discordrat | 3aaaeeb54b1a0b2dbfc1a598cc7b955f410c92598b8989595033ba10800b9f56

Resubmissions

30/06/2024, 04:13

240630-etefkatenc 1

29/06/2024, 23:12

240629-26y23asdlk 10

29/06/2024, 22:59

240629-2yv1fayejb 10

Analysis

max time kernel
644s
max time network
645s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
29/06/2024, 22:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hey.txt
Size

118B
MD5

d466352784b8f01440ae607b001e3919
SHA1

163e3d87e84b7b74c5c612d9a86c029c32f1b3d9
SHA256

3aaaeeb54b1a0b2dbfc1a598cc7b955f410c92598b8989595033ba10800b9f56
SHA512

532622b9a459caeb6432a5d13f24a05c6c665e5207aa350356e079f81a286a0876ea25872628f948ebda3319c039e2a697083a37e72c2c2329c24a8dc2255d83

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI1NjcyNDgxOTk0NTE5NzU3MA.GYJhy6.Km8cn1qtZGfDDPaCiMubtGhlUypWOcHVwmlioY
server_id
1256724819945197570

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Executes dropped EXE 3 IoCs

pid	Process
4804	Client-built.exe
408	Client-built.exe
4028	Client-built.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
121	discord.com
122	discord.com
239	raw.githubusercontent.com
3	camo.githubusercontent.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133641756348941376"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1276817940-128734381-631578427-1000\{484C1BF9-2FF7-4DC6-9204-C411706BCC31}	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1276817940-128734381-631578427-1000\{B8618690-55B5-43AF-A3E9-9572829BE005}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\release.zip:Zone.Identifier	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4276	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
660	chrome.exe
660	chrome.exe
1284	chrome.exe
1284	chrome.exe
2792	msedge.exe
2792	msedge.exe
4276	msedge.exe
4276	msedge.exe
5552	msedge.exe
5552	msedge.exe
5996	identity_helper.exe
5996	identity_helper.exe
5916	msedge.exe
5916	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 412 wrote to memory of 4276	412	cmd.exe	78
PID 412 wrote to memory of 4276	412	cmd.exe	78
PID 660 wrote to memory of 3420	660	chrome.exe	82
PID 660 wrote to memory of 3420	660	chrome.exe	82
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 2112	660	chrome.exe	83
PID 660 wrote to memory of 4108	660	chrome.exe	84
PID 660 wrote to memory of 4108	660	chrome.exe	84
PID 660 wrote to memory of 4920	660	chrome.exe	85
PID 660 wrote to memory of 4920	660	chrome.exe	85
PID 660 wrote to memory of 4920	660	chrome.exe	85
PID 660 wrote to memory of 4920	660	chrome.exe	85
PID 660 wrote to memory of 4920	660	chrome.exe	85
PID 660 wrote to memory of 4920	660	chrome.exe	85
PID 660 wrote to memory of 4920	660	chrome.exe	85
PID 660 wrote to memory of 4920	660	chrome.exe	85
PID 660 wrote to memory of 4920	660	chrome.exe	85
PID 660 wrote to memory of 4920	660	chrome.exe	85
PID 660 wrote to memory of 4920	660	chrome.exe	85
PID 660 wrote to memory of 4920	660	chrome.exe	85
PID 660 wrote to memory of 4920	660	chrome.exe	85
PID 660 wrote to memory of 4920	660	chrome.exe	85
PID 660 wrote to memory of 4920	660	chrome.exe	85
PID 660 wrote to memory of 4920	660	chrome.exe	85
PID 660 wrote to memory of 4920	660	chrome.exe	85
PID 660 wrote to memory of 4920	660	chrome.exe	85
PID 660 wrote to memory of 4920	660	chrome.exe	85
PID 660 wrote to memory of 4920	660	chrome.exe	85
PID 660 wrote to memory of 4920	660	chrome.exe	85
PID 660 wrote to memory of 4920	660	chrome.exe	85
PID 660 wrote to memory of 4920	660	chrome.exe	85
PID 660 wrote to memory of 4920	660	chrome.exe	85
PID 660 wrote to memory of 4920	660	chrome.exe	85
PID 660 wrote to memory of 4920	660	chrome.exe	85
PID 660 wrote to memory of 4920	660	chrome.exe	85

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\hey.txt
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:412
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\hey.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:4276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8d889ab58,0x7ff8d889ab68,0x7ff8d889ab78
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1576 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:2
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4208 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3836 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:8
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4524 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:8
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4556 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4748 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:8
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:8
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4884 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4936 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4944 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3452 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1476 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5212 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2816 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:8
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5388 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6112 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6116 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5200 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5204 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4764 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5664 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6080 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5632 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2728 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2664 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6368 --field-trial-handle=1780,i,8562945709752070841,1680892307935329815,131072 /prefetch:8
  2⤵
  PID:3192

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3416

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3872

C:\Users\Admin\Downloads\release\builder.exe
"C:\Users\Admin\Downloads\release\builder.exe"
1⤵
PID:1040

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
PID:4804

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
PID:408

C:\Users\Admin\Downloads\release\builder.exe
"C:\Users\Admin\Downloads\release\builder.exe"
1⤵
PID:3352

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
PID:4028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8be8a3cb8,0x7ff8be8a3cc8,0x7ff8be8a3cd8
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,3570792356851628712,13696099196757986712,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,3570792356851628712,13696099196757986712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,3570792356851628712,13696099196757986712,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,3570792356851628712,13696099196757986712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,3570792356851628712,13696099196757986712,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,3570792356851628712,13696099196757986712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,3570792356851628712,13696099196757986712,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,3570792356851628712,13696099196757986712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,3570792356851628712,13696099196757986712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,3570792356851628712,13696099196757986712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,3570792356851628712,13696099196757986712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,3570792356851628712,13696099196757986712,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4568 /prefetch:8
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,3570792356851628712,13696099196757986712,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,3570792356851628712,13696099196757986712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,3570792356851628712,13696099196757986712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,3570792356851628712,13696099196757986712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,3570792356851628712,13696099196757986712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2856 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,3570792356851628712,13696099196757986712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,3570792356851628712,13696099196757986712,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:5636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
37KB

MD5
669b1563b95fce26d9ddc3c7e9bdc538

SHA1
275e4ae2606a0da908003b77ea06b24ea8b66214

SHA256
d46765072d87d9892a0f6f8f9849eafe0abecee9d662e99f8b45d8c5b22ac667

SHA512
09e066f5a1974927b2cb607a8b953f2732928c7347f65cdfcdb573170840562de6eae091a61108827b3ae0799c16bfbd41d858ee1a8bc57d9bb1fac814438302

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
37KB

MD5
f9d7c9aef654e1e17a11be30db91ca01

SHA1
33b723c11219afca1a29848fd8d704f30f7393c0

SHA256
33c33ea60091eb455c214a4db497629538bd6fa9501948469982513da0277e87

SHA512
fde2b9fa466bb082b0359902282f90688c61bbd0f364c1e60bcb923b7c7397e7b3f6c64fdef14fa1a54787c12dda9724688e86526e579954c30efef782a6e8aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
20KB

MD5
628ba8d31375849e0943894669cd033c

SHA1
4fa6d50a37fa2dadec892474d3e713ef9de2d8a1

SHA256
80e3440c312f921afe33a7d4a3d11d1d2dc7162f8f50b748b796f424441d10d6

SHA512
d4406493dc8767c479460f3039b038866549feebf392280384da08adbcad2e871720d046220cb67ebe3ab75c14e06a31df2fa7c0f2c17f91eda26ba0a709d27f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
22KB

MD5
bd020e9040ce5d0e8fde2c6fe3ff32b9

SHA1
1fc3668cfb1103b9dae1c8f6b74ae0b14186da39

SHA256
4d79de6a8a36100cc1181fc7d01b0aba71be35ec6f5119e30effabfc4945c945

SHA512
70c9ca94e8ea5d257cf2c7b211b5fde7eec6b0cd51e688c3e4553b5ed02e90a6911d0df5cf37f105b9df708da7f5aa3b0129990587957d98d9b8da0b0e27dd45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
20KB

MD5
0f3de113dc536643a187f641efae47f4

SHA1
729e48891d13fb7581697f5fee8175f60519615e

SHA256
9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8

SHA512
8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
19KB

MD5
7525eb7aa22001b97867802c8f4f7bf5

SHA1
310052312d37e6691455805436126167de70fd7d

SHA256
d04a76912e0c936eff8579f4957d4b6322feb0be044b40bb9596a8cbeb2916b9

SHA512
8f387009dbd1840469859ba9d5f36f038d8280d8d3838f2fd8d4e244b1b489aa348d0cea956ab1d3f235f88f434a32d11fb7360ac0acf2ac4b317088a85d31f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
56KB

MD5
7011d04c03675c1a8781e462d44fa631

SHA1
c5ed8051f347633da24268b2d8d234de8b81540f

SHA256
7f4e6f1c365783b8d95f86371e4ca0a1c76fd35140f4bc7c128a83477c1aa121

SHA512
10ff7595bfa0a51741ba6f51e4f5f03dd3d50361afb0b257bafd548b879952c8204cd549657372af74623775d987fa3584d45fc3da0087e35915667a250d49d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
59KB

MD5
4bc7fdb1eed64d29f27a427feea007b5

SHA1
62b5f0e1731484517796e3d512c5529d0af2666b

SHA256
05282cd78e71a5d9d14cc9676e20900a1d802016b721a48febec7b64e63775f6

SHA512
9900aecac98f2ca3d642a153dd5a53131b23ceec71dd9d3c59e83db24796a0db854f49629449a5c9fe4b7ca3afcdd294086f6b1ba724955551b622bc50e3ba1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
21KB

MD5
13f446147732f876569f9fc1e51edebc

SHA1
2f501d73c7696fd0912d120f3e32e3d0a8201dc3

SHA256
adb22846e44c4f979f3e1e220960be5154408c28247750ea05070764ec24bb6e

SHA512
a53bd04cb44412581e8e5c859da03a837f0ea33cc7a6ca65605e7eb8eefa62b085a92ccdc25979f0c4abdf246949c8966f1ecef22af1980c22a4c380429840fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
130KB

MD5
9446510042bf99532b01766c30fc2c89

SHA1
670bf1cb1199501ac3c2af52ca072c6e18ab59c1

SHA256
aad677ed5c4458689811b5e0c3532827a9fcf6602e99baa7fd62b1a7fa900732

SHA512
84c45125cb56f56ef84808fa9db47f7ae7618cc4a75824c22ff075bbdabc6f10bc195703e4c0a1c7eadaa9db492ad2c280e724ed4e3f50c8357f69c16df39266

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
21KB

MD5
0e52c094a93d5bcd8875cce575d7da9a

SHA1
de9ecbf399f77a497c96c1a4b3509153ad9751a2

SHA256
abafb66ae53e45e075a02ab40e19bc2dbb0126d83f4da5f1fbd3bed1a4b4fdce

SHA512
b2cbb5075eb1cf84b9b24c2a2f3165675496d506d5e98a8868c18514c5740c366b5a29a925dcf6f6cacdb8ce6e39eb8673b15ebb55c5e9078e0d7eff631905cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\09f4462215482980_0

Filesize
2KB

MD5
1f81a5949d9eda1d04c43485e4137357

SHA1
d64e7316ba323d8af84300488de81f94058c37fe

SHA256
e83ebe2b5654ec3d9322c3fe765561272ec4971648929e777ee78614bc65912d

SHA512
71dceaae74e66c91a9568fd008ed0b1a45856f8130dae711cb05be92b436b20ccccbf99f077dc66766a4a21b42be9c9bb1a6077436f7c9b64b7754a15b7968ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\118a680837e379ce_0

Filesize
11KB

MD5
de7fdd4cde02d09fa664a88ceb2560ae

SHA1
6c6f238d1e383abc718df60b9c79f3f22b662da3

SHA256
a2829e61366e9743e1628a4cecdbeb0a22bc8308ad2b454e8a708cee3fec2395

SHA512
915bff29366035419de8746460f520828fd7eeeb3cfedbf78fab539c3eeab6ee1d97bb88cbf26dbcd5ebbebd7f1d5e233bf26f941457f91651c2156deaf8ec61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\174093a098ca2309_0

Filesize
4KB

MD5
f8a571d74255235b41dc3e12a0dddada

SHA1
2bfbb5234dde652147d4ef6796f7ba5927fd580b

SHA256
e32ae39ac54868aa1febec80d529463d4ef90b5d9a723a28a5a1cbff3c5f4e40

SHA512
02cf105f24b08baff9aa3dc424926c381d229b5888b0e12abdf029036ef0b649d5dd036b388d2cce1f72321ec5d5787e06c452cf526b2a5fc6936388fb071795

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2b76d7967c518e37_0

Filesize
1KB

MD5
d99e2e780f6cd98debe07c3d0796566a

SHA1
abedf0d0772aceb6a90242446612b7a9d6b3b400

SHA256
f4c04b516cfe0efca90256ac9b9c36481c515bb981703a312b814ef2e95cb823

SHA512
136bfe5189f121148cd660d81992cb6633498f318d493a93610e596e7c0bba241beeda0e08210bc8fad7917a9086ea09c36a3d7b0e5c5864518c006e1fd2bc2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\372463e8c7120bef_0

Filesize
2KB

MD5
e86987c2d0d65c4bea0529af58eb1042

SHA1
9ce8c2d99f4b7b8516a435d75a189e15e57b943e

SHA256
5041133cbaca0a96d5097076c615cc2f4632804185c1512f6926cdad04ab4e70

SHA512
06648d2f8ea0bf3c74138926981a51738c50c3a0c534fec54280f247ec6cf1783ff53128a4b9f8e172cc5680f8666488fc80ef975a8578f3e6170e8f506c0a9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4f28add35fe51c4c_0

Filesize
1KB

MD5
170bcebf0a43476496277e244fae6675

SHA1
d7ec701ea3b66161c2540ee4dffb0734d97b007e

SHA256
b551df255d81633fd24063cbcf696bdf2004abb9616af8034aecbd467e2e3310

SHA512
a01c7e7adb51a218fe2d3737326ee81e89fa5ad033df13bde594e468233af6d92ed1f0504d329f6fd77273d63bc5005b786c30bfe5ee8925d716cbaeaba08703

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a50aad6057e22c49_0

Filesize
2KB

MD5
1d9feaa43e06496e8e8992876f9ac4cb

SHA1
25aeb7687cbcd51980f07ba48266461b17418a88

SHA256
6766f722302aac70c31a3c53970de51448266c8fed61e2a38ae80324f63e8211

SHA512
b9ad336c8e70d6c2eed5058cf45cd037a6892e6dca010316165d4759d92420263a7854b240be5a5b50d88df89a027151b7a7121f2034fbf14faa9f05569b106e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c637970bda5d03af_0

Filesize
1KB

MD5
72ed25aae12a90f8a41fd5233045a9b2

SHA1
8016aecbc71ce3f80405804dc7f9b62e2aab2e22

SHA256
5ddd7e7191505b3c6e82d5c98057c736a5a202f166d7efd68ac786047d89ef90

SHA512
8155359cbfe15b71621df4f92b09697bf8b9b0af2ce8358343b16ec47239d913749bb618490f8ea83dddfcfa8ba3349e0df895d5ab656583364bb28a65a732d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
ed92908ab2774ed862198b938ddd30e4

SHA1
55fdd152e9b4938f439e5eb004df01034d541dde

SHA256
548e295f5927eed0cea46174aaabfaab999b380773a450daa4d1003cc031dc36

SHA512
c21f17a1a5437d14f50b614c0dbd0f85e0dec43664e80c440a2247d119ac9ddeaf5657e59f09360d5ddedb6ae8eee679d9a72d58aa125ba7ceb7c86000913d6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e6a4555812bf6be4f17612b3c70463aa

SHA1
264e2609b9c2d18864b2620df87a1631fa573441

SHA256
6322edc7536f5b3a008287b43f616eaf7149cfe27ccc48fc86b3fe5a6521dc76

SHA512
0d03dd3a5f70b3eb85acc0ffe1afe80d824f5fb1f5b4219a1b6978557c352098c038964bbe6da836fd8f5b4ddc46115e819966dd0afade3ca0b10a373f9066c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3570f165fdabb13f870dedca865269db

SHA1
629a57a1e0cb53a88d4dbb3af0c7e4a80cd1ce9f

SHA256
7283d7b0dde8d91f8a13505190210a6ea89c276806918b6109fdc339b5a39dc3

SHA512
514783b0d2818f77e3d903a29490ced58a77ba6967bb012387d91e6548e3b8940a41a0062fc19f701763645e661f0270d7f28738b215d94fa2a32dcbdc2e683b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7fe9301b1b0c190eb20bb404ab9fa5f4

SHA1
60faf93f7e105353dbb4695e255c9f87facb636d

SHA256
4f8036f1c03251a249b4c8effe151bdb4eeeaddf09d4bf4c541dc1228e786ef9

SHA512
6b9fbf04b6e6aa592377b748805af5e47a488a2ed6f0db65d535022b457389b4b3e70984f74eb9aa302fe950d441ef4f0b1851d83fdc865e6ee517f755669b05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
42333b889c7c03e55743f96840f81ce2

SHA1
21365d5f2cb4293ecfa1725b20f712c21e66c952

SHA256
e0cb9a8cffe427d6f94b22ec18111463933e48d2943182fe17c79b5a45800e14

SHA512
fe8490385472c4047832954cea368b3d3b571f73230abea3e26a31ce16f3928555275e9bda98120967da920411a1a69fadfc738ed7bc1ee55556d1dcfe062606

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
8f9159fa7e0b321def3567d562ea2b2b

SHA1
4ed75a34fdbaaedac884596cc5e4830900cda88a

SHA256
b9f472cefc96276bd5115c89b49502b6b3e993e2a2dea93fbd4895b86768e093

SHA512
7da54e1013b382252c571e7016c42e254eab997f6e692e184b03da752a208685962514516f6a6ddba825a9ebab9bfc16af99f77570cc389603a19750141d6612

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
09c27d82106074b3b43d28e40c781176

SHA1
c4d21b0ac1283b07b1bd409dd54736b247f98849

SHA256
7e23d50002152685c3390bba2d4465f99bd3409d74cd7ce28c612c58d738b948

SHA512
18a4be7826c0fffe1a769a019bd440f71ac9a5b4a3405fb5e5d7416120ade75fa5611fe1160ec53c3d15663f90e49159b2221c12ebbddd1fa3251f75d2e04442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
e5394bb0ba3b55260791c8e335541364

SHA1
7e7069496f3ecc241c879b3dac5155ded54d0ffa

SHA256
e3709fa5b7705935aeae12a87c1a55f96f2564983ceeb4d3635210830610e626

SHA512
72ef54f42b15d162e1d2348da7e95ee78be721ee4cf2def86adcc2286b45138d3fda6cef76170b6f55141b55af8237d7293afde1137058f95283a6189f4d2a15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
731bd974bfbd921a93ceb13a9d236fab

SHA1
8f61835f9b6528709a76aeafb079edbb8686c3a5

SHA256
0b3c3c73c568d152e5bf0994253f48982134c512996dc8cca3d83dbd8ea4b19e

SHA512
fe8ed28c8d6dfd4604adbeab0f7744f21fd35c3b91f808646a8d77617f98e84aa9f0b3363cc00bcb1e57d8f03bd6ec4d999f5543a195f404f0053e9965343ad2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
c2f3ff94180a81269f9341467abaa454

SHA1
67e399d1355ea228529cfb803a5960cdbd256eab

SHA256
b3377751e317d437a1766dd7c0ecffb53178d3e12b14f7160016ae0b707a9681

SHA512
63f49fe4d0d4a5f48d0e2904d7997f8b4f63eba00a4e9bf84be2a32d589ecc6c791e3aa2555e77ebad17d73c9ee45e64feacee13dc837a8dbf4e6a7484cea0ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
aad6df3e7ec0928b27dbe44112dc11b2

SHA1
3c3e89d4f3b9ef09770d924175d3ab88f16bd09a

SHA256
90f819d7001a395fc0507c8ecedee26ed27330fc4acf07af4c38566cee93ede1

SHA512
edc8dd9af61974caf91e9fd3fdf261a27a30513d8a3d5ec60dc3a5b50e9f0bff3fcfc57b0b02d64bfa28b1efd94adf8bd99d11f2c6de954a961b5ed0f86575bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
35ca204c0488924dd6a47f09cd602ed8

SHA1
8842248529828cdfc4e57ceb78f2e12f0cb5c824

SHA256
011e0b0a52d37d5f0ae402f471fe01b36a4ce47c000493f519b1c1f37ccf4a25

SHA512
5b370e575025168b16ece54453183449074c9d471230b03ea703c1d46418a4c694e35cbfcdfe9181d368da4238c3d459eec1a8892bf4e23483b1adde77bb96d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9d014bf8162274d16f17ac0e2449cabf

SHA1
5960dd7f7ab18c55187c66aa5c30b9e9075ffb95

SHA256
957870c50a67351cce2091a74665b38debfdf7993dd3200b9b01aae14588f4f0

SHA512
ff45e0e23e4554467478557beac4aaea2a6405dd90ae61972b385cee92ac4bd045f053d057162e76eb6ec3f297406c30d288230ee58e79d09cc2c921fa893915

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c81de0354e7b7e016591c30b29feca6c

SHA1
ee53bd4d895ad9c798a3448e1de153d0a866da17

SHA256
919be1b3942c438cd655e917d6323df18fe0ef7336db5b4248c8419a7e4f5872

SHA512
e8e52a924160a5a6e6be31da5fd71177d3b5d9b12f51e616a72b96989b871ed7f8549a932f01e2f4c51bb0366d9b8cd4275ba00b64c544e8a30568c946691ba8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
245cd5d89263df5ceed34db6d2da1b75

SHA1
09df6677b84d03b8941fd37b241a6e50b3f72b4e

SHA256
dd619eac3adac7dbfb43b8f6ef13e87f0baf3b883272cc99a9752cbe0e9ebc12

SHA512
986833b8e98d405810bdb21d14d8f373269b73c3abcd1f0dca13da60b6c2d2c7d25ebf7d99c57cca2f30bdde7d044bfc892516fc9d3c27e7b99ca39891cc6d77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e3b94840fcf4360be952a39bd97f5615

SHA1
10d9e259f1b64290ff467ca3aabb30337617c11c

SHA256
afd7203463e72ba66b2ea7add031c97cd5c941803e9134321b1788d844186d78

SHA512
e188b8c8226fc07a47a07a6d68fef432d25b9e1636ea98c4f22e56eb11c11b680a7f9424ae748490be1e83662a673f6084ebd70046b91cf574b98b6d604e0c24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
58be6b4ca8cfc566a36301bf98e84352

SHA1
63a84492c999cc11942d851d50da0d391f107700

SHA256
ada3fd960398ecfb0998cb0961d0fc2946fe44100cf15cd12d06bc8b3fed9bd4

SHA512
8f81059a9987b0f4681e897f94ac3bbed81adfb0833b7eec8162e60de34863e0cd446d9865d04460f37c4c7825b4029eaccb32d0d917f200be4d15ca50d8df3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6441fe8238053cea74ae60b36f7f3302

SHA1
e0372a3db33388efb963efdaddae3e3583e02446

SHA256
6fe9e3ec857c2d5f64ca3c51b25957df903b9116d0cef62aada2912d898414da

SHA512
7c55f6b4828f11d5877aa1eb86cf5abd6f65b7d0bf316e9c845112d465bd7355e41fbfd2353a8d28ad1a3098c8a6f36442fc14106b0b5c20ccb3fe1d0fca7c97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
68f744e5e664c508b7476bd249e6ffc0

SHA1
9318c10c2fe3c4dc7838224611e99fa73474d763

SHA256
de9a6c159428665b4e88f4aeabc99722fd5a5bb319b53dc586b483b1a5c00c94

SHA512
2aff37f6b98373b57e2d358d2e28b2f2875bb3a5273096e4ae171f7dc53646d190ed781da15e62e22be34e8df56f1f6b0dfe14c95812c5aff6a8798ecd23ddad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
29f0c11e2c97dedef960e893c8879de4

SHA1
eb3e66a3ac774f7d411ebd5202a24456259df68f

SHA256
d6485315db9e093f3ef68cfa6156e40e6f8ca8917d205c064b23d2c46feb520c

SHA512
0c0457362e91c01932fbfd4423a738e073439dbef7907bc4e46b0ae925fdcc015b763d4b121bdfe64aa58545d4aea411e4bc8306ef0a64b64bed17ef986f2a15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2321abefbbce3eaa24f56f357f0974fa

SHA1
a4856bf8fb545d82012b291bdcaa57d55e07313b

SHA256
4e8d155f0ceeb2312ffe84d2d69a07dbf25aacec5c9730ae29264f56c4034404

SHA512
193281f0ebb78de5bbcc988b2874f1637eb913233b96c47507c742e65958e53741d0a33f1c915edeb38549eb666cb2e88397518afb2d215baa84ba366d35d937

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
61a0792be551df8988095d6afd6c7a08

SHA1
5d01a3db395429fed4006638e2fb0eec5c844c7b

SHA256
a1ffafdc0c79d5adbc8841308d09471022340f722aa3b562ad66a1c4a75a135d

SHA512
14205b2d76bcabdf95c11255fc16ae6842e1840d544719229f4a6a8535f8bda0308a59c15e7113866d916e66d28659b2e6bd2dcfc164442190f089ddb9fbc9ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
860ca75c4d2b9db7daaca753bd6c4c37

SHA1
e75dc93ba93241734333275f432e54eee25b0801

SHA256
6112a8dd563cf99325daaa44c0068a5ed43c18cecc9f132983a17d3ae915c291

SHA512
9aa9365499c5be33cc799f7aec0cfcee34de9d22a629dee561a2a8565fb7965ed27306d376b5b32cf05cbec3a9e0aad493ba1109c70f3a85c1e8b1678eac4ad2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
082ab3528dce636f36e93e24148b5aee

SHA1
2563786cb3f338e6f0d128bc9b92083d4e2e6395

SHA256
ee3d4b6093fc49fed91f9f7a2367dba5cdc900faebc56689a1fbd6bb3c51ea39

SHA512
80c99e975f9b3b067603883c6d94c2b4909a321d9b2b55349d9484439bdb3140bc152863de77d735d16213f9cab403e472223d1270868062f40373dd1ce6bb3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
87c521b28dc0fc615550bf685ee51b52

SHA1
139031072acd93ef12ecef61a6f8fd87620a0dd5

SHA256
8f1ee1bd842e1a773ac7b8ef041d90f240f7d52396b8f4a29c377d3c296a0600

SHA512
29e21c92756a5bf7a8688f8c6d61bf55b523fb5731505ab2fa27501aca7f29ad94019b73d4ca64a1ecc2aba4c0bbd4b9dcc4398ea359ee12052efb97984c1030

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
73c8a01c79f6d69f381bc430b0d24387

SHA1
827c635ed99dcf9d5d91e9ccb609a5576335b382

SHA256
4e8a669fab06fc0fb0ac57aa77d2f325d0bbc30e0590d0e113c6b2adfba82a7a

SHA512
2ec8dfbcd2529e5b82a354e5dbe5197657b6fff2977dcf2c8bfa34d4926ab3500e0a3b231e4cb319622425df210894103a6b960588ee9180f4b91f1a83d45382

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
2a582ed9f96e6092b55be5d07068a19e

SHA1
60f4e57af32f6683181c41d36eaaa5e550bd140c

SHA256
11d6a144326c8ad79f280685d065c35b97e6fa56caf602116a79ba7369dd9f0b

SHA512
3ba9e03642309cd5f7ce9beadbba108bb4bb79a8bd43e4fbdd07c3d05c310555aa3dcf1b024aea6febe06204921179ad2d95b14609f5144b0a4677c4e3e8dd2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a6c48.TMP

Filesize
120B

MD5
38f53fedce5d09e566e28abe86560974

SHA1
9f95eb5d564e18fc382983584e41bc0a3ace04e9

SHA256
1687f178208a3e85e2e8acffac90f186a580b2e4222b9c4e812fda60e8016aea

SHA512
7d011152d91a0d9b0be2fd247cb7e8f12f4bff87cd97b59c0d721ce57cbfb53a5f031e8bbe0471e722d630f7230d825c40d9ba75298c2de5c77ea085ec5c4015

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
281KB

MD5
4b66c863df0006dde6a379f9eff9a862

SHA1
26e5a7689b9056610e0b0c01f64efa2951f6e825

SHA256
fa1ddb9762f1c7969dd3343c0c04e56e52b678cac209f3ebfb1df2f533beb3fd

SHA512
aa42a8e46940685679408b57df1c7a3bd8cb8c1b3979c68037778f087cdcaf5fa858018518bf8462dabf4158cadda4116aaeb1964c2fbbc828ffcd460703241e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
281KB

MD5
558301eb57b9a51fd4571e075bcaf627

SHA1
4f6ee3065fad226c578ea75e0a5f4976715a11ba

SHA256
43005dabec564f92c7618ef0ad00f3bb289b13ee2e23cd7e1349d7e2abcaba61

SHA512
3f910e3ef1c7ad70fd1b6c5c48b5f874c2af0e4b28d5e14f32244b3695127df8e09668c4ecc4ad026c5f1a6ceba4243cc593aa5e40ee915709fb8b3e36c8637c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
281KB

MD5
63ecf8fdb11392bb84bf80391dba33b1

SHA1
95d012c709cb5120c1c6027892d1f701db4c15ef

SHA256
7f5f46136bcdefb814263020f884b93ddeb80207d6f5dd0d99dd58453364c7e9

SHA512
e9d0b9738032a9a2d5e550e81e24c5e829880538fff097f08875b81561c8576982b8c1457460faf61891047d05baeacd5776a5740a1b1d3c0ef37c03e683ab4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
281KB

MD5
1ec182b2644528493b5e2c0490b6947c

SHA1
c7f67502b587ea326ced67509a7d42c184af694c

SHA256
d144df1989a8cab84f71a0bf57a5e5fbef57252655f56e0b073298280f64f2fa

SHA512
bfc20118d2197607c03b144598ae8c869449f86b785d2e25433d23f87e0b6317f44e898545bd5c341dc75b961591b20487fb65ee4026156af21340f1f3560cf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
281KB

MD5
d1b4a5743c5e0c5a26b14990feee3eb9

SHA1
ff5f76432e26e2ee9ccf056aeb851075f06cc69b

SHA256
61f16e29ce8becaa18594b9e818f5e8e08d435fb9abccf6d6764c149c636f6ac

SHA512
c39d2bef1815caa1d33158ba79be2db014e7cc4dd28114967bca554c9681634aac84634927f6b7a6feb7122c64bb4c5b0ff3c02ce53382c74d917ff67e12d501

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
919032c95ee36c1500e04d649382d801

SHA1
48b1d2a96a1d3e8490c94b41c0dd4c97f8a0215a

SHA256
dd0b476b6e47bf2fec37ecc70d55593843a90e625095350308ccec09d06cf556

SHA512
96174812362d52980378116594e193feabe9b409a12d96c1dadc233d1027fe7f35d89a6c5a818f5c23fa85c0693f46837fd4ef7e4233cd23aad052edad7edac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
c0ef9822dfa5330270d91d52f13a5a8d

SHA1
13b0e63be80e3cdf23a521f82edb212819cebc34

SHA256
445c854bd20de96cbde874193bf06db812474710bb7c89210b898b47f0c52aa4

SHA512
9140eb220c1a14152b84bba4dbdf7a315ca4d1b3ce5bd845a583eb1790588a819c7efbecafced258f70f3ddca0c4aca6c3882d40c3dcfc66aae866940828c7b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe590e4e.TMP

Filesize
83KB

MD5
861c991a5ea7c57384895581c2645740

SHA1
0060816334e2ece099316f620ca2c1dce3fc1b94

SHA256
3d1f3af6634a332a3f7cd09aa9531b62141efed639a73b3ce7d49add799561cd

SHA512
e42721b642100b2328c8dd6dceb68624918ad3d639d8fae0b56e6ffe45f6ea6d0cc9f2fe45e15ff61dcd3d16be1e0657212cb3d74016b0bd4c43fe9a741c1eea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\builder.exe.log

Filesize
1KB

MD5
ac45cc773216001c355992d869450b47

SHA1
1f19c3839b521e1bf1ec7928f32f45234f38ea40

SHA256
c9c03abe98c496376975747c9b617f5f6e1b50aec09aa8be31aa24e81254901f

SHA512
3d73620a59089bc05d60ae07f0811ddacd1661599eca096cd9927813f86dc9cebac1de221691373601c743250694de43e408a9e607e813fb28260b1509f84574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a74887034b3a720c50e557d5b1c790bf

SHA1
fb245478258648a65aa189b967590eef6fb167be

SHA256
f25b27187fad2b82ac76fae98dfdddc1c04f4e8370d112d45c1dd17a8908c250

SHA512
888c3fceb1a28a41c5449f5237ca27c7cbd057ce407f1542973478a31aa84ce9b77943130ca37551c31fa7cd737b9195b7374f886a969b39148a531530a91af3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
64f055a833e60505264595e7edbf62f6

SHA1
dad32ce325006c1d094b7c07550aca28a8dac890

SHA256
7172dc46924936b8dcee2d0c39535d098c2dbf510402c5bbb269399aed4d4c99

SHA512
86644776207d0904bc3293b4fec2fa724b8b3c9c3086cd0ef2696027ab3d840a8049b6bde3464c209e57ffa83cbc3df6115500fbe36a9acb222830c1aac4dc7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
9e3f75f0eac6a6d237054f7b98301754

SHA1
80a6cb454163c3c11449e3988ad04d6ad6d2b432

SHA256
33a84dec02c65acb6918a1ae82afa05664ee27ad2f07760e8b008636510fd5bf

SHA512
5cea53f27a4fdbd32355235c90ce3d9b39f550a1b070574cbc4ea892e9901ab0acace0f8eeb5814515ca6ff2970bc3cc0559a0c87075ac4bb3251bc8eaee6236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
b15016a51bd29539b8dcbb0ce3c70a1b

SHA1
4eab6d31dea4a783aae6cabe29babe070bd6f6f0

SHA256
e72c68736ce86ec9e3785a89f0d547b4993d5a2522a33104eeb7954eff7f488a

SHA512
1c74e4d2895651b9ab86158396bcce27a04acfb5655a32a28c37ee0ebd66cd044c3c895db7e14acc41a93db55463310425c188a7c503f0308ce894cf93df219f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
620dd00003f691e6bda9ff44e1fc313f

SHA1
aaf106bb2767308c1056dee17ab2e92b9374fb00

SHA256
eea7813cba41e7062794087d5d4c820d7b30b699af3ec37cb545665940725586

SHA512
3e245851bfa901632ea796ddd5c64b86eda217ec5cd0587406f5c28328b5cb98c5d8089d868e409e40560c279332ba85dd8ce1159ae98e8588e35ed61da2f006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
621KB

MD5
65ef5c388d493c9fcd4fced516e00314

SHA1
11d98879ceb6df06cdcf570f142743db8cf46468

SHA256
11cc50d17642cae9ea733ff8f5709c65c9a1fffe2bc37d9aa9b5ad02e3de0153

SHA512
6c34c74628b04623dc89bfc1ebf13b70e1279411aa8e002567e4767a3c5e4f770bf61b952a5d8d09e055599aa2533c04ba26d4c998d1973bf7d3c1e6f5f81b9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
527KB

MD5
6aa9dfa489684a49397cf26b7cc5cd05

SHA1
c2a8e7367c785617d2e1edcb6df297b74b41bfae

SHA256
76c3190d49b58cb516ce53180db99c8c66abf991bbf44a938551037410189a2d

SHA512
1e9229ecf6b90e920d6148905cb4ee859ea440f8e361f88a41683e515b6bef58e9ac7e5889c50400d833f9798f8e7efb27c323e5abfb4a67269cdc96fac8aaca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6936fdd7d70f1018d7eb6833b98315e1

SHA1
e13dc00c6b196138f779c9e4ba0f73dcfcff8b49

SHA256
5837234dd34f27c35fcd8088a46e2e734485fa5df93d44fecf4db0a79e26b8a7

SHA512
1f699688e1c2f8e8d2b9e6b11322fd87e5df0dd590cceeaa9a6c60a0aa0bd67c582f0ee00b20070d9c298d97a50331ab74c43e0903466df753b7c3459ef8f2db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9ee33373f0f92a69fb71b04ad1b4b7f3

SHA1
807077ec399373c6f0f7563cff43bc33c1cf22e0

SHA256
5c75e386180cace6c97e016ffaf1b32d643e67cdfc2fef48557061d3db23ed0f

SHA512
f3355392e6246b5ac0c0f69517dbff2c322c9bfa197961cfa104ba7960a7c0d5f7039ac3f9ec3477b784e8d54b3a1c01f983a4669f859bb4199c87edb2ba25ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9e66202b08bf6bff3cc2c99215c7948e

SHA1
4a22be40fbf26810df624261a978abc7111a73dc

SHA256
822cb4bcbf906ba8b2d0149652e40d99e45d8690637763e9e026b8e20e4367c9

SHA512
be07bc52d733a490676b763c9bf86b2be9f383b07803d5eb42ee82f6fbd645d3c194651e7d17f4b47a6d1b4fb0b6612e756bce81e2c3baedce9da718d7c0fee6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c0c6957b2f2a1120e773cd3f330baec5

SHA1
a7d31884119d50758fca3ae660c3c44f0fb44e6a

SHA256
b7f7269472d4199699deff661287132a3fad9a9d717d825d0618f3d52068b73b

SHA512
3fe161653ea26e3090175d74ec1cfaadd3f5933652766ac74ab89544717b20c64395b698d11cba1694060a96e9653563a4c148c28462f2b7e917399e2f459a6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
82f647d7f88333b516d4be0c69ddac0e

SHA1
053fdf7c070cd84f6ed0af47e1f23b85cb9315f4

SHA256
313ccb181e4909a8ddd445fea0e6ea9ea8f943fea164dee2599bc412d6aba658

SHA512
b865a616f8bb5f55f26ed0743c9562abc9ac857e2f618f9269999910f2134cdd0b9d295d85e815775bc7989aaa34d67a206db53742e638b401d1799aa0651334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ffa7e5bf-04c2-440e-aa4a-c61190fd80cd.tmp

Filesize
11KB

MD5
cb3cd6266a07a761875435bfed3d3066

SHA1
029d3d124c06b5ad5b63cfa10f6b1849515328c5

SHA256
90fe1f3efde99305f926b1b3fb515e3598cf1366eef089fab14defefe33c8605

SHA512
8d8cd4124ffcddc4d34c91798913c7795d8723ada6f9b15c84f597e5c1dac1365d1074573080d7a804c5bdced14bce79767b36a39e089ca3b7388878c4d9954d

Download Submit
C:\Users\Admin\Downloads\release.zip

Filesize
445KB

MD5
06a4fcd5eb3a39d7f50a0709de9900db

SHA1
50d089e915f69313a5187569cda4e6dec2d55ca7

SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

SHA512
75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

Download Submit
C:\Users\Admin\Downloads\release.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\release\Client-built.exe

Filesize
78KB

MD5
74d3742b94a42574846c9abd2d6356bb

SHA1
542cbc9a500feb90253d88462e1bf3da65f44b3c

SHA256
76c992fb5338986a99fc8a04b9e8dec606e55bd3f3faa151d1152bae7f094b3b

SHA512
47e2cd14be4bccba664b4018216e35127e42cdf6de1cd14f8afc2be9c736671d431cce3c6fd567375e44c8e917bdec41b97baf64421afc2088cea05d7e70154e

Download Submit
memory/1040-893-0x0000000000220000-0x0000000000228000-memory.dmp

Filesize
32KB

Download
memory/1040-896-0x0000000004CE0000-0x0000000004CEA000-memory.dmp

Filesize
40KB

Download
memory/1040-920-0x0000000005FF0000-0x0000000006112000-memory.dmp

Filesize
1.1MB

Download
memory/1040-894-0x0000000005200000-0x00000000057A6000-memory.dmp

Filesize
5.6MB

Download
memory/1040-895-0x0000000004CF0000-0x0000000004D82000-memory.dmp

Filesize
584KB

Download
memory/4804-935-0x000001DEF6460000-0x000001DEF6988000-memory.dmp

Filesize
5.2MB

Download
memory/4804-934-0x000001DEF5C10000-0x000001DEF5DD2000-memory.dmp

Filesize
1.8MB

Download
memory/4804-933-0x000001DEF3590000-0x000001DEF35A8000-memory.dmp

Filesize
96KB

Download