hxxps://sharing[.]sybeke[.]be/u/L06o5F[.]zip

Analysis

max time kernel
1200s
max time network
1091s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
14/07/2024, 07:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://sharing.sybeke.be/u/L06o5F.zip

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133654140642620223"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
3228	chrome.exe
3228	chrome.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4800	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4240	chrome.exe
4240	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4240 wrote to memory of 5072	4240	chrome.exe	70
PID 4240 wrote to memory of 5072	4240	chrome.exe	70
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 4036	4240	chrome.exe	72
PID 4240 wrote to memory of 2400	4240	chrome.exe	73
PID 4240 wrote to memory of 2400	4240	chrome.exe	73
PID 4240 wrote to memory of 3580	4240	chrome.exe	74
PID 4240 wrote to memory of 3580	4240	chrome.exe	74
PID 4240 wrote to memory of 3580	4240	chrome.exe	74
PID 4240 wrote to memory of 3580	4240	chrome.exe	74
PID 4240 wrote to memory of 3580	4240	chrome.exe	74
PID 4240 wrote to memory of 3580	4240	chrome.exe	74
PID 4240 wrote to memory of 3580	4240	chrome.exe	74
PID 4240 wrote to memory of 3580	4240	chrome.exe	74
PID 4240 wrote to memory of 3580	4240	chrome.exe	74
PID 4240 wrote to memory of 3580	4240	chrome.exe	74
PID 4240 wrote to memory of 3580	4240	chrome.exe	74
PID 4240 wrote to memory of 3580	4240	chrome.exe	74
PID 4240 wrote to memory of 3580	4240	chrome.exe	74
PID 4240 wrote to memory of 3580	4240	chrome.exe	74
PID 4240 wrote to memory of 3580	4240	chrome.exe	74
PID 4240 wrote to memory of 3580	4240	chrome.exe	74
PID 4240 wrote to memory of 3580	4240	chrome.exe	74
PID 4240 wrote to memory of 3580	4240	chrome.exe	74
PID 4240 wrote to memory of 3580	4240	chrome.exe	74
PID 4240 wrote to memory of 3580	4240	chrome.exe	74
PID 4240 wrote to memory of 3580	4240	chrome.exe	74
PID 4240 wrote to memory of 3580	4240	chrome.exe	74

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://sharing.sybeke.be/u/L06o5F.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa7d179758,0x7ffa7d179768,0x7ffa7d179778
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1848,i,2977923872791723551,1703232181281252784,131072 /prefetch:2
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1760 --field-trial-handle=1848,i,2977923872791723551,1703232181281252784,131072 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1848,i,2977923872791723551,1703232181281252784,131072 /prefetch:8
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2788 --field-trial-handle=1848,i,2977923872791723551,1703232181281252784,131072 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2804 --field-trial-handle=1848,i,2977923872791723551,1703232181281252784,131072 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=1848,i,2977923872791723551,1703232181281252784,131072 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1848,i,2977923872791723551,1703232181281252784,131072 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1848,i,2977923872791723551,1703232181281252784,131072 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3400 --field-trial-handle=1848,i,2977923872791723551,1703232181281252784,131072 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 --field-trial-handle=1848,i,2977923872791723551,1703232181281252784,131072 /prefetch:8
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 --field-trial-handle=1848,i,2977923872791723551,1703232181281252784,131072 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=916 --field-trial-handle=1848,i,2977923872791723551,1703232181281252784,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3228

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2304

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4720

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:4800

C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe
"C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe"
1⤵
PID:4540
- C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe
  "C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\emeraldchat-electron" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1612,i,13424939420161118040,14068389993470131509,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1604 /prefetch:2
  2⤵
  PID:1228
- C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe
  "C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\emeraldchat-electron" --field-trial-handle=2640,i,13424939420161118040,14068389993470131509,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2524 /prefetch:3
  2⤵
  PID:3212
- C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe
  "C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\emeraldchat-electron" --app-path="C:\Users\Admin\Desktop\CEMEV1\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=2872,i,13424939420161118040,14068389993470131509,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2868 /prefetch:1
  2⤵
  PID:1224
- C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe
  "C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --user-data-dir="C:\Users\Admin\AppData\Roaming\emeraldchat-electron" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2748,i,13424939420161118040,14068389993470131509,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=980 /prefetch:8
  2⤵
  PID:4268

C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe
"C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe"
1⤵
PID:3248
- C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe
  "C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\emeraldchat-electron" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1612,i,11565792056766964230,10644097652016689796,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1604 /prefetch:2
  2⤵
  PID:3636
- C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe
  "C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\emeraldchat-electron" --field-trial-handle=2748,i,11565792056766964230,10644097652016689796,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2608 /prefetch:3
  2⤵
  PID:2816
- C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe
  "C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\emeraldchat-electron" --app-path="C:\Users\Admin\Desktop\CEMEV1\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=3024,i,11565792056766964230,10644097652016689796,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3004 /prefetch:1
  2⤵
  PID:3492
- C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe
  "C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\emeraldchat-electron" --app-path="C:\Users\Admin\Desktop\CEMEV1\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3472,i,11565792056766964230,10644097652016689796,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:4492
- C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe
  "C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\emeraldchat-electron" --app-path="C:\Users\Admin\Desktop\CEMEV1\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3568,i,11565792056766964230,10644097652016689796,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:3240
- C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe
  "C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\emeraldchat-electron" --app-path="C:\Users\Admin\Desktop\CEMEV1\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3464,i,11565792056766964230,10644097652016689796,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:4568
- C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe
  "C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\emeraldchat-electron" --app-path="C:\Users\Admin\Desktop\CEMEV1\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3752,i,11565792056766964230,10644097652016689796,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:3296

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:1556

C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe
"C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe"
1⤵
PID:1620
- C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe
  "C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\emeraldchat-electron" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1612,i,9887988613232983038,4296268772181594336,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1604 /prefetch:2
  2⤵
  PID:4268
- C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe
  "C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\emeraldchat-electron" --field-trial-handle=2348,i,9887988613232983038,4296268772181594336,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  PID:2052
- C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe
  "C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\emeraldchat-electron" --app-path="C:\Users\Admin\Desktop\CEMEV1\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=2960,i,9887988613232983038,4296268772181594336,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2956 /prefetch:1
  2⤵
  PID:4968
- C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe
  "C:\Users\Admin\Desktop\CEMEV1\emeraldchat-electron.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --user-data-dir="C:\Users\Admin\AppData\Roaming\emeraldchat-electron" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3272,i,9887988613232983038,4296268772181594336,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3268 /prefetch:8
  2⤵
  PID:1324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
476B

MD5
e6abcf3898b68adf4573babd981bf8bf

SHA1
e7eb92186ac2ed9c304e636084e2d4fc18f0a850

SHA256
a1282c8126c972c76bed9d069d1464783032259bdeb0d24ae724bf751bd0007e

SHA512
67dc24dc9f5428dc935d878bbf606d26281c57c0c5c03d414f1943154b33f6ebf9e1f72d511032061d989fc9de0e40c9a92b3f849256f66a3cec80dd0a4ba6ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6eb2c66b3e7fe23af8f65cefac4a7643

SHA1
640de07739d3309a0635ebab35375679827a92f2

SHA256
08cbcdafe31004799d836814437375fe12c3eee06d725f18d64888d59c33aa35

SHA512
26e2ac96b439994de09ca96e9d08daf84cc22caa77de562630d744ad0ff903f45909e129980c533549bdd9bc44dfc53123c827c3decc5fa92c669d4d33b7e8e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
727f3bb36a2d05d73c5620ead00ad33d

SHA1
99d1f13c6cb02315359fa7935b18f9cb5e408f84

SHA256
8e5e2bc520cdc4b890aa4fbab7c186d68a3a19413eec641f9eb7b9b0e18daddc

SHA512
59f8931e79a3330b969ecb30711768f745963f031e64c867e61ed162828002f28763e9a8dd61af514dbfe22faa2545d88ca3c1e3fe3a208037e7d1ca1bea24a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0c4661f59d5481734a957aea18e30dd9

SHA1
43f8e956df552911d6e9acd20a7a354ff3a2531f

SHA256
60032a5b85e7b467a66c6075b334286a152e01444aa2c104c0f62c00cecf2f64

SHA512
db8494909dcc31898954cc0bc10af6c7c7a002e542bf8e16d0079247871879b9c9a4a0c52ef253537053ab0e07d0398cc74e54a08e6b2c1ac0c0cccd11afeac2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4a54c174b5f8c2c2d45a40a049ea2295

SHA1
26852e9821ca8bef56e7c48ec1794d590d74dd4d

SHA256
474a132d1f73e337be796de1dd8426eaa2c5013464129a55f2e8d216210ad475

SHA512
45110028ff447e9918560f583c2a95d1cb39d72b3a3e00fade758163bbc8db855e384a35411ad60b4c84794ec5c7e420c37f2ae1a9fafd7a7ec7d40ce7ba725c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
9116a1b563abfec31641e3a6c48c6b74

SHA1
7a5cbc895d1e7ea02a17241dc70f8fb0cb914040

SHA256
28bff0abab50c739f905d1e0027c56f1b72d0a29b757f6f729532ce3ba048e5f

SHA512
f42108b064dc367f01c3e7aaa37fa831112b18c0c21bb76b4e13784bd7260532db44526db7ef63979ff741eca263a04bb21c5a11e7e01d869eac0a7f8d503944

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
6c52cfb59d2248481a883937d44d339c

SHA1
6c3b725094f806e8ed6ac7216c4d398d218132b4

SHA256
5c85e7a26f9529cbfe6a90d31c3402e47bc03f9c2ce71dcaab6aa52c5c3513e8

SHA512
caca4a2616b7fe57876776a0de93dd551a9cada40dd2705560a36d2b3e1d59c8d81936522033bfa0ca99880d5fe5394044c9d93a427abb9de444bdaa050f42a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
2baa2b8130def3fa8a860f4889365af0

SHA1
dcfa99e19d6cfb7934b482369cdb9e73f53ddc66

SHA256
a19c817526f38bda5d1d241829fd83d4b88a77f7b0da71df7670a8817ca834ca

SHA512
9640c9543573a588db63969d61f8e522a4fb02d322eb026a86af56654e94304938b728dba8a91e5a207a2e8f8394af530a3d55c52bf128f57a07f5a4aeac2bcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe589ca8.TMP

Filesize
100KB

MD5
4c695bd9281d2abb98a2e6161e89502f

SHA1
17b1057d2b66e281ff73d631bc19f9c0aacd3362

SHA256
538bf1888b5d42f4c1732ee776c1feb91db8b009aa3da151e77aae31b1a7396d

SHA512
9de3dfb024e811452a46d2894da024169172289a4ec1f655d70b8b10469a40e46247952d9daf79db69966397d01475bbc3836abd65ffaf8d383dabf655d2e6cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a4c0d688-ac2f-4b7f-97f6-f3cc3c5c51a5.tmp

Filesize
150KB

MD5
8b2924f64768d8c60e0f22439945312e

SHA1
5f0f95856edeb8c5b4e112692c9d279400552118

SHA256
9f0468dea7636151ab9de37547fbd38ab905266fe196e560d9f7602fb026e299

SHA512
3fc985dd244edb9004023440df30dd34c236e5e3f8d606eddc9404ef16db3cb7f70f708eb858e772b36a725a8da78e12be943400fe29a185810c27a4ec739e4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
57ef09ff2b73709ef8034c743c739943

SHA1
6dfd6721a7981f83e1df17c415341141d2d3d0d5

SHA256
99ca60624f5ffe3ae37e659236a50341f66c8e4ba8758df37ae2269a89aaae42

SHA512
0c4201db577d97810ae329e5cf484c11dba3daf2f31255e5e1dfac5cf718d12aab5b4986a800c1ab9beae2861fbeb47b2fe6682e2037683d946ce0d0556f36f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\1601268389\715946058.pri

Filesize
171KB

MD5
30ec43ce86e297c1ee42df6209f5b18f

SHA1
fe0a5ea6566502081cb23b2f0e91a3ab166aeed6

SHA256
8ccddf0c77743a42067782bc7782321330406a752f58fb15fb1cd446e1ef0ee4

SHA512
19e5a7197a92eeef0482142cfe0fb46f16ddfb5bf6d64e372e7258fa6d01cf9a1fac9f7258fd2fd73c0f8a064b8d79b51a1ec6d29bbb9b04cdbd926352388bae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\4183903823\2290032291.pri

Filesize
2KB

MD5
b8da5aac926bbaec818b15f56bb5d7f6

SHA1
2b5bf97cd59e82c7ea96c31cf9998fbbf4884dc5

SHA256
5be5216ae1d0aed64986299528f4d4fe629067d5f4097b8e4b9d1c6bcf4f3086

SHA512
c39a28d58fb03f4f491bf9122a86a5cbe7677ec2856cf588f6263fa1f84f9ffc1e21b9bcaa60d290356f9018fb84375db532c8b678cf95cc0a2cc6ed8da89436

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
abe9f97b1b607b859069663ae24aaf0d

SHA1
73396561079dbb8f5c4c8f9c3811841016ce85ab

SHA256
322b8cbccef28a47b006b955ea1b9042dab08b017f48ee8a52677e3e80c7e080

SHA512
13ff2088877a728d859768f94845d586032363efa07d64af49735ab32c2cbbb7b1dba19b44244f7f7d06c3ecc9c73645af7ea68191dc2562d9e8bf3dc988ce0b

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
eab9a31efa0f384e99247e7f3962323d

SHA1
3ee07859a269b6806d3228ed86bf7d7d3792efee

SHA256
37c4bf4e16fb19195ca5c8098b9c8346a4fa64187ada0e5502938c7b23ffbf70

SHA512
f19a037cfb2973a4193510c97e3f7cad02a8f4507b9e67849f4af53082b2b9d19f157b98bcac0b31004498f3d077553837be5824b6c7251cc481ef4f92646166

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\DawnGraphiteCache\data_1

Filesize
264KB

MD5
03f74525540a89e9f92c0259444e4d29

SHA1
98113d2998556fe54aa44d7d838722e23678d87c

SHA256
6515e439fc50a619d0abe6d484feb507689cf88666f9d0755f0e93fd814cdb7e

SHA512
de32e147924663f13910ac11c684196a5bcefe8819d5bb38081abaa650e591bc8c71ac9cae0574e43b5f3eb45c3912aa01f2e8f8fa057d647e91de00e453527d

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\DawnGraphiteCache\index

Filesize
256KB

MD5
c1024c5a1475b02caf4bb918776448a3

SHA1
f29bc416a41e224048aafcf1f6a9684c5acc6597

SHA256
34fa25a5b989e7cff608371cb61c69b83df74a7fcd9c2cf546275d4a7ca758c1

SHA512
58ee779d2894fc80e5f9f089591ec020f4dc1c310185e3efcc312b25cea0c06d6b0b95d158347bc66b165adc5e12deeb63fb66caa8c194a41b042b0c94374f35

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\DawnWebGPUCache\index

Filesize
256KB

MD5
226934d968f71452e755b526e667fdfe

SHA1
fd22037854e59590385ce0bf32b89be69666e694

SHA256
969ed35ca4c377bdd303b856b522c791c2a5cc9a6e51cfe1f1eae215803dadf9

SHA512
0678adfb6562cf73f9cabdcd218a204eaa2642a68f227a5068ccd68120848a7e108f3a2abc816f75dfaed8a056b7692ac96a51ec2515909bf0688c123ffb2a96

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\GPUCache\data_0

Filesize
44KB

MD5
1e18db1ccb7e5f5b9411364677a0dec4

SHA1
b270aaca92ec23f1650eafbd4bcef5d8344f7c42

SHA256
1d00dd072344e2da27f2603106585fc0c5a5ac47fa4b3b70aba0bba7598a32f0

SHA512
3f7988f4854ced5f092b518cddf66f30be5211efc437c7a3c6fc037ae7ecfa79259fea21941a7d76c78f19f6cb2d15ee2242583a973b53edfd2b899c844594b4

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\GPUCache\data_1

Filesize
264KB

MD5
99a87f24a796c186e4ac6b9f97356d74

SHA1
58ce9b1a687182826daa2539a5230c922bb8ce63

SHA256
65bd577479fbe22536b98dde9aa51347cb7ecefb67e3b613c97d56e715c298ef

SHA512
61a4c15356b2013220dbc89a7dd9a227182fb5d60212e90617f03107a778b649ff06e90c824c3f8bf0faf35d459b3132f1a2e40e40b097452743faf86e15c0a8

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\GPUCache\data_2

Filesize
1.0MB

MD5
17ec70a0edaad2a502a73a8a48dc0ec9

SHA1
dfc0c81b7c915932a7aca9bd59a2e57b4c8b4701

SHA256
82c0ec8df9017b0efbcd78bef2f50cd1b83e5a7396ee5b009b01484c3519ab28

SHA512
5931ced624dc7c1129962d5093217074eab25578ab2adb872e4740c6335aa8be0a16464a77cc7734d09c2b2fc9a18666e58d5de87cc49e6b3d2fd55bece266cc

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\GPUCache\index

Filesize
256KB

MD5
c7187e915dabd565ed80df97c16c5ed7

SHA1
80993173ef1fbcf0ca856740312af5def30ade10

SHA256
ef78443fca713eab2d247c72ea3d1d460333d238ef2363bfcd9810bd677b3ddb

SHA512
0869a361c77f6b732dcea1e167eb7837019f3a972655c20d3cdd23692225ccdae54290987776dbc9bb0fcb9188e48a1ff3a3e3271b8c6f859b05341111ba95fe

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Local State

Filesize
434B

MD5
18fe7ff8a3abe0c2e7875480a19e5cc1

SHA1
42ea6631bce4f007b59e0fe4dc74a35cbe6fded3

SHA256
c04ae5744f125a693277589395bbdc60324398acdbdbb8df5f8ce7eb285ab9f9

SHA512
10b91eaad2fe0686a4bf4fc8ee7c59c3b1dc5ce5471cff7555aa65dcfe3ea3d5a41888d38ae4150a4cc79966853cd405a4f4c5e961ba896144da401377d60eed

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Local Storage\leveldb\LOG

Filesize
307B

MD5
49f03da1a78fbe67c1303f1a399549b1

SHA1
aa9de26612623c4e4b47cab8b98c4734553fd879

SHA256
d24d896d81a30239ba4cbf29b527dd1f03c967eedba15530b60bea0852df1c1f

SHA512
160ded6b2ef3b74a35415584b1894acc99d3c11e8af525afb07238e7a9600ae8942dd03f24367469425cabefd2e559468b3bacfcaf76ddee52cc409e43aaa0ff

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Local Storage\leveldb\LOG

Filesize
305B

MD5
4bac6a2f0cc744930165021a9f1e2467

SHA1
6bc0178bcbce8d4974e63b5de21d019d481b22d3

SHA256
e24a42ae517d9a7231daae3bcfcfdb9f1455c79aa9e3a39a6a6a76ed2df684fc

SHA512
0a19114e36defafb10fc022caf3abf58efc41d1dd72f60a69ad3913d9da27750c2b0c22ded40723c5954804fabfbb7fbcff551c965d3d6566684e7fa9d6d45d9

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Local Storage\leveldb__tmp_for_rebuild\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Local Storage\leveldb__tmp_for_rebuild\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Network\Cookies

Filesize
20KB

MD5
e58e2c64b8c2fe54ae61d1b7e505bc73

SHA1
e426536fca236fafe02b0a54c330e90c90c024a0

SHA256
15a22ebbc358370ad3476ba0a0c44f87f548f01d59720d17ff580c534a35e058

SHA512
1ccf704bc0da1c968df2d204bad825863486397bcc9df994964b3fd6b6c2603fe8540c795d27bacee2fddaecfa53acfba09f76ed0fbca686cd09e0ce5618328a

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Network\Network Persistent State

Filesize
59B

MD5
78bfcecb05ed1904edce3b60cb5c7e62

SHA1
bf77a7461de9d41d12aa88fba056ba758793d9ce

SHA256
c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

SHA512
2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Network\Network Persistent State

Filesize
1KB

MD5
4a72f79a5d3c8e5b73e4d21a5bbb17df

SHA1
36a9f0f76808deda1cfec6eda2c25aa2e1d1bc92

SHA256
eab81fcf8cc6743579a6fdd33c6a54ed0e3008f1466e2ab34e230c314349129b

SHA512
cbbd86f9df05f55b1b41c67caabb6671c7aed3068f038b807d546b2c06e0d5aca9826e1dde1ca05fbc2f247f36f02a19ad9f76f276b8c84d9652294a9df96944

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Network\Network Persistent State

Filesize
1KB

MD5
06cc9c610630ce5a37caf0b3344b4c9e

SHA1
4e6f83970dbbb7ceb268437e8151a58f561acca8

SHA256
51fe741b67d49a5582c838f1594dbeff80835c9a1ba2b95570493d28b892201e

SHA512
2bbab084c8dd65c700f5500b2e937e0fd839f2a58e0577210d888e78617bc5366626df5387362ca61182b6b6db976040c4264f1a6aabce2142a029d0b791b531

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Network\Network Persistent State

Filesize
1KB

MD5
2f3c2c2eb53390e797ad3ce28bf7a462

SHA1
09e5c90d5f73e6736ad018f2fb47e4049f311641

SHA256
99bb833e535b278ea2f5b5b00bd6ca407f0b67a01c494c340a8be50bfd46b20d

SHA512
3ae22725f4ea4bfce27db932038b94459b663c3634b71a081dca3fd4941b080f37bbb11a02b3ce5da5cd164d79c4ff61a4d9b407d762edc06ac05f620873d5f6

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Network\Network Persistent State

Filesize
1KB

MD5
956484bf21f9eb15904ef0a9a5e26233

SHA1
6ace2938deb96eeca6b80c7e4143dc1bec284392

SHA256
4fe5ad9a834dce4a3055d04ea160f4fc3d696184f80f1b17beaae1596bfd27c8

SHA512
9801929755ac40e032ff7fe8af492a5a3efe26e01bdb6246ab7fb68bd74064dd1ab10197d8607efc73b75b651f0f8cfd9c706cfaae702b9c9731c8c43f2a9b1a

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Network\Network Persistent State

Filesize
1KB

MD5
f12041563992ba1d8ff939afe2fea14a

SHA1
e4d1b39a373ddc6edf766256576bd61ec02f78d3

SHA256
64589601334d8f640d40fefcd5bda3a7a602bd3caa4dec72959a2a9f64c8f9ba

SHA512
091bdcb7759903015df2f4f1b4897e765846a237cdec8c859461dfbf096da392a633f2c3e59da2a9ef525a41e1a065a1d1d489a755983bd7d229a343b81be91c

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Network\Network Persistent State~RFe5b66b5.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Network\TransportSecurity

Filesize
858B

MD5
1bafc9ebae2a66becad824ddb5b8a19e

SHA1
dfc85e771df84de7f0b87b401c0ffdcf8f84f3b3

SHA256
40f9b85206d4c7e319f0b0efa185e6eda28a238ebdc5a10aea6d4a58b2eb8624

SHA512
d7b4159e6d6ee102ef6e91f8c8e8200eddc8f43d432fc08d30314eb583363eb2bbd0496657bb3645b33da5cdedeb1776fec255f70227ed7f66a11ce7b885d65f

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Network\TransportSecurity

Filesize
858B

MD5
6b5a588466c717d71e7de415b68cc617

SHA1
a006d264cbe4e73c327a4470aeb9646fbf084e0f

SHA256
0e06704739115625768e70f8c4c082ab0a654c5c29f1c4ec0417f18fdca8dff5

SHA512
7a92ed45b9bf29819a64478db45838271ade6609e3f3bf909809ec03122fcc9abdf3408bc161f9ad1f82762fc95f6d66b55f34dbf981c12da9b784ea7b5ce15b

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Network\TransportSecurity

Filesize
858B

MD5
e260217838b724c6db48f43e6e209386

SHA1
60394a570c111a46d2c68c99ba37743128e1f764

SHA256
3b1c8dc95d2d95fb968217667dd117fe1c2ac23f8309bddf1c308871a18763ef

SHA512
170e235198e82f23f1dca7d33b483bda3fdab7b8baeda532bb35863df4bac115f09aa0de221ba62de8a51198cce9813cc0260cf7fb957ca497cf3728c7b12758

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Network\TransportSecurity

Filesize
858B

MD5
51e86a0964888c4dd9f414210265ded6

SHA1
0f6d23c1bcb053d3288e6efa504a52fe2fb8a4af

SHA256
648f4bc2499f71df16fb185270610d522b086449d7d8e34ca8dc7044c3611664

SHA512
99e8dfcd139e151def7003e1730a0065ddea82d6480d1ebea0513b910a0a17c3643eb731ef8b61ea4031772522ed7097795d827c7fda5f65096d63b95305aecd

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Network\TransportSecurity~RFe5b6742.TMP

Filesize
523B

MD5
50ef36b6e3d055145ec67e81e4f68270

SHA1
59d82f2e4b631880df9a3e6f19476b824c2789ba

SHA256
4fa9137ae9d4fcba46feaa641cf648e1b8bb601624347271f7d16d2925b9063c

SHA512
b037bafbf28b365c78967f700cd9157d432dd5fbeb814a19164e56be8751b5840350991297624798bfdfe93b9ba85f9190e9423e854e30d810e83d0680ef3b60

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Network\Trust Tokens

Filesize
36KB

MD5
4a16a04fb87d12a0ebc248765fa6e456

SHA1
a62ee5b026beab32328f0042aaee68ea37bc3d24

SHA256
f456d7d7a6286cf9e8d43b6c038699005fb1d4904382d21f635af355c1be9c6c

SHA512
b2aa657c825da5f26b94f534ad28215ef4eccfc4670ee77eef941e600e3aa335b4f118188d8e6915682b7e41e7e02487ae9c1bfa20df7daecd4bd08399bf86a2

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Preferences

Filesize
132B

MD5
e36a8daa878200984eb7451a7cea3225

SHA1
6eae6517484fcb7aaa9a0cd6fa0739264474a93f

SHA256
126163d17cbb8be2d647a4560b63bb43b9ee0294a4ab4617f780bb103afe7b91

SHA512
240cb5db0b0743ad06d0851cc203e391634e54a0eca5055ac594b3bdf7e152534bcbefd718ae077d0f8b420ab7600003d2090a1aa5b528cfe0f51f860204f684

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Preferences

Filesize
132B

MD5
3c7be88d409d3dcf935a4b1804f1f675

SHA1
288de10148fd54e50ffadc1d96dc5c519c31367f

SHA256
ced8ba48e49d67ad4214d9e174162b71f5f8d2b9c1fe6a24591c7ac1436ead48

SHA512
d6dea79baf57a49cc028b005db5516f99370baddf7655aaa7ae2b374462dd25fe683846f6eb5251c8e63b9aedb40f68f51bd35e6d1d06cf6c395ccdb77b5e7fc

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Preferences

Filesize
132B

MD5
367d35f462b620bce34e001929e4545e

SHA1
fda8358d24b4baf5276c3730103f7afa6b036f27

SHA256
d8d89e6876e0a3c63b04708729a2e4fbcf648195b98953c7b8f7885a705e1750

SHA512
f69215329c84e260ae8530d857ef55d459101bbe08b62bc25a6d7db07658f26852bc57a5b01088366157959710d7ffcc72adf939441f5036ea00005edd5f1294

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Preferences

Filesize
132B

MD5
e0c2f94460d15b0beef6e1001df472d8

SHA1
eeaa877852997df1dd45ef5570911345f21aa71a

SHA256
c3f6a1deb81e7b5df13339307968238a8bfa64459853cb74e6c91c2d95efd1e6

SHA512
0c762cd995f4ed6cb9b9ffa93986cbbe2f0bb83a778a694e807a33b1cd9da02090cb42faf4bcad7dec43ec7545b2083f031b84257f34df5f0ffe5d8dc0c5f501

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Preferences~RFe5b5cc2.TMP

Filesize
132B

MD5
5d3c17574e5adf0ea0608c7bede99720

SHA1
a7cf596da9907587af6a9b3590333bc563596fd9

SHA256
82fc4e9a702a20eccee1d219e9a31ce21c4372419eb6cac4fe2a9784e478efb0

SHA512
a6bc33578c566f04f6d93ac98bcf04773b9e8e5b8405ac6d0519a16713cae357dca03e619cff878fbb63461547e3d35b2b9f58e951fd04c8bbb93596953773df

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Session Storage\000003.log

Filesize
30B

MD5
34f64ef9f598bf4e18e453130867beee

SHA1
61026ced5de1d6eab64c9cca4a9c0f002b00c4e7

SHA256
ace9875fef7e1426d3590993377bc2e4af93c1c323a00266cdca240e91c0c82a

SHA512
24e4d6cb7b50fd674050ffd4f609c951f5e40e45623e2548273e54d7b3e2d80fa9107737ce610264e2a31b0a7ed2778fe34baa25a469013ee9f3eb05c365e740

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Session Storage\LOG

Filesize
293B

MD5
a3d9b78410df3db84a84be9dd9554d22

SHA1
168d317b07f2a75ee88c7e2fed4c8d1911162a19

SHA256
1dca9b913cd6bdaa335ef1f9fc69d3545d1b9aa621ed21d0c477441b66bd8fc6

SHA512
83f3f75ddfac7a0eeaece1a9df94f3d7eb50554de28607896d1d77faae70df3f0165eccd9bf6617ad3f2bc27afc3a872f451003590f1336dd28c131ed47140cb

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Session Storage\LOG

Filesize
293B

MD5
aff2216a87ecc0ce33f11761bfa6fadc

SHA1
f914bf03684add2fb04fdf1a7a416fd851338000

SHA256
0b47d0ae2be42ae07f2264800f5d02ed4790c3217244bde4e5d1151cca364141

SHA512
141cb471cd041e75bde666749544c6d77efd21772110ca3e5868363abee404c4d5f5495db4408890366f1174c444c9feb520f7e2de2ad88414df9f3689316e85

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Shared Dictionary\cache\index-dir\the-real-index

Filesize
48B

MD5
1e2b0d6bd4c5e508c7d753e203aeb3e0

SHA1
e8b06e91819839da5f3659828837d2db8220a828

SHA256
3c5fe6bf4f1c0a9fc9205cb1826e40f0c4f95468e0df7b5d80ae5aa879ca0fd2

SHA512
175061e060bd0d97ce936181a4bfd2e51e5e7c371367fe5cfaa30288ed537b927734cf4916cd510866ccab2e89f9ceed21cfb8b84e57e48c79637250017fb889

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\Shared Dictionary\db

Filesize
44KB

MD5
358d089087aa109e41f38ddda1ff8368

SHA1
42f68e8e7c6806485aab068ad2ef9d8992fe3867

SHA256
e1ea1994a9c238120944c0009b25c9b75c3b8acb5cc137a78cd4a8450c809130

SHA512
4630eba964ce1dccfbb8663f04141c91ff0a3cee399621637bdef17c696735316da23a5bf6f7235b9616005652d175e276e83c8aca5f99f9f3b4d9c713818553

Download Submit
C:\Users\Admin\AppData\Roaming\emeraldchat-electron\WebStorage\QuotaManager

Filesize
40KB

MD5
46e3f078007d0a1e72eacb62deda3629

SHA1
8abf0c6696f64b78ec1cfaec8a610e413bab0934

SHA256
ed10d93efcedfb12f77c695eff074658dee7eb2708c3c5dfce7c14377d22d903

SHA512
dda6568b170aed2f71f219ef467b6b3fa3511cf737b52e17002df21635f53d99592b6ac17274c1259f104d036542c1af942a7132f4350a5408b37433ae1d6b81

Download Submit
memory/3636-763-0x000001FC80240000-0x000001FC80250000-memory.dmp

Filesize
64KB

Download
memory/4492-638-0x00007FFA89520000-0x00007FFA89521000-memory.dmp

Filesize
4KB

Download
memory/4492-639-0x00007FFA88490000-0x00007FFA88491000-memory.dmp

Filesize
4KB

Download