed613cc12c7d1fc7d1c1368c7d198a6669fa3a10c2c2bf61966c46aff

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\resources.pak

Filesize
5.1MB

MD5
dc12ee2bb266627cf127c9049fee5a70

SHA1
2f8d5cb6c70781a0b67e4bdd180c5364e01e8328

SHA256
368cc254981294714ccb085152c62e386f017f77691e0d2713978d77e2a033cb

SHA512
17a53f9dbf703c7f8d752896002b8f5909ddad5fa78d60b176b8fb8c351b90bc644de1097cee7da490ff7e97d3b0fbac0f627106d054d1d10d1917ce35b38f31

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\resources\app.asar

Filesize
20.3MB

MD5
acaa3b7d400e6945788fbc8480101570

SHA1
7c2fe63cdcdf1537014b0382ddf7d2563eed86c7

SHA256
4d8b5696e5ec91eb7f6c55b7c439be7e2e598af7b7f5f3bf8f82f31ee7765ae4

SHA512
dd1bb24d3d3b84d8f0dd7dfb03f2dc7bf5df467ff50c01b3b02ab608e723709a874b59c779685d63aa4dc0caada9a2b9c73a5185b27654a0ece67779520adc8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\snapshot_blob.bin

Filesize
168KB

MD5
b82ff216a0babf602940759b9a3af870

SHA1
07e8a22dcf8d7be04a6ddbcab3098e040494bb0e

SHA256
943b27009d41801c5a649caf680e32d4dd25de002787a4ccd86b0925b3aac3a5

SHA512
da157570afbab7be135f7749df7f4518df1452ea24f98d8f5189430e732ad06ed438afc701cb70451bbc7137b5f35a0c5957df92ecb40d47d54c1071ea79fba1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\v8_context_snapshot.bin

Filesize
471KB

MD5
031ea03da08fe1247280cfe781658791

SHA1
e91db50ad16b5a5fbbaf4118672d60b347ea6161

SHA256
c16dcec41919a6d2850214f2275824be8a97d8c5e694e2ec8dd7d16ab2d5015c

SHA512
b3d6f282761f8ab8760728ecb108f64741f6f3cd2a143813042ff63a3b6604fcfe7c1feabafb65f9f67906217edb5851f44605a34f7a50ed2058c25ce5efb30a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\vk_swiftshader.dll

Filesize
4.9MB

MD5
3a8600d95c9c163940f05e60a69eb457

SHA1
cce71f6a5490b48eaeb272cbf55792819fb2050b

SHA256
3477f8305c88838f894f0a304b8d2013542e9379f0310d398cd6a267e854e9af

SHA512
492a02352546065108c200b41026c711e09a32d3aa26e5356856d081bc1192445d7b98f789b6856b02217e84d8b3baa3288e3b9e359e59af6d0c7dcdd1888cf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\7z-out\vulkan-1.dll

Filesize
894KB

MD5
c286e1191c5b91130b6d16e23cbd44f3

SHA1
8231664efdf30b07ff0dbc6b6f4e4d46ec574de0

SHA256
8d4b92d08f42bfe9d30362b9cf671fd6ae3166ade44f94de17dfc531393b66cd

SHA512
5cd07f2edec7bbe8684ea291a9d1dd3709f6a25c55fda3d92938eaf9c3b047ec481e3e7f3fc64973f6833422ab5880f1318a15afa666e2dd207763c7d3822bbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD837.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\Launcher\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\Launcher\GPUCache\data_1

Filesize
264KB

MD5
60437196aa7b71101c5c951642d12c4d

SHA1
071b05c55b0695a4673fd0bd7b04fa273a56770f

SHA256
934c28c055b1eb5b21f2f42cd9f347861f5e02056ca2aef4b6690043c06d0d61

SHA512
3bd5bc4b16fe7258a039d57a283fc5ed40308a1f714a50c60fa80a713e5b205d058c7099157e78a7d8b1cfa40d3a5375e5bc0f6f3d4906fd470f173d8e482b03

Download Submit
C:\Users\Admin\AppData\Roaming\Launcher\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\Launcher\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\Launcher\Network\Network Persistent State

Filesize
495B

MD5
becc3862f1a06d318373a5ecdfc48adb

SHA1
04ed0ec00433062f582d1f13abd01362c527264a

SHA256
5ee2366be80804d0d78fd4d6e01495f79a6d8fef179bec220f324cfefe1b0fe2

SHA512
f11b7c613a5c96d76a4fe92292b3c15689fe777d97433dc7d3723274a73b6737e4634a13513aff8d24539616045bea395aede1918ea523b95e03cb8276c76e55

Download Submit
C:\Users\Admin\AppData\Roaming\Launcher\Network\Network Persistent State~RFe5aad29.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Launcher\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Launcher\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\d3d9.dll

Filesize
432KB

MD5
1e18db368a7bc370fd5f63ae3fd174ea

SHA1
f37b68bc9e1d25a70cdeb22fac6f20f346c0868e

SHA256
17fb1572d29b8a81b63f1d7191b487a1ff113a2984e3d6e943a1c932860a571d

SHA512
3c9f7944ba551a31c8de16c8f18ba9194087cda8489dfa166e9c6d17d59f7ac1d37e9a8c037883cc55f7c6d259618c7488909f9aa586daab8bed8a3a395070ac

Download Submit
C:\Users\Admin\Desktop\Launcher.exe

Filesize
582KB

MD5
b2d8b6e8f34ba06c8c4a812efb1654d5

SHA1
90d0d64e58c156a08e76dcad11d9e131d01caf0c

SHA256
c70c2f233fbce1c249c3f81419f5f8d6454bfb64e1a83ebb4df8312023ef4dc8

SHA512
04015c3fa75d30aa2527741b7dfcbd5bd24236e9d10b20e8b975c4455078131c8a742ae3c7f67ac7eaa990430a3a808884d21f96c3d290a3b72fcbbb804049f3

Download Submit
C:\Users\Admin\Downloads\fortnite-spoofer-free-main.zip

Filesize
3KB

MD5
56211e7bd631865fbd19f5ee5da91cfe

SHA1
d0ccf989d700d736d57a390037ef0051bd54af63

SHA256
acf9fcee06c0bafb44e85ac8a081207bf8749cd4c8854ab3ed81d1dad6d9658d

SHA512
ed43cb92f80d30f43cd46ebae040ed8e0e263e3d9053ac6313aee5cd300c23ad22c364719a02bc831b3bc68e176580b6497bbd69ee8e27d66577399a38e83cdc

Download Submit
memory/640-930-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/640-928-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2352-921-0x0000000002B70000-0x0000000002B76000-memory.dmp

Filesize
24KB

Download
memory/2352-920-0x0000000000740000-0x00000000007DA000-memory.dmp

Filesize
616KB

Download
memory/4084-201-0x0000014FA5170000-0x0000014FA5171000-memory.dmp

Filesize
4KB

Download
memory/4084-199-0x0000014FA5170000-0x0000014FA5171000-memory.dmp

Filesize
4KB

Download
memory/4084-200-0x0000014FA5170000-0x0000014FA5171000-memory.dmp

Filesize
4KB

Download
memory/4084-202-0x0000014FA5170000-0x0000014FA5171000-memory.dmp

Filesize
4KB

Download
memory/4084-203-0x0000014FA5170000-0x0000014FA5171000-memory.dmp

Filesize
4KB

Download
memory/4084-204-0x0000014FA5170000-0x0000014FA5171000-memory.dmp

Filesize
4KB

Download
memory/4084-198-0x0000014FA5170000-0x0000014FA5171000-memory.dmp

Filesize
4KB

Download
memory/4084-194-0x0000014FA5170000-0x0000014FA5171000-memory.dmp

Filesize
4KB

Download
memory/4084-193-0x0000014FA5170000-0x0000014FA5171000-memory.dmp

Filesize
4KB

Download
memory/4084-192-0x0000014FA5170000-0x0000014FA5171000-memory.dmp

Filesize
4KB

Download
memory/4180-1907-0x00000259FF700000-0x00000259FF72B000-memory.dmp

Filesize
172KB

Download
memory/4180-1665-0x00007FF9F31F0000-0x00007FF9F31F1000-memory.dmp

Filesize
4KB

Download