hxxps://drive[.]google[.]com/file/d/17XEEmQnY0G56YrG9Y7koLW5zufmU0yys/view

Analysis

max time kernel
439s
max time network
440s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08-09-2024 14:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/17XEEmQnY0G56YrG9Y7koLW5zufmU0yys/view

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation	LosslessCut.exe
Key value queried	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation	LosslessCut.exe

Executes dropped EXE 10 IoCs

pid	Process
4728	Trimmer.exe
3404	LosslessCut.exe
3984	LosslessCut.exe
916	LosslessCut.exe
3268	LosslessCut.exe
4808	Trimmer.exe
2344	LosslessCut.exe
3836	LosslessCut.exe
4636	LosslessCut.exe
1504	LosslessCut.exe

Loads dropped DLL 20 IoCs

pid	Process
4728	Trimmer.exe
4728	Trimmer.exe
4728	Trimmer.exe
3404	LosslessCut.exe
3984	LosslessCut.exe
916	LosslessCut.exe
3268	LosslessCut.exe
3984	LosslessCut.exe
3984	LosslessCut.exe
3984	LosslessCut.exe
4808	Trimmer.exe
4808	Trimmer.exe
4808	Trimmer.exe
2344	LosslessCut.exe
3836	LosslessCut.exe
4636	LosslessCut.exe
1504	LosslessCut.exe
3836	LosslessCut.exe
3836	LosslessCut.exe
3836	LosslessCut.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
9	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Trimmer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Trimmer.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{FE0A0E85-DDE7-4778-A6C9-9B25D151EAC4}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 32144.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
5020	msedge.exe
5020	msedge.exe
2676	msedge.exe
2676	msedge.exe
1824	identity_helper.exe
1824	identity_helper.exe
3664	msedge.exe
3664	msedge.exe
916	LosslessCut.exe
916	LosslessCut.exe
3268	LosslessCut.exe
3268	LosslessCut.exe
1504	LosslessCut.exe
1504	LosslessCut.exe
4636	LosslessCut.exe
4636	LosslessCut.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3944	msedge.exe
3944	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeSecurityPrivilege	4728	Trimmer.exe
Token: SeSecurityPrivilege	4808	Trimmer.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 3652	2676	msedge.exe	83
PID 2676 wrote to memory of 3652	2676	msedge.exe	83
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 2960	2676	msedge.exe	84
PID 2676 wrote to memory of 5020	2676	msedge.exe	85
PID 2676 wrote to memory of 5020	2676	msedge.exe	85
PID 2676 wrote to memory of 4372	2676	msedge.exe	86
PID 2676 wrote to memory of 4372	2676	msedge.exe	86
PID 2676 wrote to memory of 4372	2676	msedge.exe	86
PID 2676 wrote to memory of 4372	2676	msedge.exe	86
PID 2676 wrote to memory of 4372	2676	msedge.exe	86
PID 2676 wrote to memory of 4372	2676	msedge.exe	86
PID 2676 wrote to memory of 4372	2676	msedge.exe	86
PID 2676 wrote to memory of 4372	2676	msedge.exe	86
PID 2676 wrote to memory of 4372	2676	msedge.exe	86
PID 2676 wrote to memory of 4372	2676	msedge.exe	86
PID 2676 wrote to memory of 4372	2676	msedge.exe	86
PID 2676 wrote to memory of 4372	2676	msedge.exe	86
PID 2676 wrote to memory of 4372	2676	msedge.exe	86
PID 2676 wrote to memory of 4372	2676	msedge.exe	86
PID 2676 wrote to memory of 4372	2676	msedge.exe	86
PID 2676 wrote to memory of 4372	2676	msedge.exe	86
PID 2676 wrote to memory of 4372	2676	msedge.exe	86
PID 2676 wrote to memory of 4372	2676	msedge.exe	86
PID 2676 wrote to memory of 4372	2676	msedge.exe	86
PID 2676 wrote to memory of 4372	2676	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/17XEEmQnY0G56YrG9Y7koLW5zufmU0yys/view
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffafd9546f8,0x7ffafd954708,0x7ffafd954718
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,14716853907679770541,5821818747384001231,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,14716853907679770541,5821818747384001231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,14716853907679770541,5821818747384001231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14716853907679770541,5821818747384001231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14716853907679770541,5821818747384001231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14716853907679770541,5821818747384001231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,14716853907679770541,5821818747384001231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,14716853907679770541,5821818747384001231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14716853907679770541,5821818747384001231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14716853907679770541,5821818747384001231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14716853907679770541,5821818747384001231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14716853907679770541,5821818747384001231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14716853907679770541,5821818747384001231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1912,14716853907679770541,5821818747384001231,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1952 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14716853907679770541,5821818747384001231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2024 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,14716853907679770541,5821818747384001231,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6268 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14716853907679770541,5821818747384001231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,14716853907679770541,5821818747384001231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3664
- C:\Users\Admin\Downloads\Trimmer.exe
  "C:\Users\Admin\Downloads\Trimmer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:4728
- - C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\LosslessCut.exe
    C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\LosslessCut.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3404
  - - C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\LosslessCut.exe
      "C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\LosslessCut.exe" --type=gpu-process --field-trial-handle=1708,7104573116994683541,8404117625708817589,131072 --disable-features=SpareRendererForSitePerProcess --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=12293778687692808258 --mojo-platform-channel-handle=1720 --ignored=" --type=renderer " /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3984
  - - C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\LosslessCut.exe
      "C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\LosslessCut.exe" --type=utility --field-trial-handle=1708,7104573116994683541,8404117625708817589,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --service-request-channel-token=14638017068656794378 --mojo-platform-channel-handle=2160 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:916
  - - C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\LosslessCut.exe
      "C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\LosslessCut.exe" --type=renderer --field-trial-handle=1708,7104573116994683541,8404117625708817589,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\resources\app.asar" --node-integration --no-sandbox --no-zygote --background-color=#fff --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=17043763646755519816 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2356 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:3268
- C:\Users\Admin\Downloads\Trimmer.exe
  "C:\Users\Admin\Downloads\Trimmer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:4808
- - C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\LosslessCut.exe
    C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\LosslessCut.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\LosslessCut.exe
      "C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\LosslessCut.exe" --type=gpu-process --field-trial-handle=1652,9380707642284965450,1573856909432812089,131072 --disable-features=SpareRendererForSitePerProcess --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=4037358821404288258 --mojo-platform-channel-handle=1660 --ignored=" --type=renderer " /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\LosslessCut.exe
      "C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\LosslessCut.exe" --type=utility --field-trial-handle=1652,9380707642284965450,1573856909432812089,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --service-request-channel-token=1449476238431244532 --mojo-platform-channel-handle=2248 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\LosslessCut.exe
      "C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\LosslessCut.exe" --type=renderer --field-trial-handle=1652,9380707642284965450,1573856909432812089,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\resources\app.asar" --node-integration --no-sandbox --no-zygote --background-color=#fff --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=3398625694472050169 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2340 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,14716853907679770541,5821818747384001231,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14716853907679770541,5821818747384001231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14716853907679770541,5821818747384001231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,14716853907679770541,5821818747384001231,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1912,14716853907679770541,5821818747384001231,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6500 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14716853907679770541,5821818747384001231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
  2⤵
  PID:4828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4104

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
c0a18c626491405baa10c086470605f2

SHA1
56d22243d3f901881c5c16443684599fd2a436bc

SHA256
e81c51d186f3823e725ef1c47b3a6b8263a9e7bcab995639d796067969d2cdc2

SHA512
47686801835dd11894f1ad1823c937de41fed8faa4540dfbd36892d3ed07b1f484ed03382e260d2f7e3a58e5bb2bb7c88d14e785c2da4316d11501aa1cf8dd0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c584d7d493bdb87809ad6a309b6de913

SHA1
9965e24d454790bb445006876ae7ccfebff81eac

SHA256
d0d54459341a0ca1e9b7f87a252757e8029ba7d1f4204782bb40d898912017ba

SHA512
633d1efa44eeaa007e4d919a410ac1229ef5ab4132334358ba9885fb923595cab424898e9a402c97fcfcca8477c314763530d98d94fde8265c762b7ada647186

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3356dd17fc712691f6fbdf6458ca1df2

SHA1
6ee7b9ca19069df21f61225c8c1f14243c934040

SHA256
1c84290c4831480595841556acbff48ac3b6fa602b2692dea3159886be6da118

SHA512
b4a48cf89d4bde0777328fdda3a56230830bf6d76b0a1b3e8e98abaa75e7e7b7e349614246fc127572eaef90031b5fb7cbc0ac9e6a92f3e617c44d25f82e039b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c4f2bc512cc3796ba456d15c54fbebc3

SHA1
22cc4637f99d2973b2908263ac4dde9beca4cd49

SHA256
c91ca6be0e890d40811ad8cd442e2448123f521433590fcbb5ee7b9ac70fca15

SHA512
abe7214f80a33c83d1a998a00ccb275f7d6e6f48188d5f880a88d4c6b01a5a3f5af4105c816dd7614baf8131253a177965b6f16f7c6b303cb1509e19990d05c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
beb1d03145a0f21d47be77359fc2753f

SHA1
1dc5e230013eb073ca85cf7bd0846f5cda03a80d

SHA256
1c37e858640adbc9c4085c91d443bf4d895c471532b95e612c5aad1f04a20a1c

SHA512
7b9cb89d22ce98198379a9a6bf1d5a48884167008be69f9271f2d040c852fc37d9ee98b2a9f02afc094cb4e92dfd726a87a221fbff20764748189762567fa79e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
731c7d2e023ba4f31cce64e181a50369

SHA1
f9d0794b81d771b430c61e700da907743ad15b46

SHA256
38c32cc502b675f80aeae76bf4cd237b7c4302d77472a0c3c86c0cf65ca06639

SHA512
993f7379c51c9bbdc93f416450e3ce3db71487d55b61301a76cbed6a4536ffd0a29350e065d44860cab16e4286dda7873a8813fedbac78394fa292a9197904b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c93c97c0e88cf5658aa074d8709b5ad2

SHA1
ae89e9dfd308fe241e14489fe17d4305d1c33894

SHA256
9bb8341850831e1f571ff65c63bdbb83a36fa5007b13190ab1f458142794df32

SHA512
3f0c1d0af651c3acbb16d784ef04677f666b75df5e0f5d1d6e9a49aac5661f71ea16a65a76f4645c550b44e91af1e646a16b55d8c32f3882a5e051fbe3abd275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
86fc6f2bbac51995ce79af9f275495c7

SHA1
71d202b004a8ac8876f56f60bae1ada3189f68b3

SHA256
0aebe6df1b07fcd4c188d2204a6f2f93fcc846c308d0f731f24d02b033b8dc3e

SHA512
c407eb178e41050768cb2b30b1974fcf88159ffad6c37647698fe20dee35a8f3f1637f0e4a09436a565808dbcd1edfe16c01028450e3bff3e0cc2aa73cc6c6d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
54c885043007079c3f125904c23b8b1e

SHA1
56a4e735912720bc107be39754190204295dfa64

SHA256
9c5caa1b303a040c05f065882ef0bd137c1c5e2e421fad340926066c3d528022

SHA512
4b126652dd8a2ca05852289ff3c37e3d738adfe48a95905720295d2b13a442bf15cae5edda542767751b02b359781296aeb524596f32b400fccf42e8e510a18f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6439e9c4f01cc671a1c6acfa9bbd8f3c

SHA1
3cd8da42bfa5e6b7b9177f0c7298d8412669256a

SHA256
a1c8d363a2d077bb3df0c5b087d08f0e00ee295f37ce8592d9aba812fbacd996

SHA512
12be2796c26eea3922648379481fb1595a2ea13134063f47748b41d391b8843c0b4d0446b2e8b63dae77e7fc3692346b1ecbf04bd0a5e871c3f81b86505cf875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4539ba343be104762bcad746b2e49efd

SHA1
947c4488b59ebfefd70f3818abfdc9601f9d2fed

SHA256
e07cd403851b82634371acf006c1efd5891ad9915f53c14ee7f705d51dfd9dc9

SHA512
c39bfbb707567440556ebc8c2ce206b8ca7fd3fea2600fdee2cc728e35c1b10106950db839ffb0713abb080d744528d3f150862cf549b4f3a89a6c1f5791f51c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f58a351b20312811c148f6e836d21281

SHA1
4861e49fb1f434b8e261d3f17893cd7afbfe2c2c

SHA256
21602f835078d66887f256cfc7c676b9bf8ef054fd0f6032acc95c373a934ce4

SHA512
06e5ad0d905d44c5e0c1b8d4f69e64b4249295c66366b39f76c0ebcee6a05048094225fa6127a9afc8d148f3d64405e7ec210f0b294841cd7adb83c7fb05ddae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59f747.TMP

Filesize
872B

MD5
40d4bf2c1c55125946c7b725344ccf4b

SHA1
8a81b9337448ce1980b3298e0ddd1fd774531532

SHA256
7a89a9ba8cf2f2b9f57301ec0e7ced0c4ad1c564350b688715e7537ec517a20a

SHA512
77cf0d0dacafe1033abc159f89225b686b0ee2a3b1e36f6643b95a605976aeb7320996998861c00992eb4f7ac804bb8603f7f458fe8b23ac21c767b8b3b34194

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bcf14a00b72aa3455eac7f3913340f8c

SHA1
b09e34f1eeb57cf46a14bf6697f5e77c82f6b658

SHA256
66c55181f4efeeaad1265cd17353046c2190f6b92173c3deadd5837c1481f51c

SHA512
d9edd46090ec98373823a4abefe273cb4b22cf8513743289aa8f134f6effbf79d1340d8334f57f0c9ad562bc621ab9da41354861b2705d607c7866982095a4bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
29b8eb743c04636a8e776d536266f08a

SHA1
1b9ece988346679892a1ce9beb3520d3b343d6fb

SHA256
c5963060e86a9368647054d0e90aad416746a0d3ed8cdca745a50e2ac9789793

SHA512
3c47727ccce9126c257b58533a9ff82aa23889f7567f541f9bc101db1875c4fa75ce127bb8f86c9b94b4baf9f53857a6a2fc184a5d4c8a5237b661a33d590b6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
87fdfb384ec3a6566b4d381ead09a67f

SHA1
55fc36eb780910bbdf75d6f74dd6ec60288ce9ba

SHA256
ace82050fe10255e132b45dc18f9ebb45e78d2593bf969a1594fc37686c5110f

SHA512
8e90608aeb805157a1731eaac5c261bf686614610b6a0316f6808a7426429b52dcf06cc65a7244e9691abd28be7214292cc37f14d8eebbb662cd0c141ed4b3dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dd3b436403b038b9af5156587ed8e206

SHA1
26d914652d4fc73af377fad348e8c4015b9c1096

SHA256
907aa7be2bd24afc4485fdf2893059af662cfc410501f33eabfb068cca2bccff

SHA512
bf1282c81907938ca6a937c37d3b390c1e4712a5253729b78c11a7ed929b9ab9dd6087cb20f04976ebef011659628c912d1c411ce7c9e53ac8ba788e62d05ec9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6358e63deaa386cf980e5e66cd8be660

SHA1
88600ba32844ee1c38b20385c0f3fd250941b685

SHA256
571012e210af6c314c8482e9246fe29a45d2361353c7012ab985d5c4a154881b

SHA512
9ff04370bfcdd97b00132c9139fbd492e70727a2db2548514620213e1ebe39ea8fdeb4c74dd79dd5def687c9259da4926e0baed1431980533365cfb0ef02da22

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\LICENSE.electron.txt

Filesize
1KB

MD5
f8436f54558748146ec7ebd61ca6ac38

SHA1
ef226e5b023d458efcdc59dc653694d89802f81c

SHA256
34f6f27c26d1bb8682ebb42ae401f558228fd608455bd7c6561d5fd500b7d05b

SHA512
5b310b48bbee286f03e645e4bfad0ec870a7c68c445d54f46f3eaaa9c427f9de6cd0561d451838bd53c78a5289e9f0bda19cda4257a4657580afa6c357913050

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\LICENSES.chromium.html

Filesize
4.5MB

MD5
c91c1d7d87f2ec9aec7efa9d34808000

SHA1
5325eeb991fb27fcb8640ac3b272ab387a884eb4

SHA256
67885e1586ecf0354e79467340cebe4d977b8ddcb432f7e832008b4ff3c8a1ff

SHA512
6dc0e6518cc682e26572fcc4627ad2a5a616931b4f9fc328a12272876e9139ceefa8bb8164984de6f574e8d76952cf206c79f1af6c9e75eafd92a37619a9d735

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\chrome_100_percent.pak

Filesize
173KB

MD5
c56bc01c88f2fd186ae22f10b1bd5900

SHA1
b000e68ccd919010eff8c2e114b7d1b6e702d997

SHA256
d8cbc2234f40b49437a5876bb008b6b43afdf92391dec3f0739be98e448ab671

SHA512
46f9158e0f06a4e415b95a7dabe88cc4f3eecc235cdaf9d744caf4de5e665ae91599e3c2feea0860e9f6eeb2eea45fe4e57542fae95ed9110d44624513de3aa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\chrome_200_percent.pak

Filesize
308KB

MD5
9662c1f572ef83f070d2354b0275ec60

SHA1
04ce905a95a1c3b8521a17ac9f57503e7aa3eac9

SHA256
55dd419a1cecca86665ba5e6184d6b58edf714d652e67c5220dd3b407d99afa8

SHA512
b1d34d58f5079b1db9764bce2787969113ac7cb1b83dbc3ebce8c9c287af372a639611ba11246a088243e2098dbd1d6ad51341eff2a57a995868bb0db94a3167

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\d3dcompiler_47.dll

Filesize
4.3MB

MD5
fea40e5b591127ae3b065389d058a445

SHA1
621fa52fb488271c25c10c646d67e7ce5f42d4f8

SHA256
4b074a3976399dc735484f5d43d04b519b7bdee8ac719d9ab8ed6bd4e6be0345

SHA512
d2412b701d89e2762c72dd99a48283d601dd4311e3731d690cc2ab6cced20994fa67bf3fea4920291fc407cd946e20bdc85836e6786766a1b98a86febaa0e3d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\ffmpeg.dll

Filesize
2.0MB

MD5
78247ee78b0a1f762bc307fb2021998d

SHA1
f71070b0abeb5f3e64d54e284c4edda1a7fa69e5

SHA256
3cb2ee107d06861be651f7cd2081868834da3ed2f4919274bf9194c1c515fe6e

SHA512
49dce8447862be6d500003e3d988b2bebf276ebbe4b0ae406ed56439d914b74abffac1b467b0898de70b850c58233f47ca50fdcef77908bebacf8bcaaee02b95

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\icudtl.dat

Filesize
9.9MB

MD5
9e8b247aa7a609e6632518ecd6634fc0

SHA1
cc43315bec76167be7dfbb7dd0b6d61974204d6c

SHA256
18acc07d9ca59b1e599343b022a9e602a0a0c152866f7e5dce1fedd2dbcd33a0

SHA512
7a9590f410c14886317d7cdae606b50b4a0355061e251aa3bcd3e0c614438298e839ff116553089116423e9bc98c131f35796478517d88a180a5a2d08ff7fa5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\libGLESv2.dll

Filesize
7.4MB

MD5
cf0cf009f5386ed264083fc43a75c506

SHA1
b0eaa1b339013831f39bc4c3f740eab3610a8a06

SHA256
70c66619594e48298c6cbc30a047ff800478a6b986e29618be98c1071ad17ac0

SHA512
b239607a3a847f604a1dc3a4c13287d531a64ab4c03cdc161545b8edd41920068ea390dd2e091727bae1fc42accba39d7ad15a5698658095abfc43aa414e8b3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\libegl.dll

Filesize
138KB

MD5
111e6c9eaddcac7b9f00c77299540621

SHA1
0357071ea4d3976d3dc216fc160b2d3310c141e5

SHA256
c0cd6c640316809d357ea7d83e42ac93cf7163c73d75c4359d3f377f01305d38

SHA512
59665d69db1800eef5fc89cd2cad292001cc6f5af6cb9147f89230f38c4bdacb5a53845603871ed12075cfb5247597f0ccf9da3c21433c5bd68add19147eead0

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\am.pak

Filesize
119KB

MD5
3ed0d4542982e7f4c7970808e9df9474

SHA1
e216cea6e8bc4cbdea9e1159a17d18469ae6c227

SHA256
e0ef4ba4fb1d4570123ac1311e67da9358cc028fbc0a5816b563d4ba0179f5ea

SHA512
a4169242c8d6e9e51b02ea20f84a3c133796564517a77ae283fb2183343401b6471d5aec81bb6347676f989f0283c7c881cecdca1c55cf6dec1f36480e0e412b

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\ar.pak

Filesize
120KB

MD5
58964d013dd1666a55299249ee5d83f4

SHA1
f74b4c90d844f7e1fe66af3b0f3831005511808d

SHA256
2e035cb84dc6ce40a8e01f61e79f92438a1421fb6e321221b6e33554389ab386

SHA512
7432e18b8d0a661be9aa5fee467274da7b11b2f3410993e88f296222516b7f8b7c5882bbe2652767f77fbf596699b14b73adacae65668e008996be8af5bae7e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\bg.pak

Filesize
129KB

MD5
0b3155230e1942d238341c2f9eb88ef9

SHA1
82590d918c0b2350dc46b2925d5550ee427b27e3

SHA256
0beda1647b0760046a7b18e4498a62b727b6320141e0a3b0cd864cabb7eb21ed

SHA512
fabff8c3b1bc5b94ae8a27be1d790ffea85d7de773ad48f2a2eccccc63ea35445f639349b5e5a59ec85e5378e7f0d1adbbdebdac7c1f71f71fc5e64ce9d0ad4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\bn.pak

Filesize
169KB

MD5
238816f58b8247ed3d95538c5b4ce5d8

SHA1
5ac704aee7070779b1deed3c6578dc8962076432

SHA256
62952441557ca8893b925196dc3c4cc89989237a1579786217e429845818a010

SHA512
a3a486924032850aa73456e83147e831c5da15bbfadcd669c917f01fbe7dd90a2fcb9efd9bffa6b7411d0d0c7da331d5e990fa3d3c098f5fbfbcda75b06d977c

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\ca.pak

Filesize
85KB

MD5
41015ac9538194dfc6cbe7f7d52fb0ad

SHA1
f5a59496b3f34d51593871642b405eab00bc77db

SHA256
011efd2eabe609e9cf16b67d7ed1fe02241c5ce3d594367c97d51ee8fd233c7d

SHA512
9d245d8d4b3eb249cf0a587e160a7f086a5ed3af6560cddd5c09734422934be182617e9071cfaa139b829e62257ebab80c8844ccfdae22ea918409b359c162f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\cs.pak

Filesize
86KB

MD5
c542e54eacd0a3105eb80d960a93f3fc

SHA1
3c09cdb61b329f48025dbbc0faf469e3208fe46c

SHA256
3c08dc65f95ccd0dcbeab9be148cf5f7632a6a01fc5b17a46518b8a48019d4aa

SHA512
7899a0f3296920c63567a9173895a0ca9f85e322a9b68e04834ba76070b2843a5fa1e0824fbae078a4a082cae9c0a7652bb49dbb10d717f0cf53e6d1466f3cfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\da.pak

Filesize
78KB

MD5
2d87d463680a425d2de5995536a6b04d

SHA1
a5b1fb57d1dc86ddece1f3000be2bf79e1fe6cf2

SHA256
4b7126e1bf5a820e1ffbbe6e0a21ec1e3d98358c8399e721cf54fddada7edd33

SHA512
a3edacfac735fb58fa5314202fd77c1022d0738869801ff93808a6a5447ee61daa9d304015e967dab8f0bd385d35534fc7f6e3b087c517b37ab405ac042543e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\de.pak

Filesize
84KB

MD5
90331ece1081bb441f4c82b048587241

SHA1
62a9ed699d6cd7686f2135c638d44157069e597b

SHA256
c52f4b7d6d349d0f1504fc214622332831dcf09fb75f3b1e07733931bd0e6514

SHA512
eb516b13b48ad757ed7b318b1992d2fe9143bd919c42bd92fd3adbd2a650ad6a6d2d2a1773e5654395b5293f476c15b6081b7d06de9ca6af592ebb6ab442b71f

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\el.pak

Filesize
145KB

MD5
8b7c1d4a325b3cb33fa2dedb965492e4

SHA1
4ffee3f95dd6c9c43b229500dd0515befa9e49c4

SHA256
e04c28635a79f0cceb86fe471841e7b210a9d37137ec5d46a2e99893f64074c6

SHA512
c832f2c611023ba034d60f9088b984fcc9893baa74c715b16b37c3ac8c5ca79437308bb07ecda70bd31dc667c392815f2e35df3941e56e52542ec8cb35c6a072

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\en-GB.pak

Filesize
70KB

MD5
bc01ef9f07f4b7b43ca2ba68dbfac1f3

SHA1
24d98c278e569f6ea2e573e8ed34da84f99699fd

SHA256
6710c03227c7053dbb5616244f0b35cfd1588be005d547a0f023421530e1fe46

SHA512
917fc03d4de29e231aec3d03bd2a5a2862f65b6e920f6508e093761fc234cf964538dc28a199ee035a2a19c99d9c52e5ffeea5c16531bc600e9351f1f1c11241

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\en-US.pak

Filesize
71KB

MD5
ce30d32061b772148cbc966915291edc

SHA1
4c5edaed4f3ba6e10443f344e757c26f7ceb4ce9

SHA256
88a07be1329cfde3486dd0376de77e289468a750273970aeae6ad4468c0969f4

SHA512
720fa132a3362ea4f5ea10f30c4996378d1f196210cef13c38579dbacc1f11e55d6dfdaa3aa0a6a574670a962f6e2910a2d66a64a1e7e1d6466b20529f5652cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\es-419.pak

Filesize
83KB

MD5
ff816434d53eb3d8b6385d0ed3f2627e

SHA1
00d7d4a0678818b42b1a8504e287c435cd423bad

SHA256
717375f6c54fed018b23d08a2434e9055ad3aa14aa4c94633ff47706e2682492

SHA512
436a5266df981e7f59943a43aee4d68532be646df37d0e7ffd25f6f6c41f8301f58ef62ad0076199277775c5152b5f1737d70d3d4855f8d9833afbe8284f787a

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\es.pak

Filesize
84KB

MD5
29e406a5e19a35a03825bba2589eb757

SHA1
e656709c79d4f90d0b695fb871d8c540c07b76bb

SHA256
922892ee19c2b5581ddd4ee277339d150576b5555920850b321d1cff668879d6

SHA512
1bc3cec78b13725c7274c8d44d8c192b37757e44a8c46de1f41639d2d4278c04878e214e0a51de047ade315339387f3b0a58a121933b796f1b2cf8a010537b1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\et.pak

Filesize
75KB

MD5
e45987adfdb4b7ce29a9b9167674c64a

SHA1
65bcdedc404a0b5a88b0159d126e9487c13c6094

SHA256
f5dd367864119091afd657d7bf6e79cfbb5c3103910a379f64d55c0f936e4350

SHA512
b09e0cb7b331c7a21babbeba43169de127814c40b790d40a89cf65e2fd1e388282bd6820177ed71c848ede9cfae152222e21398226a22d2a6f258a6193006d1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\fa.pak

Filesize
117KB

MD5
099bf964bbef722e4f3451bcb9fc9e8c

SHA1
09c3d695e8747f6c45e19031e1ba57a9f27346f3

SHA256
72c1c51d997ad695213de0fdccffca768c419f78c82c6786b7295402c3e86b3c

SHA512
4966432ad117f3f041863896679a6ba4a4eec53a7776f04d31dd00aa0c29b7a0c8798352f5bb26b3fb7208d0e680e334bbce3aa5747320afaf26a167f3461f14

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\fi.pak

Filesize
77KB

MD5
691d5b048ddfdaaa705f8f6f6c689472

SHA1
35710475cc745c8d1dede6adf7b2027c9f0071a8

SHA256
20fd5702ad913eba86bd6720c3b639852f28dc9fc1089536fd8aaa9bc3dfbcfa

SHA512
ecb582055aec9dbaeb32a3978b5621b374c1063fa33f7fb6e175fbf20fba9c7caa7bc4b4b24ba619d0bd099bbc31de2f2d5aae5b0eff1efc8fb212d0105e3fdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\fil.pak

Filesize
86KB

MD5
0ee8183adff71889f13192a0eefc9d4d

SHA1
e2623d51a8877c72cee264dbc63bba34980469a2

SHA256
2597b47a9a23dc358b42cbd9b7ddb161d48ff66be9879b3cb07e60db3b020ea8

SHA512
0d6a5c16da76c5b9a2c2827548fa6858e3c3a8d15a9970351020f4e71a47f537a03e102af50e7f42b8902b516265aedc84dece6ed57d8e652bff0840b3ff38c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\fr.pak

Filesize
91KB

MD5
fba102c2954366cda831b61825bfc5b9

SHA1
7ca0f9f1b7c8cbc7096bce1784ede0d02a19e136

SHA256
8980d3479f91c9e128866714d01dc95ccbac8a6fc316e396419c39fc8a35d904

SHA512
8c9190d9e5230e57db7ecf8630f607b872253988056ccea693d7744b81fd2da3dbecc9f187af106fc44881d4f00eabea87819d63c1df446ad511a1a67df7e225

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\gu.pak

Filesize
163KB

MD5
68a49c445261fbee0a6d4884b1d274f8

SHA1
a697183b26b948a615f3606dc5e22242841d9b88

SHA256
76ae556cc64e48f02af7aa1f4701e7d3d305efadec8c59063006a99b550b891e

SHA512
96dcbe7bae570f6bc3335df13482a68519e7d53d62b404d546cbb8ce2170938a36c0f7da0caf2eef805e6dc8853c1803c8bd0d527b83b72b3df36a9add672465

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\he.pak

Filesize
102KB

MD5
77d9d8dfaa23976617771fb312b1ee8a

SHA1
7da0108fa6fbf91e6cca183bbfd405ac64a4442e

SHA256
a81ccb69ad2ab32eb10cd7dbcdfbe318967686858a11ead2bf4e8d7e663cb203

SHA512
4d19a43f4e396ba8dc576ab7c48fac28e9ccd100768fe8b9a226c7e9b8bbd7a75d00276d90f12794ed36489c4497874479a9e1624e88a00e7010d699354dd7db

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\hi.pak

Filesize
167KB

MD5
ef7bf749f8d5b968962896c72b0c88ac

SHA1
350d9daefc10b2fa9835a258ac7e62602397bc26

SHA256
02f7ef37fe602ec29aecf884220e3e2225c2cfdb7f2d33e10d2004c433ddb4b4

SHA512
cbe41cab0b14c359353bc2e6d72485022484c3448c900710482f6465486d12b0cef125a084da7f926cfcecb90722324299e4ea94205c1b5062ca11b1e88d8deb

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\hr.pak

Filesize
82KB

MD5
d44e61d90f86c7494b9f800681e6f650

SHA1
df39a56f87eb1a622c8e92adff64c4e3d1a7e384

SHA256
b4baa107d4b8e992a407ac11e7f7ad9f0f714153de32c7467b79e0f0fe70c9dd

SHA512
33c72ca99348421ee314f6663e12df4f29ea6a7d3c85a087dc252c848f21f31ea9dddea6d0478ded8209f69ed9e9176a4147ede9941f5bb05b45b1ccf810c584

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\hu.pak

Filesize
87KB

MD5
e20d9536cd72f176ca5ee7a18d2fb99b

SHA1
9c3aa3e1dde8ffc67ae68a974c892bc1da8327ac

SHA256
bd8c2ffa2ce36d66732f9766bb1dc87a51f56d8316094dc264fa34221837ba23

SHA512
6a251dbda2e1cce079340e79b11513c89a91c97e103c001da28ba72e02d62265b037efa1c95e024e6e8c36cd21b6a8734b6adf2f0a2b40c43f5e89c57c64e6bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\id.pak

Filesize
76KB

MD5
0a69835615e9445065c558db76256acc

SHA1
e5031d6484ea686ed593223f893ff2b324429226

SHA256
1654d6bddce488e75829d790bc2392024227bfe7c88676006ce29bdb69e6e30c

SHA512
33ff0b82db7350e80100687f7755d7124552cbb88209356b6894fd74eb2f415fd9820ec8202f4359a26439d55ec05be64dd73ac8033779bf4ef9e5eea7740757

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\it.pak

Filesize
82KB

MD5
c83d309e006ded08a7c8951fe5217108

SHA1
656d7ec9251bc9f3310e615561d1925a713821b2

SHA256
8ca6f63d7c826c8fabcc93f2665e4ec9950f799be5fd9014bbdd3294c0f46652

SHA512
9fd15f281c9d5bee80c371e83e04b570a9650c004f8fa42685514ede3e04131bdf7c2187b123a8fd950743b03efcfa0b289183b5daf14b3a0e6bea09e1856b11

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\ja.pak

Filesize
99KB

MD5
b530e7114503306334f704268bb05ade

SHA1
ce2c039694af6ebebb2bc439fc6ab3a280dc6a53

SHA256
1c19d00e328c059d66c8cdbff656a384c25145e6516c15edbeb6e79a4c5e7726

SHA512
6e6a3f8f2c3f0b5e094ff1c3ea873f4b73346caf16cb65a55f656874adf817229385244716296b2474731e64694965db6cc0d9e757ec0ff5323d61c40978f904

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\kn.pak

Filesize
187KB

MD5
1d6cd1093d3f5028ed2fbdaa67892aa5

SHA1
c6cac467dc2af80bc3ff194a5a5005951d3fa7d0

SHA256
c1ff4d2e88edbaaeeedd05db874f95387a6e58b2ad7ca86937b8e3d30197dd60

SHA512
0c90226c0b804fca7fbd4aaae184b66aac721a9dc81bc58c69f155a5a54c2c13f0e549462ca7469854758d4524a08f400d44d3a389753731fae3d7fd8578aefb

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\ko.pak

Filesize
84KB

MD5
c3a5b2eab6864263f06deb21345ca9da

SHA1
676f07acea77952c7c2fd7b8bf979669e02b80fd

SHA256
2f1e11efccfd4540cfc6f3b089854987192e015b90ae50100c6862c9e4afc2f8

SHA512
b6e1da97f9d63c89ce936b9f46b0b0f567f407bd909eccb8881a78c6bffaa39a12c692cf7c54640323846c0a0cde45a7922e7450591541e5f1919fec172ab841

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\lt.pak

Filesize
89KB

MD5
7a8efd2dcae15e8bb928a1602005ccba

SHA1
ca99be66821a0c4664b213339c2829b1c02de141

SHA256
d94ef525abbc2625fdd7ae2df30b947dbf3853f7ecb4d116754ed94c16804462

SHA512
2b980b9ec4b458b115cbfb650889aacee4ef2c625276aab3cf04c89035cf6da3b89c8ab12c25d16cf6023e3ba6ec715640c03f0e84d0e6ad9f1cab935e6f863c

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\lv.pak

Filesize
88KB

MD5
de31327f0843748a496a74a25f00ba22

SHA1
dd94ffea21ead9cf0e538c271aad1a15eed5731f

SHA256
2b9f8d694fe2fae7444c9c05a0d15bcefdfb37d78ce38e948c2584f32949e12c

SHA512
73a6eae8a107b4f292e1b5c9a26726c85f4bbbf9368929e25bd0ad695ca0f0e0133e64ac9de03eefa002c10cf8aed81e3c91df15c57f06430de7988512c948c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\ml.pak

Filesize
198KB

MD5
be99903a5241cde5ae013d878b936d10

SHA1
df8c697cff9628e3ea5ee008d64668e0dca56b7e

SHA256
79aee3a22d82d4a0aaf74cbe5fcaad31974c1c7b0cb23edd6857dd0b822d9a1e

SHA512
935af08fe54f901f48af89b6de1c97cddbdaa5a330f8d7a9817356a97c6a814f50a00bf77550af4ad220cae395946cbba51bd473b406e0f9c5591016e5124d33

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\mr.pak

Filesize
161KB

MD5
43941ca75247cdb4108377445b69a454

SHA1
2098dcfd994e2074c525c69a83d28f0a379b8278

SHA256
b8209cc37d4a4ab2a65c4ba6d859e74bd885e630cc48ad996406ae5f3b7d3229

SHA512
02d388cafeb7ac8b8d865eab2a9d331b1938766567e30fc4d2bad827e73a47ae74347b1f8ff4680427691d2a8b05775a4b1da16c1baeb8429eee67f5206d9c14

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\ms.pak

Filesize
77KB

MD5
68eed78cfbed1f7d8ec60ef6d9dca1fa

SHA1
9df230c4cca8715b8bad6351168dc47082d87fce

SHA256
265d15d61fe5fb856e70d7feff9c1f5eb56336f012e88a3e907b5380b0a7527f

SHA512
531a35e49c0ef79b3f39d80c000f32700d259d89d623e2b07fd13527d04adf70124e9ed513bfe937acdddcd0be2c2d333beb48492c72bc43e8bb2d3ba724a02e

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\nb.pak

Filesize
76KB

MD5
b95a6be251b5011470a7d6f99914e45d

SHA1
716078014b5109e74862e685f4074dc4e1a16f18

SHA256
21fa2e87f4c2142a5de09dd42fa9a85d37bfd19e8b7fa10b960ae099cf613649

SHA512
f951ad557e3b76b7224188ad0ecfd05be7b46f4758ab29f4c38a45d6a62d63e45ecbc811414ce32ac4ac55c2380ba90ac728172fc75adfb7965c0596f49d409f

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\nl.pak

Filesize
80KB

MD5
a59a89c9979733aac250850016251b30

SHA1
b7ef504380295b114ec27369709ff15924f1316d

SHA256
b623917dabd97c7d5e506a76d57f29085fb017b82c7fe54f2e925f015a340445

SHA512
a55b6c6f350abe6868cfdb1364e0437433460af93930ccbef25fc75f7debb0033c60bb1c61893d25845469490c5e19052554bfaac092ba75ae846423ce2a259c

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\pl.pak

Filesize
86KB

MD5
ca1620e4bdc407c566f6f40572bc88c4

SHA1
8ae22a47a39c7f1036f86367b10aaa493a9f9f82

SHA256
b2a2218cb02861946385bb6482ba8f869553de86dc43d36532d7b61b9cb1779a

SHA512
a63e11162865edbe6a48967d66f650c9301ca161e84e6a3a42be119be94580f57cf7a4a8c76a51bcd3cc605895ec3554eca768690c542dd96675049b7e93717e

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\pt-BR.pak

Filesize
82KB

MD5
603057ca797be5e293fd9b02ae4d7ac1

SHA1
d8358ada4997fd5758652052d68f52220f1bf90c

SHA256
2d6007de3ec09819554d6209724a7494cd8d68459af3ec841789f57934cd266d

SHA512
de32d40b09f6876f0259ccdc10a59b04810b424f299f610b3649d9897acc42932c6b803ff0a34f362d7143ab634f927e456903f9f87b7cc8b22a1c319689f2ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\pt-PT.pak

Filesize
82KB

MD5
35a7aa99b69432d295f9c64a2c16e4f9

SHA1
91d9eb88378cf620b1d21f5e647e2a715277513a

SHA256
861e467ddd65915b6be5e0f4eddb8d67546afcc798d34f7a6b6e079b671904db

SHA512
42656de8819692b87937038f116a2a8a105c17d5997cd18f21b0683d824aab2251af69152797b6ab498a588a764b3eecd5701d55bbba72f307b3f424c569fc43

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\ro.pak

Filesize
85KB

MD5
6ddb918017d8453646c347e1c7f10e8a

SHA1
7f7c648940134ef5a8c1b2237e206a74faddb5ef

SHA256
275745d81dac9fbd35d57342e8f9790cf32c3984133c826f1ab5c9a9e8242916

SHA512
37403ef9b8ac5d99d74db7a07c98e8e4bfc27a2e7273017c08448cab64df00a34bfe15d24bfd94c5a5b0fbe061c95f235d6bcaab77c9b8b7494cf2c978657bdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\ru.pak

Filesize
131KB

MD5
26e967e4e67d58d22daa45b0511945e7

SHA1
c5917ea76641ea1f1395c12a29b036a2c57a5c0b

SHA256
6b1226aa78ee841552a8b2f22ee33b73778a94b835232522aaa66d73122e73a9

SHA512
4d2eefd0ce55c01659d98bd2b0f88970db4f4847684c1df3d157164e0228d1b40f9fdd2c43c0b037689b900e77d80e70cddfa8c22087a5dad2d01dad02222da9

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\sk.pak

Filesize
87KB

MD5
014acaa7678b5351a06acb8b0b9b205b

SHA1
c5d4b4c5054973c290a4263ec455ed795c1eb0b8

SHA256
8be2fb8ee246d879f929c0a3cb1ae725afa74b0f1d241eb5579bcf5ee990ee50

SHA512
6505e6a5c0f00cabd31bed4decf59f26845bdeb383ea5f73a48a827933509af02eec8e703b802c71dfbb305f22beff0b8e934b4253415ad71205299559c8bb5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\sl.pak

Filesize
83KB

MD5
3f352fd2b6d628e729761f66a1127ef6

SHA1
16d5d482fdb4ce722bc1ca00c405c58f398afb25

SHA256
e91835fe1d9f93e8e0e08b1a08392b7fe1e8716b4712df5ba6e7d208aa60f6d6

SHA512
2f33de72fa8e762c0968dbb0b13dc9bb5a9f1aeda9cda5836145421b32a3cad424767ea81843420e8273d37b5c3379a65038f14a4d0303ce6f6cd14ca3a0bcbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\sr.pak

Filesize
125KB

MD5
0497b7130484a365753ec331248d2b19

SHA1
a0509fe81f6653dadcc6c263db21884296364276

SHA256
fa010563901bb84272c15a71a4d80118b8ff22f4d5abc8e4ef0314c00eb5f037

SHA512
8451e29832dc0122f46a21eb57185f545153a14ceaed421d4511fbb9ba316b7c139cf7cdcb8930064d577ab2d651051442c8545d072209ddd00415d7f37e2664

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\sv.pak

Filesize
76KB

MD5
ed3b9c5064e1453444b5a2649ead4076

SHA1
be64b48bacaa81004903719ae0a9a078887d10e1

SHA256
3a6746e9a6b609557b7a872ad1132907f6bddc0b9ae22bbd05e79d2ba42d95aa

SHA512
8aefc77c4b64eda81539691a0b4e69a13ed63ab3bb62f644aef6f8beb0707eddf59c3e9927ea2faed943e475454978184cf28f42744034220f29cc5646f6fbc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\sw.pak

Filesize
78KB

MD5
04842f2af66fb58df3e82f3ee0366db6

SHA1
cb1c5641e6b53c71efee2b996804b47dea54efbb

SHA256
7863cb871e8c97166f2aac9da58d63b8a165f3f390601a1aec36406349185382

SHA512
ef4e2d2899c58292b7ddb4024b95c55ebf56396ea338a3a2933bf79a2ceaf3744de739326994cf87d1b48d2e074ffaaff1895adbf8c30f52e09735d0c76a0bb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\ta.pak

Filesize
191KB

MD5
2878e0f7e5e2b0b0bb5c0a4f7345515f

SHA1
8d8832b8fbd7f94f14a540e07b548948d9fe31e4

SHA256
e242cce909c4dec25c81eaec3e17c7261edc5633f774d63a74ca22e545d19e59

SHA512
d15a481bdb68cc1cc7f46141d36b46f9804935f36e9898a2551f803239f55ba018f84d9488a4c3c5824cda03ed582d1f6bb507bc978c000fd84677782e07cc14

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\te.pak

Filesize
179KB

MD5
d432cbef00995b40c6f1d1ac28f48fc7

SHA1
3b25e1514671f5488c27aa9921b463313151b035

SHA256
98adc97b9ce5add5d8d7ad43fd74c50e760e17d1ca4af7eff81fb488963fce0c

SHA512
744938779052543686df0a68603d9e47aa90012ee3b64bf4e57fead3cabe6e4c7b8ae0620d728c77bbb2bd2c4fef718fbcbbb54ea9ab32054d6beccd6b0c6be8

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\th.pak

Filesize
156KB

MD5
905f032db6e1d6c4c93e35a875532190

SHA1
583ee5f4651d4bf6c6c827796cb087c9ad7f5ec4

SHA256
23762fb4f440544e02e58512a917dd02d885932372264583680ac870558473a6

SHA512
5bfaa0677e9ca376d62642391e7a9b7d0fa1e228dfaff0cd29a7e2a6d70c784ff72e846aa7c81422a846a5b22f45274840600a65d50621794f28ad797fbea19e

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\tr.pak

Filesize
80KB

MD5
21b06573a05893036a92f47e6cb965bf

SHA1
3d9dac87c966747a967fe9c4eef25c279d40b027

SHA256
16fd586be5f204f203150531d2f8423ed9c3c185ee7702f1d775ca15b67bde38

SHA512
94e5881075422f13ccc215d4cef9fe3a2559a11763e6f953a479478d98b316e4e00c431f9442521ffefd54e3f92822d66b6fb7da74ed0c436b3c99290092e192

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\uk.pak

Filesize
133KB

MD5
cd0e720f7685cec9de1c7106a17d369d

SHA1
7ca1fb0eabd13bb3a5ada0084f1ca6adc76189d9

SHA256
294a0ace6f5be8f6eb9612da3c6a96d7fe28b37055ccb50734b6939e267a0470

SHA512
e75b3117b3a57dbb8eaaa35ac97a15a9a4131094ba73b0d953e7d9990406e9a05b0154f51a737c9c3a51890bc4dc5d4567e7a42d38f24bfb6902fc0467d66c72

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\vi.pak

Filesize
94KB

MD5
5bacf8e262496c2fabf14d30fa1bab2e

SHA1
8027235a5b8e6d91a6d8f4c6aa3f8f641b8bb62d

SHA256
bd0b9d7c10f2a50b0b98791794145841636d2c5b8d36a4854beac2e64ebbd469

SHA512
98f129286c434c33608d9033fb114c6518514c5c4dbfec320a744aaa136bb1f9b3640c38321619491c92ee8e381cc3b47769b904ea6a77123f7f5a56a92f07a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\zh-CN.pak

Filesize
70KB

MD5
64da2154cae8c004bf93320c953592b7

SHA1
5b27db79e5da3fdb911343e37358b2cb26b7f2ab

SHA256
c174fc2ea54896c70784d87ca98e01f27a208a1f85c2bfd861cd730421393336

SHA512
f0a1a6cd898dcfa3d63d13fbd64fb7ee2fa45c39556c96fa41e56e6986a9848fff3b89c1102c2054e40f1ff1bbdeda6e57d24024744b300d239ff65314aeb4bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\locales\zh-TW.pak

Filesize
71KB

MD5
b3a5aa832e2572f6b932d3444b9d7e1d

SHA1
10843ddab1f71c4ae5810d5fdcdd51f547648c43

SHA256
38f6a0fea3f2eb4147fef2008a5b7757ac8f44bd704b194e09cb2dd30d6a90ee

SHA512
585191a0267b42f18615f28afb2f87555843f637124e9f3b6449735b7b1729a4c078af2152ac0a313f21c1621c0229d9263f9b6de8633a418e3a500293ea832e

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\natives_blob.bin

Filesize
80KB

MD5
1582ffe1b8cb37438bc22edee6cd0a90

SHA1
01af249f33b2e5ffba18ba8f7cd76f2ee0e5f425

SHA256
02586eeaf4ce40d1b34310d885e34fb63e8e9f155fcedbd796536735907cbe80

SHA512
8c66ba4ef15fea573c29f0f6977e290b8fd72f4c8833f31a9b0ef4285f5493e9b27daf3a02c352ed12eadce36cda933d9d97576bfa4dcbbcc04294e73ad9ebfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\resources.pak

Filesize
8.3MB

MD5
bfe8e16770a0f29324d2133b61549f30

SHA1
f161f11923e3cb18d83bf90d3163b7ab3c7d4e7b

SHA256
c8e1cde83093cb71304d384bbe55a7d73dd0bc3fe279df835c3a82b3d7ccfb56

SHA512
3d692c904b44b9c5cef7a6c65ac3ca4846d246d150557c923ca3d858b95d30befeafdf0fb198892f333ff3b279013878a873566a3ab1c89c0be67dd896e70be6

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\resources\app.asar

Filesize
16.4MB

MD5
f678a75d34bb97708123f816f109c10e

SHA1
dddbb1b6fdef38591bae3c08931d4c06815ac475

SHA256
2ea49754862687afa477fb21afe0480c10cabde54849b604088677eaff0ad8f5

SHA512
a62acc7fda1a74a4613605a4f5745e05eec8051d25bd861667e8cdd4609b286afe2a66446cc48b8e3ca79b58067b8588bb321006b51ea9a03b5093077fc4276f

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\snapshot_blob.bin

Filesize
273KB

MD5
f321cda24fed28bb837c4925cd08aa26

SHA1
8dde33085c32a689088a310463096b52a8fc3b9a

SHA256
f3d85499a7cd13cc547ea3790c32644ba64de1d679ea1d62a7efc36737da964c

SHA512
c31565cef73f032945c7c4fc59f73813dea86c345eb498e13ac61c16dc45913adcf3fdb1a53d3becb0c8c7674f973e81946e7a8290a35c0e1926800186cc3ff7

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\swiftshader\libEGL.dll

Filesize
333KB

MD5
7bb38c7663ddaba7236f6249db15cd20

SHA1
f32522abe71e662f12b65cf5ef4aa19651d26034

SHA256
2c2363c4beccdabace0da35f78169b22a6c03f3d4214d073212cbc7e994b80f2

SHA512
cc42709e6dfd13ca16b9808d9420593c701d29ffa53513985bee1d6058d7bf6a0ae84fde26926e0c15f864330964b200c104b669d8b63dffc92ca2489d7f5e12

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\swiftshader\libGLESv2.dll

Filesize
3.7MB

MD5
2359ea2e26e26b19ef6dbec9cd2020a3

SHA1
4834c55df5230f1c4023b28172572bbfebfaf0ef

SHA256
72865da64a3ae05f6d215ba7f6e0d45a37735f2797aa793df16959e06ac76e6e

SHA512
01b91787cd10b603fd0e1aa85bf8e4b5a8a770fd2ac6a9591eeb0f3c232029955a463a623b4b84f8251a7c1f506f5f199b03495964bab76602060451fab1eb34

Download Submit
C:\Users\Admin\AppData\Local\Temp\1TCD5w5Jb4mHzeyAGlGn1HC4ZWg\v8_context_snapshot.bin

Filesize
684KB

MD5
bf3f4a7c2b66ded05e2f64f5b65abc8c

SHA1
39b56d7769b5b4832347d70b2fcbf572567b845f

SHA256
43980d4fd9be4ccfc82820783fd4f287172876172f46b54f7ab7afa69229d807

SHA512
ce53f03fa776d22fce4811c85926fe4887b6df962b7d496daadc9b2a93b7a98ace006276407e960641fe6c466375b243a2c0fc1c00e865df9aa07064ae16486b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyD80D.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyD80D.tmp\System.dll

Filesize
11KB

MD5
75ed96254fbf894e42058062b4b4f0d1

SHA1
996503f1383b49021eb3427bc28d13b5bbd11977

SHA256
a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7

SHA512
58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyD80D.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\LosslessCut\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\LosslessCut\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
memory/3836-800-0x0000021112C20000-0x0000021113071000-memory.dmp

Filesize
4.3MB

Download
memory/3836-799-0x0000021112AA0000-0x0000021112BCA000-memory.dmp

Filesize
1.2MB

Download
memory/3836-1111-0x0000021112AA0000-0x0000021112BCA000-memory.dmp

Filesize
1.2MB

Download
memory/3836-1112-0x0000021112C20000-0x0000021113071000-memory.dmp

Filesize
4.3MB

Download
memory/3984-406-0x00007FFB0BDF0000-0x00007FFB0BDF1000-memory.dmp

Filesize
4KB

Download
memory/3984-453-0x0000024DBFBE0000-0x0000024DBFD0A000-memory.dmp

Filesize
1.2MB

Download
memory/3984-454-0x0000024DBFD10000-0x0000024DC0161000-memory.dmp

Filesize
4.3MB

Download