b4d41cf83f3d337de9166ad65ef9bc7cff2c35191ab0538109fffbbc82c7d53e

Analysis

max time kernel
1799s
max time network
1803s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
06-08-2024 15:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Qt6Core.dll
Size

6.7MB
MD5

b6c673ece7f71e3b7f98263d445b9ba2
SHA1

b27e7362102ad9f1bd85fd96b3b6077824e7cdec
SHA256

310d70735676fa6ef007344ff784493f5ba65ae3675886b4bc9bdb8e9d9cd822
SHA512

23d78951710725a56b4b3b4ef288d2ef9f86fc7c12f9509b787a6aacfa04f4f903bebf13a9e836d7bdc4ed2772ed7c9d5dc4548d342f047453b5910ba8820a2c
SSDEEP

98304:lcSgvuIAInSljjvOiUJlKFdu9CwJsv6thw12vP7zIPR+9Xz/ZfX/8lFxW+MEH:FD1vAHKFdu9CwJsv6thw123RE

Score

8^/10

microsoft defense_evasion discovery phishing

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 5 IoCs

pid	Process
2020	PrismLauncher-Windows-MSVC-Setup-8.4.exe
1568	prismlauncher.exe
2580	prismlauncher.exe
4692	prismlauncher.exe
3516	prismlauncher.exe

Loads dropped DLL 36 IoCs

pid	Process
2020	PrismLauncher-Windows-MSVC-Setup-8.4.exe
2020	PrismLauncher-Windows-MSVC-Setup-8.4.exe
2020	PrismLauncher-Windows-MSVC-Setup-8.4.exe
1568	prismlauncher.exe
1568	prismlauncher.exe
1568	prismlauncher.exe
1568	prismlauncher.exe
1568	prismlauncher.exe
1568	prismlauncher.exe
1568	prismlauncher.exe
1568	prismlauncher.exe
1568	prismlauncher.exe
2580	prismlauncher.exe
2580	prismlauncher.exe
2580	prismlauncher.exe
2580	prismlauncher.exe
2580	prismlauncher.exe
2580	prismlauncher.exe
2580	prismlauncher.exe
2580	prismlauncher.exe
4692	prismlauncher.exe
4692	prismlauncher.exe
4692	prismlauncher.exe
4692	prismlauncher.exe
4692	prismlauncher.exe
4692	prismlauncher.exe
4692	prismlauncher.exe
4692	prismlauncher.exe
3516	prismlauncher.exe
3516	prismlauncher.exe
3516	prismlauncher.exe
3516	prismlauncher.exe
3516	prismlauncher.exe
3516	prismlauncher.exe
3516	prismlauncher.exe
3516	prismlauncher.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Detected potential entity reuse from brand microsoft.
phishing microsoft

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Setup-8.4.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TaskKill.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
1096	TaskKill.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133674305137879723"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 48 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\curseforge	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Applications\prismlauncher.exe\shell\open\command	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\.mrpack\PrismLauncher.App_backup	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\.mrpack\OpenWithList	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\.zip\OpenWithProgids\PrismLauncher.App = "0"	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-970747758-134341002-3585657277-1000\{5CB6FABE-FEBE-4006-B6AB-6CBBF3847DC9}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\PrismLauncher.App\DefaultIcon	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\PrismLauncher.App\shell	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\.mrpack	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Applications\prismlauncher.exe\Capabilities\FileAssociations	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\.zip\OpenWithProgids	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	prismlauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\curseforge\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\PrismLauncher\\prismlauncher.exe\" \"%1\""	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\PrismLauncher.App\shell\open\ = "Prism Launcher"	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\.mrpack\OpenWithList\prismlauncher.exe = "0"	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Applications\prismlauncher.exe\Capabilities	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\curseforge\URL Protocol	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\PrismLauncher.App\ = "Prism Launcher"	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\PrismLauncher.App\shell\ = "open"	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Applications\prismlauncher.exe\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\PrismLauncher\\prismlauncher.exe -I \"%1\""	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\.mrpack\OpenWithProgids	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\curseforge\shell\open	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Applications\prismlauncher.exe\shell	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Applications\prismlauncher.exe\FriendlyAppName = "Prism Launcher"	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\.mrpack\ = "PrismLauncher.App"	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\.mrpack\OpenWithProgids\PrismLauncher.App = "0"	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\curseforge\shell	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\PrismLauncher.App\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\PrismLauncher\\prismlauncher.exe,0"	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Applications\prismlauncher.exe	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Applications\prismlauncher.exe\Capabilities\FileAssociations\.mrpack = "PrismLauncher.App"	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\.zip\OpenWithList	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\.zip	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\.zip\OpenWithList\prismlauncher.exe = "0"	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\curseforge\shell\open\command	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\PrismLauncher.App\shell\open	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\PrismLauncher.App	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Applications	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\PrismLauncher.App\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\PrismLauncher\\prismlauncher.exe -I \"%1\""	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Applications\prismlauncher.exe\shell\open	PrismLauncher-Windows-MSVC-Setup-8.4.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\PrismLauncher.App\shell\open\command	PrismLauncher-Windows-MSVC-Setup-8.4.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\PrismLauncher-Windows-MinGW-w64-Portable-8.4.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Setup-8.4.exe:Zone.Identifier	chrome.exe

Suspicious behavior: AddClipboardFormatListener 6 IoCs

pid	Process
568	prismlauncher.exe
4664	prismlauncher.exe
1568	prismlauncher.exe
2580	prismlauncher.exe
4692	prismlauncher.exe
3516	prismlauncher.exe

Suspicious behavior: EnumeratesProcesses 39 IoCs

pid	Process
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
1236	msedge.exe
1236	msedge.exe
3556	msedge.exe
3556	msedge.exe
3508	identity_helper.exe
3508	identity_helper.exe
404	msedge.exe
404	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
3152	msedge.exe
2824	msedge.exe
2824	msedge.exe
4656	msedge.exe
4656	msedge.exe
1080	msedge.exe
1080	msedge.exe
3536	msedge.exe
3536	msedge.exe
2228	identity_helper.exe
2228	identity_helper.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
568	prismlauncher.exe
4664	prismlauncher.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3540 wrote to memory of 3400	3540	chrome.exe	89
PID 3540 wrote to memory of 3400	3540	chrome.exe	89
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 4136	3540	chrome.exe	90
PID 3540 wrote to memory of 1568	3540	chrome.exe	91
PID 3540 wrote to memory of 1568	3540	chrome.exe	91
PID 3540 wrote to memory of 3068	3540	chrome.exe	92
PID 3540 wrote to memory of 3068	3540	chrome.exe	92
PID 3540 wrote to memory of 3068	3540	chrome.exe	92
PID 3540 wrote to memory of 3068	3540	chrome.exe	92
PID 3540 wrote to memory of 3068	3540	chrome.exe	92
PID 3540 wrote to memory of 3068	3540	chrome.exe	92
PID 3540 wrote to memory of 3068	3540	chrome.exe	92
PID 3540 wrote to memory of 3068	3540	chrome.exe	92
PID 3540 wrote to memory of 3068	3540	chrome.exe	92
PID 3540 wrote to memory of 3068	3540	chrome.exe	92
PID 3540 wrote to memory of 3068	3540	chrome.exe	92
PID 3540 wrote to memory of 3068	3540	chrome.exe	92
PID 3540 wrote to memory of 3068	3540	chrome.exe	92
PID 3540 wrote to memory of 3068	3540	chrome.exe	92
PID 3540 wrote to memory of 3068	3540	chrome.exe	92
PID 3540 wrote to memory of 3068	3540	chrome.exe	92
PID 3540 wrote to memory of 3068	3540	chrome.exe	92
PID 3540 wrote to memory of 3068	3540	chrome.exe	92
PID 3540 wrote to memory of 3068	3540	chrome.exe	92
PID 3540 wrote to memory of 3068	3540	chrome.exe	92
PID 3540 wrote to memory of 3068	3540	chrome.exe	92
PID 3540 wrote to memory of 3068	3540	chrome.exe	92
PID 3540 wrote to memory of 3068	3540	chrome.exe	92
PID 3540 wrote to memory of 3068	3540	chrome.exe	92
PID 3540 wrote to memory of 3068	3540	chrome.exe	92
PID 3540 wrote to memory of 3068	3540	chrome.exe	92
PID 3540 wrote to memory of 3068	3540	chrome.exe	92
PID 3540 wrote to memory of 3068	3540	chrome.exe	92
PID 3540 wrote to memory of 3068	3540	chrome.exe	92
PID 3540 wrote to memory of 3068	3540	chrome.exe	92

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Qt6Core.dll,#1
1⤵
PID:400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff8d60dcc40,0x7ff8d60dcc4c,0x7ff8d60dcc58
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,6184048093579862926,7726140129297371946,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2020,i,6184048093579862926,7726140129297371946,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,6184048093579862926,7726140129297371946,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2344 /prefetch:8
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,6184048093579862926,7726140129297371946,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,6184048093579862926,7726140129297371946,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3088,i,6184048093579862926,7726140129297371946,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4608,i,6184048093579862926,7726140129297371946,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4976,i,6184048093579862926,7726140129297371946,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4288,i,6184048093579862926,7726140129297371946,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4224 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4876,i,6184048093579862926,7726140129297371946,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=224 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3884,i,6184048093579862926,7726140129297371946,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4560 /prefetch:8
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4836,i,6184048093579862926,7726140129297371946,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3372,i,6184048093579862926,7726140129297371946,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5152,i,6184048093579862926,7726140129297371946,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=224,i,6184048093579862926,7726140129297371946,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:756

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3900

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4492

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3128

C:\Users\Admin\Downloads\PrismLauncher-Windows-MinGW-w64-Portable-8.4\prismlauncher.exe
"C:\Users\Admin\Downloads\PrismLauncher-Windows-MinGW-w64-Portable-8.4\prismlauncher.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:568
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar C:/Users/Admin/Downloads/PrismLauncher-Windows-MinGW-w64-Portable-8.4/jars/JavaCheck.jar
  2⤵
  PID:1900
- C:\Program Files\Java\jdk-1.8\bin\javaw.exe
  "C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -jar C:/Users/Admin/Downloads/PrismLauncher-Windows-MinGW-w64-Portable-8.4/jars/JavaCheck.jar
  2⤵
  PID:736
- C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
  javaw -jar C:/Users/Admin/Downloads/PrismLauncher-Windows-MinGW-w64-Portable-8.4/jars/JavaCheck.jar
  2⤵
  PID:2596
- C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
  "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -jar C:/Users/Admin/Downloads/PrismLauncher-Windows-MinGW-w64-Portable-8.4/jars/JavaCheck.jar
  2⤵
  PID:4648
- C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
  "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -Xms512m -Xmx4096m -jar C:/Users/Admin/Downloads/PrismLauncher-Windows-MinGW-w64-Portable-8.4/jars/JavaCheck.jar
  2⤵
  PID:3924

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004C8
1⤵
PID:1104

C:\Users\Admin\Downloads\PrismLauncher-Windows-MinGW-w64-Portable-8.4\prismlauncher.exe
"C:\Users\Admin\Downloads\PrismLauncher-Windows-MinGW-w64-Portable-8.4\prismlauncher.exe"
1⤵
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.microsoft.com/link?otc=WM5PMYVM
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xdc,0x110,0x7ff8c3023cb8,0x7ff8c3023cc8,0x7ff8c3023cd8
    3⤵
    PID:2000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,4102982920996760721,5320933057489358685,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
    3⤵
    PID:4648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,4102982920996760721,5320933057489358685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,4102982920996760721,5320933057489358685,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
    3⤵
    PID:1440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4102982920996760721,5320933057489358685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
    3⤵
    PID:4052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4102982920996760721,5320933057489358685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
    3⤵
    PID:1892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4102982920996760721,5320933057489358685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
    3⤵
    PID:2248
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,4102982920996760721,5320933057489358685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,4102982920996760721,5320933057489358685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4102982920996760721,5320933057489358685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
    3⤵
    PID:2212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4102982920996760721,5320933057489358685,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
    3⤵
    PID:2476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4102982920996760721,5320933057489358685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
    3⤵
    PID:3900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4102982920996760721,5320933057489358685,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
    3⤵
    PID:544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4102982920996760721,5320933057489358685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
    3⤵
    PID:4164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4102982920996760721,5320933057489358685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
    3⤵
    PID:3672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,4102982920996760721,5320933057489358685,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2516 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4102982920996760721,5320933057489358685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
    3⤵
    PID:3376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1888,4102982920996760721,5320933057489358685,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6404 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1888,4102982920996760721,5320933057489358685,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6520 /prefetch:8
    3⤵
    PID:4440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1888,4102982920996760721,5320933057489358685,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6544 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.microsoft.com/link?otc=CSEFXPC5
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of SendNotifyMessage
  PID:1080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8c3023cb8,0x7ff8c3023cc8,0x7ff8c3023cd8
    3⤵
    PID:2644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,15510155623783261178,15935378204542937345,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1844 /prefetch:2
    3⤵
    PID:3964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,15510155623783261178,15935378204542937345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,15510155623783261178,15935378204542937345,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
    3⤵
    PID:32
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15510155623783261178,15935378204542937345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
    3⤵
    PID:3708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15510155623783261178,15935378204542937345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
    3⤵
    PID:3064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15510155623783261178,15935378204542937345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
    3⤵
    PID:3560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,15510155623783261178,15935378204542937345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3972 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3536
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,15510155623783261178,15935378204542937345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15510155623783261178,15935378204542937345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
    3⤵
    PID:900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15510155623783261178,15935378204542937345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
    3⤵
    PID:404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15510155623783261178,15935378204542937345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
    3⤵
    PID:1164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15510155623783261178,15935378204542937345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
    3⤵
    PID:884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3960

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004C8
1⤵
PID:4792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d60dcc40,0x7ff8d60dcc4c,0x7ff8d60dcc58
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,12746107449308228579,1616218362098059998,262144 --variations-seed-version=20240806-050131.461000 --mojo-platform-channel-handle=1832 /prefetch:2
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,12746107449308228579,1616218362098059998,262144 --variations-seed-version=20240806-050131.461000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,12746107449308228579,1616218362098059998,262144 --variations-seed-version=20240806-050131.461000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,12746107449308228579,1616218362098059998,262144 --variations-seed-version=20240806-050131.461000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,12746107449308228579,1616218362098059998,262144 --variations-seed-version=20240806-050131.461000 --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4468,i,12746107449308228579,1616218362098059998,262144 --variations-seed-version=20240806-050131.461000 --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4700,i,12746107449308228579,1616218362098059998,262144 --variations-seed-version=20240806-050131.461000 --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4824,i,12746107449308228579,1616218362098059998,262144 --variations-seed-version=20240806-050131.461000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5012,i,12746107449308228579,1616218362098059998,262144 --variations-seed-version=20240806-050131.461000 --mojo-platform-channel-handle=4316 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3416,i,12746107449308228579,1616218362098059998,262144 --variations-seed-version=20240806-050131.461000 --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3256,i,12746107449308228579,1616218362098059998,262144 --variations-seed-version=20240806-050131.461000 --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5144,i,12746107449308228579,1616218362098059998,262144 --variations-seed-version=20240806-050131.461000 --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3360,i,12746107449308228579,1616218362098059998,262144 --variations-seed-version=20240806-050131.461000 --mojo-platform-channel-handle=3316 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5532,i,12746107449308228579,1616218362098059998,262144 --variations-seed-version=20240806-050131.461000 --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5268,i,12746107449308228579,1616218362098059998,262144 --variations-seed-version=20240806-050131.461000 --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:1948
- C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Setup-8.4.exe
  "C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Setup-8.4.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:2020
- - C:\Windows\SysWOW64\TaskKill.exe
    TaskKill /IM prismlauncher.exe /F
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:1096
- - C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe
    "C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: AddClipboardFormatListener
    PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5248,i,12746107449308228579,1616218362098059998,262144 --variations-seed-version=20240806-050131.461000 --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5568,i,12746107449308228579,1616218362098059998,262144 --variations-seed-version=20240806-050131.461000 --mojo-platform-channel-handle=3460 /prefetch:8
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5536,i,12746107449308228579,1616218362098059998,262144 --variations-seed-version=20240806-050131.461000 --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:756

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4240

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1108

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:3344

C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe
"C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
PID:2580

C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe
"C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
PID:4692

C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe
"C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
PID:3516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
300b718d38f56830996203c41580f3d5

SHA1
1afd9aa040316643d0baf246025d83eadf33e044

SHA256
8bf9bc4e6f99d309ec835aa854eaee255b907783c9f03eda585116b4526ad6f7

SHA512
cd65a4fafd5a0b5b8b653feac5d70d690b473cf1b498e295dc6674a961ced19d7a7fdf6c6ec68feff0c8b7f2ec1f75b71e0b724535bf18ecd0ec1a084a121ebe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
822467b728b7a66b081c91795373789a

SHA1
d8f2f02e1eef62485a9feffd59ce837511749865

SHA256
af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

SHA512
bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\28B0E0AF40F63C3821A6847F32D779E8

Filesize
346B

MD5
5bfde7ba5b968aadd7033713e17fe39b

SHA1
1ab11b3d4f56233ee3a07748417b814877aee313

SHA256
471560125443415e393cb7c5fb4a4d6f5cd67b74bce324a6ce61b1586d1d10da

SHA512
e5b0abedac5a6a3d30da2075c6a4c7e6df9d1a0ade32406db7ba4a8d9ca5443435f4e6656fdce33c3e64246dc9b48caef043dae50d137a4d251160475ea755a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7217ED7919DECB43AE47D745172955D5

Filesize
504B

MD5
7b24f182f673c740f0c61d35aab2899d

SHA1
2ec48163f39549b0f8eaeaa98cafe39223a3b86c

SHA256
26795732baabd9bfc5a893de3b38f4be19dcf9accae3d6105b9b132f5c44b837

SHA512
1ddb0ae8e9732e9247aadea295c4350183973e095ca79709022e8442467df72eabcc95b54ecaa22784caadd964cd3df29d117dc436cae174c4b839bc24db32cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
2KB

MD5
9b1043f08a6f7fb28e172c324658e774

SHA1
ffd4839ec47dc548d97eb85ff1d8b2ab513b373b

SHA256
2aa8224947013de567b0e5496bb1191f3a3ad0b74ef0b8ef39c04034bd1669d6

SHA512
2698dd01e80f9e462a476b24371e01052bb677aa6e163ef5637f09f8fc8f8d2a78a3d1b864f7aa77ab5f9fb34a946b5dab5046775c256240c5625de93248b17a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
1KB

MD5
c0b8ea98acc40f51aa21d99b89089187

SHA1
b75bdb7c58ac7fca2fa02cd114fdcb0238dd085f

SHA256
6dd9755df75116c6201c3babf69bbf3c35a25113fb5f82388fafc92660a0dda4

SHA512
fc561cd12ad8a39f9d15c005a7dd4b745ad8d10ce870dc1df731f50507dd30ecd2c0ad7bb999032047f763914536de70ea99e9332ac9c2f8306384b8a9927297

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
f3efa56ecde608a9cb03094f1e1a352a

SHA1
9b8766fd518b399e2e672e48e6195f7085f46c5a

SHA256
85ef96e823cdb3024b0cb32d7dfc567404f384ea126cfbb98b233587e8f72699

SHA512
7f88d968ee8c0c6a3712bf16fbd5a6bdf09d870670718b3e3bef2d79d3170dd5f3935ae966953fabfe79baf8a554f87b2185ac6cbf37079fe804c2a5b3d8c00b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\28B0E0AF40F63C3821A6847F32D779E8

Filesize
544B

MD5
4cbbdc94911cb1d6f50a6efdfffa52a8

SHA1
55abddcb7d957c7f3408930385187e37ee280f85

SHA256
c4ae6d4952de8379a8bc493b4bd87f9fb06baa8ff6a3eb8e877895f4b56dd82f

SHA512
559f215f41e19372aa950f38aee253cdf35e3f40bed1a9a122dc7ddcc0a307c0b53250cc90c74ae42a90f06c319644a6edd4641f1c523c89ff48c259ed611382

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7217ED7919DECB43AE47D745172955D5

Filesize
546B

MD5
a966d32620f3903df8308abed7ce7090

SHA1
52f211e0e9d1714d7baf8e2b103b227fb65a5055

SHA256
58d118a2071527c4f04d8beffec4e66f19ccb27ccce7e13a24dff50cc0c367e1

SHA512
a9ebea4541ee00f8d81f3cd1322bad5a623386e118b7c01a72814c3393ec76c3a59cdb48e5031ffbe521a19656ac2b500f2262b409b2aa192cce0a8f36fde3db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
458B

MD5
438e39cccf4d68537ba88709ba4cc4f5

SHA1
610454a3e6f739a8fe76191e627132b83200b834

SHA256
ef6c0dbe4b4ba892fc194041f189198870ce0b4cad0efe3b47a6b193c7f2a77e

SHA512
16fd76628f3b8daff34beb9affa42d6b0a9fef1bf176535ce45bd9f1c319797ef9160a3595e545e6eca71a2f3d93f8c0f08efffd0d143eef87adcc77de856a91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
432B

MD5
e7feb6c59b5cdeadd08b3e20c5c1923a

SHA1
46f7648d8347109395a4a897c99f6c77456f1f60

SHA256
d49a752d5bc544bf13a38864681ad225943721887e048768f24678aaa0e9eac8

SHA512
54657ee4f682406b3b43094d459328e5b9475b07ac703500ee39c076873f392a44dd8f8a0311a92752a6a56725f8934b7306a1cf4019e21bc867901cac1ef753

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
d56c90cf1ff6567d934977fb178605c0

SHA1
2ba4bf90593b46f86073a990dc239b2ef9c15bec

SHA256
e4961ea48767fcd80a6c626350ec730c8fbcf7c84ce5a5097beb96af7aac2fdb

SHA512
6dee81c94e4b04831a3087c3016666a06a001ef0f5da9dbb0a1102e2da6caf60dcbd479e47a18bc39a7f8da7c0a3024a05c2913408a8acf2c890e19b2d9ee0db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\67fd2c31-0e81-4300-bafa-7e12e311d36a.tmp

Filesize
10KB

MD5
b17ed3e4c964a2f25745efc558725e63

SHA1
069a94dacdccf0c09da2f4c0f78a1c00ed191fff

SHA256
edaf1d40dc8464af6b458b2aa4cbbe7f2557af0c121f3ae5992640c5812dbd07

SHA512
668cc639494b692076a5045097513a5ff9dfb2280555f364da965a78e7c51089bfd39ca5bb2a2565c47d89b5d45548e9744630a774f048b056aa782eef03a710

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
ed684443a6b6f18d01c2d38b4f3e32ef

SHA1
6511b0e2b3b4bbd465df398194498406ef5baade

SHA256
5a2ccae4fbcca49147ba9d94dea5ef48cd16f356116d3c5ef477e087af18b7a6

SHA512
77ddb33451ea085dc10e1a88afd2da605809962a8b1cd85a52b6e7b6cb47f6668fbb902f4e81527d65e9e509d1ae1233bd6796a183ddd75c57a88754a859065b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
e1e027fdde231a05424560075c21c007

SHA1
e8e26533027fab8f233d2311bb4b000e161baf89

SHA256
bce1b1daa53f7c0963381926492a3c31c9656cd6305ef0f500b6116002f03a28

SHA512
750950efac6450fbd2e4267819620acccb61c4b56779a160d2a27fa45b48e046dd832509ed8d358dc12b66c2245e7cae8ecbfd9899235eacd3760c293c349d94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
a5c7707614e2cbf4dde6fb70db2265a9

SHA1
3ea14eea69bc3323ab74b17292f7d1df846f5086

SHA256
b1082aed55bb0b5688bc243b3b666f10759f49312a48aee36aa6a1d0676b9dc7

SHA512
27ac597bf978976fd9d4e964cb243913692e4ec225453c23aca241d6b71d3323848ed6f49d00b10284f51a1b87eb3131092730a17ef50b8d0cfacbb884baeb7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
07d51ada17b8e39b30055624be29933e

SHA1
6aaa6021cb7fbdddfdd64b1c028d9a0f2518c833

SHA256
ccd83270fda50051ac33dc8c3f14d50524e70c3311916196a5f86ee528e6f8b8

SHA512
72504ee1c74aedf50be9b0e08e12ead4a1aad31649d9947116245cab6a9ef9d4529e82d44f7a4ca8ffcf2d9b0557ff58fe0a9ce6c337f5cbf077ffe6dd3eafe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
25b802900c42d836d1fa9a884a7f7f61

SHA1
a4186270857f57dc248d3d70e416eed8e91af722

SHA256
c90d089878c32fde5b0693c3d0bd74d00465f08d62ec46b580cb729b6bb379ba

SHA512
5011c5fe2fd5c0cb667cbb59019a2c857a38473576612f17b15dd77e203161f3b44afe93a2425f603f8c895e2554a677abefefb54999c9fbf966b580d65fb603

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f4f7481637f2177b63aac029ac59e4be

SHA1
32c34cc0f120119d3cae1acfb3f40f6debb06e85

SHA256
c00283a3116a5f1a9681a00de9bda71860efe710100b44050d7497e9c64bf082

SHA512
5f2422847acb45edc226f66f9fd5be2059e3c4edeb42c0f5027a8e7a3f36a07ae15f7165577ea3b2afc89a9b54d4494c150b1261e0c40a65937c1eb873a8a40b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
089787f4f137e16d9ddcfd669ef0cc21

SHA1
d5b7752f6c54eb4ce20e3e046f123ff28f8940aa

SHA256
967366925045469cbd12b494326d200d8e8c0933f57197da922762fffe35388f

SHA512
56d872ec8b6119c22ba05c93a1a5cc6547a38ec4dcbb651d4e012701ae128e63cb4e4f064e7247352f6310c31e068f1c0c42d6044a65070bd4739b499254f059

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
481eb6a6824d173580f3b1c4ce030ca2

SHA1
77f5d21ee3fea849490bf070158c2e5644f023d6

SHA256
907065d3e56a45b35c633ff144e6ac093fb8fc8dc75b0fae1badef08ea9398e0

SHA512
f022074eac276f88aed7b3be8a48865481b6de686cbe5cda49d19871dde763dd5b253af06ec9cdb7281059ee5e09f09cdb536bd6979516d4aea53a3b2f814e6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
d1b0059dfb65add1532190c9c5dfc1cd

SHA1
0405802652c48a116cf13c32530c2b745bfed291

SHA256
91920a9d1b9bea1c5de65147d54f88ba73ce30ebad05c751f4d16c2282bac470

SHA512
f94557243318d6407f0fd08d1cc56a225c0ad60589d0e64a02409527398a9a2ca79655143aae6651ac79096ef68492bae492980a75538965c7cdb32b0c507226

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
840a182f81ba5f2ca0764e302d68b49a

SHA1
e553877a61a5cbbb2dfcc54d81f477b028dd1e39

SHA256
22e8dd3290ab9bb0fb4ecaf16f3b6b1e512a8ea2d0dc0f04923c0c5cdf81e33d

SHA512
ba6fbad145a83be6eda5e081669a05938faaabb90767fddaf834afd1d544cd9355309c286a04cfd24b621003f84611d45e45af43bd01c3b37aa7cae1187ffd7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
2366face60e62b2d24dbfe24072d4a3c

SHA1
028cbbe332af47702202930c0e402d2edd79bb54

SHA256
4c8ba6ed04e733662b19d719adf08c043175cbd9f9379bba6b9b129d2732abbc

SHA512
de7552b0b0783ff636bb9f2bbfff4c487ff38cf38f7cb4a7f2873317c07950ce8d4ee8ec8d457e53d3f7ca38b41767b7a13a5ec12fc2936724e169a2d9fc79bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
8b313e749fa73af6287e2a0b9e93c8ad

SHA1
b16073613f94eb3b727d42eea64aca5bec5d35e6

SHA256
a8953319f67a821b7e379f2dc8180d52672bae66c7b779f18208edcc4764cc8d

SHA512
92bb58cde911ece5d707408465eb850c456393101074f62ce91ea2b4702481467b38c916a3ccc36674d65344dd185488eb0e0d30389a160bef2683e3aa036438

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
3e1df26bd7c520f6c6558435c295a6a3

SHA1
653e6f63cf1aae8ed29ce54224d6b4721c7c9174

SHA256
1470a837b8bbe93677ce63bdd287f63b58945765802667785571562dbb3bcf46

SHA512
4303f9b83327afcf71e63e67b17be14d6e31bbb937f69977f45891f755157eabdd72009c07fe218b833329d1ea2d66011bbf6ea68abd97b8306214315c8fb07f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
e8b3e710f443337e55d311293345da82

SHA1
60860fedda3b2637b010b9ec604bbd2807f66013

SHA256
53749aa9dc10426c823a92dace3c156ce4e39487e759d8d051040fbeeb0aed85

SHA512
cc019aaea3a2261915b31f96c1e88f98e0108fde97cbba0442bf0bb9c72625343b26cbd8b1e7f3717133297491d81812d9d9fd59a9bcd9758e85b682ab168d1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
be08e6c27bac76fb8732bb8323a1bcc6

SHA1
b3c180ce804e0abdadbc5fd91b33b1dba526b627

SHA256
9d9650e4bb253a506e1e615de58ff7bd214318764db8d00d0ae7c3644146b881

SHA512
a0e5de1b641ed5be2126f7c215c99e01dc2ec133d666d5d56ba682ca94472f7900a146ed7a4c12392bed72e74f6657d73e5d07e0cde37e62ec5f395e78b45b25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5528afbfc2530ee18cffd2047f03db14

SHA1
7226cd3e978f42ddcb5613792559b2a6b9d63db9

SHA256
121a2110eb1f75599a284ebe3fece3c0459258fbe7b4e1bbc175b4c81619edea

SHA512
25b4fa263da2dc2d91e805e654053a671b0959522dd4f310e42ca9b04002687751ece7cbb40ea3198beeb25d04ec4f10f44148532dd5598a52bf89ed1680301a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
55195a0e55709113bdc6a50310c72491

SHA1
5aad85c665d5528f96e796f11cb7d63078da5f36

SHA256
9a3d10a5e90d64b9b869dfaec2f5d9d82ea65bb232cf5cd185aee67d088bfabd

SHA512
bc4c913fb4643095283b6dda3b9fff04153f59d3f1d9bdfdab9b595444da0d94775483e6569d19eedde2f1c7e58f8c098afc672112030e443063221d5681a075

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a6eed3dcf2c887f81191f3db4b726327

SHA1
a11ba70ad1b462acfc64b6f55330582c1be1f01d

SHA256
2e7a37797bcb3efd39f867b47e1490e7077d4d47dc4b23472b90b4fe61950ae1

SHA512
55fac6fb7fe1e442fd72d67a5cccf2755a880aadf8f4c8c5e43edeb70e06fe17650ee4c3d95dbe8e56d35d06d850b3fa5c5bc1a1eff582f26f7954f7bb4d9285

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
522c19503e9406ab9ef1fcbc7cb1239b

SHA1
18fe2b371c6ba4f20a872c0282c08c5ecfd01534

SHA256
86e08baad152699c9013c4969ac54b7df1e5103634f669d1c030b8e5e655806f

SHA512
917c9b409fe31d580afab4fe0676f06a897b731fe0722daf546b56b97c12c77be80f19ee01d91eabb8f10f8c51e1bad9619c6c5a142946263a60d319b8c59f28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ba92822a3f5c2b17625632025d398a88

SHA1
d2baa0985a7b03aab796f032971332d94bc2d14b

SHA256
c5d5f3e5bfcc1004d5a46624ab8294e6a9d94698f3e8413905ac4d96a927b7a4

SHA512
c2cbb9431dfcab6df5f5a54de86b57c8a89aac16f581ee0a8b1c44fceb8baf2ad7f59611c25ef5586d5545db69fb3c838697f342bc9336c4d3940f77cbe94528

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7ce939608608e71c3e0c9efcbb74cde7

SHA1
db2e9b1fd8bdc5f90fa39e173e376d2dc4bd326d

SHA256
d9845418526773cdce0855dd41c6d0cebd9085ca779ead82a973ed5e330e5131

SHA512
db4394ffe53f5fffcc110f9bd3997f7ffa20e38ceb45d27dceb18f088628164eb790a76b1460659d71875491055972967f461fae589ffd9524db0f9e059332e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
00a1079b4a6ca229c0191d789fbdb3e5

SHA1
82c9858ceb10ca6b6560631d4228b73ceff2dd7d

SHA256
a9f0598ed140c146bd5525eb52c80acfe8ac89ed978e093fd327b7956e70b993

SHA512
559b5a903514e4c2ad52b98d4cd710193b707a37ee77a7d332f77c653e86b8817ed6a38844e0edb7f86cd1653a1dbf1ad4a0bbf41bfd53937998aab755e5936f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
729be3e22eb930d654b18c42df0153a6

SHA1
44e5a459312f7cf9607718d3c9a8ed3aab499174

SHA256
d7dea78451fd95adf86560e27732fbab107cff80f9d98dcf026b12ccb1d15beb

SHA512
4b03d0d6cfc1cad137a385b686aff8c647163ff2bb957b8a10e9b72382a511435bd6f55d17c040bea39418b102b8906e02b467495ec61b6ee6f3aa531b95d8b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c8946b86606655f8b2cb9a6beef42c1c

SHA1
1f3086648e52366cc7d6c65fb53e5f85e6f60495

SHA256
4f1af20a5639a10e6e64f447d70c934a0fc052507c870145b31e795d5372c8c3

SHA512
e74c6260cbf008e040a3e6042f68d7d8cf9ee4aa7b72c528387b3323ed7a3d373f82c0111c84ebec4c62106efaa0e2335b2b9d6dcba367048bfbebaf1b9fd6d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
45cce632afc4052e670d16c883ec14ae

SHA1
09a2cdd44dc7be8d614041dbee36218b11aefcaf

SHA256
0afd96353465a94a61ce7c02e3a46dbbc7319d12f47ffa04d464c659edbbc81e

SHA512
783f56badd2b8ad4a178acb8da752b9fa781ced8bdcb72a465b8d505389edab5fa9aaf84388b3c788b5d7796c9ac0e861ae98178db2676dbb661765996d990cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cdd7bbdb8b01d927413eebd59ec59a06

SHA1
69fd7c3098168b8056c7aae01985d09bbdc566c4

SHA256
c7f20b1805eef5cf71fd431c7802b193958861e3b186fef5407d448a92da7fcb

SHA512
94ec795bd69b152c27d93da70fd79b1b83182b915fa0a5cabf96d15b08bcb3e4f0c6c15b5b4275cdbfbb2339f3f52f6f5b03bd5d82d652d4fcb73bff2cdbef91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
93c4814375198cfcf540d91258400d6f

SHA1
2f7380e3b2617e303b0b40845247bda94b454701

SHA256
f6fd145985c5e633d8738e7bc2217206da817a349f5f7f533756ff9285f8d010

SHA512
ae9a483a0e67ea989b0eeaff60faefb1cf05c92f4ab19c40dbb75e4c297248b5b6ba6199fb6655e854d61871fdd407ab7d85c37d32f6a4897d45cbdbcd535f27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ddf846c7469afb8b8687a2142579a8da

SHA1
8ee6209ca238f0956a36bb456cd0ebb397920208

SHA256
3f0c168059b2d2231d8e234707c86c6e1c3789f13293565770f25f20826edc9b

SHA512
82bbb778337b4cbe2b12b2bcd111a5c667a861869dc447f29b1cc4c4b5c561f660961fec3f8574e624265a8332e54918e9c22a0afbaeadf859e78d7959923b74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
69f6714dd930095080db345e9cfe7258

SHA1
f7cf3db1d2896901d4c2ff7a65796ec1f03d3e45

SHA256
3464e7ecaf2b382cd69d40e25e193dffe71b6392176f21ca9ce940aa7776bc1f

SHA512
4f986dda78fe3ce2938f176ee4dcc716c245c5a547d2009b9938352f8d556e597760c347704f6dce2ac05bc580e20b6caf53c65579f8d1d800a0120517d7c0ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
be8898c4af51327f0fb661afd4707b65

SHA1
bfead7f183dac08986a5364ba86fa71f632233ba

SHA256
e81ac9c12e0ae7c3508b98e94d690e52f52a2aedc25242c7c3895bea4a858a13

SHA512
d4a299cbb418c58b4b90fa4a7057989b7f4530bbd1bdc404bef0a3e0e1e9b2a7068875df40928537067a23fff62272075f09d7b1e05ea8e3fdbe4c1abce11cb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1b2f7cefbb42516a6a72b5eec56b9cfe

SHA1
6fb10f2e2eeb04a319efa0284b92b42ecad4720b

SHA256
c9dc4c5301d49fdaa4221e04705c52aa2a907688b984fbf6f49d65216fe85685

SHA512
905a351698601b43106e1eb07678119965149199b19f2f90f85adc6599f86ea1abc9c56b04e938dca80dc36d4edafb04541adfd5136eab5458078394bb1bf785

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a971071e86bdacb1d4ea66c8004a6ba0

SHA1
9ce420ec4a2ad7ed7abefc2a05d6a18060f9ce46

SHA256
533ff8a2dab8b8924c47408ca143c290cfa619c44c924b3781781034c6d58b52

SHA512
24567d577d8bf6afef0cd3118f3310c264c35b2a47646cdfc53027614d9bd736b6a2b1dee51a38bf142b9761e487a8b5055bc365668128ce71b61cc0e85842aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ffd0b921d754551e3d1d5bcf2811c39a

SHA1
a73efc2632c6d9e0b45fffc89ff0dab0d3e72c13

SHA256
1a3825613bd44bd0f2f3c3e160d490b88b497f27be3baa8b8e638d3b7eef7d4e

SHA512
6000ac819ae03e9eb1f7525c09de3f26853b6e3ceb0e584f59b72a0da50d81b713d806a153ff3385128a4cb6ed8192233543b65430c63ade2dbc4d0ad41f25e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cd419908fe053301c652c641a63467ff

SHA1
f4755b5895e6c9905ec9e3ac3606a0260007eab1

SHA256
7da1c24677f12972ed5fb79d5870f10bdbbd6b3a51dac8f837a6c891c3c7ea6c

SHA512
f2d49014afa80771f23aeb66a20fb86923fc272a599cc5217d3fab01cef449790cec4bba399fd1162a3f8aeb805b283fcb43993b02ffa149b49ac572eebc93ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6ec89716fa24fed447c19e5fc7c4cde6

SHA1
ce62c60ec7515a2511559e5d67685278ccf7f25c

SHA256
871ed76c5978b0910f0233712393834e88e2b0aba314c43b738a4760a2c9372d

SHA512
257349018a19de9e0f27ce5bffa1d4ce3007a56fbf78f5e30dbd4193182d15611aad2653cb8a94b6fa0d19026d1a7a986445d802c3c7ff84dee0140ee0a0a6c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
112eafe61c0614c73795d0c5e18336a5

SHA1
13915fbc8aea16c9095f4fd7469a7a1023f8de3b

SHA256
69303c9b0e9cde2518832261663c1bda7d5159bd2c1c2c83d2a76579bda33642

SHA512
49ea859a21eaeef6e83e875ea33174f85fd0c0cc763aeb963678611e553f1accda7adf9b75594ad817d57dc064fe5efe219462d25e320f08b853040224e59a5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8874cf6258b10dfb8c6b3ac0ba7c5597

SHA1
ae08fbc8bef9abf344da433778faee02bf32027f

SHA256
f8fc2a02f5b05bf5c87329c2fd73caa135c1451db4a856f268a19002a111340c

SHA512
54df54f59c5a1bfd041e1e9c3cfba6b462678c7c850d9b4e293b255bffdda476ce60c2e0c067ddd21dabcf4c1aa9b2bb6ab7008daa392915f84aa42a2b914529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6ae8e3a1db831828612304ea2e5c80eb

SHA1
f0ad376e237ed87090fffa6c026a332a8e8df83b

SHA256
6a74c0faf86d844fa639ca0d7b57695c8570cabd328832c285359e01e68b1e0b

SHA512
6636c4613225b4222f4e72c28f0ad3f14c919ca7e920d1d084082a1f443227df9a394a7307f8abc1c8c940ecc23c276b2b7297f6b1ed473d0d46ac04d13debba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
51d6faa4650ae2c711fa1f740b945056

SHA1
f567df0d3c7062b62d03dc4d5deaeb73f244c5e4

SHA256
0a385a334ccb316ccac4b730db20b3cb5f4cdd2308433a6cfe744e26e7bb4c23

SHA512
c15b024f94dd97e6ec568f3d3147d365f9bf9c3382ab8d421e101b09605d65f9020aa90ee6956a1bf0b849f0d4ae3dcd61c25633ed8e3ba25b43b70f93879ee2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
795f6542dbac3746e918040ecd3497d5

SHA1
65aea1269bbc223db5d23df1f843672f9af7c27e

SHA256
658c8e549185934984e0d1fca16cfe678af748fb1132bfda1dbf021f7d029ff6

SHA512
c40606cf28a9b2fb5a5012f575c95d4ba0180821f8760f101a88cb4c847b3922257a18a5ce04f6f523e8acd0ae641d08b6d15ce6bee0b6c275b9ffa18e4638f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b99c8e1a879c97c2509244a6b91a8d9e

SHA1
6f93d378165e21e54cd85fcbaf8c2fb8ab144017

SHA256
f650af8d1a41105ef1604de2c1c47e05661ad6a8b81164d7ea2bf44b9b62bb61

SHA512
f2c7f8cdb59e701eb2443c0c06b798f85825aba19384b313eb63afa60ed42c875802f402e231c8e16623a95180f255c00d53ef47251471594dd4baaaf38b3bc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
51bb6531a1d535e7ade8261b5c5d2723

SHA1
0deff37ace938648582140457a9966b1f7dfe8e2

SHA256
6bae2ff52d5929d38291e695c687562b52cc1b3d41dc0d8cc0ee0209cd14e13f

SHA512
c4cb4db3709d2f0f931f3ee59cdffb771bd32c4000df6bd11b4b4ef994be0bc4cb349314813c8824e3ffc18670b25df4fe19779d6fbe3dd720c3265645957115

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe70573e.TMP

Filesize
140B

MD5
7d6a818bc6a5aaf27ae9b46b2684cca3

SHA1
c1bb8dc49cb0892eec953925b520f73626310351

SHA256
8e010afa25bb83a4bf849c3eb56bda87b7680fd446410a32dc02536444793ed0

SHA512
e11d21ff4c6929ce301aa3ca6a27f7a62795d68bf9da27346399d30b8483fc2bcc5e2618cded255439ec4657953a4287f9e7d66f6b7b8057c8bae7e89ae3def5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
9f2c89097c706084ad1c644de47f688d

SHA1
3de0ff8832c21ebbfa10830bdb1e48f0e57efba7

SHA256
0c013d0c5c197fa8faf05ae45cf1cb9423bce50b543e53c19901e5092c16863b

SHA512
f601c704aebd31a7a4dd7085e1b9f5ef2004f933e5bdbcfabad95724402974b70806a34fc43c0e3f43e450db340b14e4157940d90f3f71a3c97649d5dab21e98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
a1e501696e94dd5f1f48529471e138db

SHA1
e7dac5fa176e12031b2ec984188f8df011a2100e

SHA256
b3d548490b4059234c27e6b6650c28ebd9d068aa405f084e7f4c0df0b05db2bf

SHA512
964bc96af05c646a7f7bfdc8040f46d414dd3262619b1f42aa34bce99877e8fedc8ed1b4c941e81df14d97217382863fdc288f6bb4559fa4a1bf3808bccb4d0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
aad47d8fed93c77b6d63464ae2b5109e

SHA1
19605c7929dfdbb470432349ba9706bf3ac3576d

SHA256
c1d057f3aec9b1518e20e72d10265f3381aca8ede8474ab549b89a7508603df0

SHA512
5c8dda384409120ab13118ce392bf2b9df5d30f737e8f933eab93d18899fa5afb8b998573950748cfe68cd0df7682cc624567e63d698dcba2e0062449ee94870

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
e223bcd2ee647d409b991b58a0f333e8

SHA1
46dbc39a0ff4449e9c099bbe90a08a6815a0ab33

SHA256
cd3d415948285866583414a912c1f3964cd0db21fb7034a715d7b99b563676af

SHA512
1d17916c66758d468844a12c0a50f26e5e6ab093b64c0b0023e3bafc4de80e3b119c310a81aae6df719ff234341d9446b179dd90856860d796c58aeec3ffec30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
225KB

MD5
2506c987cc057683000d4bdfa6d85a77

SHA1
f756d5cf984a9a94ab1102f7dbbd764c0f39ce4a

SHA256
fa06e2b48576b60716718b137069c0564b1149e2cef7fe8678de99dc91ad429c

SHA512
349a46a8874f48145faa87873bfc6de0a5d932cf5945de790563f7a111f26936f10c094f062900672c8871ea532b254ad95bba2d4ef43f6a0c5fd563e1e31950

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
90ce605b8424e2b35b2c259bf0451e2d

SHA1
3efdc255f1b1cfa3a927c32268511451823105b7

SHA256
8a924e1450fb2a55b85a4a5218e0ce9a38f8b2742270b8c4b1e14337722ac5d9

SHA512
73e345717981feffff0d25cc3d9c95e8808cd3aa6da35c1d42959348a0cb8a5884126c8d66f75b7c1fb289c29e86fb5def24dbe514bc5f49f03c5ed70b4db0cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
217KB

MD5
c51e15e695302e2c49201728364ab85a

SHA1
39c70de4175c0674196733d0836816973e05ea19

SHA256
aefa82ebbcca6239db9f37cac83697e21b56f9399174044be645bc043c423c67

SHA512
c85aa5453c4eda2176bee514a253748f41f5e3a1a78ac23fabb99e612e6b31141ce0548ec2262b703c3ce3fed831b1469d140cd519ed6c51b238cad1653af8a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
43aebbd1547077ee11285dc4fb80eb58

SHA1
d29a9af346499c9cde0728420f73cc98b98085bf

SHA256
24348db37883850b7d2679ea657ccc4fb357139ecc5a05e921154034b7bbc2ae

SHA512
b465efb92358527df85db4f328408785655b15a1a4ef74b860b3b1582028980b59a65cd8acc0593a7f05bef81f739ae969047a8decbfa761941e0f2a5dd39ab3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
100KB

MD5
4332e6bf35ea1c7d12e90df990b671df

SHA1
9f6d1c59b4a1775731d5ec633703c473c2c0ded2

SHA256
51b18e564774f3dc996c3ee75d6d0726f23943bf85a96a6f6bea48f888139fd8

SHA512
cd7425ac03a991fb3ed08ddbbc5802f45c360b52e25e74c320727c294ff1f2f19a14e74697b374d949fa4d88fab435fc867a545e71f699c6c33710930b0f6fe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
aa055e5f7cf78467c3c02c9833c353da

SHA1
1fbbc8b04e6a6b21c0f5addaeaa1d55a3ba81fed

SHA256
42e09d8538723a3bc258485ad1d212eb5d033ac72b4ea309867c3a6aa6287962

SHA512
8d0fd0a48d055bc454b04f44ec6f166ddbd37c7ff1dd4c018a51df808e90ddfce0cb646848cf1bcf15ec9c5b50c00d004e91c79653f2fb477a9542390b414569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fd01ad1ec59993125f501d763d18aaac

SHA1
0cb578cc4798b0615e42d60cbfb615c74cc643b4

SHA256
f8b6c1472bb3be6826740d7a2677db7670ebe20d479a473d345ea6f819ee5139

SHA512
ca8de9b00cee6fce09df2fec02be55af7f9e01c634fba61b4b620971522eb235d3c5f90eaba9c5069a1c23749540ef9f0891486ac20036bb7b26a95346aa6985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
058032c530b52781582253cb245aa731

SHA1
7ca26280e1bfefe40e53e64345a0d795b5303fab

SHA256
1c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e

SHA512
77fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8276eab0f8f0c0bb325b5b8c329f64f

SHA1
8ce681e4056936ca8ccd6f487e7cd7cccbae538b

SHA256
847f60e288d327496b72dbe1e7aa1470a99bf27c0a07548b6a386a6188cd72da

SHA512
42f91bf90e92220d0731fa4279cc5773d5e9057a9587f311bee0b3f7f266ddceca367bd0ee7f1438c3606598553a2372316258c05e506315e4e11760c8f13918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\338a7461-55f9-4bab-b24e-c56690ad9227.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
45b37695bce473404e9ce2c72dc10fbd

SHA1
b8e54f527cd05845843edcd7f89a532383b8e974

SHA256
74a32c10e852e9dfe9ea3dd8309e120194cb142ad0018302a4093caf75f6d67a

SHA512
960037ddfffa5bc566e26372b789c17224f8f8e0d21bf82bf713ffae6a7c531b1b34a3eae6229dacd23b3e4543530c1c53772c2e6bd11b22831df8c004ca3ef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
c18048d28e52770a85c6503cb4bd203c

SHA1
3eb3a13e2997ca99fe682445a7b819086424a7fa

SHA256
c867e7377a618b4ec782e1307b983577f66907cce94cd4808364bd5253dbd089

SHA512
53e5ee6fd3cff9889921dfb60f423281a549c00777a07680be729d441636fb5b8af942eebe82bc3e8a4b4fd774e699d0481822ce2dd03581bedc9cca918b3d2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
8c863a2b7be461eb1915c3a9b6003045

SHA1
2c45660c251284863f63f14011e890d5496c237f

SHA256
e797a31dfc24a9aba9921380b60fc51b9b6b4b5846ec5652953c29c910c45df4

SHA512
5c3709c573c924c42aadb32d7bfc7e3f7092c3feade520f44266486786adc75fee0058e38d5ac03b2aba5d32054259dd8dbf9bb8fed7137a7f210c560d800046

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
11ce2946afee2ea9fa16d68f2be3b745

SHA1
bb8adf4b694900d218a08686e4ad11f90363e734

SHA256
527f3fce77b35d87e7389f154dc38684c79c4ffdf1b8e65a3b994ea332eb54a2

SHA512
a399af7bd8bdca014ac810ace756705209cec4bdc50e9fcf86f71ba6c745d3a373a533a123cd45d6514f8dfafe3ecd8d698276b423c56e998dd41e40b8e5c34a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
afb6e0ae580aae2b7fd313722639386d

SHA1
c179af28d0e2ac1ce5d472e6dcbe0279936547cd

SHA256
8993d278236f138fa0e0dd27962fde96f80b662876abab8035f58bc963d46d48

SHA512
d9eaf099cdc1c88a79a4a370bb705bb36aadea10ace7199c9f6a37e980c02fadef98d4410a1ad75ee9d637f0df816e408645a9180c547720664fb382b35e2e00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
5f80ec9cc6fc32d3d6a512863aa36714

SHA1
7d9f59291d548a355fde6e58cac522b017751aa6

SHA256
af2bf3eb26a705f98c1fd8a361240f4838a9731b3751f631d24f867ec8d87154

SHA512
499f67ca86e0526736cbf324754ebc203c3ab0d53e06dfe3c259da11318f925a846843790e1c2d55a683bf92d79c8e5db37791930b564a097e089f57ffb08531

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
9fdf057ff8d14961b8137a036c1139d1

SHA1
1464fc36fee3683bd934b64a68ac819b6288b148

SHA256
1942915a26e184ed7ae5e328f0d77ff045c15cf8d69f7a2921cd6a41bfc8ec87

SHA512
5f3fdc6880016dd8956aa13dabd2e8fa3292c1f8f65dd11bc968ef96ddfeb64d761f7d37ff2fbc7b8c7b12ac4225aadb5c82115661fbfb7c1f8ea61d5a88ef10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9fa1091ae859dd1dd478de21c26bb4f9

SHA1
fdc9943d2510c5995ecfdd2e1460176f758a4a93

SHA256
e3b0ec6fb5449169a8fa85d0f7d52ec2d16c009ffa709aa6c3230f4e819ff8ed

SHA512
c05df12b63c07ddcc12a691566d5afd951cacca0018f9bf929aa8aeeacb782ca0eac99b30acab029c5ab8c61f18929c8b60f1ce74ebfc8ffcd5c733d52c58a0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e105ddef3ab3406ba7af68717b9c12a8

SHA1
c82a1d476bc28f9706b2079519cb6371b96d426d

SHA256
2a1254783f561e0c10fe6fd0f50534be3a1647a7c1bc3d07d50ed5ca8e86a617

SHA512
cf2969e11fed5e1c43258359804b5d96d9a2c27370f40687ddc3a33dc3b49b27d10f112c70e66033f64a2d544c4f78bc2b89434f824e2fb1b05163a175d78bf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
956B

MD5
34254aae183f94108b3c6c618a4341be

SHA1
a26cdd74c959b078534588ad9c4e9d7ebe88ca38

SHA256
f4d504046c88110b7533a3b9162b6efe46f6c53d655ec26501a0459f3c04d43c

SHA512
c3a684791b87149bd0ed9eabe09ee9f17e2002f0a8894557992b021bd7d31eb834726cdce35b0003e20d99e5cba2b96486ed1fd9204e5c88dfa9c30a08c8471a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
12a2d8b88365c095f81078ffe3306209

SHA1
d1a5efdfb94c2ef13a7613fa46b1033ac800a3fd

SHA256
c81006db8701971686878c424ef2e880cb7316a2b03ddd29a415682cca6625a9

SHA512
4b58ddbf3905459847da09e3642df3a0fc9af90ec8fe9660c6f93366590548d16b40493ecdf1ad608bf84b2029d3e35b08acd83f5110d247cebeab67087429af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6785c203515eba359cbf79ad48cf1a9f

SHA1
82eb799d70f6d78de727a33e5c9560cd2a822c03

SHA256
2a0e3322551ce969caba38dda9340e632f7406e3aa5051de17f61fc4081314b7

SHA512
32d4dbea16d8a014fb65780dfcc40b4ffb37b0094d15a3b6942f936d29df165ec1d8fd3aa0b3d95aca61e42aa8f85015703453770723452bd47ed805b9a32584

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2ef9183b60dd49c18038a00a32d55311

SHA1
7ef79dc29b7497162617fd262ad7237b233b46bc

SHA256
dd929c6dd1d00cae9976abd715a277faa8937ced85013add16db9ff4b607be54

SHA512
1f38a2296a1baeb1142f1e888616484c389570e1096309fdcf263b79cdab69f42928a3509fc9bdab086062e97ec7455eaf5c6e7c086bc87a57c861788677ab72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d66eecb03c61567fd299dcd78ed67aaf

SHA1
a3ec328bbc1a5580079b171fb85353829a8a92d4

SHA256
825057845c5eac1554e430a0495fc5e575c1b4986afd6a1222934be8714bbe7f

SHA512
52778b9f95babe917a6a33676ee1c4e0b4d8afe595e3fe1aa209567930ba28be499ac119542ba1059ae5d9ef51f4687585e0ea0e1b2a361089f22ded398b6401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fd62d5a7418746ee123ccc3ae6759fbf

SHA1
d45d42f7cf4ff77de322b380253f1707f28bfa71

SHA256
fc3a637ae5806489ff846b4e827bcae045eb9b4d5bcffd740f615e9d20740117

SHA512
a88af970042e1903b94e6bb5da97b70303f7b4a9af4b43d177a57ef4e520f659453f1437037cd86b24c24f4b4afb8522db952a93618c1dda4137b18030f851d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2af5f3cdc299b7c03a446597dfdaca52

SHA1
9d8b5f7624467dbb7bdddb340e7f74e66663518f

SHA256
bb9aba2a894a90812c92f6694b9d808fe2a4a420be210e3871721979498f1cdb

SHA512
6baff3267fc2b0b94b84fb47d5e19990c13e4a906bd06c23c35e39077a38eca15d0dc9259093f21d84719cf0aa8ba041fefe104541f17fde7100dfcd24a6fd13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d468fa1eb2750f5ce5203ae677acaa38

SHA1
387dda0c00ff9b47af64852d4bb778a9bb0f7a6a

SHA256
76edabba1a7e8b723346cc1afa2d698ac26670ca2ec938468fc98ee0fafbe1a3

SHA512
7b2a47c63494b9293eaf7dc4d164f9d09cc30bfb28b0252215b7a4c59eed0cba53b124a2d3c8a8f3d3081b1be2ae194a6644ce1e7b27f97467e1971e8b8097c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e7c3ab9a53a633db239627790c22c6a4

SHA1
88be87fdd895012834b41a4411c31655c06eedac

SHA256
cc0fb983907d55438876d2de6bb9fbee9cd277c6ecd040cd9ff50816e0b5109c

SHA512
50c4a68880c93a00f3d925b0b5bfeff179337137a2a4df844d90a1fb577b6702454871a1885203cf0275f3e2482f138868ed5876d7c2aa6a9feaf7aad88ad7b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
548bf6af10a6d31634b4621ca22b2e53

SHA1
b22d97635bde936b08a871e35fac8776462135b5

SHA256
298417e63382b8f9eaa0e689af9068304d8931cdf40d4849e1bb75f542d03cc6

SHA512
6f114796845779c207783072da29b4eaec6bf73df7cc64e930f8ba425cede6b16464a810700b57ac1662cc89210741d912e05b3788c62b4198eb8f0b59b37ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6390180c2e719c9e119447a3b146b0b3

SHA1
cae2e45bdf3105c8f66b152784d566cf676c49a4

SHA256
48a8f89a98300d1ff4f2ed317892329cceebe4106ccd7c23ea22608c9a5948bf

SHA512
3138b70d687ddeac03f00b85eea6b254cf7e1b76dc9a13ad4ffe0f35b95ab651616ffe8c8aafd1535f3976e0f6bee191e79518c9465f879c571583e2d57b7610

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
657403b45f568e42aad5c93a777bd2d6

SHA1
4ad199aaac7384ac37ef8c778d9960ca3fb7b916

SHA256
cedf1de2a55e7dad2b1c20c9d865ae2b02915eb568e112618f26939c05fe1aae

SHA512
de0ae8d36990a0c25e4ef184960a7d5ba81893d24eb25f50407bca2f00d4b2daea98031e4d9723d501db7a04a4beade1a4131c84d939311c85c90de8add05bfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
39e8a2a8ff00ce0fb19d4a9ce8e4c899

SHA1
4205d6817984610c94b4d3f87ad1a14c187ed26b

SHA256
db79774377db595952c92e951e28114df4468d1ac61b7a95eb643f81cdb6af12

SHA512
fc0a22fe0f3de1e433d42772b3dc511f8208b3dcfd3b8c7fef61247871ae76aed9b2d7d703337fe806c0728582d60ed6388aa7c5f1c0858aa13f1948013ff343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
71ba1fa13d9e4496c7e2091424027e38

SHA1
83453955eaabfad5e4878ae7ab0d8bfdb517ffd2

SHA256
a5874bb61cab80f2fa25a858f863f8f14f4c65ecc735e886079fc3ee6463559d

SHA512
11336b324f2dae0beac7f6aa753eed684c2cec208d3c03ea93b88bb8036436051e54a701820a06d8f440eb2bfc97c238a7adf3f8026409d4aeb2a3ead7881f12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f50576880fcd465f2d80b1e1d8d246ff

SHA1
ce09120e69236cf3d9c1883939d855c0596e3f03

SHA256
e77f8ba3d393768a7e3e8abaf8d3822018d3b371f728e97a0153194fbd25e26a

SHA512
4b2d3a21a666f33b5a5f5ed3dce0e493609d4b660cc5de0d6de70138a5056da1a1b9a079b087a9960f0a3d88875496482123a36a926a45a15c390922e7be52c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
e97232d2c5e425449a8f5b92eee3edd1

SHA1
b1ed5e29dcf80c7d303cd168c7f3196e7931b3e5

SHA256
6564c5b9b073fd436961c9e1d458ec54decc04ce790c9bb778772182155e8da4

SHA512
9d5a4aa5cfa5ab8d265b2820e6b92acf2b7e202c0e46e4453772bcf1b140c60f4953ab4f12d97e1a6cbb8de2eda072c0aa4ebe25010ad090213df42ed8c3df3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
99dee592dc83c5f05eee9b02b63438c7

SHA1
fe4a73578820adb349d070a05bb244a0c001309e

SHA256
7333666d478521d5d42003eb7d9bfb24dfe6ac83f10237b7af78c676d5e3a936

SHA512
39e22fdad6a00deb00397331fa5c6f830b22d78a54bd5a4d76e1b589dc2504efbf6871009e0775c23bb5c18d260140bf8b3d1f274900f468ec876a40764eaa53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8dd3e32ad7118079e9d28d0c94b54be1

SHA1
eaf47629ed63091e8397215f27ed3f75fc88bdce

SHA256
2abf55400004debfc26428b36a4af9d2552fbeeaa757b7766948e39c75e27c4f

SHA512
fe6c277db0afef934a0537913af51ff4fb0a7f40dbc9171a5e7e72b1d8971236aa0582f1a4882062dbc917b20813f9017cca9c452476bd401f7a0142a1ca730b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
ab2370e6618e3e8ec1292a9247238987

SHA1
42aff926e09d823b1bb607ea24b6d6f20bbbe0ba

SHA256
3b972591e975a5fb25d487f659c58966a6cbec4a5b658483376e07fa9797439f

SHA512
39dce7c5a54ea24d3ab4c36f56eb0f3ee18df5d6ba103c8b77beac14f25bf09d8c9a4b112851a628bfc4d8498793fc60637c32671670c95566f328dbb12e081f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
4d1472abc7d9d8e0683da5c349a90541

SHA1
13b1d04205e6f6362254f3082f985a125ccfb0de

SHA256
00ed169347dc630377e80057fbe0b1354137e4f8a6ee5be9b8f009532e0b716a

SHA512
946b78dc9ee8e0b5a8ad172c37c57b937462e30ab60082d39618e955a140fb346c5f15873f806ea66c5e983d04a5ca387f94d1b8a8a2e3d78825ae6916ccd72f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9d3b0832c62764f8ea6389f687227314

SHA1
d56932b61caea9d7460714b9555ca9e4eff48fb1

SHA256
65b21b1f82b6e6d6ba2ec3291b990937b195c0fa04ab77158b51c7ce70274a8a

SHA512
61debc939cd4d507fc88c3c79c79f670614a638f3cda0db7325d1917235c02cc18ea6350cca5db02d6531f58c9ef8b2c11df2356fdd8011cf49cd1994658fd01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a2d0f370ba7a0b0b12f9e6b5d1ef55ad

SHA1
6de2079074eeb1b526bb5c6d077578b941debe14

SHA256
739929ed197ae9dc220ae07050f7eceb5444c05bec6107ac02cf2dc0f6aa332f

SHA512
1d03eea94aff094a36e304ed5a8ecf6a0c1775ceb9b90929c2e94f7e74a3b12e8a7b062d603dafa2b7504685b01ff1fac4896be321f05bea41348c783d363b3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1d96c3f454f1363eb5b9b712b2abebc3

SHA1
06905f26e716b57e8ded5ea12739c0966d87ef69

SHA256
948efde0a37ab0322ce251d95ed500da4d31034e326771b824961bc4b0e82dfb

SHA512
e87bdf39260fe11749d26e014316bc7c207e0398f9507ad5f7fb9867359784054b494ff43aaff91e5926128da38a1af11ba5d638697e8c77ec09900d1dff9378

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0e58dd50ca78d523ad9c24cbfa6d5b8e

SHA1
60adaf2f2f334df76dcda7e2501e51306c5f0a12

SHA256
d3480ee81219265bcacfc52f1227dc99e8b707b2e3579952d57617c217b47a98

SHA512
54efb5ed93fd491cb08079ff0d2f1783a3d7c1c56e5a16b5abbbe23cee6b3ebccb97a5f39f9bd32774bab5e2f67377dc61fcfe033e5d1c774f1580f618b13182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
6e319dbf7d6b473cc4b2c270d809bd9d

SHA1
6512cba71ad681aab91c37254853ac8ec4c8beea

SHA256
4734a9a4766e61d1c6718d6526083f5b4148eb1bc62a6ab544cda3c29763b83d

SHA512
04f3ea2153ec8c7ae97ef6e025ca759de814cd18a5192e343483648e22eea503f62103256bc244e66d9dc5d38aa3fead400c128f903ceec5477a0572f0c52eab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5a3010a3b07e0e4f12e6a5cc9a98444f

SHA1
43bacb380fb1b537d91b9d09c320340fc5aed8a2

SHA256
9a4c3c5f9788a188624eea0e0b3d7d9e2e1508267e59e1c4c1062f3809480cb7

SHA512
1b053c4386387c5ee7565a992991d0c9e49725e8b1edda74483c0567905e0a4dc3130a4f053399400f4255b318855fe05dd0ad6b964793e18e88f63fcc07772f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
5e1981facd66e36f13787d3795b1aede

SHA1
3f87b3458b054f620eb8a088cdc3ba8b90040cdb

SHA256
347b711a2b9844ec13c29db0be64390c8517c68814fba8b4841a62fbd72f18ef

SHA512
c2433706f4deaaa828161a559aa8dbf9f5f2a5ae031612eed9643e486bd804e6a4117dd67cadb57a70d3e1463a9d0bde5f17c1c815025440b59513d62025d324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
377e288e7d43e9e49b1960e258d00195

SHA1
4b8755821bb1f09632b975052ec1db00a2a7957a

SHA256
84e71f738f9c40cefcf5d9b186a624cd601c3609ef9cc2b06bfe7910b60d91e7

SHA512
16e9e7b9d28b2678f580de119bfb73f429f209c375b4a75d8d2ebc158f72fcc721c8dccf6d9dd3585895260597f74f31e66e18e405381392e90e8031df62fa2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b616c9434ad108015d765e223e3ac9a9

SHA1
17846b5dc06671ab98d4b3df7fa94fc51a93fb1f

SHA256
8bcb93a3433d2e2e8d8753b890dd5e87a15d4560d36a0a97bf359a7127f07bb6

SHA512
ddb7a998b2954575a9b11e0780770c51da103b4faa1e3dab856dab6a5c51437d6e32294bdb10d31c00c1592cfd0b99bc4ef49cd55721308fe5c1c7dfb3426666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d885dec3e64d6f9c200dfe8faaf1337f

SHA1
45009baf59ff0cbdcf45e2bccefcaad3015aa7af

SHA256
72b3d4bfc60bcb63b7de12e9296858acf3f73f49959c13037c1f39793a68e0c3

SHA512
a0cf02da74d5140f1a5ad9f563eef441ea853dbdc44a29342b922d826e4c951006b0e768b7f4a2b2a2b1ca11f41acfc78ae93b7dc68f6c40533a699f8d35a2af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
094df06a1da76bbe6296deb9731a531d

SHA1
f7c10ef028a12807aa83a3922013a691846a85aa

SHA256
38bad6b154bb534e6d0ef78c9fb2c3643bf9a4ec72a1ddbf372d525b51c0f7ab

SHA512
e2b258e0eab0ed23fa33bb003c0269d9c13a2637653a7ca32cdfd447bb4a7009491db9c24617d2c9d059112fb5333bee8c09e0d21981c7cd2001940fdab76054

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3e55102645853e2dfc62cc6e8f81f4e2

SHA1
2ebdc69869063f56d734b24847531eb00efcac9f

SHA256
03a0eda5f618e0550273351f8fb13af9adbb2307bd073d71194d89483b532b08

SHA512
1c8dfffca2ee4d2068de66a0dcabce6746958aa49cc5d55705234905d9d3730b2c106af517dc1a88570b9c728ac92255b1f2f0c7142e538842d2c49fd2017679

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8e0845f9c06262c2fffe6fddd5a3b16f

SHA1
7c528fd180fffb82871de0101549c58ffa9cb6de

SHA256
1d6bb77bcfea919170f9e7de83e9d21d2a36c5c5fe1d3100b28fd078950a3d65

SHA512
0cd7e13afd614674664fb4eeaaeeed3fd48adf5936b7beb1f34e69932f788133312e0bbe9f415fd12c0f44b40632d0126d48434be14989f5e75890574c316945

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
876d89fcef6189e246f43117690efbb4

SHA1
d6c976ae39889f7bf93f33383efcedebd2e5b585

SHA256
65d01e5900cd566c62859e527fd3c264cb871c10dabc09495d9f07d246476ac8

SHA512
bf19143c407493f11a39c0534c6d53886c981e96e64f7d2d6a66153b041e9255722e81b2c474602f94fc125f20237c0c6255349d95441cee1e15b058ebe5bef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe669baa.TMP

Filesize
538B

MD5
626c0522e586564d14520612a7dbf865

SHA1
a37c737826bd5d2da39e89b24a22bc90b9a451fe

SHA256
2cc34bd864eb71a3aa09eefaedaa4866347017659733cd48706fca2f8de460bf

SHA512
476b87eeae53bbc2a38f15d5d3ad1326f02d36cbbff8a6daa7ff885c0aef2e781d3f830d9991bbade85eb96047f67cb6ae2378d80e1c8b949e3ab0ee47ca6849

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
08d3172c36481fd4770469ed5caf20c9

SHA1
a5e33dffa9be35396f8d9d5be493a814817d1038

SHA256
1d50e4d8c003d2c5cdde14e108be5697d99c251cf05633907aeaf37cdcd47ef5

SHA512
119df2c26e56318351fd0d8c0450c6b92b4098b39fd6dd4f5f7482c5cda41bf3ffc08cddc75ba162e4fef68195d8a3533f7afa2d60190481054904c7813dd4a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
98bd37f7737833b4d880c773b8e756a0

SHA1
563dc7bdca283b03bedc7eaa48313076b7b709e4

SHA256
f9b232b42209584ce452104a07e3035163f0547ca597004a02a1af4f7cb7bdc0

SHA512
90b5c15f42891c1bd413eafa8ae8137a211c4b1705246456b2c230bce2bb2f942144e5f3ccd8579726b73a211123ccee2b32fb0adcf92bc236d5bb7f2eed5c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a4d93cbfedd31a9bdb75adc9d3a5e9ff

SHA1
d22fa6ab7cd604a3d8095d2c95c8100243e7ec53

SHA256
40e1ed2718e96bdda5cba8a037ada374fcd5be74fa72a85ca07dad7d292672af

SHA512
1f2665bbd8bd71237b263f83c30a57e8da39d6a09d1803f1fad6179bf8b3b2f4dc02b5ca7b0c7c70d7102522cb558fba70b9573ec8abbb3bb330c12a0ad8deef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
76755e7d29eb1a80a59ee430adc9457d

SHA1
3204be6f96df7df7f08dcd618e6ba2a144667dcb

SHA256
157278b1d2efaa4ab6243256b0aed1166a9ca389e82c575d18e1edf81b1e1080

SHA512
1367ec8233ce18d90772bdd23fd1239a936e64f673120c9609c997e907addc08d0b938d6a1ea4a38d7ab415a2ec85aec6ffa988b469d9121d21c3c9852f8703c

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe

Filesize
9.8MB

MD5
f870a1b89e9bb05023eff04fd1ff4053

SHA1
0140d7feeab5ce8833b9bb55a224d041be3b2be7

SHA256
e2871c9c570bf8e8f2ea10a7b91f08ff3833136e861c5fd9679f7ad3d5433442

SHA512
766008210a531061b6b0af3fe2668f6d973b008dbe325f58b571927d8cf48c76a03f26135ce1c6fe573fe61ac6274a31fc9e7a760aa0eef93b6ad78147ba418a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso9A63.tmp\System.dll

Filesize
12KB

MD5
192639861e3dc2dc5c08bb8f8c7260d5

SHA1
58d30e460609e22fa0098bc27d928b689ef9af78

SHA256
23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6

SHA512
6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso9A63.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso9A63.tmp\nsDialogs.dll

Filesize
9KB

MD5
b7d61f3f56abf7b7ff0d4e7da3ad783d

SHA1
15ab5219c0e77fd9652bc62ff390b8e6846c8e3e

SHA256
89a82c4849c21dfe765052681e1fad02d2d7b13c8b5075880c52423dca72a912

SHA512
6467c0de680fadb8078bdaa0d560d2b228f5a22d4d8358a1c7d564c6ebceface5d377b870eaf8985fbee727001da569867554154d568e3b37f674096bbafafb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso9A63.tmp\nsExec.dll

Filesize
7KB

MD5
11092c1d3fbb449a60695c44f9f3d183

SHA1
b89d614755f2e943df4d510d87a7fc1a3bcf5a33

SHA256
2cd3a2d4053954db1196e2526545c36dfc138c6de9b81f6264632f3132843c77

SHA512
c182e0a1f0044b67b4b9fb66cef9c4955629f6811d98bbffa99225b03c43c33b1e85cacabb39f2c45ead81cd85e98b201d5f9da4ee0038423b1ad947270c134a

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MinGW-w64-Portable-8.4.zip

Filesize
36.8MB

MD5
de1a237a72fa46279f1e1b0e4afbf704

SHA1
c4200f162d350aaff8869276a084f87bac3e88a0

SHA256
b4d41cf83f3d337de9166ad65ef9bc7cff2c35191ab0538109fffbbc82c7d53e

SHA512
e8159568dd5d8efdc733533c49602f8e81493cca678b4d11435f99361923faff67549f15877b1358afd6e4088f9caffd69971258064f622137e9f84bd5aeda85

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MinGW-w64-Portable-8.4.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MinGW-w64-Portable-8.4\instances\1.20.1\instance.cfg

Filesize
81B

MD5
1a101e8576a4a5bb7466b643249584c4

SHA1
6952caf71069ac52a3e66a727231c508f4743e5f

SHA256
88e8d28b5cdb9d6b722ae02476542dd494f43f95c60e3b07af2ec4593724ebe0

SHA512
409a40bc854ec6dbc03b6e0c40f8eb83911ae51fc8d13e0d48ba816a572767f956d2f10e0c60c91a81636753bf1178ebc19acd7e1ff16097ed92be678a644c30

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MinGW-w64-Portable-8.4\instances\1.20.1\instance.cfg.lock

Filesize
66B

MD5
f888afaaa76dc80c1effa1bf7aac223e

SHA1
08ff707a0696e9c469f0c0e233c2e732b9a8dfaa

SHA256
e0d5d4fd002f7a23c4a90d1ba52a538601f1eae8f9e8ab832913a5a8eb7d3636

SHA512
9bce9f20d55b81342a069af62bf3d279a9ab5afc9694a20c7a0b957cc8784649dac0004fb44085e5b90b06b2ba374c56e01f002e290827cdd50a0449de54c728

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MinGW-w64-Portable-8.4\instances\1.20.1\mmc-pack.json

Filesize
173B

MD5
c939702979f1277764112030beca3304

SHA1
921bd4ac5ab0feed1ebdbf59887fc866546eebaa

SHA256
71de22727eee0ffb9c29eb1d12db49987e416a68bb7f2e1e55a15f02595ab18b

SHA512
8e2864dea5e677bc79d6149a4da7b3f8f7304e53fad7fddb35cba789549eae633ab247e1f5f39a7f1f7623097ab0eb4ab448450016f9384e0e234dbcc8f85349

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MinGW-w64-Portable-8.4\instances\instgroups.json

Filesize
52B

MD5
e779e78d956ca4bf36d98ec3c326d88d

SHA1
13cca38b02da0fadf1f83b64964d52f1233203d8

SHA256
0dd2a2f647bd2d34e72ba82fe690d52b8cb0d36a57cf0c59c119e241d0c478d0

SHA512
fd1fab8367f3e8dc0e8c17211b3aa2115ea6ad5e6c319a28cd0033ae84923f96f2c2556cbff1bb8de22f2e0b7ef1c521b19881d11eb1690efb3b4700e9d87509

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MinGW-w64-Portable-8.4\logs\PrismLauncher-0.log

Filesize
73KB

MD5
85cb3c88508c9d3766cf4573a3818301

SHA1
ce4c466bf0a4f904ae0d03d330a7f6a8a9c84374

SHA256
e7e6928b72ad67b4dfd2175f9ea27082d9b306a6c5b60044fd442715232f8b88

SHA512
eb4342f93f5251fbbe3140e0759403c8c7ab645a485b737dd8e16e8188e5fa34ad26051009faa772cd3c35298613a3abb5cacb16d4f19d82bf71c08e0bd0f27c

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MinGW-w64-Portable-8.4\metacache

Filesize
426B

MD5
da11c1e61ec6628a54e76b137be873f2

SHA1
c4207257077547a6e6e6364bae2c098c7ef9541e

SHA256
882ab0583d7acc4e99526ddfe4ce54ae5a06778e74bcad5dbe93b6b44828fb95

SHA512
f1c33cf66d5cd732b5e15939c1949b91d3e4b1ad367f1d82bbd66f4c41959ab9a68c88b6997642c85e72814a9c952519e524ce4f966013b58b24dc2daf8b9697

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MinGW-w64-Portable-8.4\prismlauncher.cfg

Filesize
30B

MD5
a6dc16331f06bc5831e5ddc9799284ec

SHA1
d344f83d549df8c3e2c959182ba37f8c81d885a5

SHA256
9da99b49301ba83c33387e75d2028185562479e677b6afb110b4f8b098465807

SHA512
43e498eab5c6f9b2f70c01e0abd4e63edb2651e498f267b53c7f62f2ef9c1eb68fa4783967fdba1880722a8bcd6e58065108f42773f0f47c04c9e54e809b1c14

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MinGW-w64-Portable-8.4\prismlauncher.cfg

Filesize
940B

MD5
817d86764df6f20e753911d4772a2182

SHA1
8091a951c75bf72f950029e85ca6886f5e9aba1e

SHA256
6e5655b69fa23f1d4d64994552d6f13c4592135c18f36bf2aab1065446483593

SHA512
912fa9fef934e411790cdc7e6fa54b7f7ee9706007f76a8b78b417a0646472e7b3d82b50261e9b1d5ed9c2d1635d22cde1547fad92bc3ea72e1ae2b6c8f3296f

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MinGW-w64-Portable-8.4\prismlauncher.cfg.lock

Filesize
65B

MD5
151bd8e496eddebef5c5bfbdf6b538f1

SHA1
738c9cc7734eddfa31a6985d1df4bf491e3d9ca2

SHA256
f90c276fe3bd56b83f6a733e7178be18bcb91e8c6c48cd3fb07f13aae519275e

SHA512
163c62339b73cfd9d1ef85dbe773537094ac71b9887676edbb58668c49fd84d1e54c369c6d205fb71f32f0546cd5a9e3177310dd4a07592f5c2165dba995f378

Download Submit
C:\Users\Admin\Downloads\PrismLauncher-Windows-MinGW-w64-Portable-8.4\translations\index_v2.json

Filesize
21KB

MD5
3dcc66c8b942d463a70e2a9e2502642e

SHA1
f19c1fdcce5abbf446f0a98e3a01ac1b082c7ad3

SHA256
48389f54a4ba743f84848c68e5f73903ca994701c53229ec081140e4f8f71799

SHA512
a268d5f47b6df3190640bd1257e8784396fbc3acf2cbae32a77ff8fdc7910b8fc1d0d6bdfb88a296ae0dfe0a9a7a0ff9a8db3b020277060eb03fbc9eea82b775

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 693247.crdownload

Filesize
18.1MB

MD5
69bc5aec4f40f1cd760f0fa8a1b650f0

SHA1
d8156098ebe7c38b6e3d2aa6b408d89bc75dffb8

SHA256
6cbbfe0860d7c601d7c179840ebbf2c65009382419d539ab2d11db91c6ea1dd7

SHA512
ce5b0f27b99e838af2a2cdb5cc569ca72e5d83c2f81d10a69a60389367d234455119dc395667c1530d12314eb998006d47e7f1cbfe336d1e249f04ac5e88b44c

Download Submit
memory/400-0-0x00007FF8C47E0000-0x00007FF8C49B3000-memory.dmp

Filesize
1.8MB

Download
memory/400-1-0x00007FF8C3D30000-0x00007FF8C4063000-memory.dmp

Filesize
3.2MB

Download
memory/568-298-0x00007FF8BF5F0000-0x00007FF8BFC13000-memory.dmp

Filesize
6.1MB

Download
memory/568-293-0x00007FF8BF5F0000-0x00007FF8BFC13000-memory.dmp

Filesize
6.1MB

Download
memory/568-299-0x00007FF8D0CE0000-0x00007FF8D0D41000-memory.dmp

Filesize
388KB

Download
memory/568-300-0x00007FF8D2390000-0x00007FF8D23CA000-memory.dmp

Filesize
232KB

Download
memory/568-310-0x00007FF8C2400000-0x00007FF8C2414000-memory.dmp

Filesize
80KB

Download
memory/568-296-0x00007FF8C07E0000-0x00007FF8C0B13000-memory.dmp

Filesize
3.2MB

Download
memory/568-301-0x00007FF8D6A60000-0x00007FF8D6A8D000-memory.dmp

Filesize
180KB

Download
memory/568-294-0x00007FF62C3A0000-0x00007FF62D055000-memory.dmp

Filesize
12.7MB

Download
memory/568-295-0x00007FF8BF410000-0x00007FF8BF5E3000-memory.dmp

Filesize
1.8MB

Download
memory/568-297-0x00007FF8BFC20000-0x00007FF8C03BE000-memory.dmp

Filesize
7.6MB

Download
memory/736-436-0x0000013FCB060000-0x0000013FCB061000-memory.dmp

Filesize
4KB

Download
memory/1568-2003-0x00007FF61C010000-0x00007FF61C9DB000-memory.dmp

Filesize
9.8MB

Download
memory/1568-2004-0x00007FF8C1150000-0x00007FF8C177D000-memory.dmp

Filesize
6.2MB

Download
memory/1900-424-0x000001820A520000-0x000001820A521000-memory.dmp

Filesize
4KB

Download
memory/2580-2100-0x00007FF8C1E80000-0x00007FF8C24AD000-memory.dmp

Filesize
6.2MB

Download
memory/2580-2099-0x00007FF61C010000-0x00007FF61C9DB000-memory.dmp

Filesize
9.8MB

Download
memory/2596-418-0x00000209AD220000-0x00000209AD221000-memory.dmp

Filesize
4KB

Download
memory/3516-2140-0x00007FF61C010000-0x00007FF61C9DB000-memory.dmp

Filesize
9.8MB

Download
memory/3516-2139-0x00007FF8C28D0000-0x00007FF8C2EFD000-memory.dmp

Filesize
6.2MB

Download
memory/3924-452-0x0000019A282A0000-0x0000019A282A1000-memory.dmp

Filesize
4KB

Download
memory/4648-423-0x000001AEBD3D0000-0x000001AEBD3D1000-memory.dmp

Filesize
4KB

Download
memory/4664-734-0x00007FF8DCEE0000-0x00007FF8DCF0D000-memory.dmp

Filesize
180KB

Download
memory/4664-733-0x00007FF8D96C0000-0x00007FF8D96FA000-memory.dmp

Filesize
232KB

Download
memory/4664-728-0x00007FF62C3A0000-0x00007FF62D055000-memory.dmp

Filesize
12.7MB

Download
memory/4664-729-0x00007FF8C38E0000-0x00007FF8C3AB3000-memory.dmp

Filesize
1.8MB

Download
memory/4664-732-0x00007FF8D5C50000-0x00007FF8D5CB1000-memory.dmp

Filesize
388KB

Download
memory/4664-731-0x00007FF8C3E00000-0x00007FF8C459E000-memory.dmp

Filesize
7.6MB

Download
memory/4664-753-0x00007FF8D0BC0000-0x00007FF8D0BD4000-memory.dmp

Filesize
80KB

Download
memory/4664-730-0x00007FF8C3AC0000-0x00007FF8C3DF3000-memory.dmp

Filesize
3.2MB

Download
memory/4692-2111-0x00007FF8C28D0000-0x00007FF8C2EFD000-memory.dmp

Filesize
6.2MB

Download
memory/4692-2110-0x00007FF61C010000-0x00007FF61C9DB000-memory.dmp

Filesize
9.8MB

Download