8af34c317f4a28c436384f7ea817a9039f512861c538a8c24e3a4d33b2dce0f0

Analysis

max time kernel
1800s
max time network
1712s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 14:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

flare_newbuild.exe
Size

26.5MB
MD5

ae3acd0d6b91af30eb8f38f5d9701fc5
SHA1

22e5ba65caf6c2dfa7ee87a3e9841b2f27901b44
SHA256

8af34c317f4a28c436384f7ea817a9039f512861c538a8c24e3a4d33b2dce0f0
SHA512

31166287322ed6b3079fa38028629da521880cb1cca7204b3061f5831f7df150d141645ef6248a898ed9a61558b79825f2711d814dda276fc71771e1603253fe
SSDEEP

393216:n0M3n7xAgZZg9dGQ9ZMK9HrDq8chgLsPpYbiR+ikGm8snoIdLq60eRJOh7R1W:nFX1QYcHXq9isPPRI58UoIdq60e6R1W

Score

9^/10

discovery evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 4 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	flare_free-1.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	flare_free-1.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	flare_free-1.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	flare_newbuild.exe

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 8 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	flare_free-1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	flare_free-1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	flare_free-1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	flare_free-1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	flare_newbuild.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	flare_newbuild.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	flare_free-1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	flare_free-1.exe

Executes dropped EXE 11 IoCs

pid	Process
3924	UD.exe
2404	UD.exe
4612	wompwomp.exe
3624	wompwomp.exe
3992	flare_free-1.exe
5108	winlister.exe
5804	x64dbg-unsigned.exe
3996	flare_free-1.exe
4472	flare_free-1.exe
4788	wompwomp.exe
1692	x64dbg-unsigned.exe

Loads dropped DLL 64 IoCs

pid	Process
4612	wompwomp.exe
4612	wompwomp.exe
4612	wompwomp.exe
4612	wompwomp.exe
4612	wompwomp.exe
4612	wompwomp.exe
4612	wompwomp.exe
4612	wompwomp.exe
4612	wompwomp.exe
4612	wompwomp.exe
4612	wompwomp.exe
4612	wompwomp.exe
4612	wompwomp.exe
4612	wompwomp.exe
4612	wompwomp.exe
4612	wompwomp.exe
4612	wompwomp.exe
4612	wompwomp.exe
4612	wompwomp.exe
4612	wompwomp.exe
4612	wompwomp.exe
4612	wompwomp.exe
4612	wompwomp.exe
4612	wompwomp.exe
4612	wompwomp.exe
4612	wompwomp.exe
4612	wompwomp.exe
4612	wompwomp.exe
4612	wompwomp.exe
4612	wompwomp.exe
4612	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe

Themida packer 41 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/1608-0-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-2-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-3-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-4-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-5-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-6-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-7-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-8-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-9-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-10-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-11-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-12-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-13-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-14-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-15-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-16-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-48-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-77-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-78-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-124-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-149-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-158-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-183-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-216-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-217-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-240-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-241-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-242-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-245-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-2077-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-2081-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-2093-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-2117-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-2141-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-2143-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-2145-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/memory/1608-2181-0x0000000140000000-0x00000001421A3000-memory.dmp	themida
behavioral1/files/0x0007000000023953-2391.dat	themida
behavioral1/memory/3992-2395-0x0000000140000000-0x00000001420D2000-memory.dmp	themida
behavioral1/memory/3992-2444-0x0000000140000000-0x00000001420D2000-memory.dmp	themida
behavioral1/memory/3992-4807-0x0000000140000000-0x00000001420D2000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 4 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	flare_newbuild.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	flare_free-1.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	flare_free-1.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	flare_free-1.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 6 IoCs

pid	Process
1608	flare_newbuild.exe
1608	flare_newbuild.exe
3992	flare_free-1.exe
3996	flare_free-1.exe
4472	flare_free-1.exe
4472	flare_free-1.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UD.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UD.exe

Checks SCSI registry key(s) 3 TTPs 9 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	msinfo32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	msinfo32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	msinfo32.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
4336	timeout.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\ECFirmwareMajorRelease	msinfo32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msinfo32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133686378778027794"	chrome.exe

Modifies registry class 55 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	UD.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	UD.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	UD.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	UD.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	UD.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	UD.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	UD.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	UD.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	UD.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Documents"	UD.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	UD.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	UD.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	UD.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	UD.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "6"	UD.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	UD.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	UD.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	UD.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	UD.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	UD.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	UD.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	UD.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	UD.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	UD.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	UD.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	UD.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	UD.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	UD.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	UD.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	UD.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	UD.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	UD.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	UD.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	UD.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Documents"	UD.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	UD.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	UD.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	UD.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	UD.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	UD.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	UD.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	UD.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	UD.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	UD.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	UD.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	UD.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e80922b16d365937a46956b92703aca08af0000	UD.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	UD.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	UD.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	UD.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	UD.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	UD.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	UD.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	UD.exe

Suspicious behavior: AddClipboardFormatListener 5 IoCs

pid	Process
4612	wompwomp.exe
3624	wompwomp.exe
5804	x64dbg-unsigned.exe
4788	wompwomp.exe
1692	x64dbg-unsigned.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5092	msedge.exe
5092	msedge.exe
5036	msedge.exe
5036	msedge.exe
4840	identity_helper.exe
4840	identity_helper.exe
3476	msedge.exe
3476	msedge.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 8 IoCs

pid	Process
4612	wompwomp.exe
844	taskmgr.exe
3624	wompwomp.exe
1564	msinfo32.exe
5108	winlister.exe
5804	x64dbg-unsigned.exe
4788	wompwomp.exe
1692	x64dbg-unsigned.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	4408	WMIC.exe
Token: SeSecurityPrivilege	4408	WMIC.exe
Token: SeTakeOwnershipPrivilege	4408	WMIC.exe
Token: SeLoadDriverPrivilege	4408	WMIC.exe
Token: SeSystemProfilePrivilege	4408	WMIC.exe
Token: SeSystemtimePrivilege	4408	WMIC.exe
Token: SeProfSingleProcessPrivilege	4408	WMIC.exe
Token: SeIncBasePriorityPrivilege	4408	WMIC.exe
Token: SeCreatePagefilePrivilege	4408	WMIC.exe
Token: SeBackupPrivilege	4408	WMIC.exe
Token: SeRestorePrivilege	4408	WMIC.exe
Token: SeShutdownPrivilege	4408	WMIC.exe
Token: SeDebugPrivilege	4408	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4408	WMIC.exe
Token: SeRemoteShutdownPrivilege	4408	WMIC.exe
Token: SeUndockPrivilege	4408	WMIC.exe
Token: SeManageVolumePrivilege	4408	WMIC.exe
Token: 33	4408	WMIC.exe
Token: 34	4408	WMIC.exe
Token: 35	4408	WMIC.exe
Token: 36	4408	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4408	WMIC.exe
Token: SeSecurityPrivilege	4408	WMIC.exe
Token: SeTakeOwnershipPrivilege	4408	WMIC.exe
Token: SeLoadDriverPrivilege	4408	WMIC.exe
Token: SeSystemProfilePrivilege	4408	WMIC.exe
Token: SeSystemtimePrivilege	4408	WMIC.exe
Token: SeProfSingleProcessPrivilege	4408	WMIC.exe
Token: SeIncBasePriorityPrivilege	4408	WMIC.exe
Token: SeCreatePagefilePrivilege	4408	WMIC.exe
Token: SeBackupPrivilege	4408	WMIC.exe
Token: SeRestorePrivilege	4408	WMIC.exe
Token: SeShutdownPrivilege	4408	WMIC.exe
Token: SeDebugPrivilege	4408	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4408	WMIC.exe
Token: SeRemoteShutdownPrivilege	4408	WMIC.exe
Token: SeUndockPrivilege	4408	WMIC.exe
Token: SeManageVolumePrivilege	4408	WMIC.exe
Token: 33	4408	WMIC.exe
Token: 34	4408	WMIC.exe
Token: 35	4408	WMIC.exe
Token: 36	4408	WMIC.exe
Token: SeDebugPrivilege	844	taskmgr.exe
Token: SeSystemProfilePrivilege	844	taskmgr.exe
Token: SeCreateGlobalPrivilege	844	taskmgr.exe
Token: SeRestorePrivilege	3472	7zG.exe
Token: 35	3472	7zG.exe
Token: SeSecurityPrivilege	3472	7zG.exe
Token: SeSecurityPrivilege	3472	7zG.exe
Token: SeDebugPrivilege	4612	wompwomp.exe
Token: SeDebugPrivilege	3624	wompwomp.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe
844	taskmgr.exe

Suspicious use of SetWindowsHookEx 18 IoCs

pid	Process
3924	UD.exe
3924	UD.exe
3924	UD.exe
3924	UD.exe
2404	UD.exe
2404	UD.exe
4612	wompwomp.exe
4612	wompwomp.exe
3624	wompwomp.exe
3624	wompwomp.exe
5804	x64dbg-unsigned.exe
5804	x64dbg-unsigned.exe
3996	flare_free-1.exe
4472	flare_free-1.exe
4788	wompwomp.exe
4788	wompwomp.exe
1692	x64dbg-unsigned.exe
1692	x64dbg-unsigned.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1608 wrote to memory of 1344	1608	flare_newbuild.exe	91
PID 1608 wrote to memory of 1344	1608	flare_newbuild.exe	91
PID 1344 wrote to memory of 3392	1344	cmd.exe	92
PID 1344 wrote to memory of 3392	1344	cmd.exe	92
PID 1344 wrote to memory of 4568	1344	cmd.exe	93
PID 1344 wrote to memory of 4568	1344	cmd.exe	93
PID 1344 wrote to memory of 3572	1344	cmd.exe	94
PID 1344 wrote to memory of 3572	1344	cmd.exe	94
PID 5036 wrote to memory of 368	5036	msedge.exe	112
PID 5036 wrote to memory of 368	5036	msedge.exe	112
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 3220	5036	msedge.exe	113
PID 5036 wrote to memory of 5092	5036	msedge.exe	114
PID 5036 wrote to memory of 5092	5036	msedge.exe	114
PID 5036 wrote to memory of 4060	5036	msedge.exe	115
PID 5036 wrote to memory of 4060	5036	msedge.exe	115
PID 5036 wrote to memory of 4060	5036	msedge.exe	115
PID 5036 wrote to memory of 4060	5036	msedge.exe	115
PID 5036 wrote to memory of 4060	5036	msedge.exe	115
PID 5036 wrote to memory of 4060	5036	msedge.exe	115
PID 5036 wrote to memory of 4060	5036	msedge.exe	115
PID 5036 wrote to memory of 4060	5036	msedge.exe	115
PID 5036 wrote to memory of 4060	5036	msedge.exe	115
PID 5036 wrote to memory of 4060	5036	msedge.exe	115
PID 5036 wrote to memory of 4060	5036	msedge.exe	115
PID 5036 wrote to memory of 4060	5036	msedge.exe	115

C:\Users\Admin\AppData\Local\Temp\flare_newbuild.exe
"C:\Users\Admin\AppData\Local\Temp\flare_newbuild.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:1608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\flare_newbuild.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1344
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\flare_newbuild.exe" MD5
    3⤵
    PID:3392
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:4568
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:3572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start cmd /C "color b && title Error && echo Signature checksum failed. Request was tampered with or session ended most likely. & echo: & echo Message: Session not found. Use latest code. You can only have app opened 1 at a time. && timeout /t 5"
  2⤵
  PID:4104
- - C:\Windows\system32\cmd.exe
    cmd /C "color b && title Error && echo Signature checksum failed. Request was tampered with or session ended most likely. & echo: & echo Message: Session not found. Use latest code. You can only have app opened 1 at a time. && timeout /t 5"
    3⤵
    PID:3464
  - - C:\Windows\system32\timeout.exe
      timeout /t 5
      4⤵
      Delays execution with timeout.exe
      PID:4336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc0abd46f8,0x7ffc0abd4708,0x7ffc0abd4718
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1776 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6120 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4788 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1384 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1832 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1788 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1392 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7856 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7520 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7268 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2004 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8124 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,14064927523755980343,6985603638212064000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  PID:1444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1880

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:2492
- C:\Windows\System32\Wbem\WMIC.exe
  wmic diskdrive get serialnumber
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4408

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:844

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:336

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Cracking+Tools\" -spe -an -ai#7zMap26093:90:7zEvent754
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3472

C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\UD.exe
"C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\UD.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3924

C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\UD.exe
"C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\UD.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2404

C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x64\wompwomp.exe
"C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x64\wompwomp.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4612

C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x64\wompwomp.exe
"C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x64\wompwomp.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc054acc40,0x7ffc054acc4c,0x7ffc054acc58
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,6353546115185622373,2603061120319791975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,6353546115185622373,2603061120319791975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,6353546115185622373,2603061120319791975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,6353546115185622373,2603061120319791975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3296,i,6353546115185622373,2603061120319791975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4612,i,6353546115185622373,2603061120319791975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4068,i,6353546115185622373,2603061120319791975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4972,i,6353546115185622373,2603061120319791975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4776,i,6353546115185622373,2603061120319791975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4596,i,6353546115185622373,2603061120319791975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3504,i,6353546115185622373,2603061120319791975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5068,i,6353546115185622373,2603061120319791975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3508 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4428,i,6353546115185622373,2603061120319791975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3736 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5432,i,6353546115185622373,2603061120319791975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:536
- C:\Users\Admin\Downloads\flare_free-1.exe
  "C:\Users\Admin\Downloads\flare_free-1.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:3992
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\Downloads\flare_free-1.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
    3⤵
    PID:2824
  - - C:\Windows\system32\certutil.exe
      certutil -hashfile "C:\Users\Admin\Downloads\flare_free-1.exe" MD5
      4⤵
      PID:812
  - - C:\Windows\system32\find.exe
      find /i /v "md5"
      4⤵
      PID:1564
  - - C:\Windows\system32\find.exe
      find /i /v "certutil"
      4⤵
      PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5340,i,6353546115185622373,2603061120319791975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=860 /prefetch:8
  2⤵
  - Drops file in System32 directory
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3448,i,6353546115185622373,2603061120319791975,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:1844

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2476

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2004

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:3836

C:\Windows\system32\msinfo32.exe
"C:\Windows\system32\msinfo32.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Suspicious behavior: GetForegroundWindowSpam
PID:1564

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\winlister-x64\" -spe -an -ai#7zMap24893:88:7zEvent17282
1⤵
PID:4160

C:\Users\Admin\Downloads\winlister-x64\winlister.exe
"C:\Users\Admin\Downloads\winlister-x64\winlister.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
PID:5108

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\" -spe -an -ai#7zMap11168:112:7zEvent21702
1⤵
PID:2176

C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\x64dbg-unsigned.exe
"C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\x64dbg-unsigned.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5804

C:\Users\Admin\Downloads\flare_free-1.exe
"C:\Users\Admin\Downloads\flare_free-1.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:3996

C:\Users\Admin\Downloads\flare_free-1.exe
"C:\Users\Admin\Downloads\flare_free-1.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:4472
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\Downloads\flare_free-1.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  PID:1668
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\Downloads\flare_free-1.exe" MD5
    3⤵
    PID:5012
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:6052
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:5776

C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x64\wompwomp.exe
"C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x64\wompwomp.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4788

C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\x64dbg-unsigned.exe
"C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\x64dbg-unsigned.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c39a01404eaf5068756d813482720e2d

SHA1
d71d92dcb4463ab8cf10c0108f49a238eebf1623

SHA256
4ff13309ebb1e0c89649be62a48ffd89f6f2b3761e7657cff7deaf9d0a04c798

SHA512
bd5b0792daa20f83291c0a93c23ac862df5ef2778e610357c5eea983935bf849f4433ab0c9f1df9b3b952dd683f7dbe46c138285996476220753314736a73211

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
8a5ab1780f2d844736c533a3f874e6c9

SHA1
06d2d31b6ce00fa30cd3152956116ea6bccd55f2

SHA256
d4753dbb435909e44e6037faad736099a44184b8791f23fa9ca2aff5c6384dbc

SHA512
4dd191c4b473aec9e1cc9951a7ff531306fdb33a516dd53eae5d1e803be44ebe1150f9cb8e7148bb8c79e242253ab2c727faeeb85f0d59d38d14005100689544

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
fa75f971ef40b02c4490f3ef5ec01cd2

SHA1
6f4b86f5d4a3e5947c8f9aeae9e35cdd1cedc66d

SHA256
2f7f84db73dffcbda641d447aa081e4882abdea10ea1f4e8930bbaa6d7fed985

SHA512
25120897f625aeb83995619180254ca9d54edc40da64cdf013855452128d05a490b3de31b05521a03b1efa9e1767d86c378bcd6592ec71c96ac8c81c0cfaa8f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
817bf469bb5656a762ba3aa62dcb715c

SHA1
22cc223797e8a78d372f62ad092f1ea1794c9451

SHA256
4c2e02f99df1616652572c453d9c54871c594444f220640ce1014ef4b56a61a8

SHA512
a65573081b20614b8a80ed8c096183d95cf316c7386e36a4bd958b5e368c1222b0b8fd69422536b71910f400d0a34a78c0d6e15bf31441e0a9356fd20c7ac3ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
fc318ff4b20b29a76d22c2c32731f92c

SHA1
ce67a4fa60e85100a687b65fb6a6629662fccf35

SHA256
c13d3c3d58f95ff8b2f0b98c21fdf38cb66791e2d81379ad867a6d4affed6345

SHA512
c0aa9d50fdf02e10c709a46f61c7e0262c2cfab87d12d78db097019d74dbcc11a4313aae0dac9a4b972c3f7d02cc61f432af54dbdc37ec388e276ed5290dfc1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
177342cff05aa65168fccfb2f02f742f

SHA1
518db69a76b0c975cb46b1849fb5acdc3f742729

SHA256
1156edd4fb6329f5222471c4a2e20301c23b8baee490e0dc64fe0dfd287b526c

SHA512
250385fdd179cd960835dd798fea045cc4dcaf94e14ed574f0e3282763f7f60a908dc6696d9f1ccddebfc7171318999ac2422a83f01a3ee8290f4990c257eba0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
ff95a318668b823c4cd603f377172086

SHA1
b52811de4fa5d3ff37d67e703746067b8ed71036

SHA256
819d0a5b143021942893de97282c279db64dd29b1c8e2ebaa61a96aa161a40d2

SHA512
07fe1aedbcfb0832a6dbc436cb5968139dc7ab0f00563813781fcff0359c594898463478e034efdfbf1b495df72a615e40fbcb8ab6cbba7932cb0664f2cd36d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
5fd18ecee2b3b4e3e9e23a9736f1231c

SHA1
867dd5f70ad8b5aae6ace30da9e97fc9c6a6de05

SHA256
e0fb1249aa30b15953d6295695c921eb394f0455dedcfc892f1a28b9a6b504e9

SHA512
a7585d41354ff8f58886bf6eb27dacce44f404d06c105bd2f454380b819a91d18ea78cd484a7bcf6586d9e82418d5af37755372aee2b7cf8d52a40ccb5cb33f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3f262474b14185345a969c8512732eed

SHA1
7721fbfd6bd8d957504fd7b744067330a24c42fb

SHA256
54ba363672905c67064c64826465841d8dae7ceaebf4bfcef393c7f26da323fc

SHA512
f362aa9fd778d2eb75cf434a06f1b524213ac7dc9f7bae71f789c6c8f7f66b4f3b2f1ff5be931079687263c34fd02d1b55fae0c8cfef9616bcffadf1ca0869ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
23b0be516507bec99e4933d54e2a692b

SHA1
3b6ba13f8613117a5341da020f044092bafacc05

SHA256
71e42d11b9410492dfac76f14402bcc79852143292416c3e4262ae2bbc44361f

SHA512
3a104cf1b199c83d403ba2e0764ac5838cb7938111cc5d59edbf8e46237e64a424bed9bfc1038ffbe1372d483b248df0ec36f73bef08ac53e8fd28533c60042a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fa12473e1db722740bfc0b5df8a13f05

SHA1
730e76775ce9ee035262144c5b552414c34d8551

SHA256
79a4b1f734dd0c22f4893441e6a9c80f58a97f5969a57738ebb97d213dc46dab

SHA512
e895ded59451d6a5331733dc65176d056b7f7b921d7a0d156bb6558444957563a168ff98d4e633924cc31de21c7bfe5e83e8bd457f0d057141f0039572272254

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1e4017ea55960c1425a526785798e63c

SHA1
eb3d09e3306d5987a6af09c97c04ca4534574861

SHA256
e4c02cdcdb03c641b569a5903ac11a20162e9e897cf8f9f1bee9b94739aabc04

SHA512
5ea7280451b1e7046f3ac5385062e3f78191dbb76805a8f1d31d6085a9405d1ca85555d38b01a2b94584ddc9a3856f185aa080f9c2c93d1e9ca3fd1ddbe47bac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9228a7c2b363c74b4c04870be58c2aed

SHA1
39c878d61b171264ff49806e90dcbff269759eba

SHA256
460f83d03936e1262d737a50ac77860e5b8c2228e248d921090bc919e24f62ca

SHA512
505f1c29950113c057c95a477ddf439d47ac3f88bc39c63a6739becf8d72909860398d2aac04522e25131d3c9b7260c1149e3410ad24a518e7ec32e4891448f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e0802a446935b850421f1046d6f653fa

SHA1
26e5972dfaddb760d00d1b3eb0cb82a8f85807a6

SHA256
2c63fc0b22013924094283c6f6a832b1c25cc435c54bbb0edad1265d4da1d7a7

SHA512
82ef2eca6861a447b0503d61d17900c20b70d754fb338af4d2449a79bd6411fa925ac59d4ea19f21a2c83cc061dc92ef4fddf7f9720fb5535407ea4a219fdc3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
26afa422fee32169635d9efcfb0e0e82

SHA1
884574e3f3dc8ae02956dd0ce2d0057dc298776d

SHA256
046ee11c33a739c7acc9510101929e141f7096dc5c435c5e25ec9bf3cf4b850b

SHA512
b2f23e5df94ee5982f024689394cfc1857a906e57278fab2a22f642b758dd8996462eb39305d103ed9c232b847e7969c5d8707a589f2c4dce176a2c56888407a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
77f753397dd0abe14bc5c9d3a01f212d

SHA1
2e5d4cd61847feb27287de441592eca9e7e4a979

SHA256
0134880ddd94d37a4b578a232a415f09a7592d614283b3112dff65f3a316fbeb

SHA512
731eb563cb2222dc065f4165d2b3d85c548f4f3486b161a45628561b21dd95900798ded2f32bcd2969b37a4dafa46b2fd6b2b19ded7095caf09830f24694fc9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
58aa770fc864666ed73acf87518bf836

SHA1
6a46e5a78fd6a910ebbc1f24629e076fd26df1bf

SHA256
8c3a3dad08c952fd764b0875eb388ea3e89c31de56ad6ffb6a94be9e2ebfff08

SHA512
1a39d78fcc4ea7c0b04c8e6ae234cffa04c4eaeeb662faaf37d9a38a23d7c8acc138f10bc0447b819e038a67f7feeb5d9871c91375b9cc21ec66428c5aef7b94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9fc717ee1daf15f19d16162b9090e2c3

SHA1
f3aec699eccf0bf9ede1bf8d069c5f71d7cbb6bb

SHA256
cc568ed0dbd61ce68fb0dc22d20a8e559f42211ecb1a3174beb50f506a624765

SHA512
68a7356ada9e2bc240b7ad3ff6dda3b43fb08844bf530b50c1b048433e1a3facc8277fdc35020e82b9cb9227e0285fb2877410651eecffc3cf3da770b1a9ca49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
567cc69983848d1febdb3d8ddd54bd1f

SHA1
ac514f940a03f1a4ded1e1da25bfc15936e82273

SHA256
094b6df05a7d9e384d97a0f4a610764b8428d19ff5ef1f6771e5368c57573b4d

SHA512
0dddee7e1fe4a087295f81e68059ae0f23418fdb985f7f94c8faa2a08710f9f75546c00eb9d4964d7d21deec565d092f2812ca6e33f107a18d5578d29996a4fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dc72180889d661a348e488696515687f

SHA1
965a4630654321ca08473146fa735892e666b29d

SHA256
9be6939daa3a2133ac5b1d4606576404d57472b78647234114de4ece716fcbc1

SHA512
e048f47d9ce2d7dc78f4040ec17f1438bb4427ef5852afc58a959126334e6dd26c72203bc4f72645dff5246c8d0110534279f97afa114fa7b8d4049a8d9e5115

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
30288e998d336e630b19f059231aee0b

SHA1
998d2ade9244e6ec733cb6c24b8f222f0d06022a

SHA256
d741f4ee857f80243887c356b20effee59223cfabc7bc7394b30359a4483db70

SHA512
0d44f8cbb233b5d9e0093e206a6a23722a9c8d2b8a0f0eaad31a9bac9b4977645905c2fbe3fe647ec0cf394d4b9a2e4afd355051efa03e72c959f7d44a937bc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
34e4964881b99950c6c685a09da61a25

SHA1
defdeee83fc9c8fd9d807f7b33aa0853309cf5ca

SHA256
d06aecb1fcaf88d8baf5891ece0a3fa628aa387a8ef8353e8a1211793563fdb1

SHA512
c96a8234bdfbd4d06dc0275e86220ed93f994b917060a64371115261b25e5ecc96010cc9eae4af804d7b59938e5c489ae47bfc86d44f4860d561c206ac0e3fe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5630b6af2d46ba66ba6defbea2a73581

SHA1
061d9e8be176051981f67e37be37b31a9216d0bb

SHA256
b5324c4041ff4b916c6498f033806cf8f74f2b79d5e2b6075486ace037b70d94

SHA512
756e08393cfec60b4ad5dc7857fef6b54ccc65ccd27a3a5113cbe188a69b9df232791ae35f61237f1b40b94e2cd69fe4238232a7e3847946c05859e9203ca80b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
f44772dd923880b0c1bacb61dcdc3638

SHA1
9f8c79d04deb517f248b869d980463a6524cdd3a

SHA256
b65ac5e31163beb2677200ed950d619c10d22b411001cd6c96b6edefa078aea0

SHA512
a231b36d7e44a49cf8f1983b4436cc3c960ee3f419a10c94aabdae9f93352981efbf05bb001132e8ecd12d2ed3a77520e577b40eeb82f117dec7944a2bdea920

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
3c3432c1446f0f66f4ce7971410c5dae

SHA1
56fa43f437f15c98f0fb9e60a1cc73c235808cd9

SHA256
0768777fa18263122986d60aad3eff3858db08fd82c1060635a9045e6fdadcec

SHA512
63f65bdb68d74111ca853029c7167c47f82b322359211ecbe06f9ff036aaeb1c9a1892c9206ed1210f901463345014250587683c7924a142e58bf2ba7cf96bd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
c02d30bea309c158a009bba7c6ff01ec

SHA1
457ea3a66d83a98a85e59d27055c163e650d6cce

SHA256
4ce286ad0059cee78cb9bf8f5cc0c93e08a1ffd59b99691378998a9e04c33c8a

SHA512
7780efeb79b571c25495739edac0b24b718bf43b4729855687adb152de1949ff02bc42b54c2e5328b8c23006b2e52fc83e935652199b9696ebd93683e27fe77f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
8e5ef01cf9879211e8b7b92b93bdc8f3

SHA1
78f1d007c4abc6f35053f8d1c9026766ff6ff09c

SHA256
c527edab2e9638b5c84174af6400cd4366033ee466ad981dccdcc571bd9c6461

SHA512
cc0d721ee3ca33d368e50a8eaf8e5e58c67a4ae1e6018c15fd15d042ffe980dcf406784ee0eab5ee791b2fd3a99c7b2fa9fdd839a4dbf854022183ca757b7610

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\17edd183-a89f-40d6-b4c2-c59301852a87.tmp

Filesize
7KB

MD5
eace3ae7efc5a4e4121993fa1a45ec74

SHA1
3200c8f720dbeb28bbf66ad3ba33b9d9715a5f55

SHA256
31c1b2965d894e724963127faedea53f13cefb6fe5220fd586c282f2b85846dc

SHA512
575fdc8b0cb0f8dcb7a4ef1932a58b4498a728d6961a21a838f6b433e6195ecd15f302a519213adff4057bf0ac4da90a7d987059f4cef1b489a8db16fdd1c296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
50KB

MD5
84952f98cccb079b3f36f29c0f2f7d8d

SHA1
92a207064b6cb9cb6104bd8b3dd1e1e3e789b26c

SHA256
d9a98b67c7edffef7138d578788a1c25310cd3561b94d8bce6999f40b0073186

SHA512
a052abb5bfeb8ece88ce62b46ecc920db7db71467f1433d96fdc13072ec4dc4a67f13853f4d14e8f5794d9fbc58cbe1bf94e9f3a2afb7dfbdcecc2af2046bc37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
33KB

MD5
e039a23ea465d2de0388937695a7e724

SHA1
68e95d5b4060761fc2b0b58a593ebe7d661c52f9

SHA256
bc3b9c09bf69ce51b930e86a23c6f249f9cc6dc98a84fd278d4131c9ddd78f43

SHA512
5fedf2fbff555599108ae7bdaa86cb9d22537e46ecda50cbd7a25199338fba4bef35bfa813eba76b1b367fb8b93e2c1ee9952a55deff9f49daa189f22b5e0336

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
93KB

MD5
06cb502613f99040e534fec65fa725c7

SHA1
03006f32792e033497e9ca68373b6c3386305933

SHA256
e1172d3a0a208cf01dc066f0abeaf17f00264a966159a69f71947d6edcd4935f

SHA512
734faf4aff6d9c64b87f3c1320114f71d099d10c0ff9a4de3ef65e009918a5b8faecabd0e7e56b2630e1de58a5e3c2c82c9c6120241feba750f2dfc12723a8fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
19KB

MD5
b33682b5a531b8617d4ee248926fba84

SHA1
be527be38f28d55217b02f818ca67987f433cada

SHA256
85bd0e28180f06b7f944d35dd07ef1ce75d6d9b63c2d70cb8e65f8b566c43db4

SHA512
5eda51cdcceea9ec42c8f3a6e462decc5847e74aac8dce4c0c190c0434c2abead936b7c836c5f1c8c76aaa25050169381a01effba7cf7d7f8f8be304b439adc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
43KB

MD5
a50d303b83ec6ced6c105da710623629

SHA1
04f3659d853b57d6e608909960d4f1f4c0f01c04

SHA256
d10fcd57fbc3eb87320fe1469bcb522ded6c480f48ed51c511ef6da20f165760

SHA512
84f825fdf56aa5b9b3dbd5af65d74609c3c34bcad4778193d837d1188437fbbac660540df01629dc1977f4e831f7731160854dfae617e088310cfe39a3d79c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
78KB

MD5
9afc1e0eba9521f29775ad2f6ace3f1f

SHA1
77bcf0c882fa4be8fbead35052c39a944f9035e3

SHA256
a85b2fe307777c8eb47f06a1eec399fcbddfe83d252fd202d3e1358051fcf27d

SHA512
d532b8863098e7e13d1f7af9fb4e5b1066ca1b22b9d3a59a0cf7cf7b5b3f8a1c118ebe8eb4be37cc92f338543eff372238d11dfaca7b2f0adf3829f2ba43d2b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
108KB

MD5
49ae56a37a5b8dca563256fb605f6260

SHA1
24a8c5bf85c8d1bc7a9586d998308c462e28cb71

SHA256
6729042fecd6e011c0ba45f807dc93fa750169d7ac57c14daa01069f14430f73

SHA512
508eaa76781046d439eb85c706c9c7307827efc23a5b7ebe085c173b9a38a32ed343d8916d14df105203922dee0fbe123d74ec185e4ca12fe7cec6d679a2a9b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
190KB

MD5
16b20908101acc6624cb9446fcac64a1

SHA1
b7cd57a4fd6a1fae6126150f427ef217397293e4

SHA256
2933c96348a4eae7cbbf8f280ca0981586a9b5c097ef952b996cad7d28f2fad0

SHA512
b22c1efe85cc8528c60b02e7fac72b68f396ac9c4795480c04c65774f7b64e7937234c771120a82f3ed66793531fa499af2c0c63e3c1d5c8f2a89e63025b823a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
194KB

MD5
0956511163142649b6cf52a819ca8641

SHA1
177174c1e7b5650cf3cf0c184077420f6b67abc7

SHA256
8706c07750059d4f474353cc469150fd09a539df6f8830ccf418c47709f25b36

SHA512
1828b09b30346cd195b29d68b734c9e0b5904f68e318910d2c6c8b95eae5cdc90d237d26a22d84413d007d123b7cb618603291fbb867ba1df9af7cb5b89cee83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
227KB

MD5
2db2aa63f3d62a22c600f1a84aa6253c

SHA1
6fccf8e99ad5c599d440cfb1f2e9c0b91d394740

SHA256
66e49aae5eef53636471b80835fa8bfc17a59f3e5763d909f1732b89351c4e82

SHA512
bb348900f1192e8b359bc3ab26995cd00b62dc4dbffd78c21bd354f75e295d285a1adb43d7033001217fbad9486d989a1185063ad5a276d058816321f0274ce3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
118KB

MD5
7f477633ddd12f84284654f2a2e89b8a

SHA1
17dad0776899ad1beadabd061c34e2a22b2cde74

SHA256
966620f9e3bec428663687f9e8d67a6b8e35d79adebf6fb204e9b139eada7599

SHA512
b46baa2a3ea38512f8b539774c751004cc866d085a9739f4c25f2ade9d97c10d6f4b20cf87dcbb6a003e0df0ca2df200f9036a4c76a013f24c57d365981f6e00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
18KB

MD5
ef2fa694e64f0f30991f6ef31df083f8

SHA1
ccb1d5e39a8a896d0e26820325eb58b7bec13e7b

SHA256
b61f934b22e57d2adcff5fb7f44fc731bb3baf6d61a9c6007ad59d3b167ecf00

SHA512
2079f97097948e5a5232b3e8e6be43efcdf81469cd0f300153d0e130829071920608b615bd08c58ce99297f97171ff322e9e4f14a0f1afcaabd2e164e2b835fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
70KB

MD5
0f6e110e02a790b2f0635d0815c12e5c

SHA1
2411810c083a7fda31c5e6dd6f1f9cf1b971e46c

SHA256
2f7018f3c214ace280e4bd37aabe0690bd9d8d0532f38e32a29d1f9de1320605

SHA512
2f2fb7c4ddfb6abb5dcde466269f625eea58a2c69d25830e6bb24126e7679ec7c83fdb0d8ff2a7de4dd4b994513f5e80813dbf1f5d6a9a474c3a60d8bee74f4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
43KB

MD5
e352d970a4f70796e375f56686933101

SHA1
20638161142277687374c446440c3239840362b4

SHA256
8a346ccc26d3ae6ded2665b27b443d6f17580650d3fdd44ef1bb6305bee37d52

SHA512
b2c95bc6a7bd4cc5ef1d7ea17d839219a1aa5eba6baeb5eab6a57ec0a7adbc341eb7c4d328bcc03476d73fd4d70f3a4bdec471a22f9eb3e42eb2cae94eeb1ccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
65KB

MD5
f492ea4f37823ffa236b509cfa02d0dd

SHA1
5eeb66aab3b60195aa6d322b2ec488547da176c6

SHA256
5d6b0947424897d534ae57a3f0f72b36f8b419bc6a106f31b6f1f0434b50d39c

SHA512
2360327a2f8098badb9b2c95e11fae08483c669e5c5460d8388844d6eae4581b7d2ffeece1cec6c08a50f95580ba0078857f858c9140b301e8a7cef19de517e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
93KB

MD5
33bc1022149c674560f658a6562366c7

SHA1
2155fb75e80fbb8cf928a96ba6de16229a791c07

SHA256
fe0b5c327973b58fdacb8752b53284ad297583b9c9572d8d50613ddb295988d1

SHA512
5ee14a0b87248670ca4749c55e8bee72ee4c1ff23a85dd44c5ba623fef557d611a21ec8cfcb5aa1065e0bb2a4134970f44bd577b61fe436bba3efb819fdd024f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
18KB

MD5
b8095ea7731b93f908a0adbc57759a11

SHA1
66ccf447526d85481b76f3366f375b5093234fea

SHA256
88d5672b3d2668f30c964d11c089dcdad53ebcd3fa5e6209993115c2bb8aab38

SHA512
b7f1fb436605ad50cb36bd2ccb047f5858fac962071c151240c903e6616ce4db672f7fee726c3af0a075b62f30ac2ae3a37567ebeaee91bfc7ab156afaa447ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
31KB

MD5
634eb6ba4b61f45f2afea42bb40cb98d

SHA1
70d18caf7f2c3b12c04015101a6adfb389a75fdb

SHA256
d75f6b65493192a055d91d0635bb6d2aef2ee7aa491f6af00f36dd2d267a9e3d

SHA512
f10b611b480d19f441c5040889911a794ca086af0b57b016b2dc3fb42f517e599b45663f9d4c90a653b1a5eabe8d682e828fbc337c0c1b85cf404299b782f870

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
18KB

MD5
25d325e697217e5f38268285f68b26d7

SHA1
072134b0ce3772399e797a54c2e2884f9e563c77

SHA256
e03d2c5532b61b3742a78b21d140c76d2cf549cb10c95c04bccc7ca8efafa11f

SHA512
0cd0698c893737756b827724b17460ed4dbd425a4ab90f7bb22a3a6d749bfcd310480cc80fef3dede22ab062402dab980de847f81f7c1f1d6d2e8e5e9b09ef0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
18KB

MD5
4e33bbf96eb422644eaee9c5ef68ce89

SHA1
e1f0c0ac49eb6508eca9fd132ad20f12990c6c2f

SHA256
dc41935a92d73a94855b7d975069cf6ba6880aedc4dd1098034ba51199c652cc

SHA512
9ba0d659c5945899417bc097fb53d39be5a1c90708db4a03134364c31d325635c91bf6ceea86d77b2514c27086573db5c4ff2a0c061f1acb9661b86942c3cc66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
148KB

MD5
5b4f8fbd0c550a6dbb50575263d41c5c

SHA1
8e013ec7ab22c50506e14b96a679687f396ace09

SHA256
3bc2044387fc0f1d31e8f20f38bfe7ce9ebd2ccb4f4bfd444c1fc8802705e448

SHA512
20f34a43a9588a9f3d99d8d81d52d4ebf45afc332fab4f8d7e0d200b70d1e1fe973f3fd6b4a455af7e75d0359b2ff60f2937d0356d1ce61f0a3182e8b0bfecd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
20KB

MD5
88924e883819450fea6752faf211c02e

SHA1
f65cd48ba61e6854b8695490e82b8ef1256c0ad7

SHA256
2775bac57d4aa61e0bafe9902dda744b81a6bc392a953a125fad1da7c949fbec

SHA512
c3aaeb5f7016f819015b54ac7f2cde14cb71b613b046b7097a61d7836f3cf67d38bc6eaad619561c72828d6f930de0362cacddade2f4590389e6c363755c68e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
63KB

MD5
7ddbde8dabe31eadf6b216954bb6cc8b

SHA1
effaaa96e8fd4813865b60af30e98b92170a4aa8

SHA256
c4d9638bebfdc9d06bd1aeb8d771434ee59e79806d55a08471630c06792566e3

SHA512
044828c2efe09651fbd05d6d8beabe196168523f1596b01509f785dc368039555f8094b546d3da4ec5fbe37bc026fee4dfdb867d54328b01e2fa9dc305f30d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
63KB

MD5
34d5015941e4901485c7974667b85162

SHA1
cf032e42cf197dcc3022001a0bde9d74eb11ac15

SHA256
5c166a5d40aeefd0679a14f95e47ff28824e66abba82adfa30be41803cc25632

SHA512
42cef1d6847f535a6e8afc0469b9f5ef79ce4ab21512ac7eeda8ef9667d5f24bb33b30aba9a29824b3d853d41d4addf6bdee2042cf4fbd0a033b61657c671f0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0e2af08719e370e1_0

Filesize
377KB

MD5
2acab5dc0bb54db5d8bde4c4f7e066c0

SHA1
3c54c1abffb56c5f7c8ea9413d18ed17a3940a7c

SHA256
ce15c75efcb7d4da1b6d05c28114fbf52def0d044c2f5b48a21659551d6b847f

SHA512
540c6d65bea86a36ed98421cf6dcba2763d0e1c486e2fa68c14fdc16329879c7a63877438a460e4299a7d082576c632b87bc18c049d331b7f9bbc94887f0459c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\129c0ae063825318_0

Filesize
54KB

MD5
27dc3ed932f40ba4435a0075199b02ea

SHA1
4ed784e8c4fb72c5d945a167a9aaa0daf4d2e08d

SHA256
d11e23d73a4e14e3ec8fa057fa2cf090f093b2f1d0df9ef2826f7ccbfdc056d4

SHA512
90cd8536f77e8c1f4b89e05b4f85b17b114a828bf8ef1333acd259f455fffed501172b8113a258aec748bbe19ad012bff8a9eddb3e5c7b3f05d7ba7ff7ff4d08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\194a9e8490e75012_0

Filesize
3KB

MD5
ef4426206a20928981b7f76a5456eb9a

SHA1
2420b8f83441a4a5c32b9c4187ac9ccfba3f1da8

SHA256
cbdbc2662345467e72cb53c02eb0a786427189f92f7738fa20a13b504efd5f80

SHA512
1af9d37be52664e74a3d5d2008e85e45bf3960fad325fa09564d243056275a3c209ce75e28671df3580f2b2b6677a9503517fb4ed36364f4c95fe215e0bc8b2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\336a68eaaf209f48_0

Filesize
309B

MD5
2f0fe91edc40d6a8a23e20373f367426

SHA1
179b5615a5298e3cbcace2a49c156f3cb3bf694c

SHA256
cc651701624cf7128149b9574e45c2ca01ae9b72bb7606fabe0ea08460781ac6

SHA512
bc62d15c80914d0439c9c7b2fdbccb9fdc58041db0dc56fd4d5d68efb45c9e69a4b8f3e458b5eee2bb23d1d4dc97eb2841acdad3c06e02425ec1f5becdd57f2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\430402cf1c1464c4_0

Filesize
690KB

MD5
986600dfcaa74302a0c477c2527bb69e

SHA1
aaa540e4782807bbfc22547c06039373e0a5d98e

SHA256
d3c37efcbb02aa57ed9ecc53744530a1972a45800305f7e4a1fcb65d21ea7381

SHA512
69c59ec321b12c1860764970b424007ccadc55e25af321ca6af38c7857e46d970c90feefbfcb1d71aa1e3cfbe85d42cf81198386f2daf83964fd0c92935f2e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7408f1461634e545_0

Filesize
266B

MD5
2612fe88e33033f07d43e9537b6c44f0

SHA1
d0ad9a9a9035dc386de47070509b48c60d1bb06a

SHA256
433c710e1584f8cbc4525a9c5640ae50ef100fe1af55a9ed697137f6542e9508

SHA512
68487cb5d6ae86aca9474bf4b6cb4b2ccf11e927844f794b44e9ab7f301b89cb3e0989087772b09bbf244ef820a75a6c1d552cf2f65fb27bc6d8228518dbd424

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7bacec01f70235e8_0

Filesize
349KB

MD5
122bd45d68f9aa91dc5dad60451e93e5

SHA1
cd25f2e6f95a0aec169af41c43012e28cd0bf0f2

SHA256
f787f8a5ed709c9322a476fa95b696bcf106f73ce4cbaddc23904b34c67c8e8f

SHA512
82887e7b15d2aea7b64b0c9f2a31ebef6829a8a8a9b63489a2d5d01067dde20761c9f870bded07ff53670d96c7aa7d46ebf8f9a83171a6c0b037b6cbda14caf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9a85b80dc287aba4_0

Filesize
55KB

MD5
1f117202b3e1093bd1a05bbba6e368ca

SHA1
bfec4125e2ca564741be916d89e60032bc6b28a8

SHA256
f684334a59930300f443d3666d589550347baabe49eccaaddc00e133d7d8a646

SHA512
68bff237caf25a10b2bb29b9b24fcbdfd7e3de68dd92f1d0dccb0cd9612e81a22f3a2350c4fb3504fbc8b7822a945f3106f5e717b834a3774fd698038cccfba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9f00a2d45cec21b4_0

Filesize
237B

MD5
37dd6246fa8b0310a7bdabae9e917d6f

SHA1
23e2d1251590cc8855961d82d19eda028ab3c758

SHA256
a4da66e9568e27a08217b45203f30db5ae735bad5c543dfa058b49622a7bda89

SHA512
257afed6255d72f378eb93f904900fb87a02e21aef1e75f0f31f5f3bbc2c7df431cc46d3bb282fb927d44d108f9af518de9cbc8fd54c88a2c40d66fe13d9c961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a489bf28fca4a5c3_0

Filesize
262B

MD5
254476121307a3401e16f9dcaf4ef257

SHA1
f482e467fe26f69af32bed329b0535a93dfc7bed

SHA256
3df8cc399ca296238f98c354df955d5da73c0dc1ff34e4ae65a59c40074f845b

SHA512
6d57dd2802e9813d969e26e8bb078dd00e06f8a1173336a9039ad71560e6083b6a39d6166a606b18e577774156858ec8b43f71f46c89e47b0d5bcc26d0395655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b044fffc544c0570_0

Filesize
70KB

MD5
3289278a26a313f1f435ff4c4e1c8fbc

SHA1
61ed29e9e80cc05cbc69a68d0f38ebfe45979950

SHA256
0fad37af8daf156b5752117f6fe3e91515b18409676308d0b42681aa5b8146ba

SHA512
cb616186100a94f2bd22ec1946f3841edbac3173db23890bba1cb5fcb3eeb4eb49b8c1558862f753bfc1cabcdf3491453adeb3d43dd13c6e0890f0803b1017cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b6c24e34bb8e4128_0

Filesize
28KB

MD5
3466734258a4eaf355d18e1a25ba05d7

SHA1
79bc63f8e976d5775b19448e54b89c6649c56686

SHA256
7074047ac846184ad2f9a5dcfe301d9f7ac20a13f899e988da927b80a8f0a4d2

SHA512
f81718765bd478e8b32633dbb9537db276dc41b46b97b7f5b333233b9c479aa368ca1b1b994438a529539a53c51c1e716f4fe997ac2cddc2927df4d0882f9913

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bc8e3455b20ad35b_0

Filesize
251B

MD5
d114e0c6f4f3ec7a72ef5e6255cea094

SHA1
21dc4d8287f768894053e346a3d6ca24113ba27a

SHA256
ae4ef1d06f9b479f8d923b8807858fe0ea759310436fe99eb90f5dbf28b44be9

SHA512
40883d7932973bd4b5313f9f4845fc062ad98a8f5606fc3c0aa006ca44f7e9fb47fd8f2471044ceb5de8c782f69ac265618f735fd58ce72005399aaa3c813f89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d42bc515ea888f6d_0

Filesize
70KB

MD5
cff8650a7f2e1bd041434a593fea0a8f

SHA1
c848a35cbf0c54d66b6bfde19b05ecedc80c2f63

SHA256
529ade2e439a9b8230629c8f0bad29dff052e5280dc9007ec3b4fd0eb9920308

SHA512
14e3551a35dd0fd732abe74807dc6fd4317ed5b6e3d24bfa7f09aeaf2366c08cb3942116ba73424a652ec63bb113d66d73391165fb2925d4437ef1d61fa206f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\de51681351529441_0

Filesize
62KB

MD5
bf83d3690e26b5aff74568d132f3a7ef

SHA1
5e73c64d77687487db2de139744ef1de2a88f95d

SHA256
19e46dad050994d0ac8960f1522e18b27ea885bd3f9d7dbf696b36f6a1fc092e

SHA512
08a1819387cffd21f5081de553378d723e73fc4eb03d0a6219b8bfc2455faec37192a642a07cafba91ef3b478300ce323df7b8613a5db8e9afa56dc59c236c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df63d0beb3713245_0

Filesize
299B

MD5
9d6e182f2ffaf216a77e1b03f4135aa9

SHA1
c9cbf66717b925418c309712637ac12165babcda

SHA256
13ce6513f7a85294575fda3f912f593ba572422f314b4fb0eeeec061a844058c

SHA512
3ce60524e87e0f8df2ab884c84cd0cc0d5316b204cae72edb8806fc0ff580d0ae7a70b6c0c92d136af346eb8de009817d7f475ad29f60910d22a199be690b4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e549bc56cb768005_0

Filesize
32KB

MD5
a1eb1a0b31119ee0aa3449e6bb8bffe0

SHA1
0e1ac70e9365ab7bce178c46744a7138bc6d9ee4

SHA256
fc6712ed5d859ae4b6674972a0d7849b27c3d71b90fe6dc0572c2c72ace883ea

SHA512
4f5f270919460995b0b6d78f01653f92bc6fd84bc8541ea2dfaec289e8bf36297c88fd72139aeb2c36e967457d3140959695e7cbbcd0c7f61aa84a31183cbfd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fbf735360c7b8fdc_0

Filesize
134KB

MD5
af06408bc0e9bb82a785b8b2b5e123da

SHA1
0db7c8b7b88ba8383e66306112f306ca32c8b545

SHA256
f2e34b3b7440c96e7702944eb6221b267f49b727b1ea0efdf8386dd549fdfcc2

SHA512
8d8eaabe00491045c29621d3092e98d5ea931bb67f5db3cbb06f8bbe14b8f80e4323fb83feed58f4c72628031e7a66dae3424fe4bd6ffef465ad399591679865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
81aeb2e3e0aaff271e66008cb30faf26

SHA1
a0076ee44281a2c9bc85ceca7d6e94e7ec77bcde

SHA256
2b34e1ff3ab4e7bba2e2cbabf7939b249ac0c9958e1afa950e2f3a8f787bff4b

SHA512
f96bbb969c90dd78b650f52479fc736b567cc529be33294ab8ef2106d351b74a40ab5e4ddf206880c97a695817b7578816d5ba4ce72560b2665a78b8cb2d611a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b7fb0272410452e49bfef1815adc8965

SHA1
6a521b04f91553a976d6e76acb7a614cc8805810

SHA256
61ebfb19c1a367ac8e7bf3efde3585dae995a567a45195ad39af60a25508f87f

SHA512
7a4b9a1fba793130c97f29e0db22c8d795ce35d0d7c2b0a367fbebb34e86faa6e4a73ad063294828f206f68e6a81e8111a4ce3a3003a236eb3d348355043345c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a4994e4d9845bf60b59cb42442cb58a0

SHA1
e25f6059ef3d7eb2851d57d597460a5d461224c7

SHA256
f74cdda8cb7e7da450e6ffc6d39790ce526dab2ac1e715fa2acca6aa72f513d3

SHA512
a37f78d254d5471d34b17b0cc293f91e1b565f4ea689b62e4079f3f44bca573cb8afe9c1c003aac7c2e5da30dd826e4ff412c78cb6999459087bc46e44b7b8fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
ebde3bddf55fb8898d077909d47beff5

SHA1
cbc6640550bbea767d9fa73360488dd749524eab

SHA256
f08e7a57fc246297c900d1ea40aa8b57ee096f4d6d772ffaa24de7b1f2361363

SHA512
cb79b0efeff6ece6cd56717fc7a1a7f5a851b3fa18f22bcb3ded9857df4ab04336a395e359aad6b934e301bbfe3a5cc5312d0a52ed1aff476d32f70ea41c4e8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fa36b06cd2831586c0ebe866d783a792

SHA1
67a22dc2d964e2b6739fb41a822cef118be8f6f8

SHA256
c5fcf061a45c1de60f7df807a8881548b86e2e7c17874e09a35a15053104b5a4

SHA512
b0364011097b80457c000c36ff5ff482fc2b45f3b08e311e435609635ab9c3e2d1d5d1120afd6dacb2b10fdd2b16b05935fded40cfff7118e0d90af506445fe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0af53560b6837799c4538359bc43ec45

SHA1
9f6aedf8cb3289ffbb482eecbca3c95d2fc76a44

SHA256
b12f9ab49a47a891e5b9900fe1aa0ce76d2964996447ed7645408e7dcfa56f88

SHA512
3bb357a4320dd64191aedbcef89d0b5fee68ea9f696582f633e29f1cdc38af0d9113fe2f0c27962d28cf7da530647b8596530d7c7b46139e49b0081400f6a2c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
4a350d4e4c20c2027a8d8dab9e8023a9

SHA1
700a46cec8e0287c00c4880e43befd38bd2cb847

SHA256
40ffc0d5424cdd6dfee587ae638d121867f0f3880d04b271540f257cf51c77f9

SHA512
8af8621cb66716856c5d96fb8da901486bb4d15e59264c895d0b663e9bbc11cfbe1abf0f569986db57504bbe3f3545cb010db42ac9d208a35a981f40dd560f35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
462B

MD5
e13e282eb28337de752454b3a3044804

SHA1
1925d20d0bde14936f510e7a88b72941f7fb8aa5

SHA256
e1e8f19eb5be0ed1c95f19ce5b9a68d0a8e139911808aa01d2bc9ab83239fd87

SHA512
2ae3314b88c05ffc05690f43bec59d0c8e182b9eab86f77ed70348ef0588e62b34a5814a8efac322fbc068e055088612214f326066d0800dfc47a7157092a297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
ad7054e6dbffff2f2dac1113a20084b1

SHA1
056e609beac6cc8d51272df532033cd3248cb2f0

SHA256
e6d0ac5990817a8de6984db52e07ceba37053122f53b85fa7f5789aec0bea850

SHA512
5b7d105c75be8d9912e8adba17596a0aecae226400547864cbfca408875d524006fa6f2afab8454a6462f5e3fa9c4821e7b7008e72eb27a99592a6f7ea7bf568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b4a0425fdd2f4a2aead2168ca5c58f8a

SHA1
75cd9d0a0d2b59519d4426af4ba940591795986e

SHA256
b7c5e80e669bd3b2862330010f4b7e335b3844d0eb9d3685ad446666828d0adb

SHA512
e9cf0f4c5c45e35e1073219b1c2311692df920041a7f4019891a91230e062bdc31fcadc082a3cb0f9075bbb1766a5dcb67ab9b48ffcee55c2a7b913a94ec8d74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
921dd6814280ffc8fbddd0a7f52fd97f

SHA1
82f3e1d39261c040d7417066e894fd401189391e

SHA256
a39b50ea80c33d18fbc1a5a32bf76a344c0c34dd806a87737d2d269224a10091

SHA512
5fcb07262de9819a7934b3c9e6685865a66c58bb973908f4991f71ae6ee0903cc03640d8b907fd5efd2683be0d8f54b86b2c45f07dbbf4ea295c97cae18e0411

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
1e92362c263ed102eacaf4c0a91d4402

SHA1
034fe5747e17091b98bac19d73d065b1fa6a86e5

SHA256
df9bc7862b335db6353040de048c596696d66021bac499485466161c8c96a936

SHA512
dfedade55ec4aca1999cdc776d4ebae282e7c3b39cc638a21bde72110c6317f8b64fa703feda33d8ef57fb683a660244473a91367ef333dfd8985550ae076228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
384a1ed2e308ab3664793d32639d88fa

SHA1
4dc0cf4f33379ab6ca34e51e4562e7eb8d2567d1

SHA256
0d15f6eff2f4c6f9c0adf4ad985ec9ac986bd3ed8f5bdc50f292d4fa167380b9

SHA512
7673c154c08705a463bd8b677646a61910b1b957ca1ce7e007d70997472407163f09b831c99f4bc4677787ae7d7bd3557d5ad6bd472b4919fce74f3b56ef9ef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
deafe25434a22425405394238197bb05

SHA1
9cc70ffba7d34ec5517fa3d5cbaadea4303a88cf

SHA256
04e4506947aa26227688a8b0b222c614e48a1493561f924030e6817b312382f0

SHA512
99242d170ea715efc6ec6d115b699d62310d880b27d92bba1bc4b4bfa75a2743566017143edc0c9a88cb8a587a67e21fb3f6fb020ae74ff882b67e900638aa69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ceaef35230dd85077970309a5ca98358

SHA1
3b6c118d56eed66fb2910c7435626801441f8f23

SHA256
2eecb4abe4ea8a59b8ceb678f33f36aaf1607b066bbd7c5a3909743a09c334a2

SHA512
0fde77a9aff3c3094c3656e5cca9d961310a5e4c94a0ceb4bc7f36d25d29f0d8c811a3d479b6e7d663819241c5a585a749c290e2c1e4f657f9caae6c4575a141

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6b532fe118970f2b4a4343aef8b09551

SHA1
3bf0f01b8b44ec9a9b28286bfe9dd9e1b8ddac79

SHA256
0b1168a5ee786590961f8601c7dce6546d6a414080a9fd5fd6617de3552cd9cb

SHA512
421df05d4631fb934323fe957d4f114b30f755db561b5bdc8567d2e33c7e42b9d039605edd3b877ee8ca87708ad9337952de94822d13e6c8d19b82fcfdc3e3cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c37ad2102fdce90de24a3d76173cece1

SHA1
30f0e4309e9e0fc96d20d2fab30030d1dd7d4b71

SHA256
ac6f9471fb85cce2a3d2a1b2d4ee7c472d70e7342b140c66116ff5e0a226c856

SHA512
58ca9683240eb3d9b400ee3fda868ed8416faa8166e4754408458fc16954896db2b5fa6d68c122629d8f776ed3e2c7ba12d88d08bbe0fda9ac44fae986246ba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4bc2a073bbba143e2a5dfbc32117b9cb

SHA1
5940cc06eb80ba5a5f23895c8d708528333b55ac

SHA256
26527d57a758a7ff5d74576c9999c25b37455d280db1e01238c66ce98aa728cb

SHA512
1c9176a18a65de76ad0b3a57edd2e7ca6a26f816a8d9dfdfff46a9aa316dc23d3cd469a9884414baa5dda75476f7a33fddd8287f68517af5b58efdb69b0bb7a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
29f0bd454d7ba369763e9f0892512974

SHA1
860e81e7d13f97d45613afe7cf7d815086c3e745

SHA256
79833d9a79333a8e12a9b360ceeb7e3561eb5370a8aab14769b0d8a9c269e758

SHA512
824949af90a2d17eb3984e7edb73e810fa29e85f42c4cf349b4bbac53e74014cadbbb1a4ff9bf52631705b9b5047b2bcb3c884e20788e0076c562369b88b51b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
24a1614d9060226754f6425fe1f49876

SHA1
131f0b7aa2c100218ad356de1811423ff9e8ad8a

SHA256
c1000505271c9a45f1e71f2154a208bf245c385f68e22d44cdb607a61677231f

SHA512
245838f9343b552afcc719b88dbcbdf7c902a8ee9d358dbd7588f035e982e24d975fd39d754b696d2e75f0674f64fa923bfcb3bea1c80a1215dd954a096c8120

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
e126dcf3dafc8870d8db09eb6b222f7c

SHA1
8e8bd8a732bda6e61384b9eb0cd3a471b41d4c41

SHA256
7aaddcff562c84ea830327de7a684beba80a884e9a97f784c46478f600520e0e

SHA512
b5ad141bc250ccfa2ac34f124c5eb50097da530ee2de6c5e66c0460b9f87495ad05176144f49e4eb423be390a0c728110190291de2f16e105acd94861c98faa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
18f9e26af9b875a0d1da431cabd1e1a3

SHA1
2562378574cd5cbd0f75d7b27f9a66faaff747b5

SHA256
c8b2172180b6e9fc9bf035f424b6c515406e36f6284c5dc3ac5a729dbe2cefb6

SHA512
5655679663a2a56dfc53654dcd9d4c2c0ff750e693b2565a618e07e2976076e0a2a1dd5163955176d7bdc10c83f01dbcc56b947bd3b932e24109f5f597abc75e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
6c139620a05d874ca2123a195b568f20

SHA1
32db32c025b284d53b638db248a83e48e20f9101

SHA256
67b050ab0419710ce7a817ff72abf799166eb0dbce876fce9743a1e8fc6971a1

SHA512
5d6ee56efab5d48c2ec263ebef3b15137123cfd62f2d475a9e54b32224d8d796d7e8a8223c10743ff6a704f39005af9e0e1a65ceb49fc2020ee839cc4c7c4a5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
fc07aa56d1330e12b8b419101b5e85d0

SHA1
d914aa00b8be6c53c3f4d48f330e039a6f9f9a37

SHA256
57577b5ebd120d00ed0c61c7d30438a29d326971adf7ff14b09062d44364a55a

SHA512
7497c1de2d3d3990386ca34ebde04e064a62ec9c8219c3f8c3f6cfead2d942be9525bb7545906ac58c57439f662f5c998a912d792826d67f3f3f6d025003d7c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7d79ec3e811520277d46cb7b43d0be0b

SHA1
1b074052be82b2dfa09c36f8c7145c3d77edb19f

SHA256
83f1eeca203eb0b224275e17d6c6106aa50941fa60212215a4b53c5e21a3b5ee

SHA512
ce8c5e9430e57084dc59ba1a236d7f3907c0e32871b9cb7c54728c142e62573981c596ac1cd85381be8de8971c43f2aeb1387194087be29591fb677ef9dcbb18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
81c6e2e374cebbccf335a1052f335ed4

SHA1
c7b165c2d5e71035b12ddcbaca189b20b6e3ed7d

SHA256
7935fef454ea78e062f3b450ad4ccc3b6f4fa88068968f93c1bc21a3d467de04

SHA512
6d79c27b1d6bfa717d2ae347915a7b13f91734faf271e88d66a24b1f8189e9499ea4574788f8fde50893666be59afd96ee3e94a793271b460b40690d1ba01c92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
3b1f509dda262e2077f948abbb600886

SHA1
bd061b4348325bfff94ca3c25ded05e032d5f9d0

SHA256
04ba24c4573108c0f23fa94f1a4efc345659c96313d0eb5fe155cd47a6d86356

SHA512
f10615c594642efc927a5803f8a6c1e324e8d51b8ff3f828efac3747651f635d60d574813f949d7871a826fb1ea5dc372fc26ae2896ea1158d262ef94c4cbca7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
d60cad5e74cf6409d6398022c4268481

SHA1
574e6993d5c1f6811db09a59443750dbc64b47c3

SHA256
bcc4eeffecbe42d2ae4f9bf5a932f48a7984cb254222cde54e8f7daf23d285fd

SHA512
146f623675b3fd6ea7de17e25d7f88bf52d2288aa7c364ae20988754d987739d8b91e453f9d53bf528459c68d96ca56473dfbdd1eb0c7f87e23be6e01889e8e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9b37f3514b6c283c33da8dd44c490bca

SHA1
1c5e808d41ea601c1ffd68711c60ef155e781b56

SHA256
3caefd0c909b583a655beedaf5768df4c8b3a06dfd0658863eb0c62eba21db91

SHA512
e306030e6ec87914f8698d779a712b155c21d0c8f88731015e652ffc3538a581d9a6bae7b99bf02a5a0545594da07bae629359fa706c27f7f275ce1267add42c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
93b0e77243d37f757249e8f7175a4752

SHA1
c3f45ed8a464387fa2ed78b8f0f9aec8ba4559b0

SHA256
1da857c4846d8b7dd41adb3b12d74dd5a1766dab65cc60803366354dcfa393b7

SHA512
326af93cfda2cad7217f6ae4b090b6b88d01117af1332c0b467fbb8b244d9d6a58951f650b7348349416930a11d5be6e3594920b123cf4e5623c35ae5572aab7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
ab74e38f9494601057fa68e6ebdf9501

SHA1
94e092b3abda774bcbdadeb8a5ecbc57c2b5647f

SHA256
097094ab8b2dd05e1eb3ffedcff25135d8d144bc0fcb3e7cf0f5ab29da177f49

SHA512
dfe9f7ceebe2ccb9dbe0d16d6d0e7b2c142198390291fcba27cd0504b2a4b1ff9af737628b433dbbb725c20bbabbe97558a884f28aba16318505e40adb148df4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ebb01f4f9d85ddb3d3519d2284d08ff0

SHA1
031736cbfba433363427cde52a77236ab1318a86

SHA256
f3cc303bbf2810075d1be839e5bb13a14d8e1358e69b789910931ef28a7a2157

SHA512
ea7e87b73039108d9f4dfe44eaff9d35e50339825a6ba0c7ccac637ea71e43ccc33aab8daa05c4d89142fe0d3e8c37a1a7a79689099016c231b8569f52f06a69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5ca1cacfa4c72961cd9ac097aafd5af0

SHA1
93627623fd20ef7787b25f0717c18b6a626f58f9

SHA256
746c703f0227a2152bdb430b0b7d26aaa79025c1aaece1357a6664a29cd264c4

SHA512
e8ece4ab76be2bafbd8a6471a797737377d50202fde0ea75878f256dd56d1d6a197d9df7d77d952b71c8d66f032919a249e194109bab5a407674866a6ffa4678

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c3e79df447eea10e9de00b1323bb023f

SHA1
dd0e4bcfd0cf1d0083981d86f2ef606f32f127d4

SHA256
bb6b445cd53d10c514a6181f268c51b5a93336d4dbf88dc8d531e4eab376dda1

SHA512
1cabef59779331500545421da16c36175252520697087775963a47bc503f316107e8826409bf1e7ed2cdebc1fd23f1a4c8ad94a0da66918f42994b33fa436d51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ae602680e958d3a718ef511a4950a983

SHA1
5708d989a7f64d0b9c7d6b475c61a7bc0064f22d

SHA256
b0723793c01b7bf49010efd03bf27b19552d340e1a76e350b9aae830f763ca27

SHA512
2b29b8fa9cc99eb33e13113c3af98efda6c46325d787f56ab123fbf806d707176c93b1e24203f949fb4c71744bf62582fa570b6cb00e12dcf9aac368fe713ef7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
51202c4e3ed56198c9da156800fe011a

SHA1
e6da6b7ca2c797bd460f74e47f1c8c6b17abefc1

SHA256
56298ca06567979bb0f5fb3beb737b428af1a61892dee2583312ea7d37a6a1ed

SHA512
b928e26c86f19ffe30a0125271c9fd4c285a7cd1710f6ff34d8d75c2b2f500582b6beacaf82a2405050dcabbaea68205720bef1d2bd90009aa52d1c5f8895858

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1e9fdd54b605cf2129193540d9287f44

SHA1
25232144c206de10ed9d99d69c8876d78c8aab08

SHA256
d40ace22e57ff1293c7273100d36529ab379043f1b56dd21f23bde86e167b0ed

SHA512
306800a896c59f5c70393b73aad392ec1d924da16ddccf8c43fc080681518dc26a6182e2e70605c69f6936da08b4cc8ce236e2c695cff466b4edc02629227966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe60f5af.TMP

Filesize
370B

MD5
1a55a450dfac4838559ffa73f3c0479d

SHA1
42b0c40ab7ad361c71e02147a95ce3466a232e90

SHA256
c2017c84abd5cd90eced3fb7760b003aec615ce5776c7889e3407f943bc19639

SHA512
b7ac830e26a3159039aace10fb785412648a7621b0e610994aeb8249f8b5cefdaec6e5c2c43585c5651dda76b48629a1be38e22f6ed17a4843e1d5015445faf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
724e988248acfa0845e7736b40c0ed15

SHA1
15e4d65d08c1620d81d9adf9f6587bd76378c614

SHA256
72cef6f77927739c8e7065bea95e91976254157c5ebdee12fc7ad40a60be0a79

SHA512
ffeab309a94afc046b7325fc5e576c99f2353b7869052574f4d47b4263bfe656714b3b7777a66e4b51f611e202a74d955cf3094e26b194413aa313e20ded08a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1185ce89dbca4ec4ff634eedd5dfda3d

SHA1
8fae64edf14a3eb4864fce530e9f0e6c95bccb14

SHA256
8bc17e1f5f7845713a97a6458aa293669c69638bebf47d2ef4e1d9c56c33cb72

SHA512
69344187d7b306c82637a40e915bc81dff48e24e1ef8c60986c047288208898701713bbf94efaa633293d4f8978258f5bc581454a727d251a722375a83919056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8a82cec744e4309051cdd8ee8cbbad5a

SHA1
70af165c754395b6b3841f6731e8a65ecf62140a

SHA256
37cf86bc5db9ae41d90ec5f49368cf0e01e3fadf49e65b74cbcbf7b03c50c358

SHA512
bb5a6d52e44f08bbba863c4f696a3e4fe77247f63d24c99d6a2a124fcae11a6c7cbf4cfebd6acd2ab09239dac551dc74d53e4a602dd761f3b6f84b30a7662dd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
561e5b835e87237d7997217cbabbda63

SHA1
15ca6d1445c2d35e077dfb6018eba621fd5a6ea1

SHA256
b84c4803029c2b00d6d26110168a559c65a5e4b6ced629896ab360112174c54a

SHA512
a5e4f1e7de8c618690c7cbc80da81298e5c7fe78667ddb0354e294b8e4faa98041d09c260273988e77fa41094b287f17becc0a06a4472f75d14fe44e67959cb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8e2f665324e34e0257e714d93a4a6cea

SHA1
aa040caddc9c78411d9df4a7161d745f8ec27314

SHA256
8223e55aaf2f0aaae96f4f369a7aeb17b4eb02b5837097311e01fae3fa49f918

SHA512
27f4fc5f1415a655a1ff70d9ad5dc2705919a0e47534fe944e8631e84d2e1a187e06d1dd9490001bf76969d773e6c6c9549d5df5faabaa23a6bbb68e17d9c8a3

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\Filegrab\New folder (3)\VtOmJCVVlbZnXpSoEH

Filesize
33KB

MD5
1898ceda3247213c084f43637ef163b3

SHA1
d04e5db5b6c848a29732bfd52029001f23c3da75

SHA256
4429f32db1cc70567919d7d47b844a91cf1329a6cd116f582305f3b7b60cd60b

SHA512
84c3ccc657f83725b24a20f83b87577603f580993920cc42d6da58648c6888d950fd19fbb8b404ce51a3eab674066c5cefe275763fbdb32e1ae1ba98097ab377

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\Filegrab\nmew\BrowserMetrics-65ACF2AC-2910.pma

Filesize
4.0MB

MD5
6f64ca90f4dde19acccc01c1a5f75978

SHA1
f7d358f39d48f34000c78b43063678fa9a7128af

SHA256
1da0b24c2b5c335c210ab28521770205a219d9f736ed1f5f76eacccceef6fd2b

SHA512
cc216f54d6e429045a8e5ac977fed9190a59d6503b112d198c3bb1a39d2452e60a266eddd207c26a0cd4d2b93af7fde3fa4ed93623159c44daac8e929f597878

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\Filegrab\nmew\f_00004b

Filesize
1.2MB

MD5
3ad1246ad83b3da15cb79566f692e912

SHA1
731b4fe9a0cad4259de8287bb03055abeb3028f7

SHA256
da3b2870e87608fa40c9cdbe8a340b4e2d36979c5318eb06f33eee7c45de6893

SHA512
a96361db6369c6e0c0f6cbe70e4e11b9fd60d8043eae7d747fec71659b6525f9baa0412a05055a7f9b90f8114ec07a2a43cef128332e5d147643e551b87c1c88

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\Filegrab\nmew\transH07OIXKR.gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\UD.exe

Filesize
157KB

MD5
31502fc36fffb750d7bcc60646f772b9

SHA1
b65dad8556dce1f1454d1e0b3a45a79d7865282f

SHA256
61c8c9313fc94b64aac1d2fc2cdc6abb9a30d02f021bb84e8833ee8b7c27b180

SHA512
be9e17e5677540f444868ebb802b27f07173b1c0c904d7a831d61a47ba2c0e3ca4fe6af8a471e462f704532221f9c5934025e40e96e09d5e310fbfb59b5ab49b

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\UD.ini

Filesize
124B

MD5
fc9647e8a046fc2145a05cca9b6125dd

SHA1
c96ec2c28ec5e7dee690517a6823a365cec73f30

SHA256
32c87bdf50f1fcef3b7bdd09b864ec479870855c6980d209664fde3fc96339ce

SHA512
e60590cf649603c2b47bcf30536fe4a2a1bad7d9aaf433fd88612ea11f4224474d3302c669ba17f42ad3356542b447ddca73aee5d67d5be80b25695dcf1e8d7e

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x32\UD 32.ini

Filesize
47KB

MD5
f26abe99220e90c62ee5248d1e7bbe50

SHA1
bf2b81e132d97e05c72acacf35a268d2e97a1fa4

SHA256
959f3e8a3d880f5c63d30b659c79abb8c909074951c02eed773864173a42d2e1

SHA512
b9b6331e8166ac92a3b3b376553688d126aff5b673e7d0f1e98ec8156c27dfbe83488c7697265e64bf8dfae1ce8a961476a9e717a6f4954840fd35d76025452b

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x64\DeviceNameResolver.dll

Filesize
70KB

MD5
4a493025fc04b42ad6fe094d6171e8cd

SHA1
10fce3f7c7858f51070285a0c112a2601336913a

SHA256
b63354cf2bc3b7ffb5b679f78af7993d094561fd307f6ebc2a30c4db69f5b79d

SHA512
2e692ab41bdc813f9fb19b4ab335a5233f0881f9ba779a2056481e6e6fc9f5a31697ae3dabd599997c4f8a3553c5b7bf66f017abd03e1f7b93708a580fc6056d

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x64\LLVMDemangle.dll

Filesize
593KB

MD5
1228e59df447f4e6476546ae24638071

SHA1
7ec87e01e60f8f571684cc929fec414c224156e9

SHA256
8de391f11ceeafa007badf71b62560368f8c71623486ff1c2e4c5373fe482834

SHA512
acccedd27f10123e9f572d868fe11cd5d600b4f1a45a9e38fc263dd4d75cde022eb0d3c74fc3700148b4cfba7146c45d4591cda5fcbef8814427980658975c60

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x64\Qt5Core.dll

Filesize
5.3MB

MD5
2f997eb6ba34065496cb088f1489aebb

SHA1
29fd1c8a3e71cfbc49c9f160dce2749cecaf0cb6

SHA256
7a4cb4ced60598ed0a4f31dfdc01a8019df5cca6cbbfd3ec7f629edd99db6007

SHA512
4b1fd309cae1205bd3eff3b48b21893a20211356779b29c9f7739bbe6eabfa3e83e256e8406aa0af0b223b1376ec139e9605a0451359c0cccd21d3360477c233

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x64\Qt5Gui.dll

Filesize
5.7MB

MD5
0097fe1fdf80e2b515ab5ab2f6bad47c

SHA1
fce79b37dfc8b142dfd32c233c9ac9eec248bd6d

SHA256
3506bd2e291fe85a675d268e705f46dd0da7c274ec43dcb2330b8cee2b8c1d24

SHA512
cddb67a0d4bc60d7c26dfb4f03fbccc7d82ace7605b9d8fa20b46a970ffca134d5904303b91caa1e19b9c153a4b61ece3bde27095075dce344835e2cdbc531fc

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x64\Qt5Network.dll

Filesize
1.0MB

MD5
911b28d088a35d3f56a23a63ee837dca

SHA1
c110efd1c33bd8ffc2062f92a95c8f915a8db6f7

SHA256
4708ed9604e731f3b7b9b1fd774f3962a80bdf36a1845a3bb7684e8507eb0be0

SHA512
f645cfee2c5a348f01b1aa0ff3b7a039dd47117c86390b7d5fedf253ffaac1894edc36949b29776a0ab24680d022ad468d9468fe9e470d05f7178a5e9ac8df6a

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x64\Qt5Widgets.dll

Filesize
5.3MB

MD5
82a8cd1f9b519d1aa8e6ad779c9e5c4f

SHA1
536da03f5389ea83009436a3197ec860ac6f0448

SHA256
6fbc262e506dc957dfdf72852cfc3b2c8b7850ec5eef4dc30f9fc9e066a8b911

SHA512
a7f178291f65edc4d4de2dddba624dc1b0c51c1b45ed92c0c35d5b3ecb496a0b8308fc1244b8846991d7580a684a9dadda1aab6f04bf4cac13ddc0cd2be31429

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x64\Qt5WinExtras.dll

Filesize
284KB

MD5
de7154814975f02e171f637f8222f8b1

SHA1
33198b358078341748ce5ea01ed8caf85501e0ce

SHA256
8dc1c6ad37a164639ef75093d8a0179f6f8efdf1a22877c59bac745968738e6d

SHA512
dde3c8e0fa96627dfe9ffe1067a9afacde3a69fc7ddc43d5823d091e4c449182b4c90a3fe7823f8480d889da2ae72a835b088ead54e135a197e5ad63efd4f4cf

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x64\XEDParse.dll

Filesize
1.4MB

MD5
e82079a897fd57748fc81e77b5756e65

SHA1
6204f217f4986be91d48552bcd4aa1b772b1832c

SHA256
1d339e41ca9d5337b410feec1ca808a7ad8b0af2cb6827cfe581cacbe04ba376

SHA512
8a0268858459d149148a0941866a90bc7fb2a8e4761f35f3fbca3a4d90a438f89bfcd71c3d35bfb62c95d1e1391b23ab32421e88573815c81293e166cdcfd956

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x64\dbghelp.dll

Filesize
1.4MB

MD5
e9f0405aa557d9db4352c3473122905f

SHA1
b87740872aba806e4c3030e3baad9e5909ec33dd

SHA256
507262cb88b8ebc64a79451c49cd3b59eab97f4b81d265b51d6ccba487ba8301

SHA512
df38fb203b2f30a95d97f0b74321e04eb7f5eaa8d27428d3fe33fb40537902538758e6a04cc592c3d76ee2bfba54736457e493b60caa9285e115b5d732a77919

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x64\iconengines\qsvgicon.dll

Filesize
45KB

MD5
24043267d4395f646055c422d8ff1ce8

SHA1
4827a8b2b51dd7c0c52a0248740d22cd688b71d8

SHA256
b84e5e02ef6e91848a0d8033965325a988981077ca18edf9abaacc391a128a84

SHA512
a9e0c2d611d670a4fbba145753a77f1ff8aac3c1e6c9ad829117b2472c9197f57ff0e0e0a80f29e5eaf77ebf416196a55ce834a14895f02725f216270f2fa63c

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x64\imageformats\qgif.dll

Filesize
38KB

MD5
506a7c157ca05b5478b513b6b52f7b71

SHA1
54d5d132a7aaa857d33c0e118a56283a862be84a

SHA256
c2fce71c35bd6e22e2ea3a7e0554fe9a726f55d7027bcdbe587fab8983c3e421

SHA512
d4207de7eb2fff4f305209a3f4e51190eb6d2168a333dfaafe5cf00ffd838a0f6d324d3db50a35e696cd1dec4bce593201155ce231270679a15f0deaaaa1a42e

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x64\jansson.dll

Filesize
142KB

MD5
77e483778406136733586ce9c833cf37

SHA1
3f39df0df7cf7e967e30ab7840bc4c7f1ece1d52

SHA256
f8302919d3152b64ae0111b2ddcb4b21e63b674d10e203c05c2a7af015ba6710

SHA512
8c328a77a3b00fa67dac4be86cf301e17f46ee0e9eb4ed81681181035a6948c83e1ea70efdfe6ca39d4963de283a887bc468b9d1232d125e4cbed4afdefb45da

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x64\ldconvert.dll

Filesize
56KB

MD5
5ed39b88a4a05adde32153e5d583e424

SHA1
c139a5761b5e8e2cb06c3229d70ee6eea9bfad9d

SHA256
293539875b478fc2b554104f8c1e0e80a169e75c829a5b882e10b601e6e99744

SHA512
9c9e438abca22502e0430bae7cb3292ff768cb9de0ab06ec1bf261ac2b67750a0172b084b05e7b21f786feac622990edb674619602d118e94e8b0202cc5fd3e0

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x64\lz4.dll

Filesize
91KB

MD5
64849c3b3e38e75782a9ca3ead09e89b

SHA1
645e509d3a6af15ce6a64ec75fc61b8769ef2c14

SHA256
97262ec9688ba204c97fba061bc95b24c2cd67b8839d43217024a542e9d8f124

SHA512
e0e9dfbfdf0f102d6217e69a965c97c210cb4ac8a971022ef5aff1da12ec3f7c0e04ca2272c40ca14c5eac89af49a3e6e5e8557e3db7488c2558edcf08d9d602

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x64\msvcp120.dll

Filesize
644KB

MD5
edef53778eaafe476ee523be5c2ab67f

SHA1
58c416508913045f99cdf559f31e71f88626f6de

SHA256
92faedd18a29e1bd2dd27a1d805ea5aa3e73b954a625af45a74f49d49506d20f

SHA512
7fc931c69aca6a09924c84f57a4a2bcf506859ab02f622d858e9e13d5917c5d3bdd475ba88f7a7e537bdae84ca3df9c3a7c56b2b0ca3c2d463bd7e9b905e2ef8

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x64\msvcr120.dll

Filesize
940KB

MD5
aeb29ccc27e16c4fd223a00189b44524

SHA1
45a6671c64f353c79c0060bdafea0ceb5ad889be

SHA256
d28c7ab34842b6149609bd4e6b566ddab8b891f0d5062480a253ef20a6a2caaa

SHA512
2ec4d768a07cfa19d7a30cbd1a94d97ba4f296194b9c725cef8e50a2078e9e593a460e4296e033a05b191dc863acf6879d50c2242e82fe00054ca1952628e006

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x64\platforms\qwindows.dll

Filesize
1.2MB

MD5
0cdac0e449902682182f78a552c35de2

SHA1
c370e79c472c4973178a9b666194edceb1c02a62

SHA256
85dbcaf6965fb146cde7825465add3e890e13d2c67390b8b3c6fbcaecd503c68

SHA512
9516091abb61b91dd0c90d2e85f6de1463f075e64451dab48b535a119d5a04e66cfe674ee85c8ac41772c98d22c946f8be85f0d80c2e50c247939fc66aaa7cff

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x64\wompwomp.exe

Filesize
59KB

MD5
11c2355ae66099dcf09baa4ab5ea6586

SHA1
bdd160dd3b5a241563cff7b4285e7f902442e58e

SHA256
55f61e00db69e9a866ddbdd7d5fd8dc3c52799d0db790481e04e3426468091de

SHA512
23242677b674810945a070d3ff851570ffba09ec753a842888d3aaba9a253c2699861f66a4bcdec478ac6295e84b78025a101f3ed78d5dc6eb6abca82f792754

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x64\wompwomp.ini

Filesize
47KB

MD5
dc653daf52c915df952272d1d360c5a6

SHA1
b13149c0226a21f50930f6d08056c024d9c578b4

SHA256
14f2c10562236bf1567cf54635cd630efc57a6ef2b39ee24739cc1b854102c68

SHA512
547e8d8f0ee6d138b59ec6ad1a00cb30f46a394affeaca6d44c3faad39e2fe92ad5e627e892995886017b8238cf3a56db4d927c50d66f97d0c6416431102e234

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x64\wompwomp.ini

Filesize
47KB

MD5
b0843d1676243817560f1380ad191db9

SHA1
510286aeadbd718f19c77f5afa5135977d43ba05

SHA256
7d5bfb8608624f667a451d2d6fc771429a3b9d2365c0100ae591176115b7c44e

SHA512
fd318c274271b2ccee84f0477b6e1c72d3e40acd7d8c04ddf4fc2da0164f4e6130b91f1f17c3f48b83d675f7a3c12f7bd28e251523005b96ed7d7876d33632da

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x64\x64bridge.dll

Filesize
77KB

MD5
88bb0d0dfc2887f2f7ef7f9d5ef55339

SHA1
26cf9ea264e4c662f5133c51195345fc29d3e0d4

SHA256
ab10e539bf3bbba9f5bcc0ebcc605cd1d3397b89a9180b0155fbf52c7ebd1f8c

SHA512
5bdb24d9226a42964269f43df9c5d5c6506aa70b71c6a1b008b3c9008bad3c33eee2e300e33b42b364573b57db247eebf17fe9ce2e7f8a14970a9bce9e75f77e

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x64\x64dbg.dll

Filesize
2.0MB

MD5
7d3ce2b73dbc4e174a905b3aefd0feaa

SHA1
3bcab7e2a62914d16563dcaa760e16ff6cbbc386

SHA256
0b8321e8c5cd08ce2844d9d80c028da0736b3d7092416de68d7b347d502d0b25

SHA512
4971e7e521eee642ea7a13fd613ab87af37113455e11ee0fb7250ee3f1eaccba128711470282ba219de7048362bf302f44f4ac8e97f6f3084f093f0c85875457

Download Submit
C:\Users\Admin\Downloads\Cracking+Tools\Cracking Tools\UD\x64\x64gui.dll

Filesize
5.1MB

MD5
ced8291b2750043e7f655e0447b10e01

SHA1
790ef85b2de5a7dcbd07ddde7fe1c7194a4c2061

SHA256
5232ac77b717c6e79631cf1f0a7f25b19714a4e6b90868206e8b003ff73e26ef

SHA512
e42038ac08e51777cd4093b38401a86130e126be597d0db2c799233ba623b8f22ad9f161de52da6bfa9f3ebfd4f67d5be4f26e091a9bfecbf402c97a5cece8d4

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 115999.crdownload

Filesize
1.8MB

MD5
8e0385e93b0228e696501f49bf695408

SHA1
66e40dec50a4e10d41ebe8c79d3ac531f71b6515

SHA256
3152930ebd6540669f598287d517f7d763e7b22fd7c85f9d715d5c3dd5417e68

SHA512
e26ff77fe0834e9f1037bda10f82cc2468fe243149062a4a69aa6d1a432f1b29b81cd2bbb89ac7a25f15c98820a1b7e6925e536571c6eb949c035ea56137e712

Download Submit
C:\Users\Admin\Downloads\flare_free-1.exe

Filesize
26.1MB

MD5
8f3618adbf1fb938db83a39336f67afa

SHA1
e0aadca4eb6122611678ceb4c60deffd4365b7d6

SHA256
796fafe93957876b4593db96c58a3a4bfbd79cfac22ccabdecc3fb2b6c87ab5a

SHA512
d5539d664f9cd8d94bc3f11b9af68e13cff8650d970d44d33a163319c5e476128f6684e54bd089d66a8559a96a27be5d93232c6503601479398cdd2e644c16da

Download Submit
C:\Users\Admin\Downloads\winlister-x64.zip

Filesize
40KB

MD5
6ee37e080eaf059c3e5ff23567efe7ed

SHA1
1d77ab5ebffbfca53077d0d87d216c71c18ba265

SHA256
2a07bb34147dea6ca6fbf2be6004ece72cc9ce308f29f86fa2e2d5842b7e997c

SHA512
534854ff98a3415882ea1458e3b6d88ba8652fdde06722a4158f0e8cb67b382daa893a8a97dcb2f03ad1359b1a6aa67e0dcb04141dc2ccc5f69970d49de6261f

Download Submit
C:\Users\Admin\Downloads\winlister-x64\winlister.cfg

Filesize
516B

MD5
51ff032fc48207ab5e7240efbdb3098b

SHA1
9a22b34bf6120d20341e02281fcea514413592f3

SHA256
d97d3e188420899f38469aa6b7caf78a7b915d16a9293f265feefa3e080696a3

SHA512
c725a210538816013e4054e04465a4c119c4e6e3c9cca3ec9ef292da5ddc817e6d89e0cefeb10a23eaa28a941dd61215a0a327fc869b09b34826b19e815a75f7

Download Submit
memory/844-218-0x000002661FDF0000-0x000002661FDF1000-memory.dmp

Filesize
4KB

Download
memory/844-219-0x000002661FDF0000-0x000002661FDF1000-memory.dmp

Filesize
4KB

Download
memory/844-225-0x000002661FDF0000-0x000002661FDF1000-memory.dmp

Filesize
4KB

Download
memory/844-226-0x000002661FDF0000-0x000002661FDF1000-memory.dmp

Filesize
4KB

Download
memory/844-220-0x000002661FDF0000-0x000002661FDF1000-memory.dmp

Filesize
4KB

Download
memory/844-230-0x000002661FDF0000-0x000002661FDF1000-memory.dmp

Filesize
4KB

Download
memory/844-229-0x000002661FDF0000-0x000002661FDF1000-memory.dmp

Filesize
4KB

Download
memory/844-224-0x000002661FDF0000-0x000002661FDF1000-memory.dmp

Filesize
4KB

Download
memory/844-228-0x000002661FDF0000-0x000002661FDF1000-memory.dmp

Filesize
4KB

Download
memory/844-227-0x000002661FDF0000-0x000002661FDF1000-memory.dmp

Filesize
4KB

Download
memory/1608-2157-0x0000000000710000-0x0000000000711000-memory.dmp

Filesize
4KB

Download
memory/1608-2159-0x0000000000740000-0x0000000000741000-memory.dmp

Filesize
4KB

Download
memory/1608-0-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-14-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-15-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-16-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-48-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-77-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-78-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-124-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-149-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-158-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-183-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-216-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-217-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-240-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-241-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-242-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-245-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-2181-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-2147-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/1608-2148-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/1608-2149-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download
memory/1608-2077-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-2150-0x00000000006A0000-0x00000000006A1000-memory.dmp

Filesize
4KB

Download
memory/1608-2151-0x00000000006B0000-0x00000000006B1000-memory.dmp

Filesize
4KB

Download
memory/1608-2152-0x00000000006C0000-0x00000000006C1000-memory.dmp

Filesize
4KB

Download
memory/1608-2153-0x00000000006D0000-0x00000000006D1000-memory.dmp

Filesize
4KB

Download
memory/1608-2154-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/1608-2155-0x00000000006F0000-0x00000000006F1000-memory.dmp

Filesize
4KB

Download
memory/1608-2156-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/1608-13-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-2158-0x0000000000730000-0x0000000000731000-memory.dmp

Filesize
4KB

Download
memory/1608-2145-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-2143-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-12-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-11-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-10-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-9-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-8-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-7-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-6-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-5-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-4-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-3-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-2-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-1-0x00007FFC28EF0000-0x00007FFC28EF2000-memory.dmp

Filesize
8KB

Download
memory/1608-2141-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-2081-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-2093-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/1608-2117-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/3992-4807-0x0000000140000000-0x00000001420D2000-memory.dmp

Filesize
32.8MB

Download
memory/3992-2395-0x0000000140000000-0x00000001420D2000-memory.dmp

Filesize
32.8MB

Download
memory/3992-2444-0x0000000140000000-0x00000001420D2000-memory.dmp

Filesize
32.8MB

Download
memory/4612-2142-0x000000005B320000-0x000000005B335000-memory.dmp

Filesize
84KB

Download
memory/4612-2120-0x000000005ADD0000-0x000000005B31A000-memory.dmp

Filesize
5.3MB

Download
memory/4612-2122-0x00007FFC05EF0000-0x00007FFC0641E000-memory.dmp

Filesize
5.2MB

Download
memory/4612-2171-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download
memory/4612-2121-0x000000005ADD0000-0x000000005B31A000-memory.dmp

Filesize
5.3MB

Download
memory/4612-2119-0x00007FFC05EF0000-0x00007FFC0641E000-memory.dmp

Filesize
5.2MB

Download
memory/4612-2175-0x0000000140000000-0x00000001421A3000-memory.dmp

Filesize
33.6MB

Download