hxxps://l7nexus[.]cc/

Analysis

max time kernel
593s
max time network
479s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05-07-2024 18:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://l7nexus.cc/

Score

8^/10

persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000\Control Panel\International\Geo\Nation	Discord.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000\Control Panel\International\Geo\Nation	DiscordSetup.exe

Executes dropped EXE 17 IoCs

pid	Process
512	DiscordSetup.exe
6000	Update.exe
2364	Discord.exe
5936	Discord.exe
5388	Update.exe
5532	Discord.exe
5208	Discord.exe
5820	winrar-x64-701.exe
4908	DiscordSetup.exe
2160	Update.exe
6008	DiscordSetup.exe
5172	Update.exe
2004	DiscordSetup.exe
3760	Update.exe
3464	Update.exe
5184	Update.exe
1004	Update.exe

Loads dropped DLL 8 IoCs

pid	Process
2364	Discord.exe
5936	Discord.exe
5532	Discord.exe
5208	Discord.exe
5532	Discord.exe
5532	Discord.exe
5532	Discord.exe
5532	Discord.exe

Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe"	reg.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
55	discord.com
56	discord.com
57	discord.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Discord.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133646790055731174"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 12 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Discord\shell\open	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Discord	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Discord\URL Protocol	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Discord\shell\open\command	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Discord\shell	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9152\\Discord.exe\" --url -- \"%1\""	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings	DiscordSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Discord\ = "URL:Discord Protocol"	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Discord\DefaultIcon	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9152\\Discord.exe\",-1"	reg.exe

Modifies registry key 1 TTPs 5 IoCs

Modify Registry

T1112

pid	Process
5944	reg.exe
5676	reg.exe
4924	reg.exe
2936	reg.exe
4196	reg.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3020	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2316	msedge.exe
2316	msedge.exe
2512	msedge.exe
2512	msedge.exe
244	identity_helper.exe
244	identity_helper.exe
4360	chrome.exe
4360	chrome.exe
5600	msedge.exe
5600	msedge.exe
244	msedge.exe
244	msedge.exe
4520	chrome.exe
4520	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs

pid	Process
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: 33	1708	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1708	AUDIODG.EXE
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5820	winrar-x64-701.exe
5820	winrar-x64-701.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 3800	2512	msedge.exe	83
PID 2512 wrote to memory of 3800	2512	msedge.exe	83
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 3744	2512	msedge.exe	84
PID 2512 wrote to memory of 2316	2512	msedge.exe	85
PID 2512 wrote to memory of 2316	2512	msedge.exe	85
PID 2512 wrote to memory of 880	2512	msedge.exe	86
PID 2512 wrote to memory of 880	2512	msedge.exe	86
PID 2512 wrote to memory of 880	2512	msedge.exe	86
PID 2512 wrote to memory of 880	2512	msedge.exe	86
PID 2512 wrote to memory of 880	2512	msedge.exe	86
PID 2512 wrote to memory of 880	2512	msedge.exe	86
PID 2512 wrote to memory of 880	2512	msedge.exe	86
PID 2512 wrote to memory of 880	2512	msedge.exe	86
PID 2512 wrote to memory of 880	2512	msedge.exe	86
PID 2512 wrote to memory of 880	2512	msedge.exe	86
PID 2512 wrote to memory of 880	2512	msedge.exe	86
PID 2512 wrote to memory of 880	2512	msedge.exe	86
PID 2512 wrote to memory of 880	2512	msedge.exe	86
PID 2512 wrote to memory of 880	2512	msedge.exe	86
PID 2512 wrote to memory of 880	2512	msedge.exe	86
PID 2512 wrote to memory of 880	2512	msedge.exe	86
PID 2512 wrote to memory of 880	2512	msedge.exe	86
PID 2512 wrote to memory of 880	2512	msedge.exe	86
PID 2512 wrote to memory of 880	2512	msedge.exe	86
PID 2512 wrote to memory of 880	2512	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://l7nexus.cc/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad39c46f8,0x7ffad39c4708,0x7ffad39c4718
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,15306182547932187310,18158921779050312530,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,15306182547932187310,18158921779050312530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,15306182547932187310,18158921779050312530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15306182547932187310,18158921779050312530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15306182547932187310,18158921779050312530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15306182547932187310,18158921779050312530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15306182547932187310,18158921779050312530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15306182547932187310,18158921779050312530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15306182547932187310,18158921779050312530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15306182547932187310,18158921779050312530,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,15306182547932187310,18158921779050312530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4116 /prefetch:8
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,15306182547932187310,18158921779050312530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4116 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15306182547932187310,18158921779050312530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15306182547932187310,18158921779050312530,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15306182547932187310,18158921779050312530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:3440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac525ab58,0x7ffac525ab68,0x7ffac525ab78
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:2
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2308 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4352 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4572 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3368 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:8
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3212 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3180 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:8
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1984 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3188 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3956 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:8
  2⤵
  PID:64
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5264 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:8
  2⤵
  PID:5300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4596 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:8
  2⤵
  PID:5368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:8
  2⤵
  PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5632 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:8
  2⤵
  PID:5616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5520 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:8
  2⤵
  PID:5612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:8
  2⤵
  PID:6024
- C:\Users\Admin\Downloads\DiscordSetup.exe
  "C:\Users\Admin\Downloads\DiscordSetup.exe"
  2⤵
  - Executes dropped EXE
  PID:512
- - C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
    3⤵
    - Executes dropped EXE
    PID:6000
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
      "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --squirrel-install 1.0.9152
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      PID:2364
    - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
        
        C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:4 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9152 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=30.1.0 --initial-client-data=0x50c,0x510,0x514,0x500,0x518,0x7ff701099218,0x7ff701099224,0x7ff701099230
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5936
    - - C:\Users\Admin\AppData\Local\Discord\Update.exe
        
        C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico
        5⤵
        Executes dropped EXE
        
        PID:5388
    - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
        
        "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2036,i,725619038254579140,8776905176689809028,262144 --enable-features=kWebSQLAccess --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2028 /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5532
    - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
        
        "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --field-trial-handle=2284,i,725619038254579140,8776905176689809028,262144 --enable-features=kWebSQLAccess --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2280 /prefetch:3
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5208
    - - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f
        5⤵
        Adds Run key to start application
        Modifies registry key
        
        PID:5944
    - - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
        5⤵
        Modifies registry class
        Modifies registry key
        
        PID:5676
    - - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
        5⤵
        Modifies registry class
        Modifies registry key
        
        PID:4924
    - - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe\",-1" /f
        5⤵
        Modifies registry class
        Modifies registry key
        
        PID:2936
    - - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe\" --url -- \"%1\"" /f
        5⤵
        Modifies registry class
        Modifies registry key
        
        PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5948 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5920 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4852 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5796 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5332 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5552 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6132 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4728 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:1
  2⤵
  PID:5560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:8
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4856 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5940 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4372 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1640 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:8
  2⤵
  PID:180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:8
  2⤵
  PID:5536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1640 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4456 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:8
  2⤵
  PID:4540
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5584 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:1
  2⤵
  PID:3680
- C:\Users\Admin\Downloads\DiscordSetup.exe
  "C:\Users\Admin\Downloads\DiscordSetup.exe"
  2⤵
  - Executes dropped EXE
  PID:4908
- - C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
    3⤵
    - Executes dropped EXE
    PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5940 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=1640 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:1
  2⤵
  PID:3360
- C:\Users\Admin\Downloads\DiscordSetup.exe
  "C:\Users\Admin\Downloads\DiscordSetup.exe"
  2⤵
  - Executes dropped EXE
  PID:6008
- - C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
    3⤵
    - Executes dropped EXE
    PID:5172
- C:\Users\Admin\Downloads\DiscordSetup.exe
  "C:\Users\Admin\Downloads\DiscordSetup.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Modifies registry class
  PID:2004
- - C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
    3⤵
    - Executes dropped EXE
    PID:3760
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\SquirrelTemp\SquirrelSetup.log
    3⤵
    - Opens file in notepad (likely ransom note)
    PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=4816 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=1752 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=4056 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=4876 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=5852 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:1
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:8
  2⤵
  PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5468 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:8
  2⤵
  PID:5984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5416 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4440 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:8
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1896 --field-trial-handle=1992,i,15803524751189494141,925424530368258054,131072 /prefetch:8
  2⤵
  PID:5508

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1676

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x300 0x150
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulte75dcd1fh98d7h4b68hbb43h325783d3463a
1⤵
PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffad39c46f8,0x7ffad39c4708,0x7ffad39c4718
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,8195243912268271831,5260353977057400137,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,8195243912268271831,5260353977057400137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,8195243912268271831,5260353977057400137,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:5672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultab0d5236hed19h4734hb7d1h7c49fb605ac1
1⤵
PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffad39c46f8,0x7ffad39c4708,0x7ffad39c4718
  2⤵
  PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2296,11874613698025836712,2644986005974821468,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2308 /prefetch:2
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2296,11874613698025836712,2644986005974821468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2296,11874613698025836712,2644986005974821468,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:1688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5756

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\3caa19cb82cf461e9ef96df7ea692716 /t 5956 /p 5820
1⤵
PID:4756

C:\Users\Admin\AppData\Local\Discord\Update.exe
"C:\Users\Admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe
1⤵
- Executes dropped EXE
PID:3464

C:\Users\Admin\AppData\Local\Discord\Update.exe
"C:\Users\Admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe
1⤵
- Executes dropped EXE
PID:5184

C:\Users\Admin\AppData\Local\Discord\Update.exe
"C:\Users\Admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe
1⤵
- Executes dropped EXE
PID:1004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Discord\Update.exe

Filesize
1.5MB

MD5
377f7daed6450f501fd58ca22a921181

SHA1
dca44be7b99c98d62a3b46430c83220e4e53b89d

SHA256
d8e99b0a2ff17a8525f11cf8f06f84b2561852b1521c8ad2657ca9075a521fea

SHA512
06197d7edb7fdd7cc4f749fb9d50889115ff479c893812a6d7d180140e6aeb038cdba35850fb7cbc119c06ed2b70f7ab2943dbfa89cb5446e06e69b3d21cb6f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\352318b31bd6354a_0

Filesize
19KB

MD5
4c90a7a0fa8c6f3a2b2d82a65d589f2d

SHA1
5eee36f2556ec901aee3e7f45c9ef32496e18361

SHA256
5b8d0d7530a07ae4226a9513185b7484f1659cba8fbaf77d6337a99c032ec246

SHA512
2ab171967da7794d2d650d80d75ba2b05ba4955f853778220ad85035b540540368a280f627c577c75f52f49845199445ae03e374a5331bf97e62863101127054

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d7f75df96dd7d0b7_0

Filesize
280B

MD5
adb9235ff14ef79b5e08dc1592d32307

SHA1
608163ce799aac64c67fb011e68991d2e6e2df84

SHA256
825e4eb6cfba97fe57ee112da6a74c7faea97a1733d700f735600c6c1e60f14e

SHA512
2c19fdf61e39b95ff211d82b79d2a7130011eae8e7925794457f0cd977b6f972a5f8189afe7201e15c7ad4a7ca9566393465a017b2a869711edbcacf5b02cbb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
984B

MD5
152b9c7cfe2fb131e9211591977dbb01

SHA1
1f53c484f630498ea09bbdbc1ad34da353612464

SHA256
3e791eeeedfc21c032a069b4e2958c1a6e3af43535084bbc1c67ad7cb0f76a20

SHA512
de3a9aab8e7975beca5f82a45ee383d380fdb9542ddf7568001c9706d5628be1a7aa47936f5b376e33b1125e8c0db3ce67e3e0de60d88748c8f3291b3d41c4a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
c76fba727667848ac3be6f3d07553910

SHA1
5addef163e6902a986bbabe176d8a943d7b8d4df

SHA256
4070fadc3f2aa210d88e1556acbef35a0a06b3b1cabe23431bda00ec9ff8a7c1

SHA512
a434e7e267ce80184aa406d3605d86d792e8ddf6dba74b02e304726985ecdb00f44b9182b8afb7d64771aa54ecfe70a69130a116a714b338186c61ba82e0cb62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
896ed89b9185910f4b8e87e9255fcf13

SHA1
28bf8b0d7beaf1c3aa412b7e4d90212086fe6fa3

SHA256
731800b9ff2fd45bde610283bf84fc179bf2217eaf79587f223ccb2d4ec9be2d

SHA512
4610719f83ab6128602c3114b723cdc24f8508569fdff4bac6d7889f6da4442c7e813a2ab57052f05d3f84ca7c7b8503a6b2d890139bed0fe2eda5f1dc21e304

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
92b0bc90f33adbd03e63b7ae2e5a1b1f

SHA1
2b7d91f8d616473f01bb36bb83082088a1c921ad

SHA256
bd36505f564bf83f456ee6173ceadb76e21a4d488b2c52a066be568dac009031

SHA512
78995349300a3211a373df5bd074ab3cf2229f35a060fc65b819651a843b0b366bb716266665917d1c7abcf321d79bfea547bc07213fc664dccfdeb4135e306a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
de853b8c84f6e26856b19994740beb4a

SHA1
3b8510e4eba1243fbd69848c316c8c9f4aeed948

SHA256
f0764a4692df136893be25b80381610a207fd14acf930032af52a0fa218ed7e9

SHA512
542b9b59df2e5a28972f1bd0117600a8558715bd12c3586e6a52175d763c07657a83aca5bc4148dbb5d786fdbee8d52545f5fa9b4676661cec239fd40f61df4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
95bfde452c03eb6ca68f6d720459a042

SHA1
192d69815749664b290a4cb1b9f529af5e5f1181

SHA256
76a4cb690365e267614cdac3d1f4c253b993b9803805b63868ac05f2c5770239

SHA512
64cfdf6496954cc6679bcf6b637a0b6b2c4a3588ddf7992f44ce19c3976a295618c2c71038887ab0dd15daefc0f3082ef24412c5dc99de6f492c79eb6fcfaf78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
7706dceda9a3681a622333c4a3e83771

SHA1
7a03234a900b1257d849133353f4e403e8804840

SHA256
7672f3f1400537816da7bbe4d4c9162fb229c8fdff2edbb205b1e5dab0609e67

SHA512
03997f2c54892d0378d24447f2313ca08db42619e81d8ddf060797453cf8e8e9409b7fdbcd7317d7975cd3099d9e597b3832eb1b784875d4be893f7c7c998b5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
02508707319d096284c4e075e8c3df8b

SHA1
2203b8e40b113ef5ee02066dc3a0ebe6bec84826

SHA256
b86f27347ad4e291add1f3fca11cc56ec161f9326506d5660eced04c9d5cf878

SHA512
9c8620fc50498001dcf553c78f6d1692668d5af2677b4eb10243ab7ec7acf310a9afa5afa3f3a02bdc477b6e1431d90478e40e62da8073ef5597fe15fb292ce6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c2d4ff65ce38b06766d233b04e58e215

SHA1
3b0cb56858d60d7303eaaad111e209939ec060de

SHA256
d513e8ab31f056b840f5affbc935eaa32463943c9dd2b40d5e5279a16fcf01f9

SHA512
8760a9476c354d8d7fc6fa01b67aff07142d2265915b457b22203e39c1052e8362221f6677f03ee9de7ee001742481f8d5ed6bff819a96e45bbebeece44312cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9dd10317e9c0f8626ff7fe383176542c

SHA1
bdd8cb9a8e9cc6fdf7b9bc93ecde697e7d72c35b

SHA256
8083d23a30ea46d765accacb111b350b3b14b5da1f526437cfd1fe21614c9c28

SHA512
096a7756ce5a8d99ebf117e8691b809ea033bc7700279fbce548b98ba8ba76cbd9d05f97e7752e76a594aa9399fa95c724849e1694b34f5ba296099b767b454a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
097e79f5a226792d24001dc47cb8bc7a

SHA1
97152d77b4bf6c6268b0117bbab1a60fb23eaef7

SHA256
839e50d1a96af125c4efaf3013bd7881f13353f1d1fef25dc18012040f08dc16

SHA512
a31abdbfac6f8fbb3a861a06118fbdb0dfddcd64a661c6cd2b341bdae158ebc341c61b89ce478028f26a9d1e9085ba4d6de6d2f46f38c8b9efe9631de11c7942

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
8980854ed0296c7f556151bd925d85fe

SHA1
221c81e2916d22a80855d4f1aed23b895b8c5326

SHA256
97d21142076459ba364770fe575ce5da00641b6dc1f1866ec18f8be409215fd0

SHA512
b40e2eb515f89226e6f39544715f99abde99bc07ae5c9c1ab7fac85996f6c31a9962cf38dcdf2f9fb79ad614efd8ccaac0b3089ab5d691117b8a4b53f75a42c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2783506a52a79f01be156cbcdad0778e

SHA1
08cf091a9f68a837f5392801b3b5bdf18277fbf6

SHA256
4c98e77f003a13402daf42bedd36aae1c2db2c3bf321f44c5e38319244c69b22

SHA512
f2a82bc81d84d064db340076d567ad0c17ffe30a01af08ec137b8eb518805567e1968bcc3bd76adb8f9c0716f955671b6f1b950287dd9ba0415c048048a04a35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0f65c286a8b89736e9288bc1ebe3ca75

SHA1
92c44abd559bcd5304b2cfe6bd573fd336693fda

SHA256
0237db1781336279a32f1add80c7a46279f51ac55e47e2910fd7c0af6b94c14c

SHA512
d2ea651bfd47fc8df7c6c0a9aa9f49bb811b3d0e7a1132ae7841f55911906d4537183e72c28472d770e3b975a951bf6deeb8739629fa81f35b013d9b6e8724bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2ae1410ba3efa5fd96ea864d202e0fa4

SHA1
50b3bd15580654b3ad311d4d49aef627bd70916c

SHA256
d7cc1b21bde6bdb001aed7db87eda651be0e69ce92c5b0463a305158dafaef4e

SHA512
8eb42f092b7b60e3ad27b48f9b8f917135130adde3fb9650f34e2bff57cea33976e8b59108dcb3e98d740d945cab6a9b2657c5311e5e9589a70a8dff593722e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fc2e5ce13e222146b8d6cbd5dc921219

SHA1
94b555b65dc8230214f79da41d0e349b3a745a7f

SHA256
3889e1e9266cdbf03532f3cb6b6ed58eeee488e0a3fd182028515150f2737ef4

SHA512
ca9d9139e56b92be74ca52c115b598043260d0e3dc41ffb67dfef34902162fa859cae1982e014f6c10e900e7b7683b314f488687a5aa37d455b60ef9a883c4b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c859a550679b513f3fea24e4d9f803e6

SHA1
3bd267dbfa5687b994df7cafd79b97b6213ca6dc

SHA256
a49441d504c48b0c60864847b39970b999c38569e60cb4c5b79dbd87ac229ffa

SHA512
ca6332c53d4ef6bbf2ae55472011acafa82c3a2a37bfc91891e92c01902822d9cc156c3f41b0a5de8f3c05c44d38b33b3efa0c2692ca31ff1a1070f6fb65aff8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ff32c84762353b1acea4d9ee690cf825

SHA1
98cd83f5c92bda875b90ac85f5f5675e24fea516

SHA256
03d9a81d4ecf5b827003e499a1b5b1c6517e8d5bb6894235ea755fedabbd4d8b

SHA512
348e92306456a6cd9b51712acf7afe826ab5a77fc4ca57c681a8b1d2b3a17c5866c24065b6c2cd592749c858a8e547838274bd4d91fd15cef2e6a2843d6ae5d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b4d659d2126580f8ff382b07dc93052f

SHA1
480aacae371a11ce9428b3fa0aea4538e5c3c414

SHA256
20e5d20dd47a0063f8bd792017b4a6f769333798d8d9f10d6ce865e4096a1546

SHA512
f8ce615598c3d6ee0a1bbcfd4a4449a834119cfeaad58b570a5c7f8a7504a6d705bf0ede2e880d039d42d2cb5e4f03b7a529fa83eb952d8adf9420d5c4dac98e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c3428fc5d29b676b6343cf5f2fa22f63

SHA1
b6f530e73505c1a6274988c79421bc9d3889f895

SHA256
1e47a8e30ccfd6d34cbe3a7f78736d8ea5bc2802bb12f7891c185dbba2591a11

SHA512
a15e84273cb98af3c172cf143be551107f30b54ef3bff1b3405bac73dcc43ddcdef6b923fa0562a9aac1831ebe025da6b6172a1b8d1477dcd26b4905a94c0958

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
11ac2ed1b47dfdc7abb8166bff308b9d

SHA1
cdc127ad43eedf88153b08d73acf31c254e5f4bd

SHA256
b73fdf03c1aaa1a1aad21b00bd0409e41e32cb206571c47b05694d32c8ba3f1e

SHA512
46e2bf79ce08ee87c70b0be1bbbccf94970e861cd9c4bdeed2a103bd4f6a07bab756f0a4d946c61e55d0653759cc93d70d89027e4988e9cd3df72e555d7a08b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a1a7c821fbb06beb1b7f1d06940426c8

SHA1
0a30b6b002f05894a9eb4bcfa6d80359e3725ae4

SHA256
9240d30297ea5a38009c21c5ad3d22ba8b7cde1a30db4bcd09f0f9361d94eadd

SHA512
4073ed4c67afa3dbaf7fd2ead8a29e54c4cb79cd2f04aeb5ab85de2032b30baef0bf70ff73a8a24a77db6e516d5aa34a67605c66189cdfd76d70a226f72c2ec0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
98f40d22ae97c210db4c9f8d25152a6d

SHA1
0f8e0f1ad0bbf83c923dde600177b3dc6d293986

SHA256
577edee0a083409e61c6439cdcdb8145843c3c492f1b20ff8035bba7f3637624

SHA512
10c29adc86f73b073b5f0d26133cca5569e22d3f29c050bae49858311bcb05abcbc0e901274f778f416b32013d532eefa89b28c3d9027f503ccffcafc0274be6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7475c22e7099b341fc0e0946eeeeaae0

SHA1
3760a8434696722e20b17685d92c17d995353749

SHA256
2f687e585c147529f4634681766051574cb398242bf6814f47bac59d6f42c8dc

SHA512
b15db6a57cc140baf7aa10c8cf4bb647c27faf95b74c6bbb8ee7e0d402ffb5148d01fd719c1043f17c3b4d85c65cc981dd9de43197184b62b1b07d7beabd3383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6863fc42af37019f98ccdb816ff1e10d

SHA1
7ed48fc2619f56b9b2879e961ab1131ed7ece6cc

SHA256
0e4dda5bc039f1f34cd16d18c859dda7f5ae0775252b53a1a81359c0f20c68c3

SHA512
0a2686fa76d742209b6b1c705be0b4e1387b3b3cf7adeb122e945505a248b2ee517d58efa264dd18694252272a7a83ac745fb4b636755d114a40f4fe03611c98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
01d215876ce96b47de4f2dbbed616e80

SHA1
9785d221aa734b0c18c5a7513715d7cf84199284

SHA256
965c8b9eec8caf52e00fac1f9254b81559a4851738d2641d0d563f503f15bb48

SHA512
662683b70310b964be6f07bcfe491a818f67cb3dc6b6aa7b9130275166054e65e9cde4d4a2138428cd0ba6250e814c3d64211a9d14d2578a189f0a8a20d08b5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f076a9fdd66a0720988e2a30e4c75030

SHA1
4c4ae80f956fd7880332906598423ac71b300182

SHA256
3ff8f3c8d3d63f3d0aa98daf433262e3d08e876ae6a88a883745682fc2a6fb33

SHA512
d8267b5561220f652b6a1b325772a863efbf386d4c767aa6c8e6dd528db6938fb0712d134791d063099d01b71028ebde0e76fefee9455113469bbb0cdc1737b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
09be3d2beb692fea979918f8865cd2f3

SHA1
3d0c748415d3c92d6f9cafd373850841503879b7

SHA256
e29b8162d5712e447726feeff2eac526705f63f697440e6b94718448b24f661c

SHA512
5c8afabe946451237748dcca738c7fef0adaf8d7e30bc9478d17bad88c66fe68a8683c2b4eaae23d756a8c6a6d6cc7e8339354602d3549b18ce731593d30ce30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b5c894e78b873c98ed28e3d8a11afa34

SHA1
e9fd8c3ba9865ea085af7520b59e3da7b4be2c17

SHA256
a641a24a876db963094d50f303b0bbbbafed27daace9906c1bc127b62df217d2

SHA512
e30b69cff3c4450e9b8a2494d5833ca531299b3d63ab41edfd90da8b2c81cb14ea1ec4e6f53f037a84db7f8addf871b37aede8caf6ed01d975d04da0f0c75289

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
742b9c1ac70d94b2dd7622983f9017aa

SHA1
e1a44cdd71ea7bd687fd94d0bf8a89a2b0ae2095

SHA256
f82f3708a3fdcc4b44e358ddb625c4acfd4dfb1c46430f0290ab6d90a30848f8

SHA512
61a9b421ea6f9d9be38c9849309838a51f5118c9dd2b54eab17a73b44e6a21b766eaa578ebcb9a606224918a51d9be305ec7ef39d0510effbc8f9490f6ea46cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
0b69e1b8a2cec329b8282d20f3fd4bd5

SHA1
9d664200c1eae4ee40d1df9d8eae5f4d61cf43ac

SHA256
1c6cb826229b6aed3ff4a2b4b3b5ae66e64a3a575dace2f63c5eccfa4c4b2075

SHA512
48f2ffc63a48e7dc67d727a2d063194690cce2c6139017c9d8973d362bbcedad9dec0171d116604fbe124abd82fcc7e44437cfe74cbbd68a40a920105d8a9717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
d6cb64925ddcc05a8e3dbb1047845d2b

SHA1
a3859fb9843661e351b8a79a2eeb7d5e995292e6

SHA256
d9a3c300ab32b7037557eee1c35f370d7f4a70ea7a550095d4a973e8de891e55

SHA512
90a2a9002a7e61bf3cdb22fe4274b706e356ca9047207706ce95b0eed306f4d4a90dbd9eb7a6fe917fe57af92e5a2015d87add051fe2af01e81ee6be2d8f3da3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
19617eabb09cff74d9a8bfbb8107936e

SHA1
db203acd43ce2ee303c7c7992cf00b58411589dd

SHA256
e0889598b0d85a0d70f025ec5b8c83a132d40b9a9a37a3bd08cf2b6c87b27909

SHA512
2d3bc8aabf3f803ebebb5dc0e5fefc37a4d5896de934092e2ba86fef1523b4de419b4214763030d2ef2bb2fe297be80f940653e583c6705f98b33771ef029b79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
22ea2a921260e38801e61f07df7054d0

SHA1
d4c33313659ba70edd0e219c85626540e6923920

SHA256
a6f7f5952d26c4f04f76f979644a9d3d6b0c7a98affea8a0417ad7517148f7f2

SHA512
bb29ea4c629a49a0c570c5c0eb5c1a506d55fd9a3bfb0cd9c4fec8d0c737354a4be1cd41d03cca512a0065d5eaeec09e9cd657c6f075a3c600d4210fe019e730

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
b782f00c508135cd34f4ecd2a225f617

SHA1
fd3e5b6540786e5adc0796e9d2f68f0061ad1e5c

SHA256
fd13f0220390dee3bf281de12c263c54ead98a1b3f93f0877148d69fe6b3a6cc

SHA512
2dfa184188e53ef71e0d7e267a3ba6a78593556b395a8578b86def3473b607e43ba382a767aac7213f129b024249e12fb29b5994aec710055c3fb42fb67e886d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
f2ad7ae3655dbd185addadf0c61f50c6

SHA1
b0e8e9a45a351a1318220d05996b310d108289b8

SHA256
4244f048d366804ad2f20a575f4977f39f240d27a03bbf2fff924aa3ab537ca4

SHA512
9c6df33ecb91f383b89390ac5f8c64c58066a3035fbe4b1f53b803ec17dd01e65734c56bca6dadae49ef7661e31da0318117ba629c3988b7a71abb34247dcd7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
6b086079bf491f3b39f78b22107273da

SHA1
4e8f1a3f7895dabcb068606903c0e9dcff94f5b3

SHA256
2072c5cfd54afb97bb1a12395299ee06c2dc0c631f3675d5388c56f0a1b15141

SHA512
435671fbdcd262e525c32ef08da563e7c504b7ec4d0592bd0ded65b063c9a9df12b5ead1ee2800cc9dfbd487e866e2df64205e17f6f3387336b74b2804aafb2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
8a6f13d3800f6afcb526a84f5fbf5eeb

SHA1
ba48c2f9e76dd18b5babdf2e5360053afdbd731b

SHA256
929fa4af940e7d5fbc94ff3ba18b6a9e1c7a2a54e8631075c65d97999807567a

SHA512
78047647fd51fbb71e6e6910577c99eeaaa867c939ca11b4c2b4aa42258ab595d69ad56477d37f4e8de1af4671401eb5213bef95963df06eddcdc23564be141f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
e4224e6817a1962a95530becf9a453ef

SHA1
e58316db2306285c5aabc455681842190a3018b7

SHA256
ec439cc7c39235e5d53e62c024760ff733222e94cbb7d060e9147b1ade40be66

SHA512
ca813f80ed88c29a379d209f3dec708e7d36082c20d08dccbb17429176ef6f01bfddae3fe2a5002d350cceb877df63072b4c7f29ca5138dda5e16fd51d8d0dbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
81c1baf542ed6a45ef73f21d5e4f89d8

SHA1
b6caa1abcb35d260ef1a916506724d0fb2b966ca

SHA256
a9e691f0c768f9c674658f8dfdca36f7fea78f15126917f7c3d35568a2d379ff

SHA512
fe8d443ff45a580330f02600c201adeb9112a02732be9ec6fb11e11ffb1e46956c95323ff6b75bd8d3e7d0ad04b88ec7c8bf74b73c9dfc530e3365156780a682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
89660e04bf6bfe00fb4d15981433df90

SHA1
4e6238305ae42b6b4068f0dce72f4d917dd2805e

SHA256
bc159866b7d0569be6749d279f92c53d2efaa189ff409186e2f727696431fadd

SHA512
d7888ee4e11c775367d826c41a0cd558691ccf4a3818f1d7ad827c0a1f2ce02b36dffbeb1cc63b56d48dabac5de96de72a8250e8ffe669982c5a6860c64463bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
8ab26ea5c1bedec6c71331263bbf7445

SHA1
17f3104057830b20db69d29f423cc7ce98c767fc

SHA256
f4adcc9ac90d0c5e84aa6354b2fae13af15c2805d37176873daa7f191ca81022

SHA512
d11c7278e7d8434a1c6ce5d021005e5dbc8335c56017838f83ec3c2e467d85c8f346093c17e466da2eafa8c21228b7173d0fe8c855fc51e1c2562f3203dccddc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
5d37c1e9151fb6f77f8a247ca0cbf51d

SHA1
3abfca754f77fd4756fe917b3072538909581fbb

SHA256
ba05784fbec70505f493ee3e56360285a293225837a744b04789a27a404945a1

SHA512
18742b2c80f63e52d4976bca58a9b98aad2e262c639b3b6d4edff01af9b9f5b924d350c97a128eb7fadd731f46cd69e2b1cc0f605d4d045730e1f784696d0142

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58a553.TMP

Filesize
91KB

MD5
caef87136dc6987a800cb287d885cad9

SHA1
8b632480b41f7af5454e041ebdce61626ffd8d84

SHA256
21f9f05a2474264576ba6c81b2e0d51a8edabad79b3c0aaa3a8dab2b742c43ef

SHA512
73cffbedd52efe0c63ac6bfff8e353eaa84762a06da8910a52812a4b40de846a90ebf64bbffffa03f3695ce772f7eb71e4437a15f3e6dfce8e6f165072705394

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e81c757cdb64c4fd5c91e6ade1a16308

SHA1
19dc7ff5e8551a2b08874131d962b697bb84ad9b

SHA256
82141d451d07bdb68991f33c59129214dd6d3d10158aeb7a1dc81efbc5fb12b3

SHA512
ba8de0b3b04fec5a96d361459dde0941b1b70f5be231fdec94806efa3ecf1e8faf8e27b1800fa606dc4a82e29d4cf5109b94109e5ad242ddf9f4671e2acbcfbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2e57ec8bd99545e47a55d581964d0549

SHA1
bd7055ea7df7696298a94dedfc91136e3b530db8

SHA256
a50ba35608edc2f3360cc71be0d4b29bba0e3382d1f08f24df5322ce2ad2443c

SHA512
6b9b73d983c472149629c842e16e4f7c2f8a0a3bb6dd64837ef647db810ef1beb3a02b15dc1eec2c5de8aee6b3ca195c7d26c432705061c5b0ec7841a5bbf106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
13b4532be24ba964408554ba1bac3ead

SHA1
9e3cacf7ae5cf927f024151a72917ecaab703dec

SHA256
601726b5e7c11231105bf10c6aab5eb6eb0349012e34277d0ce9bc2876c753d8

SHA512
f33bbfb2600d9a6415560f216a88cc94d378ffcdf664c709b69f784233ac3bd377ff08fffc0452ceab495a51086a216af20a22dc35ffd4622563df73e8e64c85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c769fe108c4891da9199c174187a0dd

SHA1
93a971bdf12141bcfec5df722b764436f00bf84a

SHA256
805a8de69148a1e904c6a72f2b8b60729b1f050f9ec9114d125d6ad835af64fb

SHA512
b9036d0b526334c3b9a369b4f1c32456cb99e9848e93e9f78330d358970e5cb88414fe1a94d1a985309909f216bbee3e2d6383178fb84995aaf3b1d5744c1317

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7965a434-68a6-48b5-8817-43784c906261.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
aab82f8358cf8489594eae103762bb78

SHA1
adcaec29b11bdde56ec486a7d247ec59eff1d789

SHA256
ba209b588a7b0c79f19478fa05b81c34f9ec83839a384a29acf6968d3bfc01d9

SHA512
a42e8ce6c5237e66c1c27a7894e903bc2222baa1fd9b48aedaaa7cb677e8ac3e7d6bd6dc349d0eeccbf60311ccaf7f5150a7bf02dfbb6050780fb278ed4ed134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
a8367c54839e739ace33c63412152907

SHA1
ebfa56c32303976d055e2ce78fba2f6a517aac37

SHA256
60a98bdca33553ff9205c295d196aadaf96a78fcbdcd43292333127f03f024d5

SHA512
b67b3317ab4fbf0fa06370f17d963dabc3c99671eff7cb677c700574abcb0f8674060b964fd4757931d897337690b3eb9d5d471258a213972815f5cb7404ab8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
7baafe2b9c3df90300e4d8db384ab0bf

SHA1
e671d9f780621ba818f48b44fbe4984593a6532b

SHA256
3fb6e538be3130d5bcabf91705312563fb6f830b9374c99cdfe3bd2bd3f9d318

SHA512
e2040c82ff2064efe124fd1424bdd7fb00314d5dff72a809f8e337ce282fcf53f4f0b512be494598da042a45b3fb72704bc3d3821bda0c019f81da1172c4cccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
784B

MD5
ab3551a983c5a274168e67d32f01bb62

SHA1
aeda62d4196697698e6544eee9279d63d56c72d1

SHA256
3bfc12b4346cdecb20c4794d4372c12b1fde7635be8493d950200947575a98b4

SHA512
e231358a1e9b776985fbefefe491e472d541f32e8e3b0fcc0eae51b2cac646cbaf4f959435c77b9b52459ab176b0d35f089cde29b044430140fc6244d7a939e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
6fb2ba0d0c77a7bfb68eac569a7c4ea7

SHA1
1e07ff4b75ffed132c58a6eef90c31cc45ad83c8

SHA256
cc738907d59e0dc471ad6bf415cc3ea0161887dad7e78dd8ca579fa282f37e31

SHA512
9a3a123b3f37c3b60e9ba747dc7543ed461d20823783e12934e360991d72f23c5b28afa9aa9c90edb12635df1d05a93dd79fb4fc57af8045dc243c2f09003a63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
750B

MD5
879cbe22411dd0a1d06425daacede2a5

SHA1
aa62e0d5c3136519f85a2e7e17465b8cdde05315

SHA256
cd75b537f0bb1dff112050da0d1a8646d6dcb2bc4519142ff2fe5de1cda9f077

SHA512
d1ac8334e40afdfd00e8d7efcf4ce9ea268dcdb57916759de0c5b7c1ba52ddd7535579bf975ae26f0fc54f3bb5d28496062f5da6da59c5ec596f3d3a97af1d66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f212a46aabf68063b1ef6df664988622

SHA1
1f7699b4d00783c8e4951644e4d6147ca6156153

SHA256
7eff3eb0f8a5563a25d28817ada30b800b83e2984cb97ef009acd20d71c19fad

SHA512
46d6b402f0e8875e1a0a40c2451a25386f1097bd56f5d97f37c6fd7e8f3d61cb68313494f08ba134a7824bab29f7414c7dfdc14c804557a2cf65f556b680d928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df6ee1932c14d394e931010e151e3573

SHA1
5a3f5ccc60bee56d4f6f02840b7dbc6e0aa057ef

SHA256
ffa37a3e942349da3d4680fdac7e4beef3bc776410b4635813f52ca31021950c

SHA512
490dfee7bd7c6d0dfc2748211b2789aad56ad5b0fca7049485e26289ca64fbb1c3ecf60a305ad54a78c6e44576e9ca6f0fc6d1d80317938da1d340a55162cf54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a679e900e8290b77c4ce23cd239cbd32

SHA1
2d203d6c66eb7e788b73fdce31713910cbf981e3

SHA256
ca7cb3a14ee5ceabf0d96fcc609657c7c5ea2aab8a687c388b6cb38e01f7bb49

SHA512
3708289a75473c4d4e615021de7da6dab3450c3a17cc4238a7ee8a5631742a413b5cf53b6237d94652f43954d9341b857dfbd09ea22a4db048023966968a7c1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
100B

MD5
9e3c60d48737ea75dfdd870fd961b4d8

SHA1
52121c04fd80a068d6cd60792282e5eb7989287f

SHA256
f8240bcb22dc8c1473ca691ad64028567c4aa83bc1d5dd687c4f486c2129d339

SHA512
6940b24fad5a7d633f76e5375f01b6e1705d32ed1201c4656e6a122952bab4f4b6c2161e2938cf105c091f05ecc790785bfe464d487796be4c80a86109d633ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
e4777b925e7d8b72e26b5cfa30a7a338

SHA1
604de8bd42bde107d182149e951f15a05ade794e

SHA256
6432f2abade921a7cc74283e3c13e3cbf23f4b94e651b7c42fb36fe3f1a43386

SHA512
3841b5cb80a016570ecf6cd4c7ee7d1a26af214e28d7e3f8f0ffcdcbc26159177ef5b58c5ce3e3c11472813f7f1a4796d339439e405e7a3c52cc6d48f617b12a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
bf7c3cf1d84a8e340d25d54bbdea42bc

SHA1
d0b5b12631cfaaf9554945aab34ae691eb430348

SHA256
c38d39dbd9aa923e14dfb5902d46ea84f6ffce955631507fc778721ed8dacfc3

SHA512
3a7955e3d19d45c81f906c4181848fe79a2d5b019afc80ba73f6146f7cd7bbb510f3d89276db01a372434f2f1a6419af4ef9d26da8619e38ad5db4d7695ab914

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
13c8f457346606af20028cfaf95f429a

SHA1
e67cddff80f04a30716626339a42e55f4a2d88df

SHA256
69b127faf66c73a139049956c8e9df4ca2de2597e49e930e9fbf4ec583d94a0b

SHA512
d4c6652cb2e43e3fddb8275ee949bc6b10dfc60bea3793e471c23e7d71ea34e22e8f6b13ec5a00fb6d971514428da01ef64eff549fc142907aa1fe3a89a81a16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
2090cfbcd60921de040b389ee9d92a41

SHA1
af284fa0e2acb199ee7e948aee4d3fe2af40d670

SHA256
cd090b66808837efe606a612dae2d9e5bb0f4fd643cb42d555af96d11cb2a035

SHA512
cf3acd8396b95b1e81884dd46d6d1494f0e07df300010ac55dd0ebc5e76c0581a547ccf94ed3641ab03b4539666629f3eebcb8514d3424aefb2bc0c8d4d8491e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
e852d1e592e71bbb96b2ca361394ee54

SHA1
c839bc79826fe79d839db1f4dfcee62e8b8e32c7

SHA256
053a44b9707301dc55fd7e52b0d588ee90b894796ee46ffad8ae9793f203bfd3

SHA512
e2dec5301967c8fdc00d82e4d734a6d529981c82fb1060ea301503dbbbb60761dcf2b8272008d0591a7dd787941f8cba8774959f43a4835865824ba967b2d432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
2002273b0fdc504efcaf0801b0030f9e

SHA1
8f2ea9202943361dfa9e3b94b67916cdee0a71bc

SHA256
a1b6a397e4454f1ab8672d7238947f4b8fcf92d5dfe9c3a913d1e0575ff25f45

SHA512
534a6f63465b24d6e08afa7cf376ccf25ec82f2e7b86bd1ea1138c881b8996ae8e8035f326deb8fd22735850d69fa924f7797067c940a7110c7593a43e561cd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7688dcea6148a13a4fb6beab0ab58a19

SHA1
8dfe27eb579c7bdbf9c229cc1de9614bc1369262

SHA256
88df2120a21f9dddc179d2251110b4f4bb38382fc1fad2f96f268ae73caccf5d

SHA512
50981bb2206b59d2f1dcc98935c4d7a43de810215497827425f5028ce6542e907c6eeb6849e0048331d1448c023b4fa8a9cccee993ecce079b5347d8e508aaad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
477062f36aa48e3b3dab9888f0c1d03c

SHA1
a00f63b39ffd9a23c828fc545011d72a9386da84

SHA256
558bbae791423c05e523d5271def167e743fdd0226c6e3e882d38a8bac4d46e8

SHA512
96b06df8ff0022e7607f1eb00edbf26b7befb0bcabd43532c527f2f1db0d5e0d681548c2b4f2ff949a8f93015df8512667cd8052d72e7922ee6a72f1a5257ecf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d075b5469abe1400a4fffa06e83f26f4

SHA1
ab0e91c43ef12fdcc335410cfe421023aa0169af

SHA256
77260e169be8cd60cfddb4f51760e4cec2913df273783546ad28881d9ae74109

SHA512
8233a0f2f6c71b36de2928f89ed7beb69373280175403ca817e3adb48b74a49409af734b4f3aff29566fcbd2883cd2204cb67560b322b7a2130792767bbedf61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
c654f353879670bc5a6d4097e26e19ad

SHA1
6f686aee05b7e6537255d207e201e821a7233a32

SHA256
917689399634f044af89c129cfe27a32fdfa1d733620021c9a7462c6aac87238

SHA512
3307a51899aadd447f87810a3e5063d94b4514a204aadb92e1b4e9d04303e8ad50be30e2efb3037780422a835fdd4c296a9df78c509afc7441dbb4c16b7d71f9

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
81B

MD5
a7a2ccd9a66d4f5928c3b73590fc2858

SHA1
62f99222c8a06aa74cefd667bb2a2e16e9164438

SHA256
161de70989b18983f51d874810d4b952eea9c05e263596a9dc72df3eeb81b144

SHA512
8ff2f145f818a2f71086723215b9303696720c2af3907c423ab9c25eca988ead9c8639026d3946bfde736eaeb714877788aae80c9e9d90351f8d5977a5e8070e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2D0SSPYGE81ZEZLOWS5V.temp

Filesize
16KB

MD5
d08453b440fd19ffead34b3d68adb2a9

SHA1
007ea399f3d686552758828e9aac2c991fe974d6

SHA256
9c7eeeb5714b50f11f7e7a0b809fa985683614e282c0e486745551bb2a818389

SHA512
a2011d8df5e8f80ef25c4cc8daf7ff159f6d090529bd6878c91bdf3fb53dbd9af01fd8f670720f3a91bd34245b7bd02f7c704492fe9a10873a46076b7cea32d9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
d49684f63adfb8201d4a5a5e77f9e027

SHA1
6274fe4bfe9e41776ea8d4dba55c4f58950baaff

SHA256
3a617956d511e545556bf19987390917667ab1fc1fc3c42809939583ecb35794

SHA512
28fd39cf5d08415b316823fb1e58b9eb02cb6a561e84a8ddccee3dd86b2478df84c96500afd2052f5c184ef5c436c1b398c27f744c0bb9a86e5c8d6f53e5ff20

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
16KB

MD5
d7f40d8be169becc2f148809d7467d1a

SHA1
2bab04058f392adcb093726065890d398b9033c4

SHA256
30a8f21f8ddff92e45cbae3a12defa791e33ec1a961c231fca195296d9a8ba45

SHA512
af88da376885fbc55bebd4d9aaac179cc48ad8f908301210f4781de32be86407c173de47d5be9ec8662d4850d3b79bae863b507d3033f55ecb0139a1dcd67fa7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
14KB

MD5
40b0cb1285397a90e0ada89de1a3cad4

SHA1
5a7184550329e789589f1a4929f960cd87d42ef7

SHA256
1e9bbedf724230b35129895c6d5838fadf8f4d11b4941e4f257f78f600b7c4d1

SHA512
267bf6b7b08681ee1f6676e693c01785751a22693c0b2a6ef76de04f036fa93050d39eda07d285392888b66d5a4e5baa4279cdb4d64a38c651117a1d0864e87e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
12KB

MD5
a83968a13b556505f8aa52cb84701f3c

SHA1
b459cbaf9311fd5e509774ddd3c8f121f10a1372

SHA256
b44e5ab75ed7884734383e4464f18599cd9f0c0470a3be95f4f89f2ed679c320

SHA512
c7db90abbdb04e351cda9b14895ee90050a6b85b9757bb5c6ff2ddb5750bdc3084a1d111236c75ebfe03c3981fb68bac0ae12ad63ec5ec4ad4c9c287be834ade

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 495153.crdownload

Filesize
3.7MB

MD5
3a2f16a044d8f6d2f9443dff6bd1c7d4

SHA1
48c6c0450af803b72a0caa7d5e3863c3f0240ef1

SHA256
31f7ba37180f820313b2d32e76252344598409cb932109dd84a071cd58b64aa6

SHA512
61daee2ce82c3b8e79f7598a79d72e337220ced7607e3ed878a3059ac03257542147dbd377e902cc95f04324e2fb7c5e07d1410f0a1815d5a05c5320e5715ef6

Download Submit
memory/5388-935-0x00000000052B0000-0x00000000052D0000-memory.dmp

Filesize
128KB

Download
memory/5936-1399-0x00007FF6F6CE0000-0x00007FF6F7CE0000-memory.dmp

Filesize
16.0MB

Download
memory/6000-721-0x0000000000440000-0x00000000005B6000-memory.dmp

Filesize
1.5MB

Download
memory/6000-899-0x00000000077A0000-0x00000000077AE000-memory.dmp

Filesize
56KB

Download
memory/6000-898-0x00000000077D0000-0x0000000007808000-memory.dmp

Filesize
224KB

Download
memory/6000-897-0x0000000007750000-0x0000000007758000-memory.dmp

Filesize
32KB

Download