eternity | hxxps://github[.]com/mustleek/Silviozas-Premium-Proxy-V3[.]85-CRACKED

Analysis

max time kernel
382s
max time network
391s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
28-07-2024 10:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/mustleek/Silviozas-Premium-Proxy-V3.85-CRACKED

Score

10^/10

eternity defense_evasion discovery stealer

Malware Config

Signatures

Detects Eternity stealer 2 IoCs

stealer

resource	yara_rule
behavioral3/files/0x000400000002aa8a-1266.dat	eternity_stealer
behavioral3/memory/2240-1328-0x0000000000890000-0x00000000009B6000-memory.dmp	eternity_stealer

Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
eternity
Downloads MZ/PE file

Executes dropped EXE 14 IoCs

pid	Process
2240	Silviozas-Premium-Proxy-V3.85-CRACKED.exe
4996	dcd.exe
4552	Silviozas-Premium-Proxy-V3.85-CRACKED.exe
5512	dcd.exe
3480	Silviozas-Premium-Proxy-V3.85-CRACKED.exe
5204	dcd.exe
580	Silviozas-Premium-Proxy-V3.85-CRACKED.exe
4868	dcd.exe
5604	Silviozas-Premium-Proxy-V3.85-CRACKED.exe
3748	dcd.exe
5404	Silviozas-Premium-Proxy-V3.85-CRACKED.exe
2580	dcd.exe
5580	Silviozas-Premium-Proxy-V3.85-CRACKED.exe
3064	dcd.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Silviozas-Premium-Proxy-V3.85-CRACKED.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dcd.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Winword.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Winword.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133666377272660920"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Silviozas-Premium-Proxy-V3.85-CRACKED-main.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 259173.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Silviozas-Premium-Proxy-V3.85-CRACKED.exe:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3064	Winword.exe
3064	Winword.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
456	msedge.exe
456	msedge.exe
3740	msedge.exe
3740	msedge.exe
412	msedge.exe
412	msedge.exe
2884	identity_helper.exe
2884	identity_helper.exe
2624	msedge.exe
2624	msedge.exe
4632	chrome.exe
4632	chrome.exe
5376	msedge.exe
5376	msedge.exe
5636	msedge.exe
5636	msedge.exe
2400	identity_helper.exe
2400	identity_helper.exe
4452	msedge.exe
4452	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
732	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeDebugPrivilege	2240	Silviozas-Premium-Proxy-V3.85-CRACKED.exe
Token: SeDebugPrivilege	4552	Silviozas-Premium-Proxy-V3.85-CRACKED.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe

Suspicious use of SetWindowsHookEx 27 IoCs

pid	Process
732	OpenWith.exe
732	OpenWith.exe
732	OpenWith.exe
732	OpenWith.exe
732	OpenWith.exe
732	OpenWith.exe
732	OpenWith.exe
732	OpenWith.exe
732	OpenWith.exe
732	OpenWith.exe
732	OpenWith.exe
732	OpenWith.exe
732	OpenWith.exe
732	OpenWith.exe
732	OpenWith.exe
732	OpenWith.exe
732	OpenWith.exe
3064	Winword.exe
3064	Winword.exe
3064	Winword.exe
3064	Winword.exe
3064	Winword.exe
3064	Winword.exe
3064	Winword.exe
3064	Winword.exe
3064	Winword.exe
2476	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3740 wrote to memory of 1908	3740	msedge.exe	80
PID 3740 wrote to memory of 1908	3740	msedge.exe	80
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 4532	3740	msedge.exe	81
PID 3740 wrote to memory of 456	3740	msedge.exe	82
PID 3740 wrote to memory of 456	3740	msedge.exe	82
PID 3740 wrote to memory of 4424	3740	msedge.exe	83
PID 3740 wrote to memory of 4424	3740	msedge.exe	83
PID 3740 wrote to memory of 4424	3740	msedge.exe	83
PID 3740 wrote to memory of 4424	3740	msedge.exe	83
PID 3740 wrote to memory of 4424	3740	msedge.exe	83
PID 3740 wrote to memory of 4424	3740	msedge.exe	83
PID 3740 wrote to memory of 4424	3740	msedge.exe	83
PID 3740 wrote to memory of 4424	3740	msedge.exe	83
PID 3740 wrote to memory of 4424	3740	msedge.exe	83
PID 3740 wrote to memory of 4424	3740	msedge.exe	83
PID 3740 wrote to memory of 4424	3740	msedge.exe	83
PID 3740 wrote to memory of 4424	3740	msedge.exe	83
PID 3740 wrote to memory of 4424	3740	msedge.exe	83
PID 3740 wrote to memory of 4424	3740	msedge.exe	83
PID 3740 wrote to memory of 4424	3740	msedge.exe	83
PID 3740 wrote to memory of 4424	3740	msedge.exe	83
PID 3740 wrote to memory of 4424	3740	msedge.exe	83
PID 3740 wrote to memory of 4424	3740	msedge.exe	83
PID 3740 wrote to memory of 4424	3740	msedge.exe	83
PID 3740 wrote to memory of 4424	3740	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/mustleek/Silviozas-Premium-Proxy-V3.85-CRACKED
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa9f0d3cb8,0x7ffa9f0d3cc8,0x7ffa9f0d3cd8
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,10461462436364129981,17589788582997832786,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,10461462436364129981,17589788582997832786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,10461462436364129981,17589788582997832786,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10461462436364129981,17589788582997832786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10461462436364129981,17589788582997832786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,10461462436364129981,17589788582997832786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,10461462436364129981,17589788582997832786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10461462436364129981,17589788582997832786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1876,10461462436364129981,17589788582997832786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:860

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:716

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:732
- C:\Program Files\Microsoft Office\root\Office16\Winword.exe
  "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\Downloads\Silviozas-Premium-Proxy-V3.85-CRACKED-main\Silviozas-Premium-Proxy-V3.85-CRACKED-main\README.md"
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:3064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8db8cc40,0x7ffa8db8cc4c,0x7ffa8db8cc58
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1872,i,16094925349282774547,8371698397477737207,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1864 /prefetch:2
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1860,i,16094925349282774547,8371698397477737207,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2072 /prefetch:3
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,16094925349282774547,8371698397477737207,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2400 /prefetch:8
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,16094925349282774547,8371698397477737207,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3212,i,16094925349282774547,8371698397477737207,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3688,i,16094925349282774547,8371698397477737207,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4388 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4716,i,16094925349282774547,8371698397477737207,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4688 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4776,i,16094925349282774547,8371698397477737207,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:5124

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:232

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa9f0d3cb8,0x7ffa9f0d3cc8,0x7ffa9f0d3cd8
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,13913079008729231549,3614093094489618620,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,13913079008729231549,3614093094489618620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,13913079008729231549,3614093094489618620,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13913079008729231549,3614093094489618620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13913079008729231549,3614093094489618620,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13913079008729231549,3614093094489618620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13913079008729231549,3614093094489618620,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13913079008729231549,3614093094489618620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,13913079008729231549,3614093094489618620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3872 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13913079008729231549,3614093094489618620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,13913079008729231549,3614093094489618620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13913079008729231549,3614093094489618620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13913079008729231549,3614093094489618620,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2928 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13913079008729231549,3614093094489618620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13913079008729231549,3614093094489618620,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13913079008729231549,3614093094489618620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,13913079008729231549,3614093094489618620,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6324 /prefetch:8
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,13913079008729231549,3614093094489618620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6116

C:\Users\Admin\Downloads\Silviozas-Premium-Proxy-V3.85-CRACKED.exe
"C:\Users\Admin\Downloads\Silviozas-Premium-Proxy-V3.85-CRACKED.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2240
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4996

C:\Users\Admin\Downloads\Silviozas-Premium-Proxy-V3.85-CRACKED.exe
"C:\Users\Admin\Downloads\Silviozas-Premium-Proxy-V3.85-CRACKED.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4552
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:5512

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2476

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:976

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:3376

C:\Users\Admin\Downloads\Silviozas-Premium-Proxy-V3.85-CRACKED.exe
"C:\Users\Admin\Downloads\Silviozas-Premium-Proxy-V3.85-CRACKED.exe"
1⤵
- Executes dropped EXE
PID:3480
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:5204

C:\Users\Admin\Downloads\Silviozas-Premium-Proxy-V3.85-CRACKED.exe
"C:\Users\Admin\Downloads\Silviozas-Premium-Proxy-V3.85-CRACKED.exe"
1⤵
- Executes dropped EXE
PID:580
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:4868

C:\Users\Admin\Downloads\Silviozas-Premium-Proxy-V3.85-CRACKED.exe
"C:\Users\Admin\Downloads\Silviozas-Premium-Proxy-V3.85-CRACKED.exe"
1⤵
- Executes dropped EXE
PID:5604
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:3748

C:\Users\Admin\Downloads\Silviozas-Premium-Proxy-V3.85-CRACKED.exe
"C:\Users\Admin\Downloads\Silviozas-Premium-Proxy-V3.85-CRACKED.exe"
1⤵
- Executes dropped EXE
PID:5404
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:2580

C:\Users\Admin\Downloads\Silviozas-Premium-Proxy-V3.85-CRACKED.exe
"C:\Users\Admin\Downloads\Silviozas-Premium-Proxy-V3.85-CRACKED.exe"
1⤵
- Executes dropped EXE
PID:5580
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:3064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
69f053969ca388cc4137b3eab9c5c179

SHA1
6ef34ced79f421d86fd5d28c657e2198148bee1a

SHA256
3843123b8ef638fe140a5a377ae8aab0db3cc1d210745fe92d7394ea3b2902a4

SHA512
fc71ce4a6de8bdb61274cc41a4cc46bb8b142f225a5cd8b90e6ff05c9cd9f8823b2094497339a6ebbe3ffe9989c8f9d35a6166a997f47efae38e8f4d81f467bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9367e5b979c9e40506db02beb4dc9146

SHA1
e7cc62a1394d586f70ecb2a4f4d6ca6c570686b6

SHA256
fac2420c1f0f1c18d41c601036536e5702c77a677c2f928ef3504e6bd0a09b92

SHA512
05e14bfdb2745cf8580427ece0346bd8c33fa85baf95b79fe19eb50cdaf0e34a66f73c5e7db2bc0730a65576824b999ffae0705383fd599c227d3150b627d694

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3bb942c42329bce60631f98b727ae6b7

SHA1
d6741035092af46b0fe822ae93fc25995b17d15f

SHA256
0c31965b401e0f7a0a8fa06882adb2556504a01a60bfab481eef38c4b8c96048

SHA512
280ce120e22fcfab5e746e91b4ac3f35486261a30e3ae7450b204fde73b0383026f1a0c6ee05a73c692e3bad51c735248a32eefc506e1f91ceebec6024b2b638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8615353e1c97fa22639ec652843e2fca

SHA1
a8652f681475a67b3ce12d81d28cfcc45a1b8818

SHA256
3fc982e20d3a8aab83b43c77e18539b4b888447718167315e0a08b2a9950c1d7

SHA512
45869beb538aa7bfa8fc5551d3abe0739efe3229ab951cc8158986649fc39ea74f9240f856ca77258564e62805d942b280fae7d876cb35d3ae3c4118b8c9349a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ced9f73c244a8427c26ab6eaddca7a9c

SHA1
dc7b1a95c10306d4a718775de128f977eb11da97

SHA256
6764c7fcc7fb201ac720e3c26063c9dd230e816e1e040f8d9011323b41649158

SHA512
eeb2f36079efee4e4cd59c5f76259b09424b17404ee770ce49216e7570de17600c59e6bc3669e32b2cc27f5af16d7b6dfcebb24c842cdaca414a5b444297f218

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8699d0aae295918e85dad161f30c8761

SHA1
fc3d8c97d31f3bfb33bed7e29037ed51519b9ff4

SHA256
63f668328aa387adf66a3da37dce2c451c0c1e19958c0afff2ab576505f78c1f

SHA512
530e2e8d579eaa92553e8afa5e95d4288899be7915cc7ab1c27756df59207fc4c8e4417afd1ed0f9a00e08c23e98875ab65ee64afc500b6f92ae18c45d728bd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
98f12d50d001d626da840851ffbea06c

SHA1
ca5141e4460d64d0fbc01d567cff672e2a88a741

SHA256
3e7dc2546356ad7c3ad4ff9b395b4b5b6776b829c76bbee333ff77dda6119101

SHA512
cd7d00f3ad0a481f8cc0979dda519dd12608c397bd8bf9e677021d1abd1afbce19d3b5f8da0132c361c1885a118eb4819c12631eebaf00472b534ece43d9e0c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
189KB

MD5
1420e7fe407860f61ae12462dbcd2bc6

SHA1
85d771303010c87b4a028c7ea70a320326d3380f

SHA256
b45e7195f25eb91f3a869e0ad64ecae1919ed3babe8d3ae0b6679a904b13b161

SHA512
63761a9b26486224d19e42990ccafc3764a27d19e3098018f7f8295cad991cf02bc09a9db9e05dda1f73a254abdc0b549cc106e29351f9bc4856c4f34c5dfd48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
189KB

MD5
de3d61e0af2ba9b68d0190fce9c94a82

SHA1
1bec32150b9619e81241dec45a3c930e842b1459

SHA256
ddb9d0b31faf9fa3394adb5829191808d247bdc661a599532ebc73a6db664875

SHA512
479778ec03a2db9aa2872e061329db441af60251731acd7a7ed7138b877653d80a3980f9009323fbf5d18e18dfef494f98c5cb7b0ec2e7cf0bd04314bd397935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0f062e1807aca2379b4e5a1e7ffbda8

SHA1
076c2f58dfb70eefb6800df6398b7bf34771c82d

SHA256
f80debea5c7924a92b923901cd2f2355086fe0ce4be21e575d3d130cd05957ca

SHA512
24ae4ec0c734ef1e1227a25b8d8c4262b583de1101f2c9b336ac67d0ce9b3de08f2b5d44b0b2da5396860034ff02d401ad739261200ae032daa4f5085c6d669e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f3725d32588dca62fb31e116345b5eb

SHA1
0229732ae5923f45de70e234bae88023521a9611

SHA256
b81d7e414b2b2d039d3901709a7b8d2f2f27133833ecf80488ba16991ce81140

SHA512
31bacf4f376c5bad364889a16f8ac61e5881c8e45b610cc0c21aa88453644524525fd4ccf85a87f73c0565c072af857e33acffbbca952df92fedddd21f169325

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
299e1c0929e01577d662b7878493fcab

SHA1
51c32f4a7ba9163dcab1c87c9c279c1d1c8a0d92

SHA256
f42c64e72c4b2214ef1ec09d20759d020dd2c4fc121f16fce343712418f80882

SHA512
dc4f98b8c9921e0a7ff11dee27c82f79df7cfe180de94ba4880b242e6320b98be8b793f9b7f79fff6dc9292eb53d5cab0256be07ef9d9088951f0a2ba2fe095c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7e0e4f9cb2204653cea705791fc54ac5

SHA1
f634006ada1aef91db5724276ca64c49aba628e7

SHA256
c55c9a8170d7e4dc70e608a6045ab03bdf300d698fc54ef68a2a20e7b1f51c22

SHA512
8542454a06782a074659c9090843cf8b76ecc556ca52f8dac20c52d8792ebab2fa521137b44609e7b2bf6dd5cf6f5d8256661d30aa442c219588e9e766722c0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
b0e7b3f730f26bc5a6dc7920af869bc0

SHA1
5fe62a03e9fc9739a05d8e60016c34e6d9b8af94

SHA256
54a33bc56de6d1eac8d1b109fa947245848e5d5b1b9f1e4e20d9f3ddc50140a5

SHA512
6bf7c32928a5e0cdef6ba05c79274ec85b6ba90563fc475f5745a83a5fcce87d9833666aff8c224b95e3b7251805c411a12a2bd985fe72ae3b19023ba8f0058c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
97557a93aaddb28772b2c3fbcfab47bf

SHA1
70c9e6c04ac155cf57120ae7c1266829eec1a031

SHA256
24c656053eebc511754e97c6eda354f585984c850845aa293bf507e8f5653ed2

SHA512
c26f52630df8d693d1b1dc97bc896f56d6b51f22dee69586791baea0c1c615b81e9dfa88e2437dbfdf2cf127080b9f841b3ca20275a424156d7cb870fbfa3f61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
9b4adce71b026d78cc190aad0f1b1960

SHA1
729e39a16d7d09a297581ae009768b5ee7d11964

SHA256
5834959cd5dc8ce4568fed5b6b1195772b51c186aa8365beb6c0be4c4ba2fba6

SHA512
760b2f3c4bcf09d1d4255d4eef5925f7d4e210cb7019bbbdc1b4fa07f5a7f554fa875c89be204e82add1c9ed01bdf9195e786535c178c24d9ca3a60905b4cf9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
82a3c4ef582a867ecfb57fd3bd901086

SHA1
648af8143f44c76872fbed1a2381597db08f395b

SHA256
656b2b6ce7ff168dd5bacfa294646c2cf1ae3963d5b2162dce4b4230b864cdd5

SHA512
0d6d20aef88422b461af858dcd83dbab9fa9e0f924a0f5658383707ba67bb805ab218c8efa5485306642c56b00e2fdb0cfac5fe106858e588c6d18bdc880845d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
bdd7753d46e75b5cb77055c7c64a57a7

SHA1
129fc009ca086efbdae3f185e330b7a244517984

SHA256
cea7a2f1a237cf7f7d66819d87bac6d71b569f14b6abfeb1990dc469b11b96d7

SHA512
4536f820a6c5353b3475fe8a38dd04ed5bb40d13dd46376ed7b9d17be42be3dcc2b57ea3a9df778cb2dc5a15424dcc95c2e1f7aabdf837935462a3c0d8b464eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
78a75bc069ba44d414739a10563f2c69

SHA1
1f157f9d1bd99d19431b8ec61909843116228139

SHA256
412335e38b2cf8d3dc8a4fd0adaf1e6d9b6bc075cc5cc36b5372e464bd07ac74

SHA512
7da7b89b47b3bf67bb7f54b95aad266158e15164c4f7a8c3e0b660ec4477cbf954a45189c9a4aebe239cd3ae1b074b575724b57c1d9a2d8b324f433c701faed0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
a572e48256af4d08d2f663be0ae0db53

SHA1
47f22a7d2e3770e507bfefc0e5a43bf9c82bae13

SHA256
7c5e45029e4257d260ad97b64e0d74e3c4964c9d3b53eb25e5e9cc0ca1356c2a

SHA512
6b1763beb69b2557a5e7d3c980fbfdbe4cb54f5be58ca52211a06503f9f723cfe318906b700ab541267ed1143dc3dca6396e19e7b642f825fb79e134d210d686

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies-journal

Filesize
12KB

MD5
233a7f6bbda4f439c918fb51a2be07ff

SHA1
cde84d2d5e53683715cf549336ad1bd06a6f4dc1

SHA256
bd57ebf3ea43a666b8e5d026ba7763d04d640d0c62a99f2e7e7ece116e56292a

SHA512
f13bafcdfa5a4daa491e1e04ba22cd9903e862a935458db01913e067f0f9817f64b1fedc0ee7139703142cb05f07ea84dd700c7c3f3291e3f35f8679852cacbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
19c3ff03f842e9beb0f77ed6ffd0da02

SHA1
d5565e7dfc90be6459ca721d6b08266f15079734

SHA256
fe0f1f32472d9236b7f7037fe4e95f884ca8f5965960dadef45e03bb0afed9ae

SHA512
938a70db5bd6df253ce0260c12eff4eda2a28703fa8082527f91dd0867f776dcce7bfda648511c2cd281c3b45eb636b05963bddee01c255147e1242ff8807bfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
4a38db3f662d45f006fbf615d393a45b

SHA1
b3681263fd65ba195386b3b6d6c90d72b90f0144

SHA256
16ea578b423ec2be71a52779417cbc3d3d46755de0197671c55d577206f9d449

SHA512
236b018417b1971bd571b0754becea5bbc74e1435375d2978606bba14385f43451bffac8784f97d6fe2ad90bf98b9d12f1bd1bbf58ef14094c2495b459262355

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
8372e544d31bbc5da857a3792948aa10

SHA1
47709b1e4c2a1a27760a9265b47123f0be3745d9

SHA256
b32b34f4a2818883d2ee441aef193a3587d5e3c78e430b8d87228b53b689ed6d

SHA512
d26df7b4e8026f8a508f4d0f0c2804a3b8d4634ce6d271195a947bdc18d7cfc281ee7046a7b83f1350702d289c930a415992bb00e7706ac851f4df0da1b8d225

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
875B

MD5
86abdb9524d84b1022fdd0357c4bfdf9

SHA1
29b894e782f3fc063ed70ba2b6de1a39f05a6ae1

SHA256
2bf030bd09cfc9d5bd8b20227c5d258edec5490b07398ad99bb646c417907214

SHA512
adaac77ad3745ce10b628d8ae2e7b19f063b7bb00d82f3462f9efe85fbdfaa67566fcd54d5e52ada2110e858f98bec2cde461cd0cb2544ffa4053e8157a4f1d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
15KB

MD5
8908a7c1e4609f8f4d5afa3481418a51

SHA1
fd9851e8883d5ff188b557a7ac02d7e3f526db63

SHA256
4ab22562c0042c5ef2227d8a54246846c5c80db3713096566291418e38e87d6c

SHA512
40b3313e6ad514ffeab6fb2ccbc46560a3b572306ee678188d0d4e9d2fed3a6c4abe774e8a83ebd10522c47d16fc22e38c66017c59c9de4c6572c62842ba8835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
f4cd49f97f158614d65309123fc515a7

SHA1
509d1038c8d60bc7a9e6fb34a9b0a81fe340d6f6

SHA256
86572b0d9b1163178e02b3ca8760a38b3d9158c9fcdeac3f87dc47275af71b2d

SHA512
bdc4220c64671ad9db16c8dd51f2d77f452f211b3b134656729e6da123e3298af421bb85ad74d2652b8a5b9e5c4c085cff0bc5a2d46992f76c5f8f27288ac47a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
573B

MD5
463f615865d92339eb68e23cb603e539

SHA1
1caff5854dcc2665be53c36fafe53602f39fbadb

SHA256
a71ea36b4801d34a72d4cf2e6697acb39eb69abbf866461cc64d84133710759f

SHA512
f77f957a18753ea34c90d48bc81ed4a6ff65a8c42036d2ebc622ea4e5bb7a4d76eb1e9e6367d765edba69e83c973dac2670a97cbee3f95d08259ef667cc8b5a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
573B

MD5
1209a0db893f62215bbf352374ac557f

SHA1
0da4d334269039ad61a9586cbd06187f2bc400a1

SHA256
3fbfecab5b7961d487700a24b3a31aa5e3163ac29b969f883cc6ac6ae24c6cb0

SHA512
7b1b3bd0c23ba7e18cef930fb37edc8ffbf79f406df71d2c380c0862b0fd2ecdbb8c1cb8390edb9658e0ff31a7eba68c7de8600b2923779364a6788042027ec9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
573B

MD5
a6d346f58cbec0a6e4015327b25f1537

SHA1
750056e65a8b1c20b1a6051f5adcdf35821a6ac1

SHA256
1a715b1b5b62ef83ca8c62a18eddb3b5b6b738be2c654ab7a38cf22fdc8bea56

SHA512
74e563217a28cd6427739731f51ba2e35ee060c8ae6959d458d06a0416e17ffc6a49f8d0bbcb8d17cef144a45c36eb9f3b92305389ab0cfc5043f530d9f28d89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bc078a950fb03a3118c3294968bac988

SHA1
2a503af597d533b71f675db95f65d5b45470447e

SHA256
e0d60b158d4b1c5f7a9393a38bf8e65a62b2183a4e0430813b29bffc3ef75480

SHA512
3e6938d517eeb99129f34947f5044bd8b5b901ea262369d03f7c6929cc036a40e6249a5e5a9e89bda84512232c70b7fe6fdaa0635df610b586dca0971b3cf84d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
39b087e8efc8078e36c7c08945ccd920

SHA1
1413aa94475e6b854131771e152557cf0d3a611b

SHA256
d3849bf0ed9091ab2c50b67b09fbb1772c8314478a467b80ea407a8639ca434c

SHA512
302e155d5f74f281c3fb87d900afc342d72e94c9b703afd3b116c90af12d9e9cd0443cf4298b9896704fa0a03c9fd3ed7848948d9b844e91ba9efe5fd5480d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6914a7b8505ada07ef97ea4a6998e334

SHA1
202dcf2c773ebec0d9964d4d1066c87eb80ff019

SHA256
497e040808bcb46dd076c24fcd618dc91000a5584da18a349bcf9fcf4d7c0c5e

SHA512
2a2c790f0093f74b9639032557aab5e10e15b6ca3e21712baf91ed8cad1bbcb5b7f280267d649ad26f2d91f78bda9382c37d1748ac9f3c17b457af97148052b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
88fbc581d99ee97da10b9a02f9124c98

SHA1
bc09a2492e2737573f952358210907c88e481796

SHA256
ba90bb71572ced18ef2188bbad42f3847dde662898bbbfe4fde70af64ed0837b

SHA512
77c953daf1e0c73b2623f215dea2ca9c969027ea91862ec2a04322d786eb10f141c99fd2f61d4979d3ececaea87c55914a62e320ba09e8db16ce145677172991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
76d1e2524a84443f1751a014e88ebd10

SHA1
61754f630399cd9199c966753819e1785f8c1585

SHA256
dbaa94210f08534cd55e78f7c0b6213096cb97f713eb4f011132bd5881ecdac5

SHA512
85b54284f9b315414b004dc0413aadf28ae3788d8667bd3378446338420c31a97ae625b39be3c046f5c309f92112b38060c5302d973a548df98183ec518fda76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c5a6525a3f1a93bcb5cb14ae42c70f7c

SHA1
74ab5e9863f2294712fc7651021edeb34fd1a9c4

SHA256
c39ccf078f15bf873151d0d10bd9e4134d78f58207964334c3f55a0f09198ba5

SHA512
dfe32fcb0afbad1768bbce719af1a25b9361f917d6a851293e553bed352aa82c59b6d9053a8c033f5bbd0b38b253e0f82ad3e5267946a23beac00f004acd1a4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d4bf1ebfe515185df3e0eb3545e30616

SHA1
b09dae17e8f73a3bcab8af7da28ace90595ecc84

SHA256
f0252dcd9e5ad3eea50673d9feb8cc3c61207e4b1482bde3ebf179e68db073a3

SHA512
63e76a9880ec9e7b2f75a3b513a94296152f32636e0bca81af6ee8a2b4fb3158f08da089d27f91df88f11d46602d648e267326f584b16efa0992268f2502198b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cedb2363458bf375381a8b89b54d8eee

SHA1
302521d216cdae7190d30ac4c641c12f6472c72a

SHA256
4ea2b282bc7d17ede1def4665185006b21bfa9a52c4ae17787a4a0ce93ffce96

SHA512
9bf51908183e6f9671d7f30890aa094b20beb217fd2b4f825c81d98d2232703c6c52c5dc67ccab0d57a317251ba908b6db78c76838026891df6a7734f9612780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
396B

MD5
1c8e9ec74910690daf68658254f90160

SHA1
ba8e773135d825c347009cfda5ee23ac7751b7d8

SHA256
1cea4fee89834bf3e5b318e01fe9895ba08721d728b8453f3c40a20b8621dbd2

SHA512
fcedf97ca0e0aa3f0ebdc92a9c3a55f4238b403ce5d311d7ba152d1c999f48981728890a0af1cbf97083d37f93bb717feeeee6aba30a16fb29865186539edb99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
896ee2ddc0a26fb0b3af29bcc97ad97c

SHA1
6d830ec9a5e597602acb09a585c714ca9dd3d4fc

SHA256
b2e51eaaae7da015c179266d9ae5d10c3cb89ad68ffeb7a3eed024b4398c33a4

SHA512
4a6b24b273bf4dc69fadba7b49bf37c762fd5b5e62af7067981fd5f1e6dff9634c1b3bb8cef8921928e9c63b0140347e302d3dee117048aea08bf2ace7306d70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13366637551372410

Filesize
4KB

MD5
2c961cbd798d043bbca32ea9b43524ac

SHA1
af3d19506e0fec54de6688ac16425b3437d3d681

SHA256
d1d1bc2dbc29cf4e04ba5baa29855d5885a1ce6d1aa825f81fde17c3c326b030

SHA512
cc0ba21b436cdff45423f2bfe2910efc057dcb75f175345d202e27ccbeeba9058b83802e4040942fb748a6585d6de7c967762ca73e0f0e6c4f272583e14044b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13366637550898410

Filesize
2KB

MD5
b3a695ff9f316efd5402550bcd677876

SHA1
463b3a7c8f5c8d9ab4c48c2063805ba499841d38

SHA256
4f3b24c9eeea2772b26cc0496be17122868028b55f439262cab03a416bdc813f

SHA512
a1e41ab198115bd2a5476399e0b6c321f2414c4860c8108480a9c94fd9c9fb414eb511ffbed6f135947213a67a4e6e62291349195b9d40a5ea84118fa4156051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
6bbdb497c44fab32192059c0064016b0

SHA1
9bb4b27769b2a74520b4056b9cc2d467cbf81ad6

SHA256
98279113f9585e6e0fd8c7e50e9eea51cf51e4180876794c4e8e0ea5cfa4a901

SHA512
c2cbf117d5171e9289e98708d9c4d70e9985f3d03e79812207e6cb330c036650e422e7074b26bf61072b6e056172f55e7cd77fe8cf22bc929a912417d26a68db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
b24bafa34be6f345d176ade9b3c9518d

SHA1
86df1e5fea1baa834798d6bf123b962da59fb32e

SHA256
0093314d88c86be853565d0770d2e4a3324576ee9c26bce7a1434eba14c5e1d9

SHA512
59421584d98552d8b71439927dfeffacb86223c84ae1190a720b60eb35c5e03d04fb796ecbb2a514720fc81b8615e7a0946195ecf11bb46f013768c992e8a221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
f433cc8d19f1f43cb3b2ca1985112fb3

SHA1
fe8bc0a9665b1a53bac225ba9469ddead06820f7

SHA256
86eb04d58d67a477cc52fd960daf0fa557793bf05e4153a77587068e9a79db42

SHA512
cf8fc6ab38fc9ffd2fd9ce20a2f8a628eb419602f8269a96d8876f71d74a8b76d2399f06240e6b008075a468ee111c43d35e978560d2764da33ff55fc4a426b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5274608246db84aff215910a9b7734c7

SHA1
48ce3178a69a31fcfac3aef524a4196927295ce6

SHA256
0a5dc9b0213adcfe502055441acbb5e0f7bea0e4987687b09530906d3f0513f5

SHA512
39f513ca89030f8ff87ff7e3d4dd70f89181303b7fa95029b509df96b5b9bceaa01d383519bea30e249a495d86392879b91e9c9f78c29f91095fbe89eae46578

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
830d0e7597e7b941f5ff8b6257b7c0f0

SHA1
32402d3749bc1889b7aa602e3607ee5d4be1aae5

SHA256
45258923ef32413f166573e60a0e2d6c508a1b1c8f420890c179a619db51ec71

SHA512
eb8ff3493395091257c9393f54b75f70e934cc4a5845ec79dee75b18f079b0dab62f70c208dacf79b80a7c4dbb5212d7f0fe5ee9e73bccdd14891d60953f729d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1fb6d1bf70a2d796ac7378d581c96ee3

SHA1
ecff31feda95a6a56ff721091073059de2bb0e9b

SHA256
430b6b7dd73b401d40528d5784c52372b7da45516cb577ac8dbea55eaaa1cccb

SHA512
c3a4f12be88eeafe5b20a6d0f7b1e4d26e633461446add312d3d8c9c1c7c2f666f0205c34f6179b2802e24c6ec761e65090a6f10ce092eaa821162144ee78a2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b6ef88a78075348b06c4c8e6fe3be748

SHA1
ceec15b04490fbf86967c026848f1c46489d7bc6

SHA256
5374a466fc3adc27f200858ee678f954b7c13f72ee0fd8776235847c14a73ea8

SHA512
162b58ceb83e9fda91a99e1514968cd084794be097b9b7acec4d07acc295b00b3abb95d7440226b4a30ba6db1aae78be4c8ebfdb099cf12724622ce4a77c341f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dd71d2e775009de634c3bf3a54bc9c65

SHA1
bb8537ebb425a127f3a49fb153a993e2ab7a900d

SHA256
d7d282ecc66ec9e26424f321b16cad007f7af67b58c428ab94dcdd1699318ead

SHA512
277d7b9a11a9b24211267ebb2780e15fb5f722f04d4f0b6fc6b47626b5086f13fbb9f31d4239414927644f3470197c0d0fd67a06ef4169e346e931d1943a8538

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
176142807509f8b789bad5911298d792

SHA1
fbb9bc978e7ea0c0577892b7bb559759c0ebb6fe

SHA256
eb027211b8e952958e3a56f9c226b4ac899eefe07f665648871fa77edd847737

SHA512
e10624892c37516b9894893939c7f7ac56ff1e7f75b3a145586fe46cf94e41ad807e441d8b6f16b4704f62ec34cb22173f57725ee82186b0a323e722b9be9465

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f2ad.TMP

Filesize
371B

MD5
7e481b0b2c07f403169bba270c425a77

SHA1
ab6d274d8a8c858f3d209c39dc638689d428eaff

SHA256
cb6252d91fb6f5b65bf931a228a6325316a7de43e8f13eab4015d7a6b5f6ade3

SHA512
d118e38042c7dfa072b3a9465b783dc1d25b41fb18aaabcc5256aca9325617a476798de2d4f8a3b471ab26f8dd93c12beada06f86699a09e5a9b900acb29c62e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
1e67c4877bdea777f7ba57b0146fa0e5

SHA1
ed8a87fc52be163bff3f7424e81de6ee225f2429

SHA256
d1c8ef23524b2adbdc774be4ee24706b1e1bee75f0a310ec4221a4678bea5bb7

SHA512
d3d44df62493d745a555f1dde64b266405d25e1fac8d7443c248791c91666f2d974aefe6a96c1c4f7cd45b35819716e811097078d8118065faeb426d7b770033

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d85c10db-12b5-4ab9-853f-fd77aa03bfd4.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
035b15df8bed10b2d7e6c4635f07a826

SHA1
087661349471a6d2d50fe3d2a5253101f9828905

SHA256
5bc29a953c289551ff2916df763f699a3d8f47fb3b343f7a8c9407e1bc623751

SHA512
6c44edb811957ab0d72321505180d33dd5c0c33ae8c7894439a73deb78aa7c79c593c0f474de19741d5efa202b723076a28adde4db3b84776b5d9d1cd1a4a969

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
3KB

MD5
c4b9dad4d5788210f54c728c959a06b2

SHA1
ec11eb8ddc68982d17a82f1006b265814494ad84

SHA256
449e5c06607e11a0f90cd28bf2a828f4298c34750ce2176cd86a774ac8cf22c7

SHA512
b57256e9ad2081f0595b70990b215000ce130251e542e9972c76a8f713d09d44935051415c39d30fae6fc2af23a10610180561306528c748cbda68d5e688e49b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
bf5e8280c65b4e88ea125449cd933d9c

SHA1
36fb881afd01aad6a6077d80e696686d50469886

SHA256
3c0c29f25bd28c2fd97ddf88395e78b4a125a0b739aed9e9dc0da761b4de8a02

SHA512
be1f854431e729e03ba7265295bbbd39a999b3712b20f9e6384fcb67dfa0ade64f7055cc6df387c90390b843b2436ac380dc460d6a47981e2ebc025ce64d14e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
976c229ff58bde64e028e08ecdb518d5

SHA1
6da4b3d9c776f65cd76cac08145dd733a0b98399

SHA256
a9065113a31a540d2b28bbc4d11660f5bdc9637dda947d8d3a9858feaaeead7a

SHA512
354dccc7679f49f8ba2b53c764313c07fd30a4767027717385f3c8a20935ea45f1207548aabde07631b2f90ae06152dd621f48368fcb6346a5629b5b855b8c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
02ab938eb2a7edd1481e147f2913e34b

SHA1
45349741afb42a8f68a4e8315ee4b532e9152f69

SHA256
977264362c80204e20f665c86b58a1f7e4308d00b5d7ae6b4c360ce1e6a2a634

SHA512
f9176eab892953df2a34abfb7138281e8c3890c42797e03349e4520defa77cc85f8fbeaf6feb14d8bd0ed0da12ec9dfb63523d816f32c66ab41bb3c1f59d6cf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
ce2a2cd54d056bb965421b5109c9f5c3

SHA1
a6fd014e60ca541428f21d53438493f009c92a0d

SHA256
573909977fbe38338c7e406f8fb2d4b33fb9f90b122bbcb1edf118c373e5c8ac

SHA512
ed0c1390bf45ff4ff2f7f678ba734aa76862636327176a54ae6cfae20df2f369f911ceecc55f0301002ccf323a76b6d54541a1804230ef429432c3edbb708c9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
75c3155ade1f3e06161fabb7c2de9a55

SHA1
86e1993af9a6aabb6c334147f9f8ed8e98d45e76

SHA256
ecbd939b45239b51ccd1c0f91cbf47d2c54aeb1376a132199714f77c55b65096

SHA512
8b7c58f2b8219c1a6d6861ea701e58355a78e244f35f48dadcd92d4dc0029e3c2816a5a49f7f1d96be600344debf36baebf6ac0f1fade67e5a16801858e4b3b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
37aee8b6e9fae8b61d2ab97829f97f2c

SHA1
f6b7649f3a44d7555d38118bcf43dffba7413863

SHA256
8b0a8f03802741a1c6c0931f9cb6ad00560abd19c70e98e3625eb3ce52725eb9

SHA512
c356e7c77883a22207c69627a43669ae4c2311b72f9dda30622670c81b9d0f2d89ebed5b65dac556fb6f6eba8d81548c824351b145374fbc80fdc91c1de47acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
20KB

MD5
7e86d5c1bf2ff36b15bfbd8fcf748b16

SHA1
59a1515ddff8caec85c4f27ffb17b69a42ec6226

SHA256
82f03e141e82546b261c1a24cd9ae3cfd4b19a7b4f343a296428deeda88cf856

SHA512
943fdf966d2ca4bfb35e01431e7bae1611e86d4bbf9c27524ba4502a9a93b8c0bb39e7760a8ee76993c4099da1ff49febe0b48468f134d4121f22a0ffb41bf2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
20KB

MD5
2a029687e73114ebcb4fad10c0114e8a

SHA1
f09cbbed46b9f8c731568bdcee13024e89bda397

SHA256
fe6e92a5b020858bbdd8089533c6f22703bc5927e22f689c384164096705b11b

SHA512
211dc45e2bb5739bcf863c44ca8132f92e895b3c95d074929aa4338698d53c6ccb3a8e2f23180260d9226073f4f5cd21a200010a7a224de7c8ac2e1cc853730d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e6547ef34d9670725715044bdd787628

SHA1
f0eb6891381f5657405898ad0308472f986ee0d6

SHA256
bc94e80051cfc5d462acf7c798a397c9e41e707d9038e3acb2c0a9a4c5ed480a

SHA512
8ea7c4f90701f05572b0888492c58cb2479d4d98e8be6617a4b684c0064e0d8861757a94f282a19b1ce9af067f8b58ffbd7fe09735e807dbc403137f37c1647d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
93dbef8950a2f5356178411875af3e2a

SHA1
ab1ddf0552ad1a08dc156171b16a98ab5e734c4b

SHA256
f81b888f1154ebd21d2b333a1cf5bdb6ea0e7c88f538c61e43eee1346688a78a

SHA512
6f4aee9ff47806ef73c639986a754e9c6fbd84da39bb5cbb1f24b73e342d2df904fba46c389897c35826ab4d65a6d2ae8cd000c3c27f7b1c7ae25d0c182d369b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
811d586b67b9ca70ef958be971a6cb0f

SHA1
9fab532d8b861295d42b9271417be98656c948c6

SHA256
9e5314e343ac9743e5df2ccbc191fb54ec74617c4fb5129ad7c2b0d4384b2634

SHA512
5a02baeb297dfa1566885338ccbcdf5ac911502efde0ff47c859d8a4149db9893389f3f4a55ecc073da00b6e186420bdb228b91aef2e0d19731f3b66c73e9788

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
000a5cd0078d2ff9a9bd4c7fd93a4ed1

SHA1
7a0f176bd39dd87f2b48234a9630c5e34f00b85c

SHA256
050c04dcd769499a61e998ceb683872cbebd20044ee0f343ef687a23674d95eb

SHA512
b481cb7d21a324190618f7ef1e2030f8fb162eb22cc94ee748e1b98d24d84c62e6a75f1dba529612cff51a73c14f98943ce685cc8f37a6fc69c9dc7589b81b96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9de14fdbf076c7eac0f8112bc919aa98

SHA1
8ed48fe521e91ac1091102a921e4c7ece48fb4c0

SHA256
f90d505e002364691acfbe67572920df24cd8a0383b3add3e4c7a24cc14e5aac

SHA512
1a01fd8d17a23e7f1fb7d35a33538bc7a59a6d34a963afba0b0a2a6a726d10322f804a10106fbf878ff07ef3cf64e1635c41133e4d67cade80f628aaf71a2865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2c5609a83a2adbae4ffc13eb1cf13ed7

SHA1
7303257809eb83d03ce8026583b34d6426b0e5f4

SHA256
817c6882e1c5e357d7e71ff0e21a757f3f3ef42024de6f151dd0e03c897fd440

SHA512
66e8a78648b4afbe3120c01b553b70ed0bb185834566f632e4bff97fac2a179f6943200a9cd60a317833571b51132ac6552460c44d6c23da2dde9d25a6f09029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
716b0e0b4b52d33a1d872348fe5fb38b

SHA1
a03fccdb5ec8143fbb9b4cf2a20f517fc3390b7e

SHA256
54f55a002ece6559b50fad24d482ea110a992885a6bcbece18a345d953a35a34

SHA512
40ce3f9fa20cb9af6fc13d0012b22397d92fac738caaef0a6f062e9676327ebfe497ff98d4436eb14646b473fbc31aa6b9d391c1971cea59fcaf242d14392329

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
60413a58a6179776019df466b1dd7796

SHA1
b11584414d6bcbc90b31ee0cec346e46e024266a

SHA256
f502e93a1162d8f3b038b1c4cfab01fd0e9567052ff89bd9a3e4c66cfa18d934

SHA512
0c74a40634389399fd08752e10f0828cd1a18f9c8d756c02dd0a1f0f6e13ac114444c7b564543570b34e75553324649d719b34b69720f3fb79196c4e1d8ef215

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
14KB

MD5
bec46d710fbcd69ea86b19df06b9f30c

SHA1
fa76b7f744004589d4a88dc5f97d9ab2085d3180

SHA256
7d7d279fe08d4d52b2d4eac2c81f4ca8a5ba872e02de55aad395c0585035637d

SHA512
bedd26767a32061e9c66edb4d071a5654010fe234dfbf670f45947aaf446495f36ea796bb6f3ca5566eafd5d24c1286e2a6420cf54e3b579b563f74cebc88288

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
2aaa4134481f6d4ef6b44658d489618a

SHA1
a30f020b4ea91f8bb2875813b2e8036a679e74c1

SHA256
56ffdcba29a25e206349d6f8805f3c8559d7b2eab82475e6b8fc6316c02aa964

SHA512
f4ffae089eaacfc819103dca1c330995b90ab797d3b2e9403da909691cda4cdcea2ba7b97046cd14c84c44bddc6ee565303b9dd4273dd1444224a343d4591b45

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCD841F.tmp\sist02.xsl

Filesize
245KB

MD5
f883b260a8d67082ea895c14bf56dd56

SHA1
7954565c1f243d46ad3b1e2f1baf3281451fc14b

SHA256
ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

SHA512
d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

Download Submit
C:\Users\Admin\AppData\Local\Temp\dcd.exe

Filesize
227KB

MD5
b5ac46e446cead89892628f30a253a06

SHA1
f4ad1044a7f77a1b02155c3a355a1bb4177076ca

SHA256
def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

SHA512
bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
335B

MD5
943c0a2ff5f0e12aaf3ca1695bc39016

SHA1
f19002a50f3073973eff5c1076b27db22fc8b2b7

SHA256
08f9297db7709d7715a88df1ab02343e78e80184bd60f7bcb6e4eb80758cb144

SHA512
e1e684660a56518c08c5aea83b48c0a558248c08e2fb26ce5fe86d89ce13e93eb4d9fec18cb5da7a8aaa32c420c297a59e5bc3a765c291735f7e37de3b5d5463

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
16B

MD5
d29962abc88624befc0135579ae485ec

SHA1
e40a6458296ec6a2427bcb280572d023a9862b31

SHA256
a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866

SHA512
4311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
1KB

MD5
f8bfb06779c5a8e0699653175ca31133

SHA1
5db63a72dc209d004dfb6dc26261d9550f804632

SHA256
c18ff6c199da6b418f549c825bdd9708b53ec47c3376e9745ff511e295e0df2c

SHA512
522b6e3eccdba9dd631d46de2a5814193ca5ade2e3070b06b069ee8fd2707b131c05cc00665fd6268224d1f25faf973a3580b745c32ac9ee33a4e8fd4b388a10

Download Submit
C:\Users\Admin\Downloads\Silviozas-Premium-Proxy-V3.85-CRACKED-main.zip:Zone.Identifier

Filesize
209B

MD5
33eddda62a260d89d99ece3b89a3a64f

SHA1
6c708459a94a6cb5c57655f1a052c398e7367e05

SHA256
fb53bc4812c1bcbaea8256ba448036ee7f2a2374e9a27e704d85b09063581b3c

SHA512
2c4d85579a91350515cffb84646892972526994671c000d860e425d13283f8d02a1832cfab55d850c5ee3f5181b1e534f3ec6ce5e99b7895dad724367491e9ab

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 259173.crdownload

Filesize
1.4MB

MD5
1a60fbd63948cb13126d88c0e71f7a6b

SHA1
764b74a28ebd0e657fd7ba8a7f2616fd24d23fd3

SHA256
b0eb1abd740144014dbdc0d1c6f61bcfb5a640ae238506415bb305bafcbbb791

SHA512
b2f3aef0eff8934f72927dcd0b71180013a1eef5d968b3db494a7c946d36655ed6f304d50a90c1895b093c00297ce695b2eae22d0b06386945d8eeaf6c5fa1fd

Download Submit
memory/2240-1328-0x0000000000890000-0x00000000009B6000-memory.dmp

Filesize
1.1MB

Download
memory/2240-1329-0x000000001B6B0000-0x000000001B700000-memory.dmp

Filesize
320KB

Download
memory/2240-1333-0x0000000002C40000-0x0000000002C7E000-memory.dmp

Filesize
248KB

Download
memory/3064-898-0x00007FFA6E0B0000-0x00007FFA6E0C0000-memory.dmp

Filesize
64KB

Download
memory/3064-896-0x00007FFA6E0B0000-0x00007FFA6E0C0000-memory.dmp

Filesize
64KB

Download
memory/3064-371-0x00007FFA6E0B0000-0x00007FFA6E0C0000-memory.dmp

Filesize
64KB

Download
memory/3064-373-0x00007FFA6BDF0000-0x00007FFA6BE00000-memory.dmp

Filesize
64KB

Download
memory/3064-899-0x00007FFA6E0B0000-0x00007FFA6E0C0000-memory.dmp

Filesize
64KB

Download
memory/3064-897-0x00007FFA6E0B0000-0x00007FFA6E0C0000-memory.dmp

Filesize
64KB

Download
memory/3064-374-0x00007FFA6BDF0000-0x00007FFA6BE00000-memory.dmp

Filesize
64KB

Download
memory/3064-368-0x00007FFA6E0B0000-0x00007FFA6E0C0000-memory.dmp

Filesize
64KB

Download
memory/3064-369-0x00007FFA6E0B0000-0x00007FFA6E0C0000-memory.dmp

Filesize
64KB

Download
memory/3064-370-0x00007FFA6E0B0000-0x00007FFA6E0C0000-memory.dmp

Filesize
64KB

Download
memory/3064-372-0x00007FFA6E0B0000-0x00007FFA6E0C0000-memory.dmp

Filesize
64KB

Download