agenttesla | b9ad79eaf7a4133f95f24c3b9d976c72f34264dc5c99030f0e57992cb5621f78

Analysis

max time kernel
1798s
max time network
1593s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
30-06-2024 14:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk (1).exe
Size

3.0MB
MD5

eb80f7bddb699784baa9fbf2941eaf4a
SHA1

df6abbfd20e731689f3c7d2a55f45ac83fbbc40b
SHA256

b9ad79eaf7a4133f95f24c3b9d976c72f34264dc5c99030f0e57992cb5621f78
SHA512

3a1162e9fef849cb7143dc1898d4cfcfd87eb80ced0edb321dfa096686b25ae8a9a7f3ae8f37a09724d94f96d64e08940fc23c0b931ddd8a1e70e2792cb3fe47
SSDEEP

98304:6aJXyQTrRGlSMoIuORmKBQielvZlpkiSti:3olMcR9BTY3WS

Score

10^/10

agenttesla quasar office04 agilenet execution keylogger spyware stealer trojan upx

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

HOsteraaa:4782

aaaaaaaaaaaaaaaaa:4782

Mutex

4d3911f5-5595-4a10-b82d-88f7421b2c02

Attributes

encryption_key
BC455DB61AF534709FA3CF70B0E355C5FB5B6310
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla
Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar

Quasar payload 4 IoCs

resource	yara_rule
behavioral1/memory/4084-4395-0x000001BEE08B0000-0x000001BEE09E8000-memory.dmp	family_quasar
behavioral1/memory/4084-4396-0x000001BEE25F0000-0x000001BEE2606000-memory.dmp	family_quasar
behavioral1/files/0x000200000002addc-4511.dat	family_quasar
behavioral1/memory/3772-4582-0x0000000000FB0000-0x00000000012D4000-memory.dmp	family_quasar

AgentTesla payload 1 IoCs

resource	yara_rule
behavioral1/memory/1456-2408-0x0000020BD72C0000-0x0000020BD74B4000-memory.dmp	family_agenttesla

Obfuscated with Agile.Net obfuscator 2 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral1/files/0x000100000002acc6-2363.dat	agile_net
behavioral1/memory/1456-2371-0x0000020BBA320000-0x0000020BBAF58000-memory.dmp	agile_net

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000100000002acc5-2357.dat	upx
behavioral1/memory/5836-2367-0x00007FF6E4590000-0x00007FF6E4D17000-memory.dmp	upx
behavioral1/memory/5836-2621-0x00007FF6E4590000-0x00007FF6E4D17000-memory.dmp	upx
behavioral1/memory/5836-2915-0x00007FF6E4590000-0x00007FF6E4D17000-memory.dmp	upx

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
347	camo.githubusercontent.com

Drops file in System32 directory 15 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db	AnyDesk (1).exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db	AnyDesk (1).exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db	AnyDesk (1).exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db	AnyDesk (1).exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db	AnyDesk (1).exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db	AnyDesk (1).exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db	AnyDesk (1).exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db	AnyDesk (1).exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db	AnyDesk (1).exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db	AnyDesk (1).exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db	AnyDesk (1).exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db	AnyDesk (1).exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db	AnyDesk (1).exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db	AnyDesk (1).exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db	AnyDesk (1).exe

Executes dropped EXE 3 IoCs

pid	Process
5520	winrar-x64-701.exe
6524	winrar-x64-701.exe
3328	winrar-x64-701.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
4600	powershell.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk (1).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk (1).exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133642302210636970"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\scrcpy.rar:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier	chrome.exe

Runs ping.exe 1 TTPs 8 IoCs

Remote System Discovery

T1018

pid	Process
8088	PING.EXE
1896	PING.EXE
7840	PING.EXE
5852	PING.EXE
912	PING.EXE
8024	PING.EXE
3080	PING.EXE
4536	PING.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
836	AnyDesk (1).exe

Suspicious behavior: EnumeratesProcesses 46 IoCs

pid	Process
2912	AnyDesk (1).exe
2912	AnyDesk (1).exe
2912	AnyDesk (1).exe
2912	AnyDesk (1).exe
2912	AnyDesk (1).exe
2912	AnyDesk (1).exe
2344	chrome.exe
2344	chrome.exe
7396	chrome.exe
7396	chrome.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2912	AnyDesk (1).exe
Token: 33	4788	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4788	AUDIODG.EXE
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
836	AnyDesk (1).exe
836	AnyDesk (1).exe
836	AnyDesk (1).exe
836	AnyDesk (1).exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
6508	Taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
836	AnyDesk (1).exe
836	AnyDesk (1).exe
836	AnyDesk (1).exe
836	AnyDesk (1).exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe
6508	Taskmgr.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
3432	AnyDesk (1).exe
3432	AnyDesk (1).exe
6048	MiniSearchHost.exe
6752	OpenWith.exe
5520	winrar-x64-701.exe
5520	winrar-x64-701.exe
5520	winrar-x64-701.exe
6524	winrar-x64-701.exe
6524	winrar-x64-701.exe
6524	winrar-x64-701.exe
3328	winrar-x64-701.exe
3328	winrar-x64-701.exe
3328	winrar-x64-701.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3120 wrote to memory of 2912	3120	AnyDesk (1).exe	77
PID 3120 wrote to memory of 2912	3120	AnyDesk (1).exe	77
PID 3120 wrote to memory of 2912	3120	AnyDesk (1).exe	77
PID 3120 wrote to memory of 836	3120	AnyDesk (1).exe	78
PID 3120 wrote to memory of 836	3120	AnyDesk (1).exe	78
PID 3120 wrote to memory of 836	3120	AnyDesk (1).exe	78
PID 2344 wrote to memory of 2092	2344	chrome.exe	86
PID 2344 wrote to memory of 2092	2344	chrome.exe	86
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 2452	2344	chrome.exe	87
PID 2344 wrote to memory of 3460	2344	chrome.exe	88
PID 2344 wrote to memory of 3460	2344	chrome.exe	88
PID 2344 wrote to memory of 2492	2344	chrome.exe	89
PID 2344 wrote to memory of 2492	2344	chrome.exe	89
PID 2344 wrote to memory of 2492	2344	chrome.exe	89
PID 2344 wrote to memory of 2492	2344	chrome.exe	89
PID 2344 wrote to memory of 2492	2344	chrome.exe	89
PID 2344 wrote to memory of 2492	2344	chrome.exe	89
PID 2344 wrote to memory of 2492	2344	chrome.exe	89
PID 2344 wrote to memory of 2492	2344	chrome.exe	89
PID 2344 wrote to memory of 2492	2344	chrome.exe	89
PID 2344 wrote to memory of 2492	2344	chrome.exe	89
PID 2344 wrote to memory of 2492	2344	chrome.exe	89
PID 2344 wrote to memory of 2492	2344	chrome.exe	89
PID 2344 wrote to memory of 2492	2344	chrome.exe	89
PID 2344 wrote to memory of 2492	2344	chrome.exe	89
PID 2344 wrote to memory of 2492	2344	chrome.exe	89
PID 2344 wrote to memory of 2492	2344	chrome.exe	89
PID 2344 wrote to memory of 2492	2344	chrome.exe	89
PID 2344 wrote to memory of 2492	2344	chrome.exe	89
PID 2344 wrote to memory of 2492	2344	chrome.exe	89
PID 2344 wrote to memory of 2492	2344	chrome.exe	89
PID 2344 wrote to memory of 2492	2344	chrome.exe	89
PID 2344 wrote to memory of 2492	2344	chrome.exe	89
PID 2344 wrote to memory of 2492	2344	chrome.exe	89

C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe"
1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:3120
- C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2912
- - C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe" --backend
    3⤵
    - Drops file in System32 directory
    - Suspicious use of SetWindowsHookEx
    PID:3432
- C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe" --local-control
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:836

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x0000000000000448 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff982d5ab58,0x7ff982d5ab68,0x7ff982d5ab78
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:2
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3308 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4164 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3792 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4480 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4396 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4624 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3996 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4836 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5036 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5560 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5748 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4832 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4320 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5836 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4624 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3380 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5348 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4916 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6132 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3316 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3320 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6044 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4048 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3244 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3380 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6260 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6404 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6412 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6692 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6828 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6972 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7124 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7272 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4104 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7760 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7908 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8064 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7020 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=6972 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=8580 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5184 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=2588 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=2896 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8396 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=1592 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=8996 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=9136 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=9008 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=8976 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:6148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=6272 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:6280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=9400 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:6324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=9416 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:6332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=9116 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:6460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=9252 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:6488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=10060 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:6620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=9728 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:6648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=7536 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:6800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=9392 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:6808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=9864 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:7000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=10624 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:7008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=10888 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:7132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=9704 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:7160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=11188 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:7232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=10560 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:8016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=6864 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:8008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=7644 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:8028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=7164 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:7324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=5644 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:7336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=7492 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6888 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=6980 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:6844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=8296 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:6388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=7452 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6436 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:6416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=5928 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:7872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6152 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:6436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6568 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:6668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8064 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:6660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7556 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:6996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7608 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:7936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8104 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:6740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7732 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:7684
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=7340 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:6160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=6116 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:7032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8284 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:7372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6932 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:5856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10056 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6036 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:7560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10252 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:6760
- C:\Users\Admin\Downloads\winrar-x64-701 (1).exe
  "C:\Users\Admin\Downloads\winrar-x64-701 (1).exe"
  2⤵
  PID:592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=7616 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:7212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --mojo-platform-channel-handle=7420 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:7588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8224 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:5204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6844 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --mojo-platform-channel-handle=5236 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --mojo-platform-channel-handle=6460 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:7928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --mojo-platform-channel-handle=2100 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:6596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:6368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --mojo-platform-channel-handle=2580 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --mojo-platform-channel-handle=6732 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7896 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:6164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8676 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:7732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --mojo-platform-channel-handle=7280 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:7576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --mojo-platform-channel-handle=5968 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8648 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --mojo-platform-channel-handle=8624 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:7056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --mojo-platform-channel-handle=9228 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:7432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --mojo-platform-channel-handle=7816 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --mojo-platform-channel-handle=8352 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9084 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8696 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --mojo-platform-channel-handle=11104 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --mojo-platform-channel-handle=4048 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --mojo-platform-channel-handle=7020 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:7532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --mojo-platform-channel-handle=10524 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:6180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --mojo-platform-channel-handle=6792 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --mojo-platform-channel-handle=6704 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --mojo-platform-channel-handle=8472 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:7032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --mojo-platform-channel-handle=6480 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --mojo-platform-channel-handle=9268 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:6468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8424 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:7544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --mojo-platform-channel-handle=3316 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --mojo-platform-channel-handle=5316 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7256 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --mojo-platform-channel-handle=2196 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --mojo-platform-channel-handle=5016 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --mojo-platform-channel-handle=7380 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --mojo-platform-channel-handle=7496 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --mojo-platform-channel-handle=5768 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:7512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --mojo-platform-channel-handle=11288 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --mojo-platform-channel-handle=7468 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --mojo-platform-channel-handle=7040 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --mojo-platform-channel-handle=8588 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:7744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --mojo-platform-channel-handle=8800 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:1
  2⤵
  PID:7504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7744 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:7224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10504 --field-trial-handle=1744,i,7825227706305616359,1058495251127966760,131072 /prefetch:8
  2⤵
  PID:6724

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2160

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6048

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6752

C:\Windows\system32\launchtm.exe
launchtm.exe /2
1⤵
PID:5804
- C:\Windows\System32\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe" /2
  2⤵
  - Checks SCSI registry key(s)
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:6508

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\c5d889434369447ba5d50431646fc84f /t 5544 /p 5520
1⤵
PID:5228

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5460

C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6524

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\63904129b0a843a18bcf2c74abf05993 /t 5456 /p 6524
1⤵
PID:3096

C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3328

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\4f35cb6e196640f8a07b29988abcef8f /t 7664 /p 592
1⤵
PID:5008

C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
1⤵
PID:6944

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\49743f1c67c142389f4647e89128dd7a /t 2348 /p 6944
1⤵
PID:6960

C:\Users\Admin\Downloads\scrpyu\New folder\scrcpy.exe
"C:\Users\Admin\Downloads\scrpyu\New folder\scrcpy.exe"
1⤵
PID:7520
- C:\Users\Admin\Downloads\scrpyu\New folder\adb.exe
  adb push "C:\Users\Admin\Downloads\scrpyu\New folder\scrcpy-server" "/data/local/tmp/scrcpy-server.jar"
  2⤵
  PID:6712
- - C:\Users\Admin\Downloads\scrpyu\New folder\adb.exe
    adb -L tcp:5037 fork-server server --reply-fd 592
    3⤵
    PID:1840

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\scrpyu\New folder\run.bat" "
1⤵
PID:2560
- C:\Users\Admin\Downloads\scrpyu\New folder\scrcpy.exe
  scrcpy.exe -S -m 1024 --max-fps=30
  2⤵
  PID:5032
- - C:\Users\Admin\Downloads\scrpyu\New folder\adb.exe
    adb push "C:\Users\Admin\Downloads\scrpyu\New folder\scrcpy-server" "/data/local/tmp/scrcpy-server.jar"
    3⤵
    PID:3352

C:\Users\Admin\Downloads\scrpyu\New folder\adb.exe
"C:\Users\Admin\Downloads\scrpyu\New folder\adb.exe"
1⤵
PID:592

C:\Users\Admin\Downloads\scrpyu\New folder\scrcpy-noconsole.exe
"C:\Users\Admin\Downloads\scrpyu\New folder\scrcpy-noconsole.exe"
1⤵
PID:7956
- C:\Users\Admin\Downloads\scrpyu\New folder\adb.exe
  adb push "C:\Users\Admin\Downloads\scrpyu\New folder\scrcpy-server" "/data/local/tmp/scrcpy-server.jar"
  2⤵
  PID:5816

C:\Users\Admin\Downloads\XWorm_V5.2\XWorm V5.2.exe
"C:\Users\Admin\Downloads\XWorm_V5.2\XWorm V5.2.exe"
1⤵
PID:2612
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGMAbAB1ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGEAeABmACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGQAdQBlACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHAAYQB4ACMAPgA="
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4600
- C:\Windows\windowssdk.exe
  "C:\Windows\windowssdk.exe"
  2⤵
  PID:5836
- C:\Users\Admin\Downloads\XWorm_V5.2\XWorm.exe
  "C:\Users\Admin\Downloads\XWorm_V5.2\XWorm.exe"
  2⤵
  PID:1456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
    3⤵
    PID:4840
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff96b693cb8,0x7ff96b693cc8,0x7ff96b693cd8
      4⤵
      PID:6748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,11275573439248579570,12295466291333776363,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
      4⤵
      PID:1096
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,11275573439248579570,12295466291333776363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:3
      4⤵
      PID:5924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,11275573439248579570,12295466291333776363,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
      4⤵
      PID:5736
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,11275573439248579570,12295466291333776363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
      4⤵
      PID:8064
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,11275573439248579570,12295466291333776363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
      4⤵
      PID:8132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,11275573439248579570,12295466291333776363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1
      4⤵
      PID:5264
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,11275573439248579570,12295466291333776363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:1
      4⤵
      PID:6588
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,11275573439248579570,12295466291333776363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
      4⤵
      PID:5556
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,11275573439248579570,12295466291333776363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
      4⤵
      PID:916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,11275573439248579570,12295466291333776363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
      4⤵
      PID:6544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
    3⤵
    PID:3904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff96b693cb8,0x7ff96b693cc8,0x7ff96b693cd8
      4⤵
      PID:5196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
    3⤵
    PID:1404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff96b693cb8,0x7ff96b693cc8,0x7ff96b693cd8
      4⤵
      PID:7020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,12866743956718368824,16980229045171223705,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
      4⤵
      PID:5828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,12866743956718368824,16980229045171223705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
      4⤵
      PID:5800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,12866743956718368824,16980229045171223705,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
      4⤵
      PID:2812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12866743956718368824,16980229045171223705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
      4⤵
      PID:3416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12866743956718368824,16980229045171223705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
      4⤵
      PID:3652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12866743956718368824,16980229045171223705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
      4⤵
      PID:6300
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,12866743956718368824,16980229045171223705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3456 /prefetch:8
      4⤵
      PID:5940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12866743956718368824,16980229045171223705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
      4⤵
      PID:7424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
    3⤵
    PID:2752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ff96b693cb8,0x7ff96b693cc8,0x7ff96b693cd8
      4⤵
      PID:3740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4932

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\f4ee38bc407e4bec90ce0fdacf9dcab5 /t 5152 /p 3328
1⤵
PID:5656

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k ThreadDesktopInternet -s ThreadDesktopInternet
1⤵
PID:7496

C:\Users\Admin\Downloads\XWorm_V5.2\XWorm.exe
"C:\Users\Admin\Downloads\XWorm_V5.2\XWorm.exe"
1⤵
PID:7472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
  2⤵
  PID:2352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff96b693cb8,0x7ff96b693cc8,0x7ff96b693cd8
    3⤵
    PID:2128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,269180270401872594,14921777921033632715,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2000 /prefetch:2
    3⤵
    PID:7732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,269180270401872594,14921777921033632715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
    3⤵
    PID:916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,269180270401872594,14921777921033632715,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
    3⤵
    PID:7112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,269180270401872594,14921777921033632715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
    3⤵
    PID:7336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,269180270401872594,14921777921033632715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
    3⤵
    PID:7264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,269180270401872594,14921777921033632715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
    3⤵
    PID:5876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:124

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
1⤵
PID:5732
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
  2⤵
  PID:4588
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  PID:6132
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    PID:7844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff982d5ab58,0x7ff982d5ab68,0x7ff982d5ab78
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1864,i,3716369831032628180,12259752923566926850,131072 /prefetch:2
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 --field-trial-handle=1864,i,3716369831032628180,12259752923566926850,131072 /prefetch:8
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2176 --field-trial-handle=1864,i,3716369831032628180,12259752923566926850,131072 /prefetch:8
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1864,i,3716369831032628180,12259752923566926850,131072 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1864,i,3716369831032628180,12259752923566926850,131072 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4216 --field-trial-handle=1864,i,3716369831032628180,12259752923566926850,131072 /prefetch:1
  2⤵
  PID:8008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4392 --field-trial-handle=1864,i,3716369831032628180,12259752923566926850,131072 /prefetch:8
  2⤵
  PID:7548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4516 --field-trial-handle=1864,i,3716369831032628180,12259752923566926850,131072 /prefetch:8
  2⤵
  PID:5176

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:7868

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:5924

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
PID:6068

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:7196

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc
1⤵
PID:5172

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:6856

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:6788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff982d5ab58,0x7ff982d5ab68,0x7ff982d5ab78
  2⤵
  PID:6496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1732,i,2963894174849438726,9799930526840286520,131072 /prefetch:2
  2⤵
  PID:6608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1732,i,2963894174849438726,9799930526840286520,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1732,i,2963894174849438726,9799930526840286520,131072 /prefetch:8
  2⤵
  PID:7832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1732,i,2963894174849438726,9799930526840286520,131072 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1732,i,2963894174849438726,9799930526840286520,131072 /prefetch:1
  2⤵
  PID:7180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4168 --field-trial-handle=1732,i,2963894174849438726,9799930526840286520,131072 /prefetch:1
  2⤵
  PID:6792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3856 --field-trial-handle=1732,i,2963894174849438726,9799930526840286520,131072 /prefetch:8
  2⤵
  PID:5980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4404 --field-trial-handle=1732,i,2963894174849438726,9799930526840286520,131072 /prefetch:8
  2⤵
  PID:7116

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff96b693cb8,0x7ff96b693cc8,0x7ff96b693cd8
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1792,17477342694595983761,11188601093228200388,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1792,17477342694595983761,11188601093228200388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1792,17477342694595983761,11188601093228200388,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2484 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,17477342694595983761,11188601093228200388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,17477342694595983761,11188601093228200388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:7640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff982d5ab58,0x7ff982d5ab68,0x7ff982d5ab78
  2⤵
  PID:7264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1824,i,18130964649890683012,6823150988729069362,131072 /prefetch:2
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1824,i,18130964649890683012,6823150988729069362,131072 /prefetch:8
  2⤵
  PID:592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1824,i,18130964649890683012,6823150988729069362,131072 /prefetch:8
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1824,i,18130964649890683012,6823150988729069362,131072 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=1824,i,18130964649890683012,6823150988729069362,131072 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4320 --field-trial-handle=1824,i,18130964649890683012,6823150988729069362,131072 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4452 --field-trial-handle=1824,i,18130964649890683012,6823150988729069362,131072 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4596 --field-trial-handle=1824,i,18130964649890683012,6823150988729069362,131072 /prefetch:8
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1824,i,18130964649890683012,6823150988729069362,131072 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4904 --field-trial-handle=1824,i,18130964649890683012,6823150988729069362,131072 /prefetch:8
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1824,i,18130964649890683012,6823150988729069362,131072 /prefetch:8
  2⤵
  PID:6992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4128 --field-trial-handle=1824,i,18130964649890683012,6823150988729069362,131072 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3368 --field-trial-handle=1824,i,18130964649890683012,6823150988729069362,131072 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 --field-trial-handle=1824,i,18130964649890683012,6823150988729069362,131072 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3340 --field-trial-handle=1824,i,18130964649890683012,6823150988729069362,131072 /prefetch:8
  2⤵
  PID:6540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6112 --field-trial-handle=1824,i,18130964649890683012,6823150988729069362,131072 /prefetch:2
  2⤵
  PID:2740

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5504

C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe
"C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"
1⤵
PID:4084
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" /select, "C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12"
  2⤵
  PID:8032

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2660
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtAddPFX C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12
  2⤵
  PID:5460
- C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Client-built.exe
  "C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Client-built.exe"
  2⤵
  PID:3772
- - C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
    "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
    3⤵
    PID:4256
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ddhpBOX3vbbY.bat" "
      4⤵
      PID:6764
    - - C:\Windows\system32\chcp.com
        
        chcp 65001
        5⤵
        
        PID:6872
    - - C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        5⤵
        Runs ping.exe
        
        PID:8024
    - - C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
        5⤵
        
        PID:6836
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\B5LJtnaTNvcj.bat" "
        6⤵
        
        PID:6004
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        7⤵
        
        PID:6404
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        7⤵
        Runs ping.exe
        
        PID:3080
        
        C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
        7⤵
        
        PID:4736
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Ijv3K8p8LNFE.bat" "
        8⤵
        
        PID:6976
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        9⤵
        
        PID:3036
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        9⤵
        Runs ping.exe
        
        PID:8088
        
        C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
        9⤵
        
        PID:3032
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iuXhOmLvwB5e.bat" "
        10⤵
        
        PID:4036
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        11⤵
        
        PID:5504
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        11⤵
        Runs ping.exe
        
        PID:7840
        
        C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
        11⤵
        
        PID:1248
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\5PKqNEL0bLQh.bat" "
        12⤵
        
        PID:4060
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        13⤵
        
        PID:3916
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        13⤵
        Runs ping.exe
        
        PID:912
- C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Client-built.exe
  "C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Client-built.exe"
  2⤵
  PID:7416
- - C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
    "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
    3⤵
    PID:7940
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\j0Q3p3hS41Ow.bat" "
      4⤵
      PID:5780
    - - C:\Windows\system32\chcp.com
        
        chcp 65001
        5⤵
        
        PID:4580
    - - C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        5⤵
        Runs ping.exe
        
        PID:4536
    - - C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
        5⤵
        
        PID:2888
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\0HA2ry5r3Swn.bat" "
        6⤵
        
        PID:6944
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        7⤵
        
        PID:6236
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        7⤵
        Runs ping.exe
        
        PID:1896
        
        C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
        7⤵
        
        PID:5348
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xK03Hb7p3QnC.bat" "
        8⤵
        
        PID:2080
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        9⤵
        
        PID:6664
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        9⤵
        Runs ping.exe
        
        PID:5852

C:\Windows\system32\launchtm.exe
launchtm.exe /2
1⤵
PID:2396
- C:\Windows\System32\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe" /2
  2⤵
  PID:6540

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:1908

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:1964

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:432

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:7240

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:7360

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:3980

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:6808

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:6616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\10c555cd-a680-4de8-b610-2fb08ad91aab.tmp

Filesize
95KB

MD5
07fbe53e9173004b497b5721702cc864

SHA1
79cfe612f0e920b8cf51280f23a413a26f257826

SHA256
5fecf0b7989081a27b142ccbf3be9ce9a8bd48aa5a64d29514b4e62e94698aef

SHA512
38c4dca120ffe278f41c9a5bb2374c0d6da1bc2129f4e8ac9e372def2971db3777dc288ba9d0b0eccb1ed71bb21bd4b5b756515b875b9da1ddc9c1205554cc8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
60bbc192dd26ee52247b0156ee1df427

SHA1
ac903b225dfb28bb8e1648653fb5712bc205916b

SHA256
1644b5e335173640acc6e79f9212c9b84c0498308db5168a0e9a6011f02c609b

SHA512
767dd86ede9b08cbd3a048cc93f8e0a64ee0e8924ee6272a89a3da608228e722e7872d44a066c3e2a13b8a27df9b40e46a7b28498e7936fecd8c97d13c5c36b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
80KB

MD5
64f0af7475e4340b4c4798e2f9e73699

SHA1
f2a551563c712ef05bb4d767bd06021fdef49d7f

SHA256
3c47e3255b27161bdb759bce72e103655632286b8b844c2aa6cf02dd3f5aabdf

SHA512
24df766437972ab83a79772149df32aa786ce472c9322536586be62a2e563af31b4397a31ffdd6033c28ca646091bdec94a5c87618ae9049f73373b18614c148

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
520KB

MD5
b94e63e9ab63cd6b5ddbb762fe71d54e

SHA1
7ef4362ef2801c68f5df0c219cd1ca314a568640

SHA256
a206c15e4d83f34dc24f4cc1354dadc5a4f7e54b04dde7e9dc599f6806c3e34f

SHA512
a5c2fcec0a629f3a5e77f172a0697477d6a71aeae9e1d287cd378e3318847d1a12c29dea40ce2b45e9603d611fc1274c9a00a66affce85d9e888ae65947fc6f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
59KB

MD5
1d5f57b36984d3bc13513937212f7c85

SHA1
6962d480bc6216080b90505c9f25c8a3ed4c8df0

SHA256
7c5544c2101aa4a9ab3bd0ed98d6d1126457f802c8073333d2e7fb7be273dc30

SHA512
dcb01342a2eb9ff3ed03a23b7e0914ccb626e1136c2a24dc4e8144cd785c90acdbffc877408a922519055f0a375b4a31172e3120744de656d55dcd83b84a4f4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
41KB

MD5
cfd2fdfedddc08d2932df2d665e36745

SHA1
b3ddd2ea3ff672a4f0babe49ed656b33800e79d0

SHA256
576cff014b4dea0ff3a0c7a4044503b758bceb6a30c2678a1177446f456a4536

SHA512
394c2f25b002b77fd5c12a4872fd669a0ef10c663b2803eb66e2cdaee48ca386e1f76fe552200535c30b05b7f21091a472a50271cd9620131dfb2317276dbe6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
46KB

MD5
d1f974b6bbded38786441fe26a225841

SHA1
7909e3d736d331862b7581f170fd0d78c4a6c565

SHA256
aae684df9cf344532c47d0111af0b241fad06753f382829d32e57cf71eade644

SHA512
8f30e839addf0b4beb19c82439277a37fe7de23b40a70e4364e7d558a942ed9543354317dbe6daf20be6cd61364f320f0e425ae3d2cf07616728ce936d1b8c59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
30KB

MD5
c469acfff07daf13e4e032be754c964d

SHA1
c2c73baba984729d6dab68a15a27019fece3cba0

SHA256
ea0674c788f71594d4f043f65f41eb8575bf1eb245d0ea7207993587d9312bd5

SHA512
e866c27854202faef98feca94455df7deb34c6db6ab3b9d870743802b1630451f8569b1930bb1096279ee5e35a29796f80bc1e14191b1f714d16aa2766092a70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
74KB

MD5
78e51217a183ae01d030e9a3c0739da4

SHA1
814bd07a7ee10bc901ccc4e80a07596a765fb184

SHA256
b06d1df8e0706e3f65cab9401b463f9d500348252b0c67e85b4297cebffdac72

SHA512
c672c7d95f0b2e953ba0a622500678ac5f27245a03b54fa787ea13c4bfa7e4e36c4dadb565972091bfe798a6b454163df8be5bde478e663ac64b2acccbd7f7b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
48KB

MD5
61a0fc4512cabc54c4534dd27298faab

SHA1
c9524128c4b13816304282ed4473bd2703795d38

SHA256
5d4f5adddd8afb3651bb71095b01958f70c442c55f91f074f8629e6c73739aa1

SHA512
570b842b812271e08ecbd2069223c3844b4a5e480f784017a5eba40b405527cbc3f3337ffe57d94eb82c906629e2eb7461271ae362345e23abddab66c19fcd6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
145KB

MD5
6317a104498743cef33d4d993713e79d

SHA1
0b242e3ea9bf64103763ebfe036a54df4e4ebb8a

SHA256
d839e009931d2defd4762c4cd53b33b140ef21c7f771de77c00e0f07f44fc50b

SHA512
3dc6973f33012ed79d234a02354bd41812e702e68d2fd2a8324120d2e93dcaabd1e54fabe0fe566b946c82d67b83a1825733b3508a2229faf27266336d9675c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
89KB

MD5
6558cb225ae764fd75e198a7352c2e67

SHA1
cc3812200308bf030972a1cf1b43501255dcb209

SHA256
0d84cc2f951b26b9209a869671baa47e1984f220fc509243aca8bdaff1001147

SHA512
39145ec34c50b03c3a9fb4004d34e10df31f86d76c0bc873e8b7496a56e64d4801307926f859019cfc996e0433fb798568107f1780808a26e2a941e8bbd9981f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
92KB

MD5
b3acb528391010d404e412ffa8c4d9ab

SHA1
542720acefa2de4dcb132c33fb447a30c2547d87

SHA256
b6b2235fcbbbfc1f2ba3129e79406fcc433f2df83e513ab02438203db9d98a20

SHA512
618fb5be8b1fd674ca6208c5e1f95a19b5acfda0a1acf0565696217a488ef30d8d8c91dd45a9497452dd7f3cdf01fd4b9afea2be9cb59aa87033740d455f9c00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
42KB

MD5
cc49d1d90dab49d55342e90820a9f675

SHA1
166b161715477b46ad8b9a26ebc38e4fc227bc20

SHA256
16abb9d679be8930eba382f24185f2d454612f9aca200bd00f82d1dd5128c5e2

SHA512
dbecc5893d84495976c8c14678312870a1787c1b485f7ead62ec488e422f8514708556ea4918e6d81a82daca669499f577d37e152f57aa29a16f9726549808df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
431KB

MD5
ccc7545ba14837b67be94413ba5c976e

SHA1
e11c016aadca7b2788d94e6633abead8cf540195

SHA256
fa83734410bbc8b9ef4f934b08286e173de1fd2ddc2fa5692b5a322ad72187af

SHA512
58fd26882d9a1fb420bee386d079a5a8a47804f14a1bc818f1941e4acd17492b75e8c0c018e80b3e0a77b223f832de2912d959a08b17a6bb684698e7b01f8822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
21KB

MD5
c99a6d99b8fe6b4737b211b497848564

SHA1
fd44f4edada95fc7136904147e23ea9fd2f63f74

SHA256
9d142e74424c3c33d63812acd9e20a6c8be5bb0a7302af20141f4951c92cac6e

SHA512
811f5d9008aea96d6634477d93d736cab1f093b4f56789cd12bf6bb8a7f2e6b14ba11b8ac73ab7f85907382df0fe14a639a68f026f7602059d2e5a5514b92de8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
30KB

MD5
6fb26b39d8dcf2f09ef8aebb8a5ffe23

SHA1
578cac24c947a6d24bc05a6aa305756dd70e9ac3

SHA256
774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059

SHA512
c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

Filesize
73KB

MD5
de86ff10767c361d4cc41211b1c62faa

SHA1
04cada4ba08d00718e6b9172a970e6239904d049

SHA256
fc7ef757205753559faea90d371b433bb957ea96860b3781783d64b6841b99a4

SHA512
68abf78c8089c225d2403080316441986115ea9c612579bc13207aa3ab5695bbfca801448e4ef9e9b4350beef6995da3cb5bb6cbeb89acf0de34a2550b554ebb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000057

Filesize
329KB

MD5
4bdb35f3f515f0cf3044e6a9684843b1

SHA1
12c960465daf100b06c58c271420a6be3dc508ae

SHA256
b835bd77e17447a2dacfce2645a5e812733fe5a777a5e45d9daa56d28675cbef

SHA512
9fa600b87843759b632c2d384596109cf1fb149a5ab38524cf43cab5833cb25c355479aee90d60462764200108cde5ec71f0988504c97ad09e25975cac65bfe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000058

Filesize
105KB

MD5
b9295fe93f7bb58d97cc858e302878a9

SHA1
34c6b1246cad4841aa1522cbd41146f9a547e8c5

SHA256
c0233c9b273aae7df532a992e710aaec409455b4b413b89a25854e9fb215c36c

SHA512
4c44ddbd35807653a60e2718dbd2ea85f09d7107b270045bcc2484e2a0ba977fbbb5739236ce7edb71d584c8f68df31fa3bdd03229eeace60c19662469adafc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000059

Filesize
171KB

MD5
f153ee9fceda886534e3cfc2b28fcb43

SHA1
7c0432df99446ecaf6981ffb18d92dc324bc161a

SHA256
234d080195e21c91479fcf984edee8eb1fc71a3b1ea11d67799f12de5bdf7ebe

SHA512
f38c89cbc62c37ef7e529f6253bd96a43949155f2a9f87017e93d4e57618639b4e50252839daf1cf0444eb849d2df216a6c9355589980ff6a90160bf82ce0106

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000089

Filesize
19KB

MD5
bb30ea3b46964f49ba85f475efd1fb6f

SHA1
1bb4aae7781af8b933e1dd4dee56879a3ef92d38

SHA256
7a5bfdc2463dfde6b169ca4555ce9f5a0fb21c15c3ac807967590df27dd800e6

SHA512
bc52e8de4712d416aebf1d403d6ee8dcb6386a93dfc6727613af487f73de69db90913a9e9781660d8dec121d720ceec9c84b260c76f0f6f565ae80967eee7474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009a

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b4

Filesize
18KB

MD5
28c56f2d63d21a80353ad6e12b04c118

SHA1
af9b4c9837194867acac0c7913602225a390041f

SHA256
90db067c3d51cd406d856ff12b2c97fde6513413ebfe695973202852c3692446

SHA512
11a67531146983e5e5dc1ff0556e9993e3be54cb6c73dadbc66f665010c50fcb550a1142e9aff1f7412bf881b4bba7fe3cf9d03d35b9a502329b239492d3c444

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\08d5348bca9a0de1_0

Filesize
283B

MD5
21f6376974f75015f23c4228b5dc8498

SHA1
973d875b8d42a2f5abc8d7631205f75c47964f10

SHA256
6854413a632783c163793a9efde318f6c260837635a4d01f2f761a817e7cb75b

SHA512
df0db26ae42f0b524c8497be98a291f11d412bf37ac9eb724d413941b9fb821afb382ab44086b55438139ec1eba13a2ab501f548e4bfb12e67117bf56b83513b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\af7960b8bde187d4_0

Filesize
19KB

MD5
4b36b46de2ed62639963c10a18ba563b

SHA1
ba878077e92bfb50768384767e2e390cb36a59dc

SHA256
99496fa4b8d8b50da7c5cd653b9e9be0a90688ceddab2c6ae7118e038cfea0dd

SHA512
53fe444a0a5e880a6d1d3b2e93c3805381838c59f14fbc62d89f89cdb9f8f08a4cb1ff3d4c2959285bde3053a310517d1d891fd009c0dc9f8f95fc226636bae9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
6KB

MD5
e48eb1cecd92f1cde93d802983ff3bc7

SHA1
9f2184426b51e12fc2bd69953f29f5357c7a1cb1

SHA256
5bdc4870ea876ce114ba854e00057329380a529d1a4c6097caa842474153d654

SHA512
6a02e46bfff43b82c772bc50305ea6497fbe7fb62d90ebfe46a049bbdbeff7cff42728b59b1b5ffe501c62e8b30c7f4bf9dcfb6198ea33bb0f9443fb3caf2662

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
699bfa04d92da587ed980c16f94c0374

SHA1
f44d8419bb41fb6a64086b8f29eb024b3a658b16

SHA256
efb9cfd69453ada673325a0df593306ae405666c367607900c6d21cc8e34d723

SHA512
103be256c1dda393ca2a84c9d22f4254635220f10f431525ba96eaa5505c333a25286534644f8eb90b0c6481ba26da348b8af041d98669621121877fff06060d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3db9de364effd4225bb492fa07cc0e6e

SHA1
fff7c1b287ab904a1c1348f779aa6eb351028aaf

SHA256
8c60979666e3ebf3f811f2c68225fb7aded7cf7be151c4a825e9605bdfef8a4d

SHA512
c40e563b3fb8d8a4115e5574cbb8fc9a1218f905e1469d86728697a90c592f93c732e4e244704ad3885592e75d8b88353de992c863cc91bc57d6041ef6b527db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
205a290dfd8d55bfe768e1c502572d00

SHA1
73e7f3dee3f06774b57a24c21da26ff09d1ad508

SHA256
a0bd0288049ee7a0f3f28219c732926a3c085d908f8870de97b8319c819d1ed7

SHA512
3883e39a9849e2566eb8be8a9cdd252a5cdd8e764a3cb2fcc8abe255cd9b3bbef2922f3522de36bf3d126b4262b1502922169261b52ebe820da106a296851405

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
22cfbbcaf6bb0afddaef2a8f1adfc7e2

SHA1
6e505bb17f45f4bfec8d514e2a265076da137c52

SHA256
23c76d153f6729915fe7cad3d0eb0ae3922b44e546f2e387e0661a6da5438bfd

SHA512
f6366928c5ddde9161badc8ca3b35e59bc1c5df89401c93339f88f3432c17fab0ba714754ee350e5e5d0851f57b998ca5e8b8dfcd9fcef0a77ab40728cd5ab63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a36779dc866d361a9e4802d6c0416de8

SHA1
b611e1f161479202278fee92e6a927e80b4d0c71

SHA256
a2cfa3565e54347101c25526a4d0152c05c77c4261671003343c4c34f38bd586

SHA512
7037721382efc9a4e1b4c510a4e53124a16182dcc1e2258a2a1c42e67a14523a1dbdacb9ef3e1a0f717745c0039ac8dfa3fba8a0ab395343dd33e585b9d4e986

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7fa4a65749ef8cdb7310b25d10cfd5d1

SHA1
1422dad70cef479f0d3c8cc70496bbfcbd77d2c3

SHA256
9d68e4d14fb3a00add8332e488b653ccf029a4ee85c8b1f8e47362a935477e72

SHA512
f4a8ca54133043fa2b40228450c69d15c178ec88d526a079104e1ec12a88ab759dc7ca97f827116a162f69320453a2477e8ce69dad0e50189c5ad475471fcce2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e3b94fc5bd9f7ddf3cf3a7015a7bf88c

SHA1
42385f5b3cb7e7b555c2f475ef542f07f24dd3b5

SHA256
225f94ceb73639ddc942787f07a1316cdaa09281a4915876fc47067f0fe1fce6

SHA512
2e21f6cc325bfc22c40cfa75887eaffbd513bfcc7a1e72ff1b86f837abd111b747417c1a5d8e352e427cdb1ff64494287073b80ddc25b45ff05a4ce6168e4765

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
900badac081448340309276d3811fc21

SHA1
58a7eff9af79bfe88476d44838d741585614c63f

SHA256
a37481758038f640cf9ff4c51f37a09d265e99f4cfcada7caf346299c16fd73f

SHA512
bf46a60b8b2ab2d6e4ab9008ed96ad4ac744ea7f0d45dc8e897d22b10f07a41bd24b0ca7f9e01a4042c310ec2c957c26b191410826d6bda19796d0c3c475cde8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
60bc0bd44f7a40e88e89e8adab376b95

SHA1
178e343a3a81295624c84c8be35da03ea205be8f

SHA256
c304e685a25da1d2bdd58ffd38ecba0ff114fc7f92f1ce382009f646d4e9e7fc

SHA512
8afa042714c64097933aa1f2c82540c65728b8d9d54651d496dd2e57f98e2ee371365ef49a4c39cd9eb4f3cc2cad0a798b2f1192956e0d3c1454ed4d30b81068

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
f783d7199d5eb87c793ffb52bf6bc9d0

SHA1
698e66e00fec777a8ef86487aa8fae98efa39b8c

SHA256
e46f5d2a04c045f4307963f644da778887f5755abdb59e18f303ca53f4fd7b78

SHA512
67e1b184a9c6d74360d37935a5148562655b5a5f0f209d6a5a8d7f27b2d8975f1b316d66b24f62870c37c015fd942642597aa7502118af4d48a7f487bd5f1aad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c8928abc2282f1b8e5a2f02f6e0b8d3f

SHA1
f7ae038d96429d39edba0410b02725e61ee68d03

SHA256
b5286fde8217d5c8e3980ff667b7cd3cb479142beeb80bbc422ab9fb58613e00

SHA512
833bbc57c16fe83ced455e978349832a11adfd827a7d8b0d876d1a319b50e3f7bc9b88a37dd9e81c859488e694fe1e7457b0c3444d7e538a35f330698bc0a68d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6880a51f5b5ae04762263561fc87623a

SHA1
cc2604e2bdf6e5b782ed40d70d3ea6bdb91c79de

SHA256
24fc7bc23a7686baa799abf9d047369857408f3e2e7288b7d69ca2726284184d

SHA512
d6b80d3cf98d3cbfb6b713f5c434638d734efb861020c3e65cb14161b8f7800474c12abdf66e4bec6e46d6f311fccf7361004fd7c6e8a5bdf0b6858cfc0f6555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
036e2422967d812349f2d1cc7d1925d4

SHA1
30b671284f11a0b75b4c4586835a934f444d3fd5

SHA256
602b176f0400637d9674bdeba4483a47f56fa1fca9584efd384935e8b79e8ecc

SHA512
443d49e3a72974d43ddb5d399b64a27619c9ec737d754585f270018f674195169ace28c10d5be6fefc472991a85c4e6ea6afbe3c0f069236b6f24fc18be52500

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_cjbtg.dwhitdoedsrag.org_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
22KB

MD5
cfec1988106c15a62371a31250e67c30

SHA1
f4abc0b8bab42803326ee933307ffcb9d14cb545

SHA256
48c4cc3d55ec3a29e8a36dd0ca27777956e4005ebf48ee3324a26ec20f39781f

SHA512
7053df51df6ea8037134c151b7675b5adea47a91d2c6fb0b82ffb64cf68c1a4a2125d9b3b7e82550b91c34e1bbdaaee100764140060b1dfc776db148afcfb180

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
23KB

MD5
abbdcfe6eb9ea1364398451bbd9caff5

SHA1
cda02309410e2b58a97a7d97e383e0bfec0fe778

SHA256
bbacd3e9c096beff5f38edcfc9577ee6b3a34631327354a4ef8740a0f32d287e

SHA512
3763da9c46136dafdcb286c170428c078ea1b2a71f541383b308728749008b1feebe2bdba2baea3cddb0d7c1fe2bd240fc280b01945efde3883ffc1aea1a3b0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
20KB

MD5
98e8af89d65274a70b68885b2cafdb3f

SHA1
549a02778066c6a29fead9cdd605f1f2f891a5d0

SHA256
953e52cc6dcb054ffe1780c5c14dad046b04fc1c1b0ffcc8576040a92cf10f41

SHA512
39897b288c9ae41f8203d5249a1cb7b5fcfc46e808aef2e4dae5b7fe56b78f613b95f28562dfd3363349092a813b89d185d60660dbdcc692e9a41d945af89b29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
16KB

MD5
0246f6ad99f01b9f185e5f7baca2eb8a

SHA1
7600a957516caad2307e24091c07ef4432bdded1

SHA256
adf25d79b9c9835a51c8a4d58ceb3b678c6af56fd32c94bb4c6ddeacc8175932

SHA512
627d156e14b51bbeee5d0b947c58cf463cbebf9e319581ddaea3b7598cf967fbb749751e5cd8847ec57d5b52ffa553c7339b69ad0ef39346bf076ebf48d844ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
8af4bce7ca45aaecbc8f4053f26e4cd0

SHA1
3874db0ccab41d48d3edef7d7b421018d04e113f

SHA256
66bf02f13a4dcf31f4f10143bfa453db0a44736b987bb7e98883c194b3f9ef20

SHA512
1d8ca7875446dc8de71fb54884bd067b34bb05f846ec22cb14abc5875e6e1e9c44554a4861538ac5b7ee6f10bb17f2d3d2cdfd02c49d07e264942f265097ac99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
17KB

MD5
1761af5b118af2dbdabc9295b7512489

SHA1
7fe41a0fca9fe4cbabbe6c09d533d2ea7fb1fe52

SHA256
56a3a8fb2a71c179f0cc59655490b42ee37cd17edf668062cea8242b5104f92e

SHA512
7a5aedcad61536ebe69eb6197dca9a1c90ecb9b9a36bc97e5261ff285f5e4f5ba6f0970e50196055e24edd16926e1eefca9c27026869b89d64f9703f25315db3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
17KB

MD5
41aa10b2a3207419aa410308e4baafbb

SHA1
0bb041d9d5565db268e0a58af38c4830a212c7b8

SHA256
e6612e2d8caf8025c2474684e1c4f6ce101de17952b3c939c829f9db09016b55

SHA512
e853ede4c8a006b4a944d7968ce0899f246fd0aa96b8ca2ffd29868e820240cd08ca2556a908045427614d651c5b846bfdd14df458691fa05a8b812c29f6f91a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
fa86d4dcb46828923cb4ba6ca1029565

SHA1
19e7cc294abb9154bab3b721169aa93afac9934c

SHA256
c6d8596933ee5c95173173558889b0179cf480999270147c57af16565ab01fa7

SHA512
5afb55d04eca0c1a04d25c14dc16cc92f9b9d6354312b9cb69ef4e1b5eb6cc6067167daec7b69ec8c9fffad007f9fe872b414ea6197acebeccf18a8e68eb890c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
c2bbadfcde2daab9d0fcb91c58b70897

SHA1
2c6c8df6e5f1ad9ab154ffb7adf6d9f438f77521

SHA256
6b5914f4adca7f2e53ddef5df77795a4f8d84e5d3a40dd7759085977062a3147

SHA512
965e6acf6b580bd554468cee3cf40c3b3285af0006fcf80a9f8b9d1cea329c3ae4f78dc7addc3b177a4a98e8d3bb7a024ffea256b41bd3f986217a1b586f6232

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
70cf12156cc0d3665c5d853c86dcfd82

SHA1
63a1d12e5d218e75152a004dc60205484fb716e9

SHA256
efb56dd3f9c689347061b52010412394c91464c26ea755d7f6f36fa406018b92

SHA512
5c7feea00ce6b8fdc3cf411a18081ccd42a9cff03e076e9bc0018ea1c4ee2a923d6013b292fb8ea6147bb525af5f5ef672c639dd70e4b96d7118a71fefd7745b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
bfb6d8ef33a5e5cc57c81967e8a64250

SHA1
6a542b7a42e268f99a336cfc8feaa95b5059578e

SHA256
d6fce256f971153bd805b15167dbc09d79dc576850c81c3779e9a7fe562bea16

SHA512
6cb88c246659ec4b4a749f4e205f886fc014c0283063e805c36f4b12ceda17e4c0d3544977cbe134311d888160a16b04be9ae008038d4b4665f871c80132639a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
1c0505c4b23fe41d69ecd54c00d35b7d

SHA1
78cbe067e1c23730627ba42cb1704f0bbd52b033

SHA256
8540cdc51d51d5ff9d36d3f306dbe68fb1ca34fb77aac2abbae45aa7ece554e2

SHA512
6260366f5575e398c8a33043fa881ac9de469b80f8d532e5e95e00e0dcb50ff7f934d309fe04dae2eb44f4f08d328cc0412bfa5acac2c99a4d0a0311e5f1fe28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
307d3e32434905c347dd41cf855d81ec

SHA1
2c3cd251a01d6fc1a5cac9565f1d3980a8420e46

SHA256
e7c16b4e823434307cef43dd15c95ab6dbdd37efb98314af86d03f648f678a64

SHA512
eb2a4f1257889f19a4fdf718f7a51e3661831dc87d12bea0ae7fcb8823e4f6c441ef1ec93fab9d6322c42acf5e5f75dd14e7683d5c90be1447d4b0f39ed3ed68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
78f3ec75434896e7c98a399cb0209cef

SHA1
60637fd1a35839b595788d412dd3b51bd9227dff

SHA256
bfcec44772e67b8f8f00263cf76013fd6ff1493940fb9a94fd7559f36f44a924

SHA512
382eadad09c1a541f5fb7d29752f8e04829f496df0c070308df3bbde71b15491a44d2c455c60b56e2976166063793e797afc6e1db0017309a51ee8d959ca2643

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
10KB

MD5
d30dcd489b1ed9e5851c3b595226a8ad

SHA1
8b638dd004ea6ed4ed6e44f8420bf7c37477690f

SHA256
9f87dfa2fc2eeeaebdc06648216790c66435593901b243eef6ef6a3902e0c97d

SHA512
88c05f48bef037a584f2a5a65c8b388734fe0ddf21aaf26a7ee8d05bbbe54c50396e23a9d4075a8d06c5eb467394f3d6f043872d8f38cfee7f8665c870b18cb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
409dee1a9f6bb68640c9e10ab41d19e5

SHA1
7c387d4ed07109ef65882412af65e8d0526e3665

SHA256
a790d90abc709be9d31c28fd11b59c8a85a4d3f76312b5272317ead043ef55b5

SHA512
18e742349aa06e3261df04c206092faf2ea3d42fbcef4f5e84e194b57d4e2b7b0a802170c614a240156b455f6da9c9b1ab33bbaee15ff6e005b00c0258ac1019

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
10KB

MD5
a85619be687ea85e72845bde3e351cf0

SHA1
464e31e5f22e84edbd6b80c1f352eaa8658bf4b4

SHA256
ae2bd62e91bb27bc5f3b038c89db7e40558dbf517a31f0d173052925fcb0c896

SHA512
fc10c2853d9b632dea058284740ecbdd616832203f261b309a6c885e93fd4baa2999e22254a4fdb237ee77f4f23ffd32c48773f5ca6a2430fb4bf508980e998f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
8ebd9a4925b0b92a72c4383fd305f43e

SHA1
94b210229da28c781f7ed80e9ed50305a34c2504

SHA256
2828ba45d69bed2682af08279e262375d4f1664960dfe29c0776517f6cfb604f

SHA512
87a995d3f8b61e7a69ef52157d0e168376b26201c1a668f0543e3a2bad323720932d179f28d8ea7c9b7e3ffe37c332a9c660419503633f4c3f24fecb516c5c14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
2877ea8f3706a5fee206da7bcd6fb9e3

SHA1
bde0775666e4039dcfbbacd99b1b7d0304729842

SHA256
17663202b5a936aa27325d28da61c4d1f96784c368abc9b0754175465cc37835

SHA512
89826c68c38ae4aa1ffeb0659ecb5d75845ad007f12a26b98366a18b4838432e7eabb7642fb600f3396c93fcb13833b432e64c20b74730963cd5ee4688d0d308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
10KB

MD5
c683d1adbcbc0439a6fe225baebd423d

SHA1
44d77b8bec993d78a626526a41ea605466fd2ad5

SHA256
e9dd179311b8d32fd233374427c18fa0c8561382feb3734e6ad89c1d759ebb0d

SHA512
ca3e43118cd788944f76637e4a61089fe87f847e593d5640a6a5c29c71e4aca55ac4692f2136879352e406d5057e741bf6fbba8caa5bdaa0e87ad1b8de9c539e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
4f5db0fc27da16d126904b2d5884637e

SHA1
26a03e420893ee68c9a431808493d11e1b87b291

SHA256
e0fe4ecda08053ac70e9240395ebceedc87dc8459dc5a65028b4c54c8c2a3d6c

SHA512
39600cb445b98422ae64fd1c375adbe591edd915580d1b4405c6584a9f8eaa17c7a165a535935f1ae3cc6a69cd75d2fd7a62f5de8c237b4c8aa6e1fd46861fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
80f343f8a40fcfb6086bc7e5519b86cf

SHA1
228c7ebdbf5f91335c32fdc4a6d21ac631d0a0d9

SHA256
5a8dd05bb5c992312ce2f70624667c6c4a9e398d386e5f2e7351ca9b590d9e22

SHA512
f673c8d7f7a5038fc44349cb9dfbed5a25f56791a2298a0604e0b83befb498b54fb09079c7aab234592e30a733d163790052cf0c5ee7ad278579b8c55cc0583e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
10KB

MD5
9079b2f0ff79f73004f6d63cbee3bd8d

SHA1
dc1c77e50711a3c980a98106a1b6f9b80a0ce698

SHA256
73f9fe2e096ffcb81fb691f2d18bed4d087a1abbdb5ab22615e991db2dac8f4f

SHA512
f1cb428cfd832bdb1845b33ee9da5c52e5cb89496b77bb955ab69dc46ad8a265c409fd98846e4a2ce9999fb740bd861b40ede534cde01ab54d604a594646ba03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
b83264414e311074a887d3ec8395c42e

SHA1
dfe6a83b95c9fc4ce77568eb9780df7334fbac9b

SHA256
74ad29a7df98767ed427b633417dbd830dcce4e03f496f3d92e229f155c1d165

SHA512
a5cd612f0e59c676f583db252d51ce5cc8926359c42eee45d597a1a7cd5dde69d230a88fd016c32b0db304442944ded3e1d5f800b57b95aa143cd0768de33c30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
04dbe2bfe0579ea2adceb0f8e6a144bb

SHA1
1170f5888faf2eff7520c50cfde3a9217e95b7ed

SHA256
ebd3680583a33cd4e1b83a25cb8344e098ccfbf03092cafff1f143f333267519

SHA512
823e9404f16e08afff7e1260c5aaa759043935cffe9fb088e44b2e3e3b787fd3e0d697cae27445fa9045618e8156eeae336cecc2fc01627aff083a0f00a37938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6a263b2ca50cd082f41939ffbc45ecdc

SHA1
5cf063aa63e9b93e6fbe0d056b2c36862c8ad0f6

SHA256
f0f9f0a9b55fbc200bd0b6d5b39475df45c587ed408f978055493b11e251c19c

SHA512
96d432478f3141ec39550ec60168049d36c782e140f06673aa13c556600e57cba7c30c44b6ee55e0ad97350c9982ff726883128dcb6748948a18bfd4af78c286

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
238c85b9e08bfe6ecf54f8f41fc92dd2

SHA1
db6091d03ca0580b37edfd6713a997e747f26080

SHA256
1625d90369aea48e12763ec3952d0a0a8e571f536385a64db6e6b1d9e5d078af

SHA512
583b78c31d0b3513904deccc383532944668b8e300361f81499de01b9a273de5b97179da522addba0942283558d695b4479b2c874fe5062a4c4ce8334e54cd4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
4bae054cf86227810c96e93d0c0ab4e7

SHA1
7b81b6bf869fd7c6a279af987b74f37d90a71611

SHA256
12afabe3c70d966604546c5164d209b3d3f5cb24750aa5df51b7ca4201599a12

SHA512
f94566eeecab954738b6e1ccceeb9538d3fc119e1e89bb43b879a5e8a817be57d95f780fabe51c3a97e898b04505a44865b7a399ca462f19bd7fe35d9a816774

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
e1e496d1d99d5e77a77b32bed19a8195

SHA1
44e4cc4d45e0e239e2b801e900388d276ed6051c

SHA256
b451ef92b34480844e84d11733fb186c71161db71bb0f32d3ee6e91ccb4a7086

SHA512
065608a47f9ea5b49561b8fb0d13fb5b914d64b7156bff097bae0e6f5ae0ec00b2548fb996154a3778aac78eee135d2f7cd35aeae1a4a70832d46efb806c1312

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ffb15ec53a68201b6781c87efb16ad73

SHA1
69301fb14db4584a5a041175d2de4590c5ef59cd

SHA256
a392dea707e802652cde9b22c366ea6344168cb617fe01622731d98c2ab10571

SHA512
66fd6b9e4a88fbbd5549b47e4cd7f2f3cef5237899de9bf91e67e2342f096cb56b784a49960002690ab23e05df597ed124911b9867c8500dbe254567dd9dc554

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1d1993cdc3e5152749c5437d16f3572f

SHA1
1c0b0369533a52bbea9156e2e8486fed0e8b48ed

SHA256
6def3673d6e1c780c8339a237eb3aa4a7e46ce1af8bb74b3d5ee4721d005f78b

SHA512
e283c4fed25ed98afd5fc1f08e9a16691dc7669b416d5702f668b361cf4e8d54e8baeeec3f73cf0e6932f4d964d9960be200ff9c490b730e40fb4f1e16ede37d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ea6f90d6888f2d346610a55ac92c56f9

SHA1
58bf93784a579462cde212963466077d55a0a50b

SHA256
f62b54ef748dba30cba10166e8b0b7c2b8f6e33123ea4af91eae62cd5b1f89f9

SHA512
ced998f780010881970e3f11d1f9cf1832e3f6cc458cd72782bb530336896039893d043b6a593740c912affc9d17a215411338bdc3de2a8dd8319fba2ab9be3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
83c6bf3eb2bbd3ab98a2aef360b3c2c2

SHA1
44de9f4155f7a0ed29da409c426fb257933abca1

SHA256
bc26f2383db181b2ad36bd270c29d0d30a12b971f8a9b87df46184461580e0ad

SHA512
00e567d620575bf6b9ec6fa7dcfff4d56c118f480363c140e87a97cf6189a78b0c520d10649673b0a0b00be76db65ff669d619a559f77c6fd954a22de5e47b18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2cdf6f29bcc338701d4074ada2e54382

SHA1
389958314aaa66eaaeb09c1417288d09a883d39d

SHA256
eb5cbdcd789b622755cb233c00edae03c24f2a9df9546d9e111860bf242a6d6a

SHA512
7bb527b61c99613154057f4d4cee75dd1f20e096a791deb77440b39e1954586f7ba06d8ac5002b925dd74fba5a180e8587781d326db90148830ac00b400fc298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e7ba756c256a2a9a0cfbc45063f4097c

SHA1
719065bb99183bc06ec63618dbf5be29ecdb42d3

SHA256
a0f4eadcab72375c2ce2e9d8cc1158c5e1056a0b9e09cd3b83d391471cf422a1

SHA512
af4a4ef07d8619f525e974deb4bca7f82a7c237140ff4f4703c00a32053ad8fd0025344abd05ecc8e3e9332e231c6816cbcba2c5648d961e517c5bcc47cf8cbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
883e52fc0f8907ab422cadce60338c76

SHA1
c371c37eba82af4cd98bc60d3f676b0d340dac35

SHA256
002dfe72d9d05d039a7d6ea01f2e83602e13dbea9f3b5638a5334f8ce9d2ffdd

SHA512
7605be667544dbdf585cde118970ff7ca6b3f90c4afe3ef28bff4b93c09f50e88c33e3d1ba1db58e3fa8f067ed936280bc2f37ba4a74dcba7f74f77e4dfd8fee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ab1f664e6fea300f7f579c8c30cadbdf

SHA1
04ca36d5fe9f01afc2e75a51af24c4bac690aa5e

SHA256
0338aede0e2a409c602423bd62b1b15ebaf20fd7e1f0968e73dc9b34171b5cdf

SHA512
ebcfa16d7d4852c3befc8fdd544432924d124f66a3a9771c24a5f51fec383e4ba0f0934ce90a3936dcd63790b6b384d7d227c99cbbcbb3d450df8f8167441a19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a4460b173559cafd40c2944d2c95aebe

SHA1
b8e9b16d830e72d858cb7c3923fe9a8a011c6f2f

SHA256
452c32e72d154cdb465fe3c9b9cd9df44754f097a7cd2b85d444ad6a4f9196d6

SHA512
028cf4593d92c3611609e1a0a258424599f44d051ffaba1b021f1adcedada50f50d3d5e48671682304d2d469d47ec98a894314ae35c591d2d5dcdc645c7e07d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d7ee0f8670a7ac22d3a1e0c474dca0a1

SHA1
2bef4e9cacb1c6623d73105e6f982b16207eaf8a

SHA256
fadcaf24bcd7faa9d21d377e01605c61d5777aa853d717f7ef2b0010d77d67ad

SHA512
be3280c38ae37f7a5951e0b16830f38fbe8d48c7b25d2affe8a9d803d27fcd073c5fec4952808983460941a219c42a12f7e2d2eef441e2ef7db2e6d3917c5da6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
5b778580fa379ad9e0c29706a1bff8bb

SHA1
9c1670a104f98ecbba94bd44cacc0c14af3fcf94

SHA256
e9d9976a57996c9122349578d2246c3801ca345fc0bee905dba962f0e29a00ab

SHA512
c93a74f9965985af780ce1aa6267208d76d05083348a700f756f30386b193d076bf64374dfb8c837c2008bbda20897070492298b352aa65f57fff5b1f97a6b47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
392b371a23da341b400e4cc178666bca

SHA1
9a87c11772853ecc816a8c3c1ff6fd680c44b8cc

SHA256
a3b017d1d920c1e3fab2552a249288ac1f4f197e33091f85851c8f713cd0dd94

SHA512
fcfc01252777412fb7af26aa1ce799cd6d37aaaad280185179cd30313285281bd457fbc85b219cef2a3c735e878dc252c4b4a019d6520463b74b209f03b43697

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3726c6197f6d392afe9cdf33e076c11d

SHA1
fe57080f8cadba2c976808430e968df2c3454cfa

SHA256
693f004a296f5b53ebc1ee105358b709fc132fef2ea5a2c2d0735c8f1143ea8c

SHA512
b1c6df00c9e51baefccb896e88f197634c917e3732bb2a10cf41bf90ff2cbe5fec49e6ff67aecbc9fb20ad3ef3cf164b1125bea4ab0c92dd57592034f3deec86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c2b3d15dadb7bb0dcffd7ac6953f312b

SHA1
46a12860867fa434b381b1b5388daaba81b37814

SHA256
f85a7ffeb34af12ecd4e98d68b926c16c1c0d345f62c6ee955a5675cb7ce0223

SHA512
3e74c249ed1425450efc10279190171ec773f98a516bd4e8dfadec60ba83a1e8f722fae7c8736acdf8f7a1326cea4da360b864f595bba7f5a19c4960cffcd510

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ded1fb74e3213c28c2c70c2afdb18746

SHA1
4c1bb8278fac466ae19ea8ded22273ef449625ce

SHA256
bbb9217e9d01bb4b6f2fe9a19e33ee449d885b81f5b91e1cc493fab601d96680

SHA512
12a7f15051835362697a7366cc053eb1ac10f325d0a6ea9b1b214b5f443498efa0a63ad52c2a319388bd0465d20e0a86c2f395eea3baac4c6ad49b54576c44b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
46a0557d38998e0e058f85b6f1908348

SHA1
ba457882af4d40d9fa28455536f90c98cd5d6ff6

SHA256
16f5bb4eeb03234c9bcb94e78af8c4bdf7c534ddb3b8b8ee353ebe83b8bb5d76

SHA512
40cf254ace1d77f79850a0e21b13535bfeaa0bfa0a31f27bee1e403281071c32737b09ae2cd2455f992bdccccd751aa7d3bf4761ad00af6e14d1f4a2551ba874

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
de46d8cc77e086009c1e5c57cc552c3e

SHA1
82ab1a3a3aafc544e5af8d135b49256b93bf0c23

SHA256
300181cfcee75d688eec57341beb4f05c513ac4ddc69b3535717187a4cb0986e

SHA512
fc88f701db2f714b828ad4ba32c58d6413ea0899e6204d056254f3d00e46c09bb24624e4bd619178c5eb3b83b3685e0cffe70c413c57d64acf2d5865d7c39036

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
78085905e70b5937c12cac1eb6259276

SHA1
3aa51b3c94b062e6e15aec7e2c65a5cd9271c600

SHA256
11a6fbcf118f80e415c41ccb0f99dede66522b461aa45390e55c8b81df9b1b54

SHA512
2eb545898d2bf963f285cd77a2319e38518edd48a446e94b088c1bdbee1251139bdc35cbc9cd9805147f0ae224ed489e06c95c9d1972f7ee23c87042eca81421

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5aef538f14352cf8244cdb6a8aa9653a

SHA1
2645d73884351cba3f1dde75a42da2e8241e929e

SHA256
33210178b1f60e72c181e11bf3496bf4a59c39a69e35f2dba519c1413dbfcf27

SHA512
137efd29039ef3cba7b7bcafa84a86614a64b1135a0bbf39630beda9f93980665ed74f4cd2a6713f2ac358dfa8b4c509750044460a90099007684eeca3972048

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
75e9565d50ec0bab5605efe923c81822

SHA1
07f554e15204c1ee68d3354e4ef511d354950a05

SHA256
8e8747a1992eb7accf2adad7ec4d7c2c52faaab6a9d9b13a6b810bb378c4e010

SHA512
fe2b8aeb4b891103e01fff7237695a2236bd9251312f5bc6e30de68a092de5fe2771e14349d4c96307156d833b476bf16ca430050d68e27fbc7a14bb8d04387d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
81b9604a7ca3ac8282985e5784fdbae7

SHA1
7d053bd4d4bd27c8bedb2126e343a2516b4c385d

SHA256
90bdce4bf5cfa561446ee23b9201c9a330fbc801ca6533bc4a145bb22fd69ae0

SHA512
a227ef0671490b6d739302c7604da281a2928ca6053b80f22bfe5c55ee8e28ec27094c6601af3ef5e3178605cd28ecd27e481c88b8add6616a87814ec16391b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0bb3b3a51ee87a516ced38ff959b5e63

SHA1
c522cc20da627d891cddf71161838bc45f49569c

SHA256
1c19ce7b03fa6006845b5ad17f9394e0256d193f01c82ee2c5d08ac5e9838a1c

SHA512
ef8b607a024aaee419f771430d34e89e69d846ea27b965e7644851c2ee46cfde3375c29bbf78c601e8469f1b0646ec86e9c4851dddd35a059b7203684e5da78d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
5ffede537aadb2acfad97bdda8783f2b

SHA1
495266ae76523b1fe5892ebe091f867613016140

SHA256
4fb7a46d224987c7faf9d68870736d36220fb686598ddfa908eadb40f69da7e3

SHA512
1cffd48304c71fd5c63b96e4038c606b3175f919402b635a0497c308758ca9b5c3feb6519a7de4b79e8d6c196dd067757afca44aa79cd79fcb234218487487b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\675853c5a235c1a3274cad0c3d541adac3d4236d\ef5bd488-aad9-4bd7-a93d-986e0c03392b\index-dir\the-real-index

Filesize
72B

MD5
1464f9d5d0d894b29d76c6b63d548d57

SHA1
93d2362cf32214cd07ee768b3e435efd12c7e34d

SHA256
44fb08c4bf477bb6de33fd49d38f89c69e2483a8ea23b98ec1e7ccd62455c90f

SHA512
0a548fc287c6baf0b42430295521cfffc5180cd3a50169e2d484dcbeae41ad9633e188efbc1806ffefa681c9432664aba5de0c08b547f66f0f745c648ee6c966

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\675853c5a235c1a3274cad0c3d541adac3d4236d\ef5bd488-aad9-4bd7-a93d-986e0c03392b\index-dir\the-real-index~RFe64591d.TMP

Filesize
48B

MD5
03fa15b42b3004ca443b9559795108f3

SHA1
74feb6c36a62ef864ac5faa52c875849325651f0

SHA256
812aeda971be602c791e7fe6fd89d5255a0e73e1dd91651add1666d273d32655

SHA512
242413353e089d7354dc45609038b52c86b021c6d7244a12d692905cb13becf89b0ee0c6db589486bcb07529e1278a411f233ea1ad3e41ae0a379876856a7f9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\675853c5a235c1a3274cad0c3d541adac3d4236d\index.txt

Filesize
107B

MD5
f6c34d6c35c9fcd30e1849ce9c241a36

SHA1
7b042db1fcd8d936cb53d8f218226629bc026e39

SHA256
3add5cd1eeb0b2f71ee502d2ed9bc006a9ec39c961fd1a267d02013a325e3e6d

SHA512
09a1414804db7c9ece2319ea109ac6dbecd95d1fd43af7350f5e9898a3b918514f358782223061c127ec4f8e43fb779937351d74e33539a05a64684c7955680c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\675853c5a235c1a3274cad0c3d541adac3d4236d\index.txt~RFe64594c.TMP

Filesize
113B

MD5
514a4ca57067ad1e776b7ae20465c4c1

SHA1
0e89e3c864053b7a587ef135939b7729f9638d46

SHA256
02aaeb970182ddb0cf1583798a1a33425fec55d75adbb3bd645eec9f271b9193

SHA512
4249bce217da60a0c493a7f9e2a8586113d4138c6dd2876b0488e21e0eb14f578371da2e7456e64e6bf667bdfd6400ba1ecaa4e2d21bd799701eb3e5a2b26938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
9166a106a41ea1e69c3de0554836dab2

SHA1
38f210ec6e4892653a3f65bd3a073bce0146b885

SHA256
50c8e6941395d4df3b8d196d0c4c64d0669ca049d2f9d851a41bdf97fc2c51b8

SHA512
8c342cbfda88c3df303888c2139aa1aa0c4fa4162ade59a672f1c87e445506bb424a8e16fab2f06b309cce04dc5e24a06609dc0d05dac99b6429f177b4f43941

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
998daa4eb621dafa25ab19ed4f11f698

SHA1
b86e143cc2630b402e8d1c7880d33d86e660d65f

SHA256
247707e201a27301cbb142d300f252af843fa6c70311e067463dd96ccb2cabc6

SHA512
239f4b25be9f7a9c71fe4ea8f33a044d957db134e0f1c77c9c436bc0d4dd7c3757592b8098ccf459ff1a2bd0fe4dbdad4b4ebc059b4c50525a56b4cf326a86bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe645842.TMP

Filesize
48B

MD5
fbb7c4432de4a1e077914c4d614dbfef

SHA1
4e3b51d4823813bdebd48933dbe36a1daae538b6

SHA256
5a985da00b5688469f5faf303b4eaf3ae3d2da614d64594078ee4f4d0c533fc7

SHA512
d6959e2dec865c8e2d09f21d36f215f3c2c192d3001ff975922a56099885076ebd0973d2cc6c91dd35098629f0a84c5348cb5185babd4a3b3abe83392c5e58ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fe732c80-167c-4df5-8268-da98836418b0.tmp

Filesize
11KB

MD5
ce3d57ffba5004d60e25ce8c01f0f634

SHA1
6f09d8bcab9be2af487abc29f4834792ca090e35

SHA256
91b0f78b4fbbf67c622e8030b80b175e0d5a7d69a30ea267d206f2c546eb5f1c

SHA512
a6bac98baf2422f7541b24df805b085648fae9e539d0e50eb80a2dcc10736c3d1f845e047db8ea7b8c87d6ef0461df1aa5de57631df2f154344d37109e9252ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
61ced11ab9452172552e0bc582bf7c64

SHA1
a8f802f865b0b6c81b0a095c79570c7bca244d86

SHA256
1aa036e7213a718dc4d4977fc0abf67f2fc038fb8077035e3accc22428e1df27

SHA512
afb255c74711da0c2cb1c2cf2ba6026f04e8ecf2908fac27fa3299b771e8caada5ad52ede52b59e8e84b4cd54b66586505ad8b664244c18b814a459db2832af7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
146KB

MD5
a2a331d3c13958dcc3b7a48c60d9fa00

SHA1
9f71ecaab9afbba85408a8e863bfa2a1449d39e9

SHA256
7552a45466b5701886bbfadba16ea716bb6b35d60442c30ab160052456a06783

SHA512
76e106bc714b256c206408a4e65c6466cc2704ea595102b20354be9b3f3d8518dfe7e68375229447fc5652efc1bf1d9bc5bde626ccf8310b9c1c853420882d37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
146KB

MD5
f93aa951f29fb1c079e50a3665aa27f1

SHA1
b17dad30d9c18769838f6baf3cd3d1b45f7ecfc2

SHA256
4d62ff463d794e61daa743d99b058d928b1ac4dca8730cff32b2101703416771

SHA512
6d8f69caac65ca5aeac33c10e4ffb78a4bfc6ab882e803e9cf8e4084971077f2f824b4fa559a82147559e0776ecc4fb8340717bc35d237192d5544f28f1081ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
5930f303dcdf9def301365f237f91fb8

SHA1
7b4d72164fe34694f07ca6405b0cffffc1648ff1

SHA256
045d4d3fd6ecba3b8629b2943c46f16a5b5a92d9bcadfd8f855a13ed2420d9f0

SHA512
5364eacc64c132f6f90f29f9da8b783d3f96ac456c68b56669255128006d95868cff6b1a479da709bf31ccc0e2f8dcf707b3d65052b13ef5197237386ee0551b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
f43bcfb152783b9a23f6c540e1e9fdce

SHA1
ce3fd7373e36e2a1b04a1cb83f43d3ac136b2b3b

SHA256
6c176af578320f8287eff7b6314e9fd2279c9fa34e61b8512f2c0fe5626c40d5

SHA512
2960b80f42171f4ce68fc774a74870842bbdf4228d89cc01b0b4f15d24379b39e65707d750b3e6ad2573125889ff743ee14768f37f078d0d3dc0a4e15e3d2145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
38f01e42c98c10bd52a52b118248bba0

SHA1
4f470290efb7477ee9c278223bd544096472b255

SHA256
6dc624e3bb7c70ddb1d36535f8d147c65e2e9013f6125a5e38d1f1e1881ba042

SHA512
2c0aba9b52f92f0fd56b967531da688fb9afb83fa0cf45786862b762d13c95761142359e24ab655e665e7d24a48cbd3ba2bbc31e20d000e30d49fe91d24894fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
32a6a844dbe267e1cf1710ba2e1181e9

SHA1
30c1a1402a1f9db6c938eaab43130c43cd4d1d25

SHA256
b43a7a8709afecc5fc4d86e3e07dd934dddd54b2725147d1b3f0ab7b43493bd3

SHA512
e73e3ebe188b27fdc16e7c55dda6d0d35fa74479f05358e1402c4885188f0088fb00f8f5443459fe76e5df67050caa5b19460499c458e5db3aaa956ff215b758

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
4e2c5cc12f20b49d6079e5edb6eb2ced

SHA1
acb41299cff857580885851842ba026c0b6154af

SHA256
2612661df06f48a0be4117fb1207696a57109b26f9ee77d627219a00a0679e82

SHA512
3f5887acb4893142459f9bc8919321c249a03eaed010bc3d1f9ecdbf597181d2bceda8b9677a327d155fba2ea45b6b8eb849910d05a71212af3daae7e4827bc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
b72bd7e5d5e807526892432a37b9b888

SHA1
376344368f44acfa85695ef8382bcafb6edde965

SHA256
24ee08405f486b3b6d150c760465bb6a9a81b350e6218d9d415a8dae31b4fca6

SHA512
945c8ec2746e295e15b5d9bdc66d29c40cdc58d8f71d6a72e0ae890736fa8cdff94dff43bccba7d37d0a303105d91c496108fd856945dc945176ef0a209c1a6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
146KB

MD5
81046882b5127e53e880d73b36c9603d

SHA1
442d033d02ae38b8cf037fd8dce58077376f095f

SHA256
1b98780dc9c18ef5a653828beee2b1462f9caec18a17b348ef6570fcf9b7fdc4

SHA512
4e5f7885ca3d4aeca0036973c13048bb862efcef59e5118669d9cb192cc72a08c6db199693d396cf4b6f109756b6e6fa5e8413fa6c60d396aa04e06d8b096fbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
92647cc887b1c651e5e691b0b74d2eba

SHA1
1c79d1c772e2e67fcef2655bfce1788f6aea12e3

SHA256
e1f9e78e9d4369be2b08c7f1e208790998d4d27df810a048dd9af24aefff9ac0

SHA512
7614fcd3f975971f9f33113e8c9dfcfee91e6353a19caf7ad1b2123b5a913063e340f2b0dbfb6137e0a29bcea49aa1780d7dc75a1b285dd73d2a978f3fcd5e40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
146KB

MD5
bdcdf1459743bca499d5f5abdef9f050

SHA1
75ddada365e78533b2623398c5911fecf09ec9d4

SHA256
7b06d223c3a76e40c110a5bbf03d58ea50fd6a903c25e5a3c47b09b1d896bba2

SHA512
824499916b29338b40cb57ccf9a0d21654f4e4dcbc17c30e1da50ec6a86084d96513d45eec416d869f5a48622a0c29f1a704eeb2058f1ccd654d33c432cac8e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
af9dee380e0e9c7b12e5704054767bdb

SHA1
499c4b88bd75fd875997d94a96750ee1d9e5732c

SHA256
31d762bc88e76c6aab5b5e2548fc6e90b3ea246569d4da411b0f9f7690ba8369

SHA512
59e19b2a8a1a5308f23a4fe8028a37f2be771972508d031bc619237f3df4c19e65a4a3d348cdb3f872888b4f89c56d566eeed2d9612ddf1e556e441dc6b354c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
b55c98270b9667d44c7a708196aba773

SHA1
d2c66e95891cd2eadae44495f335d4338f501143

SHA256
c61bcbecbd1be07c3d38b68e1a22d25cfa5f18cead0ed40a674ee580da21e519

SHA512
94d376565be67669a7d292ff19c1e068eab1e9c69b9a37d44cc841facbc63313389dcb7d77ffbd100c644fdcffbfbd9b528294184df424d11c0396c6ed525c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
9b1a86d31d00483e35140ea8ef2e9021

SHA1
68608df6e0fce6ac5b1755f05cabd82252bcaf3c

SHA256
a6a369eab26c9f2e0241dd57298ccdabe3a7d179b163ca741f803b5f9351c5ec

SHA512
265134b0f09effcdf1348adf340088c399ccb6a9d0efd1717577e3b58a07b392a5d1400d6d2bbe779d9784adb56f91296ebe00c866e9187e4ba9f6d8e8ccea97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
26d624dfcce97aac99d9278fc4376f51

SHA1
26ea8e56f0c9cf9fbfd880c7cf90474915f0651d

SHA256
9e45b04a8239ff3d810405fc056d776289d6849bf16c6b594134f69238274205

SHA512
c0c77d24e1caf60eb59ccc36944d61214014ae27df7d40c7b33f5f0cd9303cb6d7909ebb0b14ed234dea15557a18745871c0c8e157c9c8d0bc9245ced9350056

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
e3bb8ce70b845574977107139220c064

SHA1
14f25c327d0fe740f75b32d89297e549018b0cbc

SHA256
ad0b7597c104d1fe3bf105d4a89b7d48e497a236046c85b462c65fc145cd4142

SHA512
a244887c1a3beedf77dc56848bc613f1b49e4a22ee2f8a7f2f9f6becc2b55abe042e5ef75a9c26553c31793e21d7848876d361fdaf813d6de9eb30ed3a43c450

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
8077eec833c2d724a97e38e32cc8d5b0

SHA1
d0be8f28a57fbfb23609bcc1b72b3c3ce71f265b

SHA256
0826b3fe54e36bcbde9636ba131f4de1f09a140ac44fc1edceea908e75ff88e8

SHA512
818d5dbac2085a25dbedc31614d31d2f299d2718f71aa014330aa3d3003e66f6450b913f091174598f4b590dfcb24dede7360dfd0f0a08ac1837957861d0831c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5c5f7d.TMP

Filesize
85KB

MD5
4c17619a83b757303534f3cb2158bcee

SHA1
ba615ee10e4fd316981f687ead6cefccef5124c2

SHA256
248d7d41356270516d32dbff9b0de4b3217ed4d46727864113fc8b0012da8414

SHA512
588bc6a9057605cb86923df74c66b1d5f8cccd3bcac41ae4338037431032a925b0881936b898380f186a066f7e8aa7407efa01201fc394a93b067cc23c7b75b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b8cc0991-9c16-4b1f-afa0-3804365584e6.tmp

Filesize
272KB

MD5
e65cb8bd1ce772674f7ac0aa4c433f01

SHA1
640cbe70b063aa887a32a55caffc327a4da36fa9

SHA256
ecb3045e88963ad53a8e6a721f194b36f21f0ec898c5d51d72ee86cba5acbbae

SHA512
5a0bfeb4a48889efed98262b44fb8c06d4ff41591761d92ef5f7ac96dada2024c11b5abfe6576b014248d97ea85baca3dc98c85e29314336de252dbb0f50d73e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\2118af01-49f4-4f11-8544-a28d6f4e28ce.tmp

Filesize
11KB

MD5
4dcb31c37f193ed2c24cb47a5895a532

SHA1
f67777aef395d9baaeb36e1b8c417c86f53963e0

SHA256
d5c08cd953a02a69a8e4b2ab844f09663eea9e05a34d1345adbe7994508ddbf3

SHA512
c673bc3638877d54d6dbe25953bad86b2932f8e3687afc01a1ffb27bb18df1e171a72e2c9b6037ab201f0a4df5e77de8991fce262b82de100bc2096d3ff1793e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
23da8c216a7633c78c347cc80603cd99

SHA1
a378873c9d3484e0c57c1cb6c6895f34fee0ea61

SHA256
03dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3

SHA512
d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e4bf11ed97b6b312e938ca216cf30e

SHA1
ff6b0b475e552dc08a2c81c9eb9230821d3c8290

SHA256
296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad

SHA512
ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
94ee7ccac0db929b2228cd2a3867b53a

SHA1
7872b1de90d225089df551b61e51095535b10a10

SHA256
b86ea02ea70b3e70d730e911843a2a3cb5df99a0c955eb34300f83fbb36056e0

SHA512
e03b9e66afc54b53f6cb578faea04e0f634d53eee2019d8ca05920cf3eb693f64d794efde35c7e65c6b5a6178823210e5c2c504b459a26a810b24c1c9f29d130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f14bf1b699e51af3ee82668187d8bd94

SHA1
55783e44583dad4db08946e45652c8d2764426e7

SHA256
412c7fe8d8f80ba45729c188afddc1c90e9a68f2c0f3eff6892327e0dfb19e0b

SHA512
dd4d16f3bdb8f498bbb58cd986e60992426dfaf34e709019db4a40c3e2b920d94bf09ebf91fb2ac1cd709d194f132380d5fd294e1e9691d5878fd03ddd0112f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d78d8bea5a10f2f0d21a40e2fd4d1643

SHA1
70a89a4645b8881c941bae09135e707f32711680

SHA256
6de218724cdf39dbcc836344366f18c05b9700be95f5f048259495e0faf548a0

SHA512
20b927e561d37fb06938d038649be814725ec5ed8d17c11e56baee0c3e4b63010d3787a9b838846d2e7a32a64f8e2a494278e3f7ce0c2d6e95114eb5301ba2e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c1eeebaf6161a8803f730f0cd48e5bc

SHA1
4674554fd2dd64b852afc6a7dece9f107eab61ea

SHA256
600275790cf849a58bbb59ffe36c31570d09bb0f391726ec5922d4f8d5e9acfb

SHA512
3740a5b8d2781fd0ed3dae471fc68e3aa5a17e4fde991334ce9743fb6525851a8f88c4356e03dc57074a297f5fc05763d49e560f245152171acd635d8c1f63ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\67578b0e-cf92-4102-9474-8ec80fe6a79f.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
8259910e8fec7d1731f53fbd396b826f

SHA1
05974f06bb71921ed0ec2d23217e38d4167f0a51

SHA256
82d9ad26cee423ce6ecfe4712b7c8274e2070ce59c209b1a7d627250482b771c

SHA512
97d7956f9e223905a5b87419eb7c27d45b6b3fe91b75e657158e9099aec6dcb20856d863e2088715b6e20161ed5505f44663ef3e3cf33206f420b16fc954c7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
6ced56b6c422e3b29cfdbd1a204aa980

SHA1
5a17ff96fbb455a613f3e347324f3a907baf68e9

SHA256
472bc97c092626f224255335fb7caf6105e49b9a74894986864c8816f1fdd386

SHA512
2d76fddeaae7b93f6df59676066763040883ea92069cebc6f7e496d102f582a3f8e9a40f37007bb696cb2be32a390125be95907c8fa2f6c730cb48c0379d1f94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
7428925d3b1dc60290858c14c1978ec4

SHA1
cfdda91a4081e0b81f3c4c01ca138049f39ba573

SHA256
c39a5145fdbfecad111601fbbea11378ce710a691c6c60596093e3876978a67d

SHA512
ae21789acc1c95547470c76ca44f2bd881ded44379c8c6c19cb625dfc3a32d2ed4dfa516385b277f3ef7dad287a1ad20185d2046003b29c7abc199fee14f9a7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
442B

MD5
cb607f6c9ac53e3feb81eac65a43f2d0

SHA1
1888bd7614fbb1ab8e1d1b900704badeb8052900

SHA256
fddee1b006ac8cf84d73cf87eab8b980031660148136d806c13fbdf6c925f92e

SHA512
2f06f2d8543be59bc8fabd73f4ae84752f8b65e4398d82fb2f3810d4b7aabdfbbb4aa652f81b4dde7866997232add2fa410fb795b10f0ab7cc6038226d735e68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
442B

MD5
5cb56cc8301337449af7b27401d50124

SHA1
90f749d72646caaf7a67f518ce0b55bb32a751db

SHA256
aebb7988d5b59cce418e038f84640874f0c2ec9e5e62f4503f761e061ca5bd84

SHA512
a2205df0e2d766d8bd34c8e3849ebccfce6936d91bd9e5061514edc2805679b54bc0725ff93ac1ad16acfaf6a7cb2c70da9a96a090c791d31b6c1d0e2da250f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4a4a0e5a3ed75fe3139ea60b64f33131

SHA1
053d9ff619b035b108e1f8a6b0b84c929af70773

SHA256
05cfc97bf4e196a5f5c24d0af0cd24e0599b5f6445876ffba943920919e8ea0e

SHA512
77b124f6c1776dfe75722c5afe315b6241c16847cb8ffb64cc2db7ab91fcca6c899ec50b52e38f5e67cb25b62595733de12554a271b9f38825fbe03cf982ae3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fff31790acc890ff3610a77d57a34317

SHA1
07c4d10e348ebed5162a93a7bf5103c9255e3e2d

SHA256
9d47a4e6fdf7d4142614be2893c5c1c70c6d58726cb03e68bf4704189eec55f6

SHA512
318f38ec675aa99f226a404826b01f0d038d08bf146d69716c29de75bd7aa7aaefbf27e1ea0e06f73b726cfd143510cf652b4c1baa841e89105d33853f6e556b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d050a457ee507c9ff09344d49dd7366e

SHA1
cd5cb6225421b1c92624437e56ff7809e3cd8ccd

SHA256
be307d3f3693bcfdc9943c75ec5df35a84e767d1ff76df0cef5c1bbe1ec43e7d

SHA512
92e9b216f978a389bd3858ecb601f347188ea9bc7ad6f77483385e92287af2859dd799e5d4818ae60041c123b0cbc4d7ce8ad06f67e6dc935d50fb8e86afbe23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
86b680ec4f07b792afe29c7dd944d1fe

SHA1
f146038810b9ee2faa3533b64d2f7b9d6837ae08

SHA256
fe9e1ff56f418bac35811f4e4496ac360db49b703eea8588c35e71673398f1df

SHA512
3d81f09f823bb1e3fb4ea5f2ad41ff9bd72ea79d7c00df311363427d23766cc1c6c6cfcf274615ac4b1e7414057261d80e5c7726a97443da050734ab6224f480

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0d75fe00103840620fa646560a00c4e5

SHA1
15a039c96a3df99974d792d755fe2ea8369add3c

SHA256
08413551f856f2bc31a9b79efda06af0006f252b855ab681ea7ae6507fe53a44

SHA512
7d6070ec9dbd2939751f5c0539364e251407373f7bff7b85cbe6a90d19d2405f8c1bdd7a3355d2f6db7fd912c1ebb3f1fe5daa76096138fa94535a253eeb29eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a325cd4f1cc50afb99b56ea215016aa6

SHA1
4325b891fbf212753871634c0f6519d8a8ea13bc

SHA256
fb20946aea22274bc3c6c2f1302a4e9553cb58854ff502512cf626d5a12ffa7d

SHA512
d7584b1db86dfd9f5889805c4f95a7f402107c8f626730dc43cf2b8bf0062ba71019b2485b216e8a4b349cc6d3e8b00110f22930ff11f21c27554c2037e0a62d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2f778ec8979b5b3bb83134361e87120c

SHA1
3f05dbbbb65c948b4afbf7c5b43317c4a53282e6

SHA256
e6f0e3395511f5b067ca6c68df2fbdddea2f7c7358253f35b99f1426155fb913

SHA512
746a1962e917b42b06beeeef5e6ccc2ee3a1db7ccd513f13a26cc49f45c803f7519fdcd405b3a3e81548ba405b7610784653f441e6306aa90575751cb63d9ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ddbbdb9a4b0f5936e03d6cf3e57bfbb6

SHA1
7e13f1b34e5035c41d94c676f47022f835243af8

SHA256
8284b7a25b7309903801461c6afd1cf85da49bf5e4010d3d538970f0c638ef13

SHA512
d4fce334b5775fca4b9f9bb12a5190c5d322838801e694c65677cd1bdea560ef8dd8fdaee2a7c266a3c0164119f946e35acece10f4b93bb1520d827728dd3b54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d8fe207395f1bd1ebc8399f28d3bae07

SHA1
73eae2040ed3d93db67be804eeeb11e0634c250b

SHA256
c4ede9fb9615bba987e464073fdbc672e0c9aefcdc67f3670c770c48bce67a29

SHA512
469a86fbf3f996144381e97196223fc19aa5708ee343695a40e4ec5eeedfe1f94646a37f6ddfe13ba1da2d36110465a6b13649ebff6c5e0f16ea45beb3c6dd91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
24206bf1bdfd0a4119b94eee9f7567e1

SHA1
17fbaad3cc08b10b49c901959f7f2324c9b04d2e

SHA256
c6f096d8ff12c3bb9ea0ade10479d7d25104b4205dc7e42dd1e76fe5ba371df0

SHA512
64709b968ea078959e6bbae902de0f4934d1bd9dd91a987974aafeb81aaa971745a6cd2d552dfa3c514fdb9af5b8d0a4a593038f260590fa7739165b57b4c4dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
8f2032dd47ba37a7f3d7e48b5d5c8e8b

SHA1
cbfc3ca2a4c2bdc1e2f7126e0750fa62273fcdeb

SHA256
013365b6b8103b86645d166f3b8d6076594b1c25edd41ad64782770efff773fa

SHA512
734d2bda0ba5df714a13710072830a367b45d0b143925fc789d749cb752e3c82a6082c5c34edd4a536e676dcf3f1ae1f0a0cf74fd967ddc229aca637712fea9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
45e449bca9846f17ad500634dedfa21f

SHA1
4afcf9ef575809f72d01fd3a92e509fec6131c39

SHA256
ddd299ec5eacd9f2b0350cefa7e97d927e11bc7a148644f325932c29a8030a6a

SHA512
472eca169778a48bc2740b2fff145535f1eed47ea0b4ac7728cfeedc17faa0fa6e9ed4ddb4c7ca99dc101f73c70342c93b33233225870356d4e6f04317f7d8e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
7d6e8aa8e0b85a0701957c40cf0d95c0

SHA1
fdaec163d35f31f6d371326b907fbdca62a7a967

SHA256
0528f36fb3dcc18333c6e5ec9b6fed0318c45bc309493c182887fb6e3bc9f80d

SHA512
084e55924b663751b49d05832efc7b767c1786415a9b39d4331903b06a5f91018df94c8b9fc4b3c299d3de7953f7ac18a89a7e5ab3f315c7b768839aa77d8540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f450e6be19010f1447e731d219494a0e

SHA1
b36dcda50ce89cb38830ad777e94bde468dad7ff

SHA256
df111d92b902fcffbf600285cf3e808e0674441ee2fb9ad2a230320f7e2e37d5

SHA512
d44daa817a248e30d6354d5189e8d9f5734b76ae7affd21b4651133eae6eac61952ef540a70f30f9398f98d329a85279dd19ccee1d670c64f12d0ce21e5064ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e4666df12d76d8f81135934f39fb21f0

SHA1
c33d82c0ddf72a65cee14aa72104d2523b477a8e

SHA256
204fac463ebde492101ec7bd80bd04e6470d5cd75ecc7a41f184259a5d6b4a07

SHA512
58edd1161862f96bfc8b94180638f6af76d8a8c8b38f145c14655b8eb8045d3330a1dbeda5d10bec4f2c389a875c675cbf10f18d804155fd28e7ff2bfbfdf970

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e990faae84af4191311d9f3e61ee0197

SHA1
975d4c880a2535f57cab9f71a7c91b5c8c37a962

SHA256
237dcec43a222aa61b1b952ec42a8f75fd22e15adbab52e431c9de9ba56bef9a

SHA512
c1e865d2e9aa5de507067d58941c14ee8c3ad7b011735cad882a5fa22d0d3783253c6723b3786fe0bed639b712a8d454e39ebd741f83b35c014644c5f68c8b7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ca4bce0046daec33e6a8a680ac82aa5f

SHA1
12b7270669d62d6b96e09c456336d198369409b8

SHA256
9eda54b06359d73e45245f20199f0157ce042826f56760bd80740c5798442945

SHA512
a867c5a4c095688bece0072d6dd05532a6ab6a533db3b7c43528d3f5edc6451b87671f7158f2090b95787730883635558ecc7bad4ad1df33fa3de9e13a6bab25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f475942f7ac9931b844901f1c034526d

SHA1
21d95ac8234a329e1b081899dfe12c8c471b2507

SHA256
e1af77c9f01ff896e02acac9c2265580b3a42242f45647ab394f9e6f4857beb0

SHA512
861c6127fad451e76a38fac663bcf18e6ba1d5133a3e05fc9b42866df38d807f8624e155333e20b1faa09a5aa62fa3c122a8250bfa46ad2fb2bbf64962b88e70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
896KB

MD5
606ecf52059d88c83d3c637d299b2e57

SHA1
871dc396621e6cd2cb7a4eab41b8746306e525b9

SHA256
bde26f735e0cb32044285ae6c20a05bd7e59673ec2f3e72a4cb6633de2a19b25

SHA512
44a04784a0ad85104a12165fed5fecef9ecda0dc19d1e1bffc912a0440bf50edaf472b632e2cf3212a0263f3728712e7da826c663b31b45ab627f78e8a6a576f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db

Filesize
1024KB

MD5
b56f9f64dc22c4b12a2a1af83788e328

SHA1
3ba9931792cfb1a7e385a6cd4e4b3227ae4b61f7

SHA256
4b7b9dda1240eba547e97c0f7e02ef34d69a3b30a2498c2b65662612881f8bb0

SHA512
c1a03b1caec167989474f6c1652128eeb40ca5d1f47f34bbd8f924099c564197456002c1ff493ca42993f965b5a651c33fb5b4bc02321bda2530c170ca87d7df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db

Filesize
1024KB

MD5
b370acb1766c20c95b7738493114d910

SHA1
f60f3d0a421308d78015804733612729d0237de2

SHA256
c776f294f34492d3d4bdb20a418c2edb752fad95e482ebfbfa92c3877e87217a

SHA512
bdefca3753442554229e46e4ef05f309b9522380e31ff462f4c81732e2bb06868c623050e8accd80a8ac4c2b7946434bbd01d97848ad986a5cc4b4b7990dce1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
7KB

MD5
8c4de973844aea85e05012a491d91337

SHA1
e31e858a7f3339431eb02d8418e545ebdbc8ad6f

SHA256
26bea020410761eb5ea73a91da4c9e390820e8a5811036a98609f3c78f1543bf

SHA512
d3ea426c46cb268fcad14cd76afa223f6db66f06d94268a950517efc25d41a0a507e7d175115a89cdcb4c6d7431a8babca3771c4973de4c37b04d4441c1c91a2

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
b11a15baac2a74995ae6f353e63723ad

SHA1
a64d549fa00962953eede6bb877caa60862cfbf3

SHA256
69e2381681ce85f320660228583f2ed1604b1dbfa90a69dde1a4853aca900778

SHA512
3406cdb89d03d3dc114637d8469f265d25857538e52f6f76ebd6272d4c79d51fbbb6c711e04605fb9ed1875ef870cd0ef5f18cf8accc5ace2a3ead72a3dfb8b5

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\~earchHoverUnifiedTileModelCache.tmp

Filesize
10KB

MD5
df46eb1fe5d54a0521d9965203a4a9da

SHA1
e977aae1bb82f3d57267ead3b91df3d82d6d50c6

SHA256
6076a9ea8f52f5ad109fbe29f955ee052f626b22ee45366bfa83f70706744b1d

SHA512
5bc5f8d247ba164f1af6f4ae902906568a4e9baf05c9782d999e537730d8cfe443daac6f44aa246f27e9678237a4b57a7e8411e3c4fbe88e943525cdb2ae239e

Download Submit
C:\Users\Admin\AppData\Local\Temp\TMzpx\TMzpx.dll

Filesize
112KB

MD5
2f1a50031dcf5c87d92e8b2491fdcea6

SHA1
71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f

SHA256
47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed

SHA512
1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mfjieexe.1sl.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
8KB

MD5
d05c45ab7824bef25684ad4345406397

SHA1
0603db7abd0b57eebfbc0400f01ca27bd85ae0bd

SHA256
9f797613c6b54a67198b21f5714bb6753dcad9329e861ac6717fbfe42c5eef05

SHA512
cf788a41ab5925e5123d974f1edbbab0280ea01f5fb7ffb8738bf1d421b15a187c8a634c9358fef4a8f7f5095507b2115c005c38cacd4b90c2801074499c76e3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
7KB

MD5
eb93c39189b93b7043fa0cef9cc13979

SHA1
d093f2abcb7a56a838cb9d45c79fe619f40d3ecf

SHA256
d1635eaf60f8ae3510b6b86342f62860de7b9b49ffa1a988264181cd21c916ed

SHA512
79aabf27e88f3c7bf4a31f1cf7928035ec2aaf9ae8601296f04a9c99430b11a8144058f46f34f01e821f9226fd7439d115671f1a7902edf40a29424fc0a8425c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
37KB

MD5
facd03167cacb59d1508117d5e70c8be

SHA1
73e05464c44d62e761bfa288ca9afa4f0831fa82

SHA256
01ea327061b152535bfa25e710fc0168d97cc3ef19babc6bc0559cb549b0d5e3

SHA512
87982839bc734a9fd9483b108d6a42da19d789298eb61e0780bc38189343b1a811121990c90c8a9e3b74f8193352949fa55d9428e0251440aabdb8d1730046ea

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
3ae1b4442517316116836def5357df89

SHA1
5beb4b0b77ec978f86fae075762c4aabc15867c7

SHA256
7277da7d6699ca1648e3b9b248ef50f431999905d8aea4425fd0e5ee8f55a41b

SHA512
4426babb3af2c2016bc6add3cf894162ea019195dc4c41ee4aaefb9628740e3c7da35886b5a4f501d781567fde4c1c7a822be306afc1a9ece03aeeb92e0d5ed4

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
105B

MD5
425eed57ecc989ee895dee26b164e72e

SHA1
11e02012a23e1ba1cfb67803954aaa8782ffe652

SHA256
42e0578030718126845d42a212edebc4bcd2ca28211392aade4d24716a948466

SHA512
4c64fa367ccf97c786f3ab32f92309634a2b400899bad0fb33d5bc3a448d7e2d5e98e28b3ef90829e13c1bb8c3faed3aeea80230654f9109471ee6bc1fb4e256

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
329B

MD5
0763fa24aee72b965a4aa8cb7be406a0

SHA1
9c107ee29d37791d5d32b43e89ae606237f1261f

SHA256
610ff4ed61869af00d3a919f9c062e7167a5e02542daead4590b8adb1c4c7d20

SHA512
c3fdd11518d35085525e5b404d497d335b8f3a99afb7b4805e893e72bea73853175062b04fc5a5fdf8385d0f3264ab5413d885a15dae9d7c20930e0bcc2eaa8b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
205B

MD5
8de8fc89da2be4215e5dfa0c997e77f0

SHA1
3557df07a7d459c6506763eb69130a7e7049d6c1

SHA256
dabab62439eb2686b581086c360eebd27a4d30d65b61983b37c48eac92a9e32f

SHA512
55c5405a668808004841a416ee88ed9f83950d648fc5a2cbd82fa131e28ac7f15ef26878f732db5d940de6988cade4799aca0de25f49e857a0a74270317784a8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
229B

MD5
8e8954bb1897b570935d5256133ff944

SHA1
79ed2436c5e09d02eeb9c4c1af951f80de872507

SHA256
d0d391feda03905e6354e71c73dd46662ceab3acd4b3b0cbb998a1444e25b3df

SHA512
c3f5d7d0dd64a556662764c376833f6721e760940cd1a3b2536505c67d2af12d0cd76a105bd3b6fe4e5131aab8df792133315a08f0c2f1d479fcee474e891186

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
252B

MD5
dbe520da614d3c2e755e6ab8e2d3857f

SHA1
db65fdb601472be9ce91ce1f0884ed73ad7c95b4

SHA256
b63565085a4890cec9ac0390f748d0e9373ddee42ac1fda57dfef118a15e82d6

SHA512
98db92e736089b631ebee9101efd39915f8ccb84865329b446e308672b41342cf12e0edc42e011857d0751a8971222dbc1747634d73f0f361868485846fabc3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3433428765-2473475212-4279855560-1000\5e191731cfbf2604d7ab29166a421123_15439030-dbba-449d-b460-326ebc585651

Filesize
3KB

MD5
f86c2e08ac8f42b2e197b68d2f5ba192

SHA1
12ae84d8e648084cab3c2e95631843e6f35246ef

SHA256
dbf512b80980464aed72e113615294d0289e0baceaf496f64c843df612588a22

SHA512
05ca24855d79834fd7e6847cd00e6e4efa965d713cafc17c8e4507f277c2b0dcd59fa22624d6104e2c516f970484dc4f761275050b3f51ef0f6181d267d54a5d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
722dca777b63c5cda4df5fc84ede7a20

SHA1
0f6a8f5833377223f5aa2410a6239e3dc6d47637

SHA256
89bcfe4c621eabc27349ed5dff9c6712cc05434c6e1a9978f1d98692ad8964f1

SHA512
c66eb1be8bf9391e4bd4b96f2042d69076f144628ed29e8b050f28b1db9b57095af81f43584610e025e45471bd9703e876e133fb1f9be62d9a6d1a14b36ec6f1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
7KB

MD5
3ce7191b170e7fb0c18d594889fb2fdd

SHA1
8001a04c4db2c50b83f54ce65af6f34c4e008341

SHA256
02073a11e3b0d882d061c79f5adce040193d5b07ada6abbbe817c3d283d61db5

SHA512
9eaa81818ddb61045d673406be5a3c4e0a8a0f879b919c24c3c637f6cca397a09b0bf8f76f6871180c70e6390c58006db86ca38e17c88143598132dd45dbae0e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
94c96dc397cfad875b5ed90069224791

SHA1
6ea8ff8a3f4360e1be75fa2dcbf94abb44dfdb97

SHA256
20d79efbd6c9d1ac67742c798fcc8d9f283c8394d3aa253cc8c6feff6c0738c3

SHA512
9ae97760a51e5193e11326573cd12044fc28eb960ff5f44ee388f1cdf7027152d26a0690089e8cae9529b24a0f518ef0ff96765551fed52d8e5220adfa67f3f3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
ba9f518e127351062a4137644e597f70

SHA1
36b22c37238e9d7aa8b40e5ed01a1ea3a563e8b2

SHA256
070b3570bf851b15f173c0627d3ab6d097f5c5162273fd3a5529924ae2e42884

SHA512
0e13fa97dcdba941d3bb55103b7ad2de712956a5731f63d4b22e76aed13a5a3b8b6d159a5cd9444a2c88aa5d709cba5efaa7f1904b011b87bbf3933789fac24b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
4faff93a25f99d93d60fb64cbd08acb1

SHA1
4da785bf9ce5e36ffa0905967837ef85afecdeb5

SHA256
f39a075f9131ff13a50b188d409fdc55643cdb491682e99d0868f92f7b14a98c

SHA512
9ece1d01cf3ec0b0e37ab6a9aeeb5d292aa5149fd04b5dce13e26301527a3fd4b365094292bc28c44f0c7e10229bec40c3cc79a0a88bc50c38c52e2784229d1b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
bd47791be84518f293384a4af0fa570a

SHA1
4c8aa6bf8c782370ac466e9895413e1ce37b6822

SHA256
4962cddcb7958a698a8be2349828b3a9572916f2588f5a77ffe8d52baa142e53

SHA512
6984447bc6b1c9491814b275f4c67cfce3e3552c16576cd9a79f0b55a746cae18e0dd9e71a188ffb2cfdfee5ccf4eed6a4b2f91cb440333e33bd8f9f82844e21

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
c0e81d768f063754f4e5a9f1752fa869

SHA1
1e158da1883d3f4d86afbca1824f3a7eb6fea675

SHA256
d94f642da647f05febe9f38af38cc927b440cc90b6800ae2b7293ee72f4a6c1e

SHA512
3a9c59cebf614e1fd5f69a05f6c4fcaed9c56ffc663ef473d1e8df3f7f1e97735518b6d3814dd6c6579183402d1a0f6e48868c6ecc7708a3e99bb4fc9d5bc51a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
8f5e3475e41aea5bf7eef4eba4536548

SHA1
4a900fb66ae58cf6bd01920e58a20339bb581f86

SHA256
2dd5eebff3b8c241eb2d4b5d1587542766f9db99bc81d1f39feffffac47c11cc

SHA512
a873d72995834f7d7051a90b5ed06d5fde1832679b754af9061ef4e497e83a0d850fe3032c33b95d4d215bc25c0e31dedb4641dcf8b617460e976bde8be7fc29

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1.zip.crdownload

Filesize
3.3MB

MD5
13aa4bf4f5ed1ac503c69470b1ede5c1

SHA1
c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00

SHA256
4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62

SHA512
767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Client-built.exe

Filesize
3.1MB

MD5
5a90d4c0975e59f023b0417dd5a05002

SHA1
4a7914dc277bfb27646d8260c4b93f986f32086c

SHA256
55e23971691461aa64f28bc6968ea88eae5d71d379c40d62498e1a796f7b11ed

SHA512
43ceb54f21ae88c8370d3ebb419895c54d90270f6b738fd041ffad5798eb3325fde5bbd996fceaa02ac2bf814925efd86ce23cbc974c18d43ebe6feba63e3007

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Profiles\Default.xml

Filesize
1KB

MD5
101d8919a1682132f50fd194ef522641

SHA1
fc7f8a8ca37a89bf066d479c444911517cb1231e

SHA256
532e753d9e62439e852d3664125b4bf499d292c093fa1d4c0426d7e788a3abb7

SHA512
e7eecd831e16a3f4735bffe925a331df9043f5d90e071fb85ff19bb4e34786d2addda4a978b7a920a9e027790a5db8740cdf42a28d2c4ce2e7c1e8309b56f5b5

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12

Filesize
4KB

MD5
90ed01c1134a9d4540098dbe7cf1ac5f

SHA1
0a23d66937e4a3a63f4f9f68ee66ea950a12812a

SHA256
208d662f5c0354e367009958b1cf14690e6908fc3560c9b526c729cd1faaeeb9

SHA512
2ec97834cc30631047dcd3926e5674bc9c70632cdde9638d68aa124f64f653159fc0223747f810b8c674514b542d645e54097196ccbe3a3ff7f33a0e87d01690

Download Submit
C:\Users\Admin\Downloads\XWorm_V5.2\XWorm.exe

Filesize
12.2MB

MD5
8b7b015c1ea809f5c6ade7269bdc5610

SHA1
c67d5d83ca18731d17f79529cfdb3d3dcad36b96

SHA256
7fc9c7002b65bc1b33f72e019ed1e82008cc7b8e5b8eaf73fc41a3e6a246980e

SHA512
e652913f73326f9d8461ac2a631e1e413719df28c7938b38949c005fda501d9e159554c3e17a0d5826d279bb81efdef394f7fb6ff7289cf296c19e92fd924180

Download Submit
C:\Users\Admin\Downloads\scrcpy.rar

Filesize
18.0MB

MD5
4c959f6eb29875f22f2ceb5388b62581

SHA1
8ea907dac065e551ea9e7a2ad68c158a2f70dbbf

SHA256
6a7150b3a5e3e30e8cc02d4397b0006ea8fdcd286b6aecab34f57fceba40c9e0

SHA512
c17700a5ab9592dccd57ec8b7f242fef583b7a183d3e64690499097d21b29001e806485bb4444fd78190143f05b0371bc5fab95b03df0599398305ac4a46de2b

Download Submit
C:\Windows\windowssdk.exe

Filesize
6.2MB

MD5
e58b6dba9e96f3f015010a7796676153

SHA1
bae94a6035fe295f803c12b7dbc85cac2bf120a0

SHA256
9e8a91ecf50a0e4d9cda2f80380345d8edba197551a2bc5c797cb43007fd8181

SHA512
1b357abde0a7fa9dca1e4cb1d15f250800bedf80faa25b8b211f51527484af392ae9d6b47fa6c512eea42124f523654ba92ac6e40aa15fc71d5c98cbfbbdbe59

Download Submit
memory/836-189-0x0000000000430000-0x0000000001042000-memory.dmp

Filesize
12.1MB

Download
memory/836-4681-0x0000000000430000-0x0000000001042000-memory.dmp

Filesize
12.1MB

Download
memory/836-19-0x0000000000430000-0x0000000001042000-memory.dmp

Filesize
12.1MB

Download
memory/836-58-0x0000000000430000-0x0000000001042000-memory.dmp

Filesize
12.1MB

Download
memory/1456-2408-0x0000020BD72C0000-0x0000020BD74B4000-memory.dmp

Filesize
2.0MB

Download
memory/1456-2371-0x0000020BBA320000-0x0000020BBAF58000-memory.dmp

Filesize
12.2MB

Download
memory/1456-2407-0x0000020BD6360000-0x0000020BD6F4C000-memory.dmp

Filesize
11.9MB

Download
memory/2912-68-0x0000000000430000-0x0000000001042000-memory.dmp

Filesize
12.1MB

Download
memory/2912-87-0x0000000000430000-0x0000000001042000-memory.dmp

Filesize
12.1MB

Download
memory/2912-59-0x0000000000430000-0x0000000001042000-memory.dmp

Filesize
12.1MB

Download
memory/2912-20-0x0000000000430000-0x0000000001042000-memory.dmp

Filesize
12.1MB

Download
memory/3120-57-0x0000000000430000-0x0000000001042000-memory.dmp

Filesize
12.1MB

Download
memory/3120-18-0x0000000000430000-0x0000000001042000-memory.dmp

Filesize
12.1MB

Download
memory/3120-2-0x0000000000434000-0x0000000000D43000-memory.dmp

Filesize
9.1MB

Download
memory/3120-4-0x0000000000430000-0x0000000001042000-memory.dmp

Filesize
12.1MB

Download
memory/3120-0-0x0000000000430000-0x0000000001042000-memory.dmp

Filesize
12.1MB

Download
memory/3120-64-0x0000000000434000-0x0000000000D43000-memory.dmp

Filesize
9.1MB

Download
memory/3120-17-0x0000000000430000-0x0000000001042000-memory.dmp

Filesize
12.1MB

Download
memory/3120-119-0x0000000000430000-0x0000000001042000-memory.dmp

Filesize
12.1MB

Download
memory/3120-120-0x0000000000434000-0x0000000000D43000-memory.dmp

Filesize
9.1MB

Download
memory/3120-16-0x0000000000430000-0x0000000001042000-memory.dmp

Filesize
12.1MB

Download
memory/3432-368-0x0000000000430000-0x0000000001042000-memory.dmp

Filesize
12.1MB

Download
memory/3432-89-0x0000000000430000-0x0000000001042000-memory.dmp

Filesize
12.1MB

Download
memory/3432-83-0x0000000000430000-0x0000000001042000-memory.dmp

Filesize
12.1MB

Download
memory/3432-157-0x0000000000430000-0x0000000001042000-memory.dmp

Filesize
12.1MB

Download
memory/3432-591-0x0000000000430000-0x0000000001042000-memory.dmp

Filesize
12.1MB

Download
memory/3772-4582-0x0000000000FB0000-0x00000000012D4000-memory.dmp

Filesize
3.1MB

Download
memory/4084-4396-0x000001BEE25F0000-0x000001BEE2606000-memory.dmp

Filesize
88KB

Download
memory/4084-4500-0x000001BEFDFE0000-0x000001BEFDFFA000-memory.dmp

Filesize
104KB

Download
memory/4084-4499-0x000001BF00000000-0x000001BF0005E000-memory.dmp

Filesize
376KB

Download
memory/4084-4431-0x000001BEFC6A0000-0x000001BEFC6F0000-memory.dmp

Filesize
320KB

Download
memory/4084-4433-0x000001BEFC6F0000-0x000001BEFC73C000-memory.dmp

Filesize
304KB

Download
memory/4084-4432-0x000001BEFE040000-0x000001BEFE0F2000-memory.dmp

Filesize
712KB

Download
memory/4084-4430-0x000001BEFC630000-0x000001BEFC648000-memory.dmp

Filesize
96KB

Download
memory/4084-4398-0x000001BEFE210000-0x000001BEFE53E000-memory.dmp

Filesize
3.2MB

Download
memory/4084-4395-0x000001BEE08B0000-0x000001BEE09E8000-memory.dmp

Filesize
1.2MB

Download
memory/4600-2409-0x00000000070E0000-0x0000000007176000-memory.dmp

Filesize
600KB

Download
memory/4600-2414-0x0000000007190000-0x0000000007198000-memory.dmp

Filesize
32KB

Download
memory/4600-2392-0x00000000060D0000-0x0000000006104000-memory.dmp

Filesize
208KB

Download
memory/4600-2404-0x00000000074A0000-0x0000000007B1A000-memory.dmp

Filesize
6.5MB

Download
memory/4600-2405-0x0000000006E50000-0x0000000006E6A000-memory.dmp

Filesize
104KB

Download
memory/4600-2393-0x0000000072DE0000-0x0000000072E2C000-memory.dmp

Filesize
304KB

Download
memory/4600-2406-0x0000000006EE0000-0x0000000006EEA000-memory.dmp

Filesize
40KB

Download
memory/4600-2385-0x0000000005B40000-0x0000000005B8C000-memory.dmp

Filesize
304KB

Download
memory/4600-2384-0x0000000005B10000-0x0000000005B2E000-memory.dmp

Filesize
120KB

Download
memory/4600-2373-0x0000000004F00000-0x0000000004F66000-memory.dmp

Filesize
408KB

Download
memory/4600-2383-0x0000000005680000-0x00000000059D7000-memory.dmp

Filesize
3.3MB

Download
memory/4600-2402-0x0000000006CF0000-0x0000000006D0E000-memory.dmp

Filesize
120KB

Download
memory/4600-2410-0x0000000007060000-0x0000000007071000-memory.dmp

Filesize
68KB

Download
memory/4600-2374-0x0000000005610000-0x0000000005676000-memory.dmp

Filesize
408KB

Download
memory/4600-2403-0x0000000006D20000-0x0000000006DC4000-memory.dmp

Filesize
656KB

Download
memory/4600-2369-0x0000000002630000-0x0000000002666000-memory.dmp

Filesize
216KB

Download
memory/4600-2370-0x0000000004FE0000-0x000000000560A000-memory.dmp

Filesize
6.2MB

Download
memory/4600-2411-0x00000000070A0000-0x00000000070AE000-memory.dmp

Filesize
56KB

Download
memory/4600-2372-0x0000000004E60000-0x0000000004E82000-memory.dmp

Filesize
136KB

Download
memory/4600-2412-0x00000000070B0000-0x00000000070C5000-memory.dmp

Filesize
84KB

Download
memory/4600-2413-0x00000000071A0000-0x00000000071BA000-memory.dmp

Filesize
104KB

Download
memory/5836-2367-0x00007FF6E4590000-0x00007FF6E4D17000-memory.dmp

Filesize
7.5MB

Download
memory/5836-2621-0x00007FF6E4590000-0x00007FF6E4D17000-memory.dmp

Filesize
7.5MB

Download
memory/5836-2915-0x00007FF6E4590000-0x00007FF6E4D17000-memory.dmp

Filesize
7.5MB

Download