asyncrat | b2939df5a48f422fc9d62f270c182f07b5fd5a7a334478ea73af4fdb5eb12d3b

Analysis

max time kernel
889s
max time network
888s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-08-2024 22:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

discord icon.png
Size

10KB
MD5

d74865e1094f5ac0a0e782875449ff66
SHA1

3466cd8a13ba56833bc79aef606cb2cb2901c682
SHA256

b2939df5a48f422fc9d62f270c182f07b5fd5a7a334478ea73af4fdb5eb12d3b
SHA512

ac3f56552e2279dbff4101fb973e0e109dc79730050fdea3360a96c8888a634ebafb7b263303ec327dca1c1677ee2fc11d87548c30bc6ea87634d76e20fbe0b9
SSDEEP

192:TbsBgjzwDr3L4MeSx5f15nbePguPVhnmsjq87R9oa3qxb6dX:TbsBgvwzTTbf15nygKVFZjq8R9oa6x2

Score

10^/10

asyncrat xworm discovery execution persistence privilege_escalation rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

contract-releases.gl.at.ply.gg:51273

Mutex

WAHv1iSMBPEjFJ7e

Attributes

Install_directory
%AppData%
install_file
XClient.exe

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Detect Xworm Payload 2 IoCs

resource	yara_rule
behavioral1/files/0x00080000000234bb-1084.dat	family_xworm
behavioral1/memory/4728-1089-0x0000000000DA0000-0x0000000000DB0000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm

Command and Scripting Interpreter: PowerShell 1 TTPs 8 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
1748	powershell.exe
1792	powershell.exe
5536	powershell.exe
5344	powershell.exe
3332	powershell.exe
2540	powershell.exe
3324	powershell.exe
696	powershell.exe

Downloads MZ/PE file

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral1/memory/2896-1090-0x0000000000150000-0x00000000037EE000-memory.dmp	net_reactor

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	Anarchy Panel.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	INSTALL_REQUIREMENTS.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	Anarchy Panel.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	INSTALL_REQUIREMENTS.EXE

Drops startup file 4 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk	INSTALL_REQUIREMENTS.EXE
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk	INSTALL_REQUIREMENTS.EXE
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk	INSTALL_REQUIREMENTS.EXE
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk	INSTALL_REQUIREMENTS.EXE

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 11 IoCs

pid	Process
1992	7z2407-x64.exe
3068	7z2407-x64.exe
2460	7zG.exe
1404	7zG.exe
1952	Anarchy Panel.exe
2896	ANARCHY PANEL.EXE
4728	INSTALL_REQUIREMENTS.EXE
3840	7zG.exe
4552	Anarchy Panel.exe
5124	ANARCHY PANEL.EXE
3452	INSTALL_REQUIREMENTS.EXE

Loads dropped DLL 9 IoCs

pid	Process
3412	Process not Found
2460	7zG.exe
1404	7zG.exe
2896	ANARCHY PANEL.EXE
3412	Process not Found
3412	Process not Found
3840	7zG.exe
5124	ANARCHY PANEL.EXE
3412	Process not Found

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XClient = "C:\\Users\\Admin\\AppData\\Roaming\\XClient.exe"	INSTALL_REQUIREMENTS.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XClient = "C:\\Users\\Admin\\AppData\\Roaming\\XClient.exe"	INSTALL_REQUIREMENTS.EXE

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 13 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ms.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ru.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\he.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	7z2407-x64.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2407-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2407-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Anarchy Panel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Anarchy Panel.exe

Checks SCSI registry key(s) 3 TTPs 9 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE

Delays execution with timeout.exe 2 IoCs

evasion

pid	Process
4196	timeout.exe
1864	timeout.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133675443508589378"	chrome.exe

Modifies registry class 41 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2407-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	mspaint.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2407-x64.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
6112	EXCEL.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4044	chrome.exe
4044	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4784	mspaint.exe
4784	mspaint.exe
3332	powershell.exe
3332	powershell.exe
3332	powershell.exe
2540	powershell.exe
2540	powershell.exe
2540	powershell.exe
3324	powershell.exe
3324	powershell.exe
3324	powershell.exe
696	powershell.exe
696	powershell.exe
696	powershell.exe
4728	INSTALL_REQUIREMENTS.EXE
4728	INSTALL_REQUIREMENTS.EXE
4728	INSTALL_REQUIREMENTS.EXE
4728	INSTALL_REQUIREMENTS.EXE
4728	INSTALL_REQUIREMENTS.EXE
4728	INSTALL_REQUIREMENTS.EXE
4728	INSTALL_REQUIREMENTS.EXE
4728	INSTALL_REQUIREMENTS.EXE
4728	INSTALL_REQUIREMENTS.EXE
4728	INSTALL_REQUIREMENTS.EXE
4728	INSTALL_REQUIREMENTS.EXE
4728	INSTALL_REQUIREMENTS.EXE
4728	INSTALL_REQUIREMENTS.EXE
4728	INSTALL_REQUIREMENTS.EXE
4728	INSTALL_REQUIREMENTS.EXE
4728	INSTALL_REQUIREMENTS.EXE
4728	INSTALL_REQUIREMENTS.EXE
4728	INSTALL_REQUIREMENTS.EXE
4728	INSTALL_REQUIREMENTS.EXE
4728	INSTALL_REQUIREMENTS.EXE
4728	INSTALL_REQUIREMENTS.EXE
4728	INSTALL_REQUIREMENTS.EXE
4728	INSTALL_REQUIREMENTS.EXE
4728	INSTALL_REQUIREMENTS.EXE
4728	INSTALL_REQUIREMENTS.EXE
4728	INSTALL_REQUIREMENTS.EXE
4728	INSTALL_REQUIREMENTS.EXE
4728	INSTALL_REQUIREMENTS.EXE
2896	ANARCHY PANEL.EXE
2896	ANARCHY PANEL.EXE
2896	ANARCHY PANEL.EXE
2896	ANARCHY PANEL.EXE
2896	ANARCHY PANEL.EXE
2896	ANARCHY PANEL.EXE
2896	ANARCHY PANEL.EXE
2896	ANARCHY PANEL.EXE
2896	ANARCHY PANEL.EXE
2896	ANARCHY PANEL.EXE
2896	ANARCHY PANEL.EXE
2896	ANARCHY PANEL.EXE
2896	ANARCHY PANEL.EXE
2896	ANARCHY PANEL.EXE
2896	ANARCHY PANEL.EXE
2896	ANARCHY PANEL.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
6012	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
2896	ANARCHY PANEL.EXE
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
1360	taskmgr.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe

Suspicious use of SetWindowsHookEx 18 IoCs

pid	Process
1992	7z2407-x64.exe
3068	7z2407-x64.exe
4784	mspaint.exe
4568	OpenWith.exe
4728	INSTALL_REQUIREMENTS.EXE
6112	EXCEL.EXE
6112	EXCEL.EXE
6112	EXCEL.EXE
6112	EXCEL.EXE
6112	EXCEL.EXE
6112	EXCEL.EXE
6112	EXCEL.EXE
6112	EXCEL.EXE
6112	EXCEL.EXE
6112	EXCEL.EXE
6112	EXCEL.EXE
6112	EXCEL.EXE
3452	INSTALL_REQUIREMENTS.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4044 wrote to memory of 1088	4044	chrome.exe	92
PID 4044 wrote to memory of 1088	4044	chrome.exe	92
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 3604	4044	chrome.exe	93
PID 4044 wrote to memory of 2644	4044	chrome.exe	94
PID 4044 wrote to memory of 2644	4044	chrome.exe	94
PID 4044 wrote to memory of 4844	4044	chrome.exe	95
PID 4044 wrote to memory of 4844	4044	chrome.exe	95
PID 4044 wrote to memory of 4844	4044	chrome.exe	95
PID 4044 wrote to memory of 4844	4044	chrome.exe	95
PID 4044 wrote to memory of 4844	4044	chrome.exe	95
PID 4044 wrote to memory of 4844	4044	chrome.exe	95
PID 4044 wrote to memory of 4844	4044	chrome.exe	95
PID 4044 wrote to memory of 4844	4044	chrome.exe	95
PID 4044 wrote to memory of 4844	4044	chrome.exe	95
PID 4044 wrote to memory of 4844	4044	chrome.exe	95
PID 4044 wrote to memory of 4844	4044	chrome.exe	95
PID 4044 wrote to memory of 4844	4044	chrome.exe	95
PID 4044 wrote to memory of 4844	4044	chrome.exe	95
PID 4044 wrote to memory of 4844	4044	chrome.exe	95
PID 4044 wrote to memory of 4844	4044	chrome.exe	95
PID 4044 wrote to memory of 4844	4044	chrome.exe	95
PID 4044 wrote to memory of 4844	4044	chrome.exe	95
PID 4044 wrote to memory of 4844	4044	chrome.exe	95
PID 4044 wrote to memory of 4844	4044	chrome.exe	95
PID 4044 wrote to memory of 4844	4044	chrome.exe	95
PID 4044 wrote to memory of 4844	4044	chrome.exe	95
PID 4044 wrote to memory of 4844	4044	chrome.exe	95
PID 4044 wrote to memory of 4844	4044	chrome.exe	95
PID 4044 wrote to memory of 4844	4044	chrome.exe	95
PID 4044 wrote to memory of 4844	4044	chrome.exe	95
PID 4044 wrote to memory of 4844	4044	chrome.exe	95
PID 4044 wrote to memory of 4844	4044	chrome.exe	95
PID 4044 wrote to memory of 4844	4044	chrome.exe	95
PID 4044 wrote to memory of 4844	4044	chrome.exe	95
PID 4044 wrote to memory of 4844	4044	chrome.exe	95

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\discord icon.png"
1⤵
PID:2768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8e350cc40,0x7ff8e350cc4c,0x7ff8e350cc58
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1768,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2288 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4496,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4380 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4836,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4852,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4800,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4388 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3172,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4012,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4060,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3440,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3412 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=1468,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1116 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3412,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4440 /prefetch:1
  2⤵
  PID:712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3580,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5136,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5568,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3312,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5540,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4768,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5564,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5920,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=3428,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5660,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=3292,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5168,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5896,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5996,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6008 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5768,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5688,i,15985612532616193997,12563071955985151247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  PID:1384

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2320

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4584

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3920

C:\Users\Admin\Downloads\7z2407-x64.exe
"C:\Users\Admin\Downloads\7z2407-x64.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1992

C:\Users\Admin\Downloads\7z2407-x64.exe
"C:\Users\Admin\Downloads\7z2407-x64.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3068

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\CompareDisconnect.jpeg" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4784

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:3112

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4568

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap26716:86:7zEvent13452
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2460

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Anarchy_panel\" -spe -an -ai#7zMap17421:86:7zEvent6053
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1404

C:\Users\Admin\Downloads\Anarchy_panel\Anarchy panel\Anarchy Panel.exe
"C:\Users\Admin\Downloads\Anarchy_panel\Anarchy panel\Anarchy Panel.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1952
- C:\Users\Admin\AppData\Local\Temp\ANARCHY PANEL.EXE
  "C:\Users\Admin\AppData\Local\Temp\ANARCHY PANEL.EXE"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SendNotifyMessage
  PID:2896
- C:\Users\Admin\AppData\Local\Temp\INSTALL_REQUIREMENTS.EXE
  "C:\Users\Admin\AppData\Local\Temp\INSTALL_REQUIREMENTS.EXE"
  2⤵
  - Checks computer location settings
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4728
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\INSTALL_REQUIREMENTS.EXE'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:3332
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'INSTALL_REQUIREMENTS.EXE'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:2540
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\XClient.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:3324
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'XClient.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:696
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpAF9D.tmp.bat""
    3⤵
    PID:5872
  - - C:\Windows\system32\timeout.exe
      timeout 3
      4⤵
      Delays execution with timeout.exe
      PID:4196

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:4492

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious use of SendNotifyMessage
PID:1360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault028c4186hcd52h4a01h9b47hf8c3e3eea7c6
1⤵
PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8cc5b46f8,0x7ff8cc5b4708,0x7ff8cc5b4718
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,7192844130979088718,11191114919559447211,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,7192844130979088718,11191114919559447211,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,7192844130979088718,11191114919559447211,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:3892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5284

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\ExpandGroup.xlsx"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:6112

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
PID:4988

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap22065:86:7zEvent7229
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3840

C:\Users\Admin\Downloads\Anarchy panel\Anarchy Panel.exe
"C:\Users\Admin\Downloads\Anarchy panel\Anarchy Panel.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4552
- C:\Users\Admin\AppData\Local\Temp\ANARCHY PANEL.EXE
  "C:\Users\Admin\AppData\Local\Temp\ANARCHY PANEL.EXE"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5124
- C:\Users\Admin\AppData\Local\Temp\INSTALL_REQUIREMENTS.EXE
  "C:\Users\Admin\AppData\Local\Temp\INSTALL_REQUIREMENTS.EXE"
  2⤵
  - Checks computer location settings
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of SetWindowsHookEx
  PID:3452
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\INSTALL_REQUIREMENTS.EXE'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:1748
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'INSTALL_REQUIREMENTS.EXE'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:1792
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\XClient.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:5536
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'XClient.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:5344
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp40BE.tmp.bat""
    3⤵
    PID:5172
  - - C:\Windows\system32\timeout.exe
      timeout 3
      4⤵
      Delays execution with timeout.exe
      PID:1864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultf4c7d5ebh81b3h4c87hb141h55eef1bde8bd
1⤵
PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff8cc5b46f8,0x7ff8cc5b4708,0x7ff8cc5b4718
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,3117017716075353201,16569695390987919188,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,3117017716075353201,16569695390987919188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,3117017716075353201,16569695390987919188,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1280 /prefetch:8
  2⤵
  PID:5816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5360

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
PID:6012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
117KB

MD5
b79894fbee3c882c3efc71ff3d4a21bb

SHA1
8bb4fa0e32cc892f8be396dbaa35acef7a53e36e

SHA256
2d55ca494a8b6dcc739d84bdd112f5c50d612f8abf409c9fb5f2b5c2c84c37a0

SHA512
b66a75ee3831c56967e2c64f8c9ba434f3cd9e4dc4c4fa79580e5ef81e8595863a477ce487921d46891bffcb31c6d45ea332e441c5c26df9a1ee59c0769f32b6

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
960KB

MD5
79e8ca28aef2f3b1f1484430702b24e1

SHA1
76087153a547ce3f03f5b9de217c9b4b11d12f22

SHA256
5bc65256b92316f7792e27b0111e208aa6c27628a79a1dec238a4ad1cc9530f7

SHA512
b8426b44260a3adcbeaa38c5647e09a891a952774ecd3e6a1b971aef0e4c00d0f2a2def9965ee75be6c6494c3b4e3a84ce28572e376d6c82db0b53ccbbdb1438

Download Submit
C:\Program Files\7-Zip\History.txt

Filesize
6KB

MD5
553a02739d516379833451440076f884

SHA1
27a428d5eb9f961d6461f94aa3e414f0e3697296

SHA256
83b1ae6d3486c2653766a28806ac110c9a0afde17020ca6aa0b7550a2f10e147

SHA512
be3cff1e392f4216310b455d73e86b485245ebd9c94bc370233c130e14fc97f92fa1c74567025f506d42eadfc21cc1d7f845d76607bb933a1c654fb7a493796f

Download Submit
C:\Program Files\7-Zip\Lang\af.txt

Filesize
4KB

MD5
df216fae5b13d3c3afe87e405fd34b97

SHA1
787ccb4e18fc2f12a6528adbb7d428397fc4678a

SHA256
9cf684ea88ea5a479f510750e4089aee60bbb2452aa85285312bafcc02c10a34

SHA512
a6eee3d60b88f9676200b40ca9c44cc4e64cf555d9b8788d4fde05e05b8ca5da1d2c7a72114a18358829858d10f2beff094afd3bc12b370460800040537cff68

Download Submit
C:\Program Files\7-Zip\Lang\an.txt

Filesize
7KB

MD5
f16218139e027338a16c3199091d0600

SHA1
da48140a4c033eea217e97118f595394195a15d5

SHA256
3ab9f7aacd38c4cde814f86bc37eec2b9df8d0dddb95fc1d09a5f5bcb11f0eeb

SHA512
b2e99d70d1a7a2a1bfa2ffb61f3ca2d1b18591c4707e4c6c5efb9becdd205d646b3baa0e8cbd28ce297d7830d3dfb8f737266c66e53a83bdbe58b117f8e3ae14

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt

Filesize
12KB

MD5
5747381dc970306051432b18fb2236f2

SHA1
20c65850073308e498b63e5937af68b2e21c66f3

SHA256
85a26c7b59d6d9932f71518ccd03eceeba42043cb1707719b72bfc348c1c1d72

SHA512
3306e15b2c9bb2751b626f6f726de0bcafdc41487ba11fabfcef0a6a798572b29f2ee95384ff347b3b83b310444aaeec23e12bb3ddd7567222a0dd275b0180ff

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt

Filesize
4KB

MD5
1cf6411ff9154a34afb512901ba3ee02

SHA1
958f7ff322475f16ca44728349934bc2f7309423

SHA256
f5f2174daf36e65790c7f0e9a4496b12e14816dad2ee5b1d48a52307076be35f

SHA512
b554c1ab165a6344982533cceed316d7f73b5b94ce483b5dc6fb1f492c6b1914773027d31c35d60ab9408669520ea0785dc0d934d3b2eb4d78570ff7ccbfcf9c

Download Submit
C:\Program Files\7-Zip\Lang\az.txt

Filesize
9KB

MD5
3c297fbe9b1ed5582beabfc112b55523

SHA1
c605c20acf399a90ac9937935b4dbdb64fad9c9f

SHA256
055ec86aed86abbdbd52d8e99fec6e868d073a6df92c60225add16676994c314

SHA512
417984a749471770157c44737ee76bfd3655ef855956be797433dadc2a71e12359454cc817b5c31c6af811067d658429a8706e15625bf4ca9f0db7586f0ae183

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt

Filesize
10KB

MD5
387ff78cf5f524fc44640f3025746145

SHA1
8480e549d00003de262b54bc342af66049c43d3b

SHA256
8a85c3fcb5f81157490971ee4f5e6b9e4f80be69a802ebed04e6724ce859713f

SHA512
7851633ee62c00fa2c68f6f59220a836307e6dde37eae5e5dca3ca254d167e305fe1eb342f93112032dadafe9e9608c97036ac489761f7bdc776a98337152344

Download Submit
C:\Program Files\7-Zip\Lang\be.txt

Filesize
11KB

MD5
b1dd654e9d8c8c1b001f7b3a15d7b5d3

SHA1
5a933ae8204163c90c00d97ba0c589f4d9f3f532

SHA256
32071222af04465a3d98bb30e253579aa4beceaeb6b21ac7c15b25f46620bf30

SHA512
0137900aeb21f53e4af4027ea15eed7696ed0156577fe6194c2b2097f5fb9d201e7e9d52a51a26ae9a426f8137692154d80676f8705f335fed9ae7e0e1d0a10e

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt

Filesize
17KB

MD5
2d0c8197d84a083ef904f8f5608afe46

SHA1
5ae918d2bb3e9337538ef204342c5a1d690c7b02

SHA256
62c6f410d011a109abecb79caa24d8aeb98b0046d329d611a4d07e66460eef3f

SHA512
3243d24bc9fdb59e1964e4be353c10b6e9d4229ef903a5ace9c0cb6e1689403173b11db022ca2244c1ef0f568be95f21915083a8c5b016f07752026d332878a4

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt

Filesize
14KB

MD5
771c8b73a374cb30df4df682d9c40edf

SHA1
46aa892c3553bddc159a2c470bd317d1f7b8af2a

SHA256
3f55b2ec5033c39c159593c6f5ece667b92f32938b38fcaf58b4b2a98176c1fc

SHA512
8dcc9cc13322c4504ee49111e1f674809892900709290e58a4e219053b1f78747780e1266e1f4128c0c526c8c37b1a5d1a452eefba2890e3a5190eebe30657ba

Download Submit
C:\Program Files\7-Zip\Lang\br.txt

Filesize
4KB

MD5
07504a4edab058c2f67c8bcb95c605dd

SHA1
3e2ae05865fb474f10b396bfefd453c074f822fa

SHA256
432bdb3eaa9953b084ee14eee8fe0abbc1b384cbdd984ccf35f0415d45aabba8

SHA512
b3f54d695c2a12e97c93af4df09ce1800b49e40302bec7071a151f13866edfdfafc56f70de07686650a46a8664608d8d3ea38c2939f2f1630ce0bf968d669ccc

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt

Filesize
8KB

MD5
264fb4b86bcfb77de221e063beebd832

SHA1
a2eb0a43ea4002c2d8b5817a207eb24296336a20

SHA256
07b5c0ac13d62882bf59db528168b6f0ffdf921d5442fae46319e84c90be3203

SHA512
8d1a73e902c50fd390b9372483ebd2ec58d588bacf0a3b8c8b9474657c67705b6a284bb16bba4326d314c7a3cc11caf320da38d5acb42e685ed2f8a8b6f411f4

Download Submit
C:\Program Files\7-Zip\Lang\co.txt

Filesize
11KB

MD5
de64842f09051e3af6792930a0456b16

SHA1
498b92a35f2a14101183ebe8a22c381610794465

SHA256
dcfb95b47a4435eb7504b804da47302d8a62bbe450dadf1a34baea51c7f60c77

SHA512
5dabeed739a753fd20807400dfc84f7bf1eb544704660a74afcf4e0205b7c71f1ddcf9f79ac2f7b63579735a38e224685b0125c49568cbde2d9d6add4c7d0ed8

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt

Filesize
9KB

MD5
dbdcfc996677513ea17c583511a5323b

SHA1
d655664bc98389ed916bed719203f286bab79d3c

SHA256
a6e329f37aca346ef64f2c08cc36568d5383d5b325c0caf758857ed3ff3953f2

SHA512
df495a8e8d50d7ec24abb55ce66b7e9b8118af63db3eb2153a321792d809f7559e41de3a9c16800347623ab10292aac2e1761b716cb5080e99a5c8726f7cc113

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt

Filesize
4KB

MD5
6bdf25354b531370754506223b146600

SHA1
c2487c59eeeaa5c0bdb19d826fb1e926d691358e

SHA256
470eaf5e67f5ead5b8c3ecc1b5b21b29d16c73591eb0047b681660346e25b3fb

SHA512
c357b07c176175cc36a85c42d91b0cada79dbfb584bdf57f22a6cb11898f88aecf4392037d5cea3e1bc02df7493bb27b9509226f810f1875105bbc33c6ae3f20

Download Submit
C:\Program Files\7-Zip\Lang\da.txt

Filesize
7KB

MD5
c397e8ac4b966e1476adbce006bb49e4

SHA1
3e473e3bc11bd828a1e60225273d47c8121f3f2c

SHA256
5ccd481367f7d8c544de6177187aff53f1143ae451ae755ce9ed9b52c5f5d478

SHA512
cbbece415d16b9984c82bd8fa4c03dbd1fec58ed04e9ef0a860b74d451d03d1c7e07b23b3e652374a3b9128a7987414074c2a281087f24a77873cc45ec5aadd2

Download Submit
C:\Program Files\7-Zip\Lang\de.txt

Filesize
9KB

MD5
1e30a705da680aaeceaec26dcf2981de

SHA1
965c8ed225fb3a914f63164e0df2d5a24255c3d0

SHA256
895f76bfa4b1165e4c5a11bdab70a774e7d05d4bbdaec0230f29dcc85d5d3563

SHA512
ff96e6578a1ee38db309e72a33f5de7960edcc260ca1f5d899a822c78595cc761fedbdcdd10050378c02d8a36718d76c18c6796498e2574501011f9d988da701

Download Submit
C:\Program Files\7-Zip\Lang\el.txt

Filesize
17KB

MD5
5894a446df1321fbdda52a11ff402295

SHA1
a08bf21d20f8ec0fc305c87c71e2c94b98a075a4

SHA256
2dd2130f94d31262b12680c080c96b38ad55c1007f9e610ec8473d4bb13d2908

SHA512
0a2c3d24e7e9add3ca583c09a63ba130d0088ed36947b9f7b02bb48be4d30ef8dc6b8d788535a941f74a7992566b969adf3bd729665e61bfe22b67075766f8de

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt

Filesize
7KB

MD5
bf2e140e9d30d6c51d372638ba7f4bd9

SHA1
a4358379a21a050252d738f6987df587c0bd373d

SHA256
c218145bb039e1fd042fb1f5425b634a4bdc1f40b13801e33ed36cfdbda063ed

SHA512
b524388f7476c9a43e841746764ff59bdb1f8a1b4299353156081a854ee4435b94b34b1a87c299ec23f8909e0652222595b3177ee0392e3b8c0ff0a818db7f9a

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt

Filesize
4KB

MD5
29caad3b73f6557f0306f4f6c6338235

SHA1
d4b3147f23c75de84287ad501e7403e0fce69921

SHA256
a6ef5a5a1e28d406fd78079d9cacf819b047a296adc7083d34f2bfb3d071e5af

SHA512
77618995d9cf90603c5d4ad60262832d8ad64c91a5e6944efd447a5cc082a381666d986bb294d7982c8721b0113f867b86490ca11bb3d46980132c9e4df1bd92

Download Submit
C:\Program Files\7-Zip\Lang\es.txt

Filesize
10KB

MD5
ed230f9f52ef20a79c4bed8a9fefdf21

SHA1
ec0153260b58438ad17faf1a506b22ad0fec1bdc

SHA256
7199b362f43e9dca2049c0eeb8b1bb443488ca87e12d7dda0f717b2adbdb7f95

SHA512
32f0e954235420a535291cf58b823baacf4a84723231a8636c093061a8c64fcd0952c414fc5bc7080fd8e93f050505d308e834fea44b8ab84802d8449f076bc9

Download Submit
C:\Program Files\7-Zip\Lang\et.txt

Filesize
6KB

MD5
d6a50c4139d0973776fc294ee775c2ac

SHA1
1881d68ae10d7eb53291b80bd527a856304078a0

SHA256
6b2718882bb47e905f1fdd7b75ece5cc233904203c1407c6f0dcdc5e08e276da

SHA512
0fd14b4fd9b613d04ef8747dcd6a47f6f7777ac35c847387c0ea4b217f198aa8ac54ea1698419d4122b808f852e9110d1780edcb61a4057c1e2774aa5382e727

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt

Filesize
8KB

MD5
c90cd9f1e3d05b80aba527eb765cbf13

SHA1
66d1e1b250e2288f1e81322edc3a272fc4d0fffc

SHA256
a1c9d46b0639878951538f531bba69aeddd61e6ad5229e3bf9c458196851c7d8

SHA512
439375d01799da3500dfa48c54eb46f7b971a299dfebff31492f39887d53ed83df284ef196eb8bc07d99d0ec92be08a1bf1a7dbf0ce9823c85449cc6f948f24c

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt

Filesize
7KB

MD5
459b9c72a423304ffbc7901f81588337

SHA1
0ba0a0d9668c53f0184c99e9580b90ff308d79be

SHA256
8075fd31b4ebb54603f69abb59d383dcef2f5b66a9f63bb9554027fd2949671c

SHA512
033ced457609563e0f98c66493f665b557ddd26fab9a603e9de97978d9f28465c5ac09e96f5f8e0ecd502d73df29305a7e2b8a0ad4ee50777a75d6ab8d996d7f

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt

Filesize
12KB

MD5
741e0235c771e803c1b2a0b0549eac9d

SHA1
7839ae307e2690721ad11143e076c77d3b699a3c

SHA256
657f2aceb60d557f907603568b0096f9d94143ff5a624262bbfeb019d45d06d7

SHA512
f8662732464fa6a20f35edcce066048a6ba6811f5e56e9ca3d9aa0d198fc9517642b4f659a46d8cb8c87e890adc055433fa71380fb50189bc103d7fbb87e0be5

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt

Filesize
8KB

MD5
a04b6a55f112679c7004226b6298f885

SHA1
06c2377ac6a288fe9edd42df0c52f63dce968312

SHA256
12cc4a2cef76045e07dafc7aec7cf6f16a646c0bb80873ec89a5ae0b4844443b

SHA512
88c7ed08b35558d6d2cd8713b5d045fba366010b8c7a4a7e315c0073cd510d3da41b0438f277d2e0e9043b6fcb87e8417eb5698ab18b3c3d24be7ff64b038e38

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt

Filesize
10KB

MD5
a49801879184c9200b408375fc4408d7

SHA1
763231bd9b883692c0e5127207cbfc6a2a29bc7d

SHA256
397a3af716eb7f0084f3aa04ad36eab82aab881589a359e7d6d4be673e1789a8

SHA512
f408203907594afa116a2003d0b65d77c9bca47663f7f6b26e9158b91dad40569e92851bf788a39105298561f854264a8dc57611637745e04e68585b837702f2

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt

Filesize
6KB

MD5
06b08fe12c0f075d317cf9a2a1dd96bc

SHA1
0062ba87b9207536b9088e94505d765268069f63

SHA256
6ba88938c468e7217bd300b607d7a730530e63d1f97562604ec0bb00d66a06c9

SHA512
9f9fb1c045d92c1f8035d547554457e3466ae861a04f1cd3f57965e4a92f0fc433b2a7b3e9e1e71588e97f8c73d5914a750deded5d3056e327d7efe19a220198

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt

Filesize
5KB

MD5
03d38f09189799a0d927727d071c54b6

SHA1
17ff3a2c83e6a0b0733f2a9a8ce6b83af4f1b137

SHA256
c1c050ed6fe2f8fbc048fd7d82944b8ada784415b6e62316d590c3c7aa45e112

SHA512
e511c1a271a3d78cb7f6111759eec4d7cfc2d46f71f87aa3c4ac1bb11cd4e55e7d4dbe54f9c5107025ffe8c5fcadad4359dc673bc802b82388e74a8f2fa60ff7

Download Submit
C:\Program Files\7-Zip\descript.ion

Filesize
366B

MD5
eb7e322bdc62614e49ded60e0fb23845

SHA1
1bb477811ecdb01457790c46217b61cb53153b75

SHA256
1da513f5a4e8018b9ae143884eb3eaf72454b606fd51f2401b7cfd9be4dbbf4f

SHA512
8160b581a3f237d87e664d93310f5e85a42df793b3e22390093f9fb9a0a39950be6df2a713b55259fce5d5411d0499886a8039288d9481b4095fabadddbebb60

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\77603014-e5b5-4466-9c57-059b5cb26c68.tmp

Filesize
11KB

MD5
69e00ddc1aeb1bdafe52ea203deb4a4b

SHA1
6ea9833bc7caa7d85a727a49e624963089cb6f79

SHA256
805db23c2aa8323ee80c3975bbf8dbd2d3bffdccf0225bee1f6f22194819d5b1

SHA512
66647a4cc850267ae1899a8aaade2e534e42a16c8b4aa8a982c97401c1b07daedc3d21fb33b51e4769c2f8d09e75784a651d878db56e211053209fb68bc8f5ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
8d63daafdb1d815b4d429d9018033ce9

SHA1
6ed2b4ef1c3158f9664ead833aa6868b20191322

SHA256
ac79a74219a641b968462454c12321e6cd1df4b6482d74678cea56326f2a8281

SHA512
5cf8a39bea60506329cfa55ebf7d5c55b0371dd56a5e5d213471aa5fd0a4fe13ffe4c5e2236289f3d309ff81e1024a68c5bc0d709c556a82efe1e21ac2fcae7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
6e59888b937fe3ba9e44b1929473f02c

SHA1
0ca96fb911fa6c589bc113c801415cc53d1b90fe

SHA256
2a43ef293c23c9ba91ab1d683bb93bd487291a0b93dd7e38109a0acceb44f6df

SHA512
3f171d6ee24e1ac75b5a796f24036830be30ae9f99e168e29672b000f496e8daea8762fdbd5643fd7e8284a7b1b515399d797dfd154d5d26bc8dfb290782c6e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
a08236a8ae155c2eff2c27c60134347c

SHA1
83c7388bfea26936338af7e3f20d5c419f7a7eae

SHA256
dd7055609419f48790a1e3c113c06b0e62663a8afd09154cbbc1354cb06de543

SHA512
b75a96bb4db8fa222891bee35ac525b8e0b6886b11a09052bb2acd9c543cae20446497c8e72f654ab62ceffce53ba10e44e51772225cd9fa7963cccc9360ad45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3940045307f5085dcc3e1d1ada730a5b

SHA1
266218aa1a2ded0ce0d8417ef5ac5fdc0213bb66

SHA256
438ca043d204ced4f9d943d4df1a9add96946c493534a00c7cb0d29d99a82cf7

SHA512
69b7104f00bb7dc5540b37befb66f49a0fee3e4b9b6b31eb04100cf5557cd0c1c22d0ff08ecb2b2fe3b6f941e623b007a874c2524b9793991656ab62e96081d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
2af346a86acb3f4115335db00ec0b59e

SHA1
1a0145bcb4b9a83e1d2c9b1e9d22e5ab76a29816

SHA256
d5098eb5e98a1f85575cf885c4947ad941f1fde17e187b35f2948aed834858e1

SHA512
596ac91c0ce47ce84b83ee210ad93b9491a93f67d48271436fa0d28f10f706a5f23add5ef6d470be2bcadf556f62236ff4d11d8ca2375a083d8f7bff0bcce96f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
b09d3ce68c5364e92bb6b78d3b785fc5

SHA1
2e7e2a9ca60782ee7174e9d0985e2c9e88e2f3a8

SHA256
655c685f5d06bf5177e0e81d3f2fda400b0e9e56a781c3074fcf768bac53b5ce

SHA512
bdd42fbababf83d1ede074584725a891dda20f8f148f4f99796d2e38ed99a1beafc6612fad64ec0b8f666171b23b865db7d28c3db80b08fac99ab1272f456522

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7779ce758a09c219bfb87430737f427b

SHA1
b0756609cecee2243d50e6d5a8800ac37ea37d88

SHA256
abe6d0f06200b546762ac7999d72bde7f4c631b5e3c8c93ce965492b3b7e7670

SHA512
5adee8b9fb11d8c1ea8ff8443243de00ba4c4f84ee0a8023f69529375be11805aeb8ced7a0e4e5b100156a4fbea51aeb63467cacee3617f1f69e1aaa831fac7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
cd45747edf9c6211805c41f6ed8af315

SHA1
8f46b56ace8428f307e70e599f4260016658e8a9

SHA256
451ccf2929527256b7c83ac38e4a1fa503c7beb348856749337cada7bccd2aee

SHA512
c00ec182724cb7dcebc4b58c6cc6f98a02682595fbe855bef3c73b17b87b202d8b3b279f7b9289c65fa4409beefc59cd198292e74b42a5b92b04cca9a958427d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f600db7d59c95e35f45079b9e95ae3af

SHA1
32825024d80b4d8a2a1ac7af9db5a4cb257c2b23

SHA256
8bf93b2a006f5906c96d897ec516ee54e2e24805716ce5666a156e98575d4f4c

SHA512
1b419adf59b38d6b52f11ed7fab8f31402afec2db491bb26e8cf1b06b14d5c2e7d0407815bd1d3cb908d28226e69f9f603594831fddb2cea8d13de79a4280126

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8bbc1859ae560d7eb78fd69a5505c581

SHA1
8c01101914899cce02d17babd7a65be9da24e3a7

SHA256
a0331949e9803ed1443f939d03e2a643459f801c72f866caf5b28dbeaced7281

SHA512
da74013239c1083a30edf534060d79504dc3a8ba48d48f0c1aa9b36c50a0936bb1ec857fcb6546dc4813c9568c71aa34622b914b41b729e766bb9f0086222ce3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
44541749759c748b350981fc5460a514

SHA1
ccbb553f983e51c9beceebbff0d1f1db45184657

SHA256
e3a22c9cc6bf7fc9b2a8b6aadc988545927af24ee2c9be46f8e99650c08f0b98

SHA512
c232e1407903e2824c744d9009e5c116305ba82c209b598dc472e9622c96d10007a69d3fcda6e634108bed61742a38ec2c3d732d1149c836dc96065c31eaad54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3754c414a043b1b44204ee1b2eb7ae87

SHA1
de516494a6b054476b334037623ad5f73ce338f6

SHA256
47c2a072cb9f12aa455e96a079b9adbaaaab953e0756bf8235df6841a1b31de6

SHA512
e8cf0b93d84681335495a32762cc98916dd98c63b0bcfce2500e6e4f3548777e27864bce72dacc1941ac8d12fa830035584fff02be7005768e302092541a0521

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f6d5b9d4ce2e7a1b52c3e7e066a8a0bd

SHA1
9ca79f958ba0f23fcf900ef6721d234611004315

SHA256
45f64b22738589015d50af6279046e4f14d47c300966735e046e75896a5193b2

SHA512
3112be3af68c7c9db870744a632ed4d3e58ae28ea2e10536c98a2d5fdc866c28915f1c9c5677c852f4447a987c2544062707895f1375318a981fffe9d1b4f0ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
83cf79ad0143c68f1078f7c1a72a5b56

SHA1
0c9bdff6101f8c365e8c365647b64cff19049cf8

SHA256
f6bfd678ba3a1368506a1c5ddb18926630c05182375ba5c5458715ab037def44

SHA512
6961333f86aa9ed06e71f4d0855a50c755f419d3d666efb22f24df8f10fb0a732dbd5143f71a2e2709f17fb95d29dd1c9746c042540991d5214d82774af285c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e6da76d7ab984d0214e90347d967378d

SHA1
955bf4ca7c3e9dd6950a56a7b4dc8986040380ba

SHA256
32274dcd14808e16eea58e156ab4ef479fb0e5e42e5faac589966261f8ff26ee

SHA512
b93a18c2984f17301efe1941bf9173504065dd318b6e0b10a88d2e70500a7e95e8443424bf43377e803ebdc36c42f7a500203abfcd4588d06d79b0e8234d9da1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6328ada04e58a18304366ee05736cbaf

SHA1
0bb9e8c991c4b2c8373223bcbefbcd7a672b534f

SHA256
20e595ebcf72bef6c67c017030f4c7427755f1f11c8aa2088e3d72d3dd221933

SHA512
86e5205395611feccb0a1d9830c8aa06e8a83e6edb6b7fa737478fe53180aab143e3f6796bc63d72c4b98537c68cf89e8c764713ec38d06093305765609d62d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
480344c952b878ffe0aff4f6fa2428f8

SHA1
24ef2a88f93baef648aa3f46788fa46fdfeae91d

SHA256
b74249910de887d942cc19390b49b0d8c5ff9731d0fd8fb93210b0e7610bff09

SHA512
6d1cddb16cc2df5e73d25219fe78d4699d97952ca4ca39ab3a296ddaf0a39365f9efd26818fdcc52e7dd06b5f132ed76ae0893be70ad845fe9352fa60192741c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0df69b93a86b4d77d42c10a23fed3215

SHA1
15778985113cda6964d7106a3f1b2cd0e0f696af

SHA256
7004b7eb4735b0cced3aafd586e9b1c32595002b658cc019efa6fa2e8a3b87af

SHA512
d36843ff69bf12df20b4af54e68b01991a3741a83d2db661104311a44ce13fa1fd0f8c56bb2692e8a148f5020cdd99c547f2fe2f1a55be40e9a6ed0d1bb9ecea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7ec846071aa0a24583c5e426c159ae1b

SHA1
38ae0f4292d1ded111dddce2dd16b0afa4a072cb

SHA256
1bfa05e498fe649441aa0c6ec5dcc9f8f729d3f7cb137ff5be95358cb3ff9ad2

SHA512
972c1adf602365f3530bccd1750e98c4ff488559df2f989cffff02451860938e41af18cb5332c5c447850131744c64123207252e23ba50ad7224840ee95fa549

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d6fc37daf9db0ffa41212dd6289ab82a

SHA1
83f864f0648ff55ab4caca9eea3856f7157e1ad0

SHA256
57fca8ac59de9a369b4467e8122a75a8e07aa1565b13dc9eefe32e26154892c2

SHA512
f4e179d2f5530389a43f7e257d7fa5664e692d29d3774ae486b466845d2a6f5c06965eff63181e37c570892e02fb9a7d562bca7ff2c30ccf0b4aa314a35ed09f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4fcac9895e5e11700a6523172e1dd172

SHA1
a39d76232759656e588e1c0b13b0d3f574e02313

SHA256
cd276377a2cd4690f80ff4f0d5cbf982af7ca9289b678e6e50eef2fe8adb464a

SHA512
45ac8b474785471e46354ad380ea6d9d4c57836f916e5435a47ea766785a95c5764a57a16cefa017181d7bdc00d0a3438008145187d61bd513be7d8fb151a797

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
bf0d27d907df2500ef01831cf836441c

SHA1
fa92d7c18ca4321159d6d29abbab8d67c38cce84

SHA256
f64b1448fde892e03e935299fbb37863f20902b9bdf42a0144c620059448d18f

SHA512
268f4fd9ad9b728fb45a7585f3396db097604b01b369793f961a2f5116dd74c686d7647a918984dc0f8a0fce863fdc6441db4003fc17a44eacf5f2ccbafbb95d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a9bf48ad094a189090ca342d81d8a9c4

SHA1
c60dad1e604cd7b2893fe10df6190b5d7f0ce119

SHA256
d4662708f1cc6f7be5431995094395f04c5d68b18899e7bc0e8e7bd3b7047086

SHA512
d91d7ae8e68dd69a2648aba2fb67f30cd2860edc6bd07d3f7c35236f92d89e400400e9200837358adf796c17a299aef4f59abcf2ff1ae7d3830fb8eea4bbdda8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
db89fae7dd9d00c1d6608e52f6f495df

SHA1
980d4bdb7d52875dd3d9a0b5cad056c2f5f681fc

SHA256
0b77b9e10e251a5b3d1f1fb11789333c5a7c609543a1db50fc38c4b3db3b8b62

SHA512
5111b4599f24d0271c1cc98ee63fee898d85c4b549205fa96af57aed941979c0a6b54dc8d80158f46162ea33bf4ed4168c28ce214f28984d2cacfde0f42d4654

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3de7f675f578633b2816965b13c69eaf

SHA1
39099bbe6e30f04b074386a9ce13304ea5a07c88

SHA256
f8af94070d0553fffc0b58c9c6ab12d173dde8d610e8a83547ba0bd9b0a2004e

SHA512
2603aa850a70574945e09f3c8051cf2ee52622831c177aee1230c1b1cdb4eadc8a038c74113dce7597f3b172165289e95ecb301a9455804f5e84e87101568014

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d6b7d7929004031b24777046666764ee

SHA1
8be8708550f25c943c11c2d528aade857011fd00

SHA256
d21f765c522490786eacef1e67db68088ea24b46e4b3d09bba9a8aa46fc14674

SHA512
0fbda115ec8e9df060e059aa1640850700136da7660fbb341f029eeb56275697023c0f0ed63354ed32897607f8b4409d1b4ea1f3b514c23722fa610dd22c57c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
84eeffb149ddb6c30319747abe2f8181

SHA1
dce1ceaadeab9a5d41313a512b0f1c1137555e48

SHA256
20244fc11fb6e6b055ebb06c63abf546a56b2b8811109cadfbec8d8ddcca2a5c

SHA512
7f242cdbbb62889ab028f8973a32e7576c65b842834f90d1ef40d0609f84632d63ecbb1679a7dcb7990e9bc05ac70845cc65644326020843ad1b02d4a0949bff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4db7d7e65ed235f51d90c6add2b38e80

SHA1
d32b7cfd3493f09d4f4d627b585e24adaba5f562

SHA256
f59b97c7269573f46d33c46f2dfc553219a0bb98607c675b5db49d9dbd345c28

SHA512
b92dd8982e20fd8c80bace36d878b7fbaef16f6e867e4feae00b7b209d85209406fa9c65cc0885f82bbfada40c7f8ffb43fe8160929c31eadd18f9a07c01dccb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d6a42fd9331f10d97189d778a0f4fd9c

SHA1
75b88956f6161d976efdf9c5bda88843721c1296

SHA256
38aa8466d851d7c70dac8586c57ebd03e2bbfce927feb95b4d35f47036903ba8

SHA512
4ed6e0910daa19b4c387336d903d4aa1d09ac4f9b5e6ac68d398e2bc4600fdb56b966cbe5ec2e314bdc8e9b6894d5a748402640cd9799fd48f0862840e9f0c87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0d9e964d82d2814a5afb5960be66163b

SHA1
23cbc0dc91bc794efa967c9d1bf16afb894ba338

SHA256
45fdfe6e46c903549b1501f9c12b0214ddd66ba8b653fef29d6025f426b4c298

SHA512
2a455450992ee3ac968e23533caf0e4577a1e0d1954ff0f46a902a22d04a7ea96f81b96d02754f1e7be7c8213226619034ebd8a19fb4d46dbe4d387536678085

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5e18a6ba07fe4b12dd3da90506868f6e

SHA1
ea1d88df2d80d259c8f14a2ee90a5661a5268619

SHA256
ea41e7074a65e52d11bf03a3d69c6604fad2912dde81092be86b1e62fe967dfc

SHA512
ec42a380f2c407e8ec4c82e0fcc2dbfc4013c6a805aca18b43f16f21c8f6942be059f2e8ce9952ee612a48846d9deffff9fdeee2c3666c811e7b2c411d808c23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
940b736108deb664cfd2a429781812e5

SHA1
1e0780c53e71f18f345173663fe25c6dc12c6eb0

SHA256
350faa97f8a747507d61a9c3b707b75f06e0a34b984c6fa4dfc292946a688358

SHA512
5cb04fb799e56211d086c2ecc3a9ced953660bc2b9756b2bd5b9305400d936905ac1be129c0c0294227f01c90bc9a5c05b9902f08eddedc9abb66a4897f25e49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9d734491137af00888de0e4e65d10603

SHA1
57c6eb757ae9eb5717aa8df0dc90f24c4fe5efad

SHA256
f2416e4627f44aa5b50c08ce085d89d94f5f4bbab2847ccd238b4a6581599000

SHA512
512b0c56c80aa84673373cb79ad71313af77d0aa761c178b5978092a46eaf2b72991c572b6dae813a36e365ddb74ce2444c55f2f963426bbe556bb9e2990101b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d2a42b0ab04734a9910e0af4e09c16fb

SHA1
7048971f0ecdf62255920b57a4c90d07f7c26fa6

SHA256
472bb2d51f9ae143d966ed19317ee99025414f2537aaee5c6dda009a451f2e5c

SHA512
627d86412e8289f007bd77e9b8048cc211548a9d5b571fb7a7cb856bcd68b629dc068d0850cfb1d573e4165b99424dd50d94cfda17bcdf58408d940b4834d915

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
90153b2989c60bc04e1de895b4b1b35f

SHA1
a406231c54c452d2c6377fefd031a86faf7be4e1

SHA256
4f25f9d8de806339d1117da61099611b55cd822fea4ba7bcd4f4b97bf315b4be

SHA512
c535dc24b7526697376d2994bd75b26ea028061fccec7dd37408a85eeef4fa21d3a19bb90bf232e374f2adaf5a62fda09c31410ed6a36e6a3d04936cc228f98e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
17963c34ff91fc6942b430e03e1176e8

SHA1
9c3fde4f966ffaf6d6aef83d1e3b0a3d0e190d45

SHA256
562b82e7c12a22056fee82a29c18654ea6cc3ef530b8dad8c8d675e1540fd279

SHA512
9adf62285526fcaa631897c559ddeb460b38e8b23e2395e6445cd54bec6fbba185c8519576eb5a89334d6f270a0ed6b8dc7c2694cb32d1368fcaaab19e96467d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
95d2efa29e5026c49ddf2fbe1118a474

SHA1
544504801c1bef0d375971592e31c7028b5a2056

SHA256
57ef941df25d6ad0e9db9e2ba5f5b8f0e4804be7a029b15ad2c07ab6ef77fcf4

SHA512
88281ca01edef3944264f7dc16fbcf17ee57cb32e989d081584f79f9fe32227fa983dae798dbb1f3e7a001ec40f481a2b1d7500cd05c7fb2cd5db4672b735395

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
42fb905e226067059916cab6295a5c13

SHA1
2f0a4838000865ad76946d6424d0267b1778d981

SHA256
c3cf2f083287a0a67270204f4dd83df61d6f80cb3b22b3570f2b522d18623e9d

SHA512
10ccf10da2a99ab6f20c1096c7c0ca14032fa85af945c33f9ffd41a8c215c5892f3d2c0301d4a902e683ebc3124062f8008e762032e572c0258aeed26e6ae7cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f3625cf9868aa74f81dc99e361889661

SHA1
f740bc232cfdbe1f7f08e725f4dc7a841505b4b3

SHA256
10e8a85620efaec11b677b400412c5c7bd58b666046cc934cfcb75c3e0e8e50a

SHA512
19a2e3adfde4e7309d3e8022883871d600d0a55b91ec3cdaba843013bda48ff96713626c21866b068e0fc511f33971ad85344f6b3a755c01e37714456bb444fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4aa57a6640fa334944bc05a99a3eafda

SHA1
0299c3a8ccbce5edf18b645fe9d938f1dd67d6c3

SHA256
c02ca83fcb137e86428dc09779347af96def080f5ede87e8e12f50a513e5ba02

SHA512
d30bbf7e3eea73e0cd50ed99c4e6c44cb1f28ea40b02d4b3983d6776384430df5ebade244fc5614f31644936562c9c014cbff2ec6a256b264338b59658810e72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a0b170d193321d10a8091a786edd8329

SHA1
490bb099239cfc797b3cc0d42e648f81abab62e0

SHA256
decce4761c43da61781b7780745a82941a8bfebe1ff2183211801956ee431379

SHA512
7134b3420e7ad5815dca6b952a55e8f462cbec6d9eed1fe80ee585f368ab57e073ab4d9b8bc6efc26218f66245b7068da46859bd5459d2896bc4b7b135f9d3f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
387815847cc37371c4c1237d49bcd395

SHA1
089a76fa07cd8842984cac268cab1d7e6319bbae

SHA256
8e4274aa13c178abe60a138b70c277db7687cdc6134009fdaeffab56d4e751f1

SHA512
d0df315856e8e1265a252cb5be949357fde010f773545934318548fdd59124f27d225122aa5aae8d4894b52ef54bc15a3153fae6fe224ec47b59e7c96e55099c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
14c8b8b99ee7a087cf7003037bd16c98

SHA1
1e109dedcd44a172ac25babf9f7407b5ee6a6405

SHA256
41ff43b5b930a5cb8e3e149f94f96af539d4f8b78ca530280c2b6ac33469536d

SHA512
04ba667bfe86ad741b1725c2f609b38cce6fdeb80fc1cf19e41f254ea9bf03e83641d1cc6903acead7805e4fe2bb7e62d0cafb13f931578a82824694edae59f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
aeb80bff14d121139f35a1140c17106f

SHA1
a186f715a6e527aa3e0fd2eddffd6c66f36f3c9d

SHA256
9ff41d389e00b5b4431adb649ef8051e20f2cec34af98f1d56b3c39216530afa

SHA512
87de6c2643fae343300932aee49e776cab08aa6ffb27b89c611375755f1a50d1bcfc03100fe034f6426a4c8a8cc179f43303461c3cf5f46f3b43dd0c982ba911

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
abbdeb7b0232ffd6a4570e480f0a2c64

SHA1
c440f65b07ec29e7ba4784f166c621fdaa3eaac4

SHA256
56688ab462778a9d6845fd1addef810f565789f2896ed9e7c0681d8ddf9036db

SHA512
b4c6c796ea373f717ce5decbae8c5ed94b6512597796ffedd19bf7303a37f06497137bac0b91c630c1c389e475c1de3176992f97112e7bb22a30db9c214936b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ca4dfbb6ae18842de0ebf81a47630820

SHA1
cec957a6bf6b89ae481212c4fee2637f201415d3

SHA256
3afececdd7c124fead47634e23ae2993faf81feac61ea77e5a03c0d89177d58e

SHA512
e897077fb949ecd7bbc4dcfc25abb66853311572fecbf2415956fee7afd7f4de99f0f404af238efcb023f6a84948ea8773aaa378bbf37583130d7fb5ac54d6f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9612fb44879a3a3c90d9eb8976344cf2

SHA1
af20f353ad634b3e4d57c000c1b5b70a8d41cecf

SHA256
140f78f1690b3492a5b1f92b4369ec3642885c13459e6c78ef3b2847e37670ef

SHA512
f349ddb23f3ae6fc3cee75915ab3507d4f0c311b80bcf20bd12cc69914f7d08cc7fb571eeb15aa7945dc7eac408633b5b0050281e818a267f3513ab7472d8440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
de7cadb5f11c8cb171d87168b2d8293c

SHA1
85105da3bfc9edcb8cafc4c5285531ff9aebe4e6

SHA256
2f479cdbda578381827a2ec58ff2151aab71c8b99c776ad3b840af5b003abd87

SHA512
c0d72426fd328e40c67cfbc545f7ed165c6e0a6273d92f9df1efc4b4ddebad1e326857bc5d8af14db7e5f98535ff89c8d066e2ce7ccbb7f0f4c8eed4896a0b4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c89747fc476fcbc79196e0b96d56d6a7

SHA1
dc5304c2e899fb89f9671e2cd14d6576be817d34

SHA256
0122bd129016d85e3909762c01b21a739fa65be39e2ca2da3add4ff37aab1161

SHA512
2a47abb8c7e929734b753042dac33e79144183c9ee623a4476366faea0bc537b1ef7024c2be822ec594a9f0a49a7822955bef0fe9acb6891b999dc9eb7d6e41b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
015048531869b1044230cf8a153224c0

SHA1
504b1fce974049304ac1172f51a537131bfafc77

SHA256
45d91bff2d95bc70c12ab50a853a2e1100280d956cf4ad6c3a9fc208e1b70682

SHA512
17b9c3c150cf0fcf8ae43e2365cb38d561887db1f507bd0047767d8bef345b4b4eb1d8958ff7d4091cf8f1836f6d2eecaf6b6fc62dc4abed701f41200fd5be26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bffb1ebe271048d0cd93d667368b7c7b

SHA1
009f7574d4d200df0113180ca59b4ff19cc1ebad

SHA256
37dd985f2ada9ac1ce6b780fe011cbd87bbaac5a48f43bcb720ae88013a14db6

SHA512
9a4b1d0d1b59d9117dee785c609b3350a37cf1a4081df8b43195e311a70eedbcf5a7f33475da6d1caf8ef403f100f4253e7d62173697628e65b9fd6dc5cd3e99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ed1b3b3fddbb4de2735006a8d13aa9d6

SHA1
b999f784f3426cce3770cb1a7bdb7c5867ee6480

SHA256
f4b44136368ec62226eddf8efaea864824f856da2dfd2e7c9207557997e42d12

SHA512
f8d100abfb19fbc6c70f3875086d49a6c01471b6bc4d556b6974fe81a3baf66073e22974b536482b1e4f3f2c316e708b1763f590a92a6e2b54c720dee199016f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8eab107388408382fa9c2a784c822954

SHA1
98800296814f930b52fd4aa3e1332d63045a5a1d

SHA256
dedb32faa3718acdb6b2cd80bf3147750ee4d70cdc4a5516158656e127b010d5

SHA512
7227d50d4c8b5116548a6f8ce6b988df869fe3614ebc05228fa7ab6c2bb1db890246b5ce2c519cabd91dc815d145578e20759a27af179abb04226426a769674a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fe4c9994a819ed16c478cd4bc15f8621

SHA1
a57f4962bb0242ada5f0e0747896d72d0eb97ede

SHA256
9398d3a8858d02ae347a627074ca3e21c1db90f0564f148853f747cb5eb2ba36

SHA512
593e7bc8b732f248ab8544cf0554967e9c6439d357d54d8a083a420ce6996ac7cbb5883ed5106cad8b9275691d565128713c06e15bdbfac3eeef165087c1835e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9c96ecf49c86ecdb2fc81953312e583e

SHA1
8f2b88a9116015adc58ca91020e0055bbd296243

SHA256
163cc2f52027a680e6f7d7415ee5114f3f5ba6715a897b7065433431beb1cf7a

SHA512
1e3f70a726fff280839ab987cf0e2bb43c1292dc4ee7cfb2202dde8a047817c9d652c13273de54491ec47ab073f9cd05e7d73ce204fd9dd5193610704865bd50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b81500c11c3d05434faac21aa485f265

SHA1
72a2e2f5837259c986ab1f34282626fbbff5a600

SHA256
23a74feeee6c1b36316fe7aba9985d8444ff84c2a2b5c730d7070f4df06b7845

SHA512
d49e7fffcea21acef283d6e3aa1e4105122d8d1bdbed772f56e5db63f72378fa411b68ff733cfb3b22fc47763b5e9b0c7de56e7d3aabe15561b64d56f1caf8a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
06a3e7383c32ba8b165cd216738e40c8

SHA1
47d3c2981630367d817b3ce103c74dc86f56e3ce

SHA256
6aafd1630558821078221c6a71c1498e31f8cafc28f66f074c68b3b5bd6c527d

SHA512
fabdd9b9b21ca860bf0ab88f1d4fefffe0e91770c093a44bfc9f1f21e8d9b26e082f3d79153d1429c38e68fc910b119963df23e27978db2cd7ac3f8765a8e89b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
aadd6847b83afae5b5cbb47351e63b2a

SHA1
f9aa3bee398c5545886a91cef25a076b5c5aa9aa

SHA256
bccba95ebc46c1b21d5a17b68bfbef7c904131509991ea9a935194c61d309e63

SHA512
52b8f3d5663b51fb95c380668b775c334e9e2fb27841ab81bc8e5eeef1e43c7da640ab2954c7a731ddb8f5045a1895a20d9b0472dbb8380f93012a49831b9ed2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c95ab36b20d34d4dc8c70cb6d8ca5e2f

SHA1
dace563c35da9b8ee93f53f3677a9e34a005e4d5

SHA256
9d173002be31e185bfb4cb8f9a83a5e3fbc185b09503e308308aa1a5929fdbe8

SHA512
41ae2d26b2d03748bbceeebe3659c3e62b77eb809b1506aae4a3bdc885262244dec75d665cd780d4985d9b20f39b9fd2fccbe975bc325f512f69fff6e9cd3e2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bfea247e3153babda2576df115fe7eb1

SHA1
d23c7c7a9dd2fb76b9800e27ed382f5f5c3028ea

SHA256
3d736d3d545b7e8498141bc3796b0f4e191fb24b376dc9a71d556d16a5a42245

SHA512
5a2f9cdf3f16493744ad198e4c0b855d2579fd9583eecbf8a684ddc8a8a6dcbd6535c1a5f057a1a5f18ff52484eb9d33a599039d4064a551443b4bed69ecf770

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
45183b8da9714c2efbaf6f358f9927b7

SHA1
529b9a28af2449d2db4c49ff320db6a962700729

SHA256
153aa0765f143dd4633c4e240a439a98ab33a4e9b2042709fce44fcac06b2d5d

SHA512
f3555a7e9fdf57f7e5b14fec683498591f2a13f64b7629cd307a0805df8e45f92294facefd94f8dc51ee847cdcd24cf9eb06d6bc1a11fc86fa6bacf0c8cb4c46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
cedf7d7b41eb137b56de0b433ccb1699

SHA1
941c2ddc9e5f8bd98839e51eb350d227b33d33b7

SHA256
7ce7a41a491319724ed68acff2abf6fcb0f7d1d79f47ec596bd405d324ab1c55

SHA512
9a94e1d94f84069bfd170c5704c2a4e4b81c0b95e1266d35cb53f112006e8d29d5d45ccc770e8a8ad4d599b36619dd8dc883d307498ebd533d24111c36e2ad95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
e2da546eeac47b8317915a07d4856ba1

SHA1
f2f9374dc5647268b30eae5cdc8b7447d2df76bf

SHA256
3103a3af8d27586bf48fd144d32516a329a2b5da6c10843446203078bbe4e913

SHA512
5dc8b757a36f077ffc22a3ee2893fd0556e0af2a8d0c0dc0404e297a02243095ea9ac0ac28172ec06b9e7ae3452fd330998f5a158bf78a6f5021c5d5f0ef9e53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
67c89cb052dc1563668cb893dc9d9753

SHA1
d011ce12d45020a4086d48bd4e6775dcbbb72766

SHA256
d09f162ef8c78d2402d3c2b92ff8ae402ffdccac1f126b830d7c329514466eb3

SHA512
c4a405553d2b675ea9fb13140168165600f1f734655ac16361ecfe9cdaa333e921d01eed2e292ed82f5659e60961fb8c27a26699d0a2b1880960170349130d65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
413f576ee1b3adc0f89466a0f152e0c7

SHA1
14c7f06f5fe6c9cfa93b7e335d88cb172b21fecb

SHA256
8e0f76cac97df4fc1fa9fe2f56f3dbc22451ae2314cf05dcab59ee7a250c396a

SHA512
60b584942e9488be9cecaed8e147909e0d6d21020d23aa096c104873b0831ca2bcaa058d445b91cf7fbfd4117ae71ed38d7f718c5f9078ac7cf1b97a22364bcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
ee5ae7e109c8e179dd8af10dc14268fd

SHA1
547ff254b0735b59cd5d59d409fe666544af2ff3

SHA256
69cf7f513f71a9dc65087ff7bb4e381e55e813f4d618ee3fdd6b5db9178365b2

SHA512
d4ba4b553654c5d6cd67e0477742f5edbf5a312160b9a76c04720d5b16f6e4dc7daed137091c2a7f72f04e091b0b837dc9bce84128d314ad79aa58efff9a6e21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
2daaf139b81c58036f06b5adf5c69e76

SHA1
fc875fa509ab6fb353c51b3989790f92ce5908b5

SHA256
24288c17e779835b7f1d282b841ccfeb29ea8e0d87a415a1b990a5a386ae94a7

SHA512
4d6f71d9ab5a58861cc7f9f19db48066a5b46cddfef96f76b2cfa10f4bc937d36aa3604df4b16bdffab139e373560cf03d277754c1de30b3614cfe11f4d569c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\68cf6ac4-2811-4364-b9fb-39e9851b68a5.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8764765a889bbaafe04fa1579fe7879b

SHA1
ba5db85b02f91f6d46b8c58e95c561a4bf2854c4

SHA256
4109507545615440bc0ea7acbd9ca84cea356d8dd3d73b604e8f5f1c20f8e70b

SHA512
e1954f76ac4406e8386b2a7160d6bc82cd029a3933037249a37eb0e43079d2af77f5f7ad7fc23a4b12785e105a0a38d9abd2fa742fce786f793cda09b78bc8e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
38b7bf1c4adb038b61a6040b926e5c18

SHA1
776c097705773d1078c17bbf170007763d8f9f92

SHA256
743c0a22aa4d657df90f1e25459637f483ecc5122c5dca01bd14033d27878d7c

SHA512
5a5f6153690d3ae5f7a58cb7e0562dedc978d3572aa3cbeed60b44107ae16b75e7fee5d7442a1db7af23a9a56b65217b112ff4a05bd0d67ad87c8fc3f98d26b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\INSTALL_REQUIREMENTS.EXE

Filesize
39KB

MD5
1d7de7d20cbb55f9393bb1bea948a90c

SHA1
60cf33c8b253a4dcb074969f63a84e708c841bed

SHA256
838147095df799b3e3b4ab9e997c8c5b1dc74904d277376c135fd7869be0ed95

SHA512
2f193238216c510755f8655975c82a446a394e4bbedca314568078e491278aa88dfff4e505da07a797e5226c01c8875c9d486abad3d291b71834f77f00728735

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_obwnsm4z.4sq.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
380B

MD5
ad18bd01f09ee0a66fd33bb8cad869da

SHA1
d211faf30997f168865cfe9d9a8bcb30dcf37a29

SHA256
0ccd4e6a1b45ee273fc404ca6202a489eccbadb5767f214a9aa8860c588c740a

SHA512
d544c4fcaf486f05955048f3d463c66ceb005633939f942b9f401987b2ba17e374128a08e6b1a21d26243212b104c76adea352661c0fec9e6d86ee9962a6b7bd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
9c2dc05836ad55128265ab39ab8468f7

SHA1
c14c08caf037f57103c7b8ea73730ddfa51dd27e

SHA256
732ca6eea52fe2a4b26324edad45ef864c8232e52e708be181fe96abe6396532

SHA512
eccb38ea730f5d6ead929ce6d260e3a90a6e62879f48ba5dc3e5818b3b5221f98f1065b8daf4b4110a5e7d8cec5e98c60b7f053f4bd07dffa95f0059a401e78c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
1a2069ef8b5f7f4e9d8563eaeba4dac2

SHA1
a72f60401e7c87ee618066b10ae873b105e0e7ec

SHA256
2709b54da17a0010703afe8e61148ff1c4a2f616a21a1b7eaf2627d750bf829c

SHA512
d30084328e57718df85b0b177ead51c78fadc15cb6542022b49163d311967ffd5e62d1d7d393148fb7fb3ca2068a24f95a7a017fcf62ba7e5e15e41ab2f251d5

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 618234.crdownload

Filesize
1.5MB

MD5
f1320bd826092e99fcec85cc96a29791

SHA1
c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed

SHA256
ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba

SHA512
c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a

Download Submit
memory/1360-1185-0x0000023D77F90000-0x0000023D77F91000-memory.dmp

Filesize
4KB

Download
memory/1360-1180-0x0000023D77F90000-0x0000023D77F91000-memory.dmp

Filesize
4KB

Download
memory/1360-1181-0x0000023D77F90000-0x0000023D77F91000-memory.dmp

Filesize
4KB

Download
memory/1360-1182-0x0000023D77F90000-0x0000023D77F91000-memory.dmp

Filesize
4KB

Download
memory/1360-1183-0x0000023D77F90000-0x0000023D77F91000-memory.dmp

Filesize
4KB

Download
memory/1360-1184-0x0000023D77F90000-0x0000023D77F91000-memory.dmp

Filesize
4KB

Download
memory/1360-1186-0x0000023D77F90000-0x0000023D77F91000-memory.dmp

Filesize
4KB

Download
memory/1360-1174-0x0000023D77F90000-0x0000023D77F91000-memory.dmp

Filesize
4KB

Download
memory/1360-1176-0x0000023D77F90000-0x0000023D77F91000-memory.dmp

Filesize
4KB

Download
memory/1360-1175-0x0000023D77F90000-0x0000023D77F91000-memory.dmp

Filesize
4KB

Download
memory/1748-1502-0x00000231D1610000-0x00000231D175E000-memory.dmp

Filesize
1.3MB

Download
memory/1792-1513-0x000001E0CB7E0000-0x000001E0CB92E000-memory.dmp

Filesize
1.3MB

Download
memory/2896-1095-0x000000001E390000-0x000000001E3A2000-memory.dmp

Filesize
72KB

Download
memory/2896-1163-0x0000000023800000-0x0000000023814000-memory.dmp

Filesize
80KB

Download
memory/2896-1162-0x0000000023560000-0x00000000236AE000-memory.dmp

Filesize
1.3MB

Download
memory/2896-1161-0x00000000230A0000-0x00000000232F2000-memory.dmp

Filesize
2.3MB

Download
memory/2896-1097-0x000000001EFF0000-0x000000001F3B0000-memory.dmp

Filesize
3.8MB

Download
memory/2896-1096-0x000000001EA00000-0x000000001EFE8000-memory.dmp

Filesize
5.9MB

Download
memory/2896-1090-0x0000000000150000-0x00000000037EE000-memory.dmp

Filesize
54.6MB

Download
memory/3112-984-0x0000026EA31A0000-0x0000026EA31A1000-memory.dmp

Filesize
4KB

Download
memory/3112-983-0x0000026EA3110000-0x0000026EA3111000-memory.dmp

Filesize
4KB

Download
memory/3112-981-0x0000026EA3110000-0x0000026EA3111000-memory.dmp

Filesize
4KB

Download
memory/3112-985-0x0000026EA31A0000-0x0000026EA31A1000-memory.dmp

Filesize
4KB

Download
memory/3112-986-0x0000026EA31B0000-0x0000026EA31B1000-memory.dmp

Filesize
4KB

Download
memory/3112-987-0x0000026EA31B0000-0x0000026EA31B1000-memory.dmp

Filesize
4KB

Download
memory/3112-979-0x0000026EA3090000-0x0000026EA3091000-memory.dmp

Filesize
4KB

Download
memory/3112-968-0x0000026E99DA0000-0x0000026E99DB0000-memory.dmp

Filesize
64KB

Download
memory/3112-972-0x0000026E9A560000-0x0000026E9A570000-memory.dmp

Filesize
64KB

Download
memory/3332-1098-0x0000014575050000-0x0000014575072000-memory.dmp

Filesize
136KB

Download
memory/3452-1707-0x0000000000B50000-0x0000000000B5A000-memory.dmp

Filesize
40KB

Download
memory/3452-1726-0x00000000023F0000-0x00000000023FC000-memory.dmp

Filesize
48KB

Download
memory/4728-1089-0x0000000000DA0000-0x0000000000DB0000-memory.dmp

Filesize
64KB

Download
memory/4988-1374-0x00000203445B0000-0x00000203445B1000-memory.dmp

Filesize
4KB

Download
memory/4988-1375-0x00000203445B0000-0x00000203445B1000-memory.dmp

Filesize
4KB

Download
memory/4988-1370-0x00000203445B0000-0x00000203445B1000-memory.dmp

Filesize
4KB

Download
memory/4988-1372-0x00000203445B0000-0x00000203445B1000-memory.dmp

Filesize
4KB

Download
memory/4988-1371-0x00000203445B0000-0x00000203445B1000-memory.dmp

Filesize
4KB

Download
memory/4988-1379-0x00000203445B0000-0x00000203445B1000-memory.dmp

Filesize
4KB

Download
memory/4988-1378-0x00000203445B0000-0x00000203445B1000-memory.dmp

Filesize
4KB

Download
memory/4988-1377-0x00000203445B0000-0x00000203445B1000-memory.dmp

Filesize
4KB

Download
memory/4988-1376-0x00000203445B0000-0x00000203445B1000-memory.dmp

Filesize
4KB

Download
memory/5344-1535-0x000001F3DA080000-0x000001F3DA1CE000-memory.dmp

Filesize
1.3MB

Download
memory/5536-1524-0x000002CCF0610000-0x000002CCF075E000-memory.dmp

Filesize
1.3MB

Download
memory/6012-1650-0x000002A7B8CD0000-0x000002A7B8CD1000-memory.dmp

Filesize
4KB

Download
memory/6012-1655-0x000002A7B8CD0000-0x000002A7B8CD1000-memory.dmp

Filesize
4KB

Download
memory/6012-1651-0x000002A7B8CD0000-0x000002A7B8CD1000-memory.dmp

Filesize
4KB

Download
memory/6012-1652-0x000002A7B8CD0000-0x000002A7B8CD1000-memory.dmp

Filesize
4KB

Download
memory/6012-1654-0x000002A7B8CD0000-0x000002A7B8CD1000-memory.dmp

Filesize
4KB

Download
memory/6012-1659-0x000002A7B8CD0000-0x000002A7B8CD1000-memory.dmp

Filesize
4KB

Download
memory/6012-1658-0x000002A7B8CD0000-0x000002A7B8CD1000-memory.dmp

Filesize
4KB

Download
memory/6012-1657-0x000002A7B8CD0000-0x000002A7B8CD1000-memory.dmp

Filesize
4KB

Download
memory/6012-1656-0x000002A7B8CD0000-0x000002A7B8CD1000-memory.dmp

Filesize
4KB

Download
memory/6112-1357-0x00007FF8B2230000-0x00007FF8B2240000-memory.dmp

Filesize
64KB

Download
memory/6112-1324-0x00007FF8AFEC0000-0x00007FF8AFED0000-memory.dmp

Filesize
64KB

Download
memory/6112-1323-0x00007FF8AFEC0000-0x00007FF8AFED0000-memory.dmp

Filesize
64KB

Download
memory/6112-1322-0x00007FF8B2230000-0x00007FF8B2240000-memory.dmp

Filesize
64KB

Download
memory/6112-1321-0x00007FF8B2230000-0x00007FF8B2240000-memory.dmp

Filesize
64KB

Download
memory/6112-1358-0x00007FF8B2230000-0x00007FF8B2240000-memory.dmp

Filesize
64KB

Download
memory/6112-1319-0x00007FF8B2230000-0x00007FF8B2240000-memory.dmp

Filesize
64KB

Download
memory/6112-1320-0x00007FF8B2230000-0x00007FF8B2240000-memory.dmp

Filesize
64KB

Download
memory/6112-1318-0x00007FF8B2230000-0x00007FF8B2240000-memory.dmp

Filesize
64KB

Download
memory/6112-1360-0x00007FF8B2230000-0x00007FF8B2240000-memory.dmp

Filesize
64KB

Download
memory/6112-1359-0x00007FF8B2230000-0x00007FF8B2240000-memory.dmp

Filesize
64KB

Download