cb2757792673b5b344336c6be45e855b1674826c435d1257434d3df434a0627b

Resubmissions

14/09/2024, 02:42

240914-c7fvfasglp 8

14/09/2024, 02:37

240914-c4gmkaseqn 7

Analysis

max time kernel
1799s
max time network
1164s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
14/09/2024, 02:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Lorydos.exe
Size

53.3MB
MD5

eaa71079a4dd6684c19f5877af502cfc
SHA1

226de0b327a71f10b60ee4500adeb8cbefa7705a
SHA256

cb2757792673b5b344336c6be45e855b1674826c435d1257434d3df434a0627b
SHA512

806445c9842e6fba63586f7499fbc50a94b1a06247c9c1beb9d758671f98c895fd434d4c2cd8a27c6fa90fc1218873e8c1162f8c86ad5ef0c02bd686eec0cf64
SSDEEP

1572864:YJkW2/IerZkVzmmXFw7wudJld59h2h4FiGsrU7:4P62MmXFwpdfZ6a77

Score

8^/10

defense_evasion discovery persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 7 IoCs

pid	Process
3812	Installer.exe
788	Installer.exe
1792	Installer.exe
2092	Installer.exe
1700	winrar-x64-701.exe
2988	winrar-x64-701.exe
1464	7z2405-x64.exe

Loads dropped DLL 12 IoCs

pid	Process
3960	Lorydos.exe
3960	Lorydos.exe
3960	Lorydos.exe
3812	Installer.exe
3812	Installer.exe
3812	Installer.exe
788	Installer.exe
788	Installer.exe
788	Installer.exe
788	Installer.exe
1792	Installer.exe
2092	Installer.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
50	discord.com
46	discord.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ms.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll.tmp	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hy.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\vi.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	7z2405-x64.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\7z2405-x64.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lorydos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2405-x64.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133707554652342660"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 23 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2405-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2405-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Lorydos.rar:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\7z2405-x64.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
72	chrome.exe
72	chrome.exe
1792	Installer.exe
1792	Installer.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
2092	Installer.exe
2092	Installer.exe
2092	Installer.exe
2092	Installer.exe
3420	msedge.exe
3420	msedge.exe
1072	msedge.exe
1072	msedge.exe
4808	chrome.exe
4808	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
1072	msedge.exe
1072	msedge.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	3960	Lorydos.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe
Token: SeCreatePagefilePrivilege	72	chrome.exe
Token: SeShutdownPrivilege	72	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
72	chrome.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
4512	OpenWith.exe
4512	OpenWith.exe
4512	OpenWith.exe
4512	OpenWith.exe
4512	OpenWith.exe
1980	MiniSearchHost.exe
1700	winrar-x64-701.exe
1700	winrar-x64-701.exe
1700	winrar-x64-701.exe
2988	winrar-x64-701.exe
2988	winrar-x64-701.exe
2988	winrar-x64-701.exe
1464	7z2405-x64.exe
4228	OpenWith.exe
4228	OpenWith.exe
4228	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 72 wrote to memory of 1544	72	chrome.exe	82
PID 72 wrote to memory of 1544	72	chrome.exe	82
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 4488	72	chrome.exe	84
PID 72 wrote to memory of 1644	72	chrome.exe	85
PID 72 wrote to memory of 1644	72	chrome.exe	85
PID 72 wrote to memory of 4616	72	chrome.exe	86
PID 72 wrote to memory of 4616	72	chrome.exe	86
PID 72 wrote to memory of 4616	72	chrome.exe	86
PID 72 wrote to memory of 4616	72	chrome.exe	86
PID 72 wrote to memory of 4616	72	chrome.exe	86
PID 72 wrote to memory of 4616	72	chrome.exe	86
PID 72 wrote to memory of 4616	72	chrome.exe	86
PID 72 wrote to memory of 4616	72	chrome.exe	86
PID 72 wrote to memory of 4616	72	chrome.exe	86
PID 72 wrote to memory of 4616	72	chrome.exe	86
PID 72 wrote to memory of 4616	72	chrome.exe	86
PID 72 wrote to memory of 4616	72	chrome.exe	86
PID 72 wrote to memory of 4616	72	chrome.exe	86
PID 72 wrote to memory of 4616	72	chrome.exe	86
PID 72 wrote to memory of 4616	72	chrome.exe	86
PID 72 wrote to memory of 4616	72	chrome.exe	86
PID 72 wrote to memory of 4616	72	chrome.exe	86
PID 72 wrote to memory of 4616	72	chrome.exe	86
PID 72 wrote to memory of 4616	72	chrome.exe	86
PID 72 wrote to memory of 4616	72	chrome.exe	86
PID 72 wrote to memory of 4616	72	chrome.exe	86
PID 72 wrote to memory of 4616	72	chrome.exe	86
PID 72 wrote to memory of 4616	72	chrome.exe	86
PID 72 wrote to memory of 4616	72	chrome.exe	86
PID 72 wrote to memory of 4616	72	chrome.exe	86
PID 72 wrote to memory of 4616	72	chrome.exe	86
PID 72 wrote to memory of 4616	72	chrome.exe	86
PID 72 wrote to memory of 4616	72	chrome.exe	86
PID 72 wrote to memory of 4616	72	chrome.exe	86
PID 72 wrote to memory of 4616	72	chrome.exe	86

C:\Users\Admin\AppData\Local\Temp\Lorydos.exe
"C:\Users\Admin\AppData\Local\Temp\Lorydos.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3960
- C:\Users\Admin\AppData\Local\Temp\2m1lSVXEC9GqNuAAj4ZjQC0UgPh\Installer.exe
  C:\Users\Admin\AppData\Local\Temp\2m1lSVXEC9GqNuAAj4ZjQC0UgPh\Installer.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3812
- - C:\Users\Admin\AppData\Local\Temp\2m1lSVXEC9GqNuAAj4ZjQC0UgPh\Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\2m1lSVXEC9GqNuAAj4ZjQC0UgPh\Installer.exe" --type=gpu-process --field-trial-handle=1612,4453513857269341172,17893905578069707962,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1624 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:788
- - C:\Users\Admin\AppData\Local\Temp\2m1lSVXEC9GqNuAAj4ZjQC0UgPh\Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\2m1lSVXEC9GqNuAAj4ZjQC0UgPh\Installer.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1612,4453513857269341172,17893905578069707962,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1976 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:1792
- - C:\Users\Admin\AppData\Local\Temp\2m1lSVXEC9GqNuAAj4ZjQC0UgPh\Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\2m1lSVXEC9GqNuAAj4ZjQC0UgPh\Installer.exe" --type=gpu-process --field-trial-handle=1612,4453513857269341172,17893905578069707962,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=MAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAIAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1596 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:2092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:72
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff81bf6cc40,0x7ff81bf6cc4c,0x7ff81bf6cc58
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1796,i,138023971988770853,7571780777533530837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1792 /prefetch:2
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2024,i,138023971988770853,7571780777533530837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,138023971988770853,7571780777533530837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2132 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3036,i,138023971988770853,7571780777533530837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3064 /prefetch:1
  2⤵
  PID:492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2764,i,138023971988770853,7571780777533530837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4448,i,138023971988770853,7571780777533530837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4728,i,138023971988770853,7571780777533530837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4936,i,138023971988770853,7571780777533530837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4628,i,138023971988770853,7571780777533530837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4276 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4608,i,138023971988770853,7571780777533530837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5096,i,138023971988770853,7571780777533530837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4932,i,138023971988770853,7571780777533530837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3708,i,138023971988770853,7571780777533530837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3276,i,138023971988770853,7571780777533530837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3080,i,138023971988770853,7571780777533530837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=2772,i,138023971988770853,7571780777533530837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5248,i,138023971988770853,7571780777533530837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4764,i,138023971988770853,7571780777533530837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4708,i,138023971988770853,7571780777533530837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5324,i,138023971988770853,7571780777533530837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5172,i,138023971988770853,7571780777533530837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3268,i,138023971988770853,7571780777533530837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1144 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4884,i,138023971988770853,7571780777533530837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5564,i,138023971988770853,7571780777533530837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=3252,i,138023971988770853,7571780777533530837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5552,i,138023971988770853,7571780777533530837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4748,i,138023971988770853,7571780777533530837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=212 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4288,i,138023971988770853,7571780777533530837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4560,i,138023971988770853,7571780777533530837,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:2000
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1700

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3760

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2088

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4512

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://temo/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff808853cb8,0x7ff808853cc8,0x7ff808853cd8
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,11252696825950402871,16194967590753146348,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,11252696825950402871,16194967590753146348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,11252696825950402871,16194967590753146348,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11252696825950402871,16194967590753146348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11252696825950402871,16194967590753146348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:1220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4380

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\7dbcae2d89a840d6a4fb86536b5fd7e9 /t 2264 /p 1700
1⤵
PID:656

C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2988

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\2dd41eb75e564f1185ecb547939a5d9b /t 728 /p 2988
1⤵
PID:4292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff81bf6cc40,0x7ff81bf6cc4c,0x7ff81bf6cc58
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,12957586858850627085,15650781227865167078,262144 --variations-seed-version=20240913-130113.518000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1908,i,12957586858850627085,15650781227865167078,262144 --variations-seed-version=20240913-130113.518000 --mojo-platform-channel-handle=1964 /prefetch:3
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,12957586858850627085,15650781227865167078,262144 --variations-seed-version=20240913-130113.518000 --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,12957586858850627085,15650781227865167078,262144 --variations-seed-version=20240913-130113.518000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,12957586858850627085,15650781227865167078,262144 --variations-seed-version=20240913-130113.518000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4368,i,12957586858850627085,15650781227865167078,262144 --variations-seed-version=20240913-130113.518000 --mojo-platform-channel-handle=4396 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4732,i,12957586858850627085,15650781227865167078,262144 --variations-seed-version=20240913-130113.518000 --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4744,i,12957586858850627085,15650781227865167078,262144 --variations-seed-version=20240913-130113.518000 --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:4224
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff62a214698,0x7ff62a2146a4,0x7ff62a2146b0
    3⤵
    - Drops file in Windows directory
    PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4972,i,12957586858850627085,15650781227865167078,262144 --variations-seed-version=20240913-130113.518000 --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4708,i,12957586858850627085,15650781227865167078,262144 --variations-seed-version=20240913-130113.518000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4676,i,12957586858850627085,15650781227865167078,262144 --variations-seed-version=20240913-130113.518000 --mojo-platform-channel-handle=4288 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3704,i,12957586858850627085,15650781227865167078,262144 --variations-seed-version=20240913-130113.518000 --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5124,i,12957586858850627085,15650781227865167078,262144 --variations-seed-version=20240913-130113.518000 --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3348,i,12957586858850627085,15650781227865167078,262144 --variations-seed-version=20240913-130113.518000 --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:492
- C:\Users\Admin\Downloads\7z2405-x64.exe
  "C:\Users\Admin\Downloads\7z2405-x64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1464

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4112

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1576

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
1eb34c97499d5de69f067ed37f2a3a5c

SHA1
0f9e5c1792e5c8e03075f09c7b15af959d73b38b

SHA256
d1f4804c565d6079ee2472b8c87f2a37dc7d3836c1fc4186d309fe79b74ef124

SHA512
240db569ceecba6bdd8131d2bd0cf07ae24aaccbcdbea5076d7110d557419d055173212ef63d81f16ffcb765f2d9afab552924115eb05fdbed991b3cddf04727

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\43f7faef-6796-4755-8107-1a3f9619963e.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
091cc442db49a4a4bee27ffa1a90d7ea

SHA1
b50981258e56d83588e20ba25762ed9e64ac44db

SHA256
392c3bff43b086a4b8919c3cfe0dee23586bb4dc26f01bfa08216e31c8c3480b

SHA512
cb27a2f51facd801f655b757ed9c5c404b1c66c6069d95e77aee4a26fefe317dac36ceb8da9d2ec54ebc1eb0a3dfc3e9627626e213c32641986acce99414b8f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
24c9e767163af9e9222768c2a4c0a4a6

SHA1
bcf3568723d78bed8c0f44fa0e977cb24d6755de

SHA256
a6057170dddd4a81018c1b3e15934965971eaaee21812c6fae2be5c565057adf

SHA512
70290bf70a31567d957d6ed7f1a20e2442be2e4e713d17cfb062caedfd20fb3bff8a1e51b7e12aa742380c7517429bd9e4f38ac2cf8cfa954ed15a647b9255fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
8590554c7493cff713d890e4a96fb518

SHA1
67fe6f1cd56f3ef0346c4abe8d8d49c92c76941b

SHA256
123da75cb5ae2e9c291e21bd7936fb7f952d197692e3684befd2c4ffad1c5a87

SHA512
082346ed465afe860662565c52b4be4b982c08df05056c4385eafa8c440fb009ea3693c2ab2861c3e29e4e28c9c4dc22de671ee1929cef7596822a5ac31e4f5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
9b34cb385ea96215154aa6ae94e64d48

SHA1
152f31fb6fd310d197413fbd11a2bd4d58f6a7b5

SHA256
99942f9ce7101bd7ecb12493217c9ae106e8bc8486e1563c8050156f82a7de42

SHA512
e87b45a17229bb6fbaea7f831c6881ae98c33ea06a698762db32189a0214ec067e53166a8be4a51298c71ca1234c64463cce340fcdc4fa3e1824369681c10ae8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
8761c3298fce5a76a90a37dd86c3e463

SHA1
88aab1c9752c38801d43030ed323060b295d4523

SHA256
52402d9931c0af080bffc8c93edfef15a84049b3fd34277cbca65e69577e2a6e

SHA512
b574504d229d1ac095168f6e4f2c8740960756cc61446f4e641c96d4722ef70947f41bc0c0c4e383f3b4562390ebc12d4da0dab84488fbd2314fd69f0d0d8140

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
e2b5c4585dcfcd5c3972a6945167ed37

SHA1
b25df7749460eaa8b90c6c3021f539de29fefa00

SHA256
414676439f8ae269434e7d3682691f961a7d5ea57395c54acbd9540d49b450c8

SHA512
33beb149ac135ca9d0d7a03ec2d2e5aca33db19159e703b79ae955f906cacc01734d75986e79d9e568a9fd9eb15e3926a5f6dcbe69569f4fd3cb72c1c12503b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f7cdcfbd444c5ae002ebb33cac82e11d

SHA1
56b8f1cb96b5a7bb4b4f413d8e49576e002ed8c4

SHA256
22a8c281d1c7206a28c08b1f7487ea41846d70241ddedc7356b9b9fb5f1f9e65

SHA512
c61e77231ba7d27f48a282fc2a0367577df80e2b2f95e230087e70237e25f10249458a37e12766dd43a5a32fc82d9b15aef5d51686e0dc409aef9af5e62cebdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
98c120184fadba1c4b5e653654429144

SHA1
8882d5520a1076843b05d604ce68878932e85c53

SHA256
4d59e2e71ddd665e781fb95f0feff2661c7d49d48122f7fdccdc14a2183be563

SHA512
2c296d9272394a5ba0f93fca60d048bfbb59440cd3aded23334705a90aafd610a2726c4c8d827ea541ffff4eda1701a819902d4fc5d7bd01c4615f962a851280

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
0c25ed1377e9a3cf7ee5895e9a948715

SHA1
84b6402b89ef56af0d7097b11154a62965a4ca80

SHA256
a5135a9afb1e018be4c08f8fd518a7787f53d6d193884bb08a2d9b6078a19397

SHA512
844c4ca244a5508596567f5782bc849754e29c780273b0fe792abb4a864b3efb0880c9acfb9b39fc6991137ad7cc3135823a28db8365a8516def858b881d6af2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b9c6ef23884650c1b2d4832fcc9bd65a

SHA1
12a068c2997031b0132c0c0067aa2aeee12fc188

SHA256
cefb554cb2f1a906f57e30f4944aece358004ec0d94fb89784c113a210baf638

SHA512
3adf5d6b1e3d9428699acf9f64b64786ca7ab174ac0d39517f30a8a175ece86532082502ece53ce5d3976914f12a81db1515180a5298a081edf072506ed5e210

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
c28cdd3fa593a0a46c677ec65112a343

SHA1
6042ec1b2b9b27d3543d660a5541afc85b73f185

SHA256
a809910191fcc7a0bbb577f36c05f974b03cadded2eb2352683e8b71185523ab

SHA512
9859721179c04f3e8320da311097d8c46059139263387eaf25a1bd111d190244b0b87accb43a0320738cec5759fdaa963547eced7892ba1ee966a56bc0150de6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
43e5be42a59f422cddf70a2f7f1c0c6b

SHA1
8d21cfcc94aca1cb2f3654f8c7fabb24157501a8

SHA256
2ac23acc05fba2317e2d54014a69eefb707dac8391826eda8217639c9e770460

SHA512
f7d5a21ae71ef21a98ee8985108c2995c78bd690205879984437f1a81d76974d6d077e215550db6f230103ddf304b3540d90cc276a0b504a25973cac9b0def3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9ebfec01ad71c444f762c8eb87da7e7d

SHA1
1c89170bdc63754a16579e179d28e2d89c3bd7f8

SHA256
447b6f55aa4cbd258f0f1b6dacdf64f3e81ce8e791e235f0e5dfe88215262252

SHA512
56e0d1af10795d071f8595e2da466cfac02bf530eb9da8105736ef831ca46bbc31279f1cde4c519325333648ab578a8c311991bfef5c676c19d9e6db882aa5e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2f7bb8ca9f4bfc96b81dc674ee46c3f3

SHA1
ad1bbfe8e01f8248550e33b93927e8c5e48ea3dd

SHA256
e7d2bd8b37b81a5eb232dc6df67b9761d8da7e61b892e1fd56620aece9ec4720

SHA512
3bd7440582766e86e82a78a90ae348eb8db37ba7ea5c0072ba472658ccfceb9b358222ac1467d28ebb8d34f4e3b268cd30d09d3c663c6a407dd52d861f935e13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bdd21803c7303d159cd106677cc973be

SHA1
52f887febdd3a340902951db8ca720e9f554e5c7

SHA256
42a949b562ef6a7920078360c901122250e8b4e0f4a7857513bfb4f018965946

SHA512
3f1288c630d6d1cf5223aeb7d59a7727430a3198aeb6a6c8c28c2bfb309e60aa2790a75d236c4854973377c6fc2db5f32d79dc67b8bb83bf511dd20bb0440b70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
10c648790118ef36c67d3100abfe5bbf

SHA1
99acf122b39b6c3628c82f8bb5d995e7cea6ee10

SHA256
50058b64369b3eff90187413b725d48151303840412968b8de70503aff4722a9

SHA512
9c91b49a06d2038766c75db811281c250bc9c79f2f59ce5fc6d8dcfddf4536cc84241e0d756ec773e9f7d9d71a98c8786d1dc8722b5ea5c38c33acceb1aebaac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
37364b629849befefbdacfc300978bcf

SHA1
a62486255b54de2d4b20cb43626a034e14972e4d

SHA256
5fc8dd9cafae13aaef97745a27344a92080e6950054160280e7fc097f34d8f27

SHA512
1e444e1782c1d9059f99e567d3b17de2eecf4ad141dc75bc30041202df3f4c68febcd673b4c5a76e0b3daacc025a9bcca5f5fa20f370fe4ab9660c63ec7daa9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
23a99adeb43b77a4a6a0810783256448

SHA1
8501e37cdfd470c5589d1deeaba67e3c9b092ce8

SHA256
60cec2c6c3a51ade112600e08821e0edc7e405329f30ef8863a2bd30b92ea2f7

SHA512
462781e664b3aaca3763a958a1f36aa953b902ef61a5d5621f1321bd7231f37fa23f3fd2e290b4a0947dc155788745351c3ea3179cd5f2bc715ab8b570bd67b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b4031caaf134ebde64cb6ef031a3269a

SHA1
44be41de9dc3402ecbfa9efe627ddcb8595649b7

SHA256
366a1ef14ed74aac1f192f0f8cdf67037a3767d89c7091298de11b41a0a21a71

SHA512
77ab94066ad550ad2707252613a0433b3a983af4092b9bad975532e4316d78d6080831941f348462e6d57d5ee1e8083bd20827a8747014a278c9c26132d1f7e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3c1dd784591b09429c321472bbf8cf1b

SHA1
3b4aa74898f85c9ef62685ae9c0e276ea3ae3743

SHA256
60087c5957823206f7f149f3622fcb555e7d38301b225ea91ec81198e827f0d7

SHA512
6f50b5d7d21837017d60e46cb11836be86b51ed135ab837adcf36ce5150f5ec66a1c012c99964502e2dd8317afbdc5c4f3c26ea7f17d9011638a04b465702cf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
579b6bd5616d0372ac9f9a680f0bbafc

SHA1
26d650fe3e57e1ffe2ddba56e7c9c7f03dfba674

SHA256
1bcdcf0e9be2d871b5b718d97a2b6b4cea819248685e1831f46f71b5502e2ee0

SHA512
0042a226750bb1d1c8657c3dfb3f31a6567417dbd3a45c0f958acae1a46f61ecd74350efa2d29607dc972e5a4083a719d307f8111c53c46a8ef707889c17bb08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c34d47dac23c4af55ce8b66c5fa595da

SHA1
822681a72889970fbc039aa45d996b00d6dc563c

SHA256
ad4df6e1221ce34b8abef7d8702ffd16886c668b094330432b4e3ffff1b15f47

SHA512
c533d9dc8acc1b3827431c740fb0d10eef7823385523a872cab1e555dce7bf349f264cb9249730f43f9a493879d7d6c6d5f2673bd4771e5bf2153aff63cbd49f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6886868947e465f82fa242cbef269c1e

SHA1
1aee20392ef7ebd06ed020e0f5b598865d4c426e

SHA256
19852314610eca66b6b89c6d04e95071d84ece190d81c78cd6205d05b522d003

SHA512
69f7e79978da871254e577b0e9812a23159ec7120f024d0dea8b7f4935503429fb5c05abf19d6de2d8cfb7fd9aabb8127f9c29b96df4275d906be909f605fe20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e74d8192d907cc86cfb77296be35acea

SHA1
d5a4b3b62590381855a02b1ca4585b2684aa1ec7

SHA256
1588bd5d5054f5ad2a784753198b2e3ef0b36c37ca17777df697890736edeae8

SHA512
5f23c6a77ef2948f2abb38f2dbb86f32a9a62b1caceecda63e6d49d521e9fcbbb4c5ee79dd3f5db6aa0d4eba20ad878f437e6bbfc7c7068f51f00274d82b99ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d9801193eea43b3ffb35b73cd399f5ca

SHA1
b21fb2e0579e9c2666ae2d5a9dddf78d873e4247

SHA256
d30064048ed9e023b93255aa55c129fe5a8b36acf065c81e52c4e5a4297e45ab

SHA512
1489adbbaa290b39894241daa7b1bb9026221be6ffcd76c3d7606ef6eee4e5ddd52ec990d5e7643ebc6cf42199530839c16790cb7df9b50a7bbba6a084d88aca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6b59e89b5d44d2c264e68ebc955c3500

SHA1
d59e77a7d9a2f39546a7cbffa2eaa325dc15d669

SHA256
3333d29a414fca9354176e2eb16b5c2232abd6e72a6f7eace88c466ae8036ecb

SHA512
a20851230ac910b3b29da503703407c20dcf640b5ffad3b4f6d543e32a371c41dbe16270e57e11800a6399e7ecabdb01abf78d80c6b485526aa4c44d4b66f31c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fce5712135878ca3825ad0296c4428c2

SHA1
ad096430c21a3fdb59a0b80e8caf4895e8db4c7d

SHA256
5d7b5f56c5070160d8eec805a88cc83ef9da42e29e8c833dac16907b8159d409

SHA512
0d785a0d31ff8f7a6f9b5fc6c2da6ef8ee9598653525a026ee130ade95f96ddfb307c31ded906130da70e2702853e5a0b090cd06f42e311bd6166dee78cf85fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
859a7d7605b0a6616b6dcf63550b36b7

SHA1
7fc7bd96022e024370b379bb56b0b44fb16e48d4

SHA256
530f670f509104ebef8e90c03671442fb21eaca0519608e11dd5da3bbd96ca31

SHA512
28a4e8f542d6bcd86113304199476bc0345c2e5c4f55b4b55563b7b67ea20b6faf606eccd219f2348d8c3b8d9057ff5a2fe2f0695ac7bf098e5e33cc0b162a23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e133a498a21b31628755450ad0138c82

SHA1
5b52316f1163716bd8bfcbb256f33a507949a524

SHA256
2b2901977797a07703aaf0b9eb397d514701599f6572ba4d8bf9a9973787f505

SHA512
1b25e783b68908ea124af754e39f7d8aa61f55a14367c1c87fb7b596a3c4fbcd2e7f8ab491ff6cbced6f040120796aedb6b9a03bac9563746da8c8c92f1dcce4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3e213cd30d0ecdad768e2f059569d0e0

SHA1
48fd8dd6ba4649496e26d406485551ca7d2b8ac0

SHA256
2bbd1df1a3798753f22ab567860cc7160fbb5b5457696c78d3a537e6d8995208

SHA512
3f5d49e4a935a57d5b919694fc196388ccfd5fe688ddc912241a3de045a7973b6167287c6893dffee1bab9b4ebca71ef331f79f123c0571af3c35fd65dc13922

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dec11a1ebc12c9c127bca1e62f64238c

SHA1
e85d0e956ddd8c53497be1db8edd0c3e1412d54b

SHA256
ef0d501d20d903762b13964ae33e2b830bde3a61e2bc5375bd808b42328f925e

SHA512
a380039bea609f143b33743e3e5bbf5df06def13f0e8862acc148b57ec37557b1391a60c9789a68923897b18a2d5aebff779cc0e23a2ea9e36efd0015d691675

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8e8525f3f1269c1fa9ef2b0197638ba7

SHA1
2320367af0e76324a324766b0ac245b416bc1faa

SHA256
42734bae88e384f5c103f77b932087976e4bb7ae0a853abd775b492a965b84ad

SHA512
020e402c9c69ea849dac4f74acc0387885f58948930a070d6b5edd286fd6e4a87c4556e742ccb2ee9f7e1ddb6926294c535cb2ae3fad33885ec28582fa4fe020

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d844f61f1f7c3c07b1dda868d6eb0337

SHA1
9d2dce0419919e7c68024b744ce29550222b8827

SHA256
4579660a35277408cf842072253a79b9bbf339060ede63d78e58d48f67de822b

SHA512
86603b497b876858fac4d47563c04b75376856dce5ef85d63036e1c400c2117f4469cdc14ca0a6965a659397299e7b608c478783442e14000edc4afd8ab844b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cc0b312253e5009ac7bc3c902349af02

SHA1
b40d5c508706a64952b55bf820694d5153cd94e5

SHA256
e88b65464024797814cee623520fd2423aa0bfa780f01463af9671ff33b56971

SHA512
a8afca5774bb1d0825f598c54a6d9c1c4dc4b3da086603251514490d2367bdbfee57691dabb3832d3ac568d6e958be6bdc318216fd1a47b8999e42e201eb0b4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
99d22d06d2bfd5217bfb97624a4d40d0

SHA1
cb56e6c754a3e728f1df996d4b2d99d78f428f79

SHA256
b4204d2406a031dd10d5a30fb310ead158ebc5e027afa4becf2c26b810ccde6d

SHA512
59ca7448fef350e0ff5b50a98e3b75282f8dc9ae5adb61bcbfaad6a67ed942aa52e6a39281340d2b757acc483d14830cc97393fe9a3430e653de4c923185402f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
28dbe2b37d5285163cd42706ad3c3511

SHA1
a7ad7bca6817bf30f2384530a63df9166245f02d

SHA256
fa3162e137bb8f54c06e30cf7367c10344a294d1138b62d8508db148ec75bcd7

SHA512
a91adfc70e70f0c9d0699337ee0bb89308d109d84444455c6786030787fb01203aedf34334a09600a05a7a0873390661dcdbc2cddd27f9f2f6a16d9b36d50afa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
14ccc2f5bfc9cb364340e81907838cd9

SHA1
dfe2e6f37d78d1ea980322da1d47df1d16e9f486

SHA256
18d90e3a42b3ba8ca10045007c7493fb524ed2ab60bd52e9662c87c7d1b34e56

SHA512
c19a5e5cfab99f0e0b4ba126ec8e9358f4244d16c9dba78cdfc390706800f332eded5c50322e7975baf9607245b2bef51aae4e71eab20380c6518816a3663137

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4ffea297839e5d64051a356da758cd4b

SHA1
85001bce4755e31ca11f10728b6f949c8d2dbfff

SHA256
45250d16300e008b7570de188882b2b0b717a52a4cd40647c7881d30bde084b5

SHA512
d5c37950a42bad2be46e57ad012175b339f53b2367d3e3dcd25b9789d0c8abaf8661e0524fa3ec2426debc2b8e1c9d04c394020207567bb8317d0994f1b453d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c997d37f2bdda783bbbb0a6fabc8f294

SHA1
3d810e32bf7bc173c7e8cc6234b608acf0b63adb

SHA256
2b2b67b65b1334324e371bfa79da23f7999896999c709c5c8eecd78b07dd7312

SHA512
9f5c3ef931b3d2a2ebfd715c6f02493a35ffca6b1640aedb13ee0ed1e99f7e92d93774b83b1e3d464680b2af6d1ad408dd64e23849acd03453844f3d75a84806

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
69bf0b58ed29d4604ae8f7b95ae2e048

SHA1
14a74c0cab8e557da638d9511ff700b308c8332c

SHA256
0117164691f6f342cb84a0a66ebeebeb6ab84cf7a183298c65342aad7191f867

SHA512
0ba23b598d99fae7ec97cabc1391adb57b9bbb36be28a5bd79ee3da0fd7049d57c6bda9faf77439ec570a184367cbc21ead73b869b12a0f58803e8da9219f2c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c9e1073f073723c666115e7cc4364816

SHA1
6d2a699df3d3027f340f6b21226a3aad99139f75

SHA256
afe5d6c26b56a64d772966cf8428c49942d8cf8824ac5ee1dd1f8efba9061f7f

SHA512
c28daf5d05da6589029dd942c22f4831a0d544a5d204d08494a91034fc1e1d1c0f6aff6e0bc2e592ea45e4a8b37cac93689e773eaca330e4291e330832b5c864

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dec8235b020b17c41af5484ce14c89a1

SHA1
a771548ab364454f3a947f7c82aad5712d246d7c

SHA256
5e5b90d2b0eadd1dc318a39777f70f87c0ba2f4be4ae4dd607c16f828a14e3ad

SHA512
32ff61441fa73a830e87fdef41a52251474e82046ad04615e0fff3b5f6e1ebd253196800581c4e992381973beccc222751cb91cd23b47d3a54faf6c690a5d00c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e5268bf67641c0290f552bdb17eb89c3

SHA1
791b7246c7302e6ed94742015939f24387daa5d0

SHA256
c22e8340764c6bea86095e2faaf07539d8f49473b3a0f4feaed488fcbf6dce21

SHA512
02e41f9334124eee0d2e1f56a3f8d2b04504a513f1a98daaf0470cd7868b92df85ba3d65a890c1b88b55bdc8e7e576e8308239971fca95fd3cf152637d88014e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
905c9cf5a1efd919ba9df434bee03fa0

SHA1
3b2353780223919e4f3a8e1036bbabc88c4327b2

SHA256
65e390722c63b5663f23da4c173ca966e7a9b988a4d437cb73ad8e6524ab2347

SHA512
b59394028a3ac9c790a165e5f8991ca015611c9b5a7ab05435c8e7f6b55b58eb1f6eb303641345b139c18687a432edb604f1228399fdc2a6a3cce3e54237d58a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9ae467ddda111036fa58c7ae9d1f5da1

SHA1
3edaf013cc5884c39f0994b808ffba06c5f353b4

SHA256
5565eac5b90e2389d733ed05b133a9b971c548d7601add081151aa3f2f486659

SHA512
5a57353b86cd52ddad45bf9d4ff6400365f065efaff5c97bd834422bf7d46c70443859363b0f0b3789afda21eb8bfd3176350dffa8eb57b534a52b12b49db141

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
112KB

MD5
3f40d5e4138aee8ccadb95fa028b32e3

SHA1
96301942acdf60c39761d409cef47c097b76f21c

SHA256
f783a289841370156b4cf52769f35c66ef8382153e5ecfbf373de720661f9a6b

SHA512
7a6c4b842574bcc2999852d39317201e2ce0468584c16931647e8a5a82a7c1985138fd88785df5d68498ac159fbcb03c51ef375d035c5fa9d08ddb3a6e9dff0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
a4d5d2f0c270ab4debf8235733c41b1a

SHA1
ecdfd66ae1407735c6aa481ccf4889f1a5e5e54d

SHA256
a6cd253d09387603e9d897d0c8c4c57c9ab1265691ef4a3d83033b404661a198

SHA512
c0b7f45b65ea4f7d3934de9fba7fa312cf7a3ba2273eba1e411f00b4b89e381bf08cf94d66bf6644822f79b6034aa312a05b21f7400a13f37a27dcee2b4d2648

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
8a96639b3713debe0cd870aaa02f6c3d

SHA1
3ca6883bb2853ff3ba44aed7717eb8a93e0b1f38

SHA256
266afcf31f0b6888491d3cb4d4acadffd97b38d74443ba8f5ac67b94039f83a7

SHA512
0da3c0eaa6fa923cb20355dabbf85a8aebd297e5ecf89453160164e3f4eced9aaa560ca67f16990573c6c8c4e3f17f0ae8c5423c7c98af59fd7372446b64dc58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
ad2e59e47c208b691a4a74bbe0397218

SHA1
d1e3ad038605a483de633c5b6aecb95d9c146f24

SHA256
559b4f7a3c472552502d1717a0498397b8d69ad422931fcdc7815815095bd9ee

SHA512
690ea4acd9ecdac5f540398f5854872d4fc2b304f3106b389605517b43afaf24f503b052347df36cf8f1143d82e5158ba3f9eb011db890ebb2aa5725d446bdc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
112KB

MD5
06770541dd2a8fb4a27fb52b09b8e9b2

SHA1
43bc76d3188e03d22dc29e93821b0374dd9ef3aa

SHA256
2caf1f2c6581e73992b9754fcdfe5075797052592c6cea0bddcd0b5147091d67

SHA512
3481e65fac47b4c0a59c717ab2d48d50b39bad5eba2ef38ab0a21fa54b664ab67dbf6cf42c806dc4796dd5ad3e266a839f84f255087346c85e1fc8a1c8a5d4a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
228fefc98d7fb5b4e27c6abab1de7207

SHA1
ada493791316e154a906ec2c83c412adf3a7061a

SHA256
448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2

SHA512
fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
026e0c65239e15ba609a874aeac2dc33

SHA1
a75e1622bc647ab73ab3bb2809872c2730dcf2df

SHA256
593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292

SHA512
9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f34311219dfc49b905d68e7b0d175555

SHA1
9dcae377c3fe23c5479fc957cd3e300d28b18910

SHA256
a0f6ffdfb2e6234a5462f19b3f550004a1de5fb2c893a1cd3cf982c46afcecef

SHA512
44a5092068bb1e27bbc4907769acd53fe65f8cdaed3d8c2b349c05aba657faaff75e00c5aef77c464283548820596f1be42b5f6168e23e2a9fe01b24985bd160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
68942428beb8cf86908bf2457b691304

SHA1
de0fba52b301d269494dfce0d89d93fd2713a777

SHA256
88916215954e358eec78bc87ea4893dca91c5ee5e3098a8ded14a2041e7a7b85

SHA512
2fa10efebae6d39a194c4647ba347122b0ad8a1a07cb14ecdb9d4bb41ea19d0687a6e08c0ff07913b5919a60f0a9de9b749d66833820fdb5390be223fbd057c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c837cd83f54ef7debf3aaacfe48eca4e

SHA1
55f13439f6ac57c4467a95cbcaee0cabaffac94c

SHA256
9c2365242102adb1063a5e2cdf3236abf8a4561d793fc5e2c860b6bfbe269972

SHA512
e6b1ed68f93e61060ca86004c7ada773d1a599a16fdb84142dce89c23ec917cf1392353ce64a8bef94bf3074cb8d8dda4cc714876b3f9817e2ccbda1b5dbe548

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
41ce6cd728e8893a0387cd1d5aaf201d

SHA1
c6c5257c73d52968b03fa7a332f61f050229999c

SHA256
c6ff6212cd4c01ff44605a8339568c3ed2b9dd85c7956873ee9db592e24b654d

SHA512
73c40effe3fa0c521cdd5347e85ac142666a5a7b982d96c80f4c08c079d2f5a8d58c12644af20f27b8480040eb74b28d0696be16fc9566c02bf2d60d08839c27

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\~earchHoverUnifiedTileModelCache.tmp

Filesize
10KB

MD5
9bef7c41d0bb3a44a18c637e03b43e7e

SHA1
f093796be97df77af8a2595d56816f813d2f6558

SHA256
ffb02e89bbf055faff78823c2dfff35172c48a095d8f698bcdb447a86408ebf8

SHA512
7f543a259b79eb4ac25db95bd1059d746acfc192f3d5ddb44d3a63990a2cd31d6b404c0ec3b659457de58a5bad5254680764eaa6a7f6dc35076971f2542750fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\2m1lSVXEC9GqNuAAj4ZjQC0UgPh\chrome_100_percent.pak

Filesize
121KB

MD5
06baf0ad34e0231bd76651203dba8326

SHA1
a5f99ecdcc06dec9d7f9ce0a8c66e46969117391

SHA256
5ae14147992a92548bcad76867dd88cdfcdb69d951c8720920cce6fb135e3189

SHA512
aff6616e56781ebb925a0ca146245ad3b2827250b32261c0c7c0d5b10b20a343a17fc3761c95d93104163e77b2eae3f1f9cbd3cb2b377f49b42bea39bdd09b91

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
45574510c534a8195f53b30e3810239e

SHA1
10bfa95a2f25df14dfe6a55a9e73d9fa5becdb60

SHA256
c44607a865e7a6db05552baa0ef71f9887d96acd00d123854b44996bc27c0e33

SHA512
b59d4c8e07748b68da51b2163a2ebafd51cdc546a1776a1105c19f6727dad697692d4fcb137578bb43dc615342a08c2e9e103384b80fc81c3c669aecc9c443c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\LICENSES.chromium.html

Filesize
4.5MB

MD5
d4a79b5d46f0931b9eb7125fd40baff0

SHA1
3a38fb263dde2251b9fe157b5fddec7acb07c53e

SHA256
03f1d245e6a2facca9edbdaad108169e0765dd9101875bc2d123797994b9e80f

SHA512
17cf94805f11d499ff12d8e42cb262ceecbeb265f56338e0837d291f6a7ed7f8135a025dbe99fdb2e2bb299f2267bed9365976ea51269aafd4c3220cffef9339

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\chrome_200_percent.pak

Filesize
181KB

MD5
57c27201e7cd33471da7ec205fe9973c

SHA1
a8e7bce09c4cbdae2797611b2be8aeb5491036f9

SHA256
dd8146b2ee289e4d54a4a0f1fd3b2f61b979c6a2baaba96a406d96c3f4fdb33b

SHA512
57258aa169bec66abf0f45a3e026bb68751fb970b74bd0cb465607fa3b2a89967e832d92d8f675f0449bb6662fcb7786d05f0597124cc8e18bb99a47245779b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\ffmpeg.dll

Filesize
2.7MB

MD5
eabfc10d56cb44a86493cb2f8ca7aab2

SHA1
09d7e87f43527333cd021329d6c2f4e8bd8ddab5

SHA256
42a2a996ac433ac33a22776b8418a82753557093d90147b7951138b5c83924b6

SHA512
ee31e3539fba9e5969a9f38c428f586de2dd7630cb5d8c5e3c2c934b5881f8176b8ab6ef6397c1ce4fa6ccf3ee9615225c7afa0e0b28c6fc23974e8b96625dec

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\icudtl.dat

Filesize
10.0MB

MD5
ad2988770b8cb3281a28783ad833a201

SHA1
94b7586ee187d9b58405485f4c551b55615f11b5

SHA256
df876c7af43ed93eec6aea4d2d55c805009c219653cdeb368f1d048f4922b108

SHA512
f27e542a9c6c60fa28c5b7cc2818079341ef93aef3bbcadecad2dc11aff5b1592b19c7ebfa543ea42a3cbfec26a668641b255545fb0912056e25e852c2dedd01

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\libEGL.dll

Filesize
438KB

MD5
660a9ae1282e6205fc0a51e64470eb5b

SHA1
f91a9c9559f51a8f33a552f0145ed9e706909de8

SHA256
f2a841b6ef320f226965c7cb01fbc4709fc31425e490a3edfa20147ce3656c85

SHA512
20bed2bed042033e3d8b077f9d66bce67922aaec180cc3777f20560219226b7efc73932bb87445afda4e3877472ddcd307215d23954cd082051437e5f2224263

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\libGLESv2.dll

Filesize
7.3MB

MD5
bc45db0195aa369cc3c572e4e9eefc7e

SHA1
b880ca4933656be52f027028af5ef8a3b7e07e97

SHA256
a81729fd6ee2d64dfc47501a1d53794cdeee5c1daa3751f7554aea2503686d10

SHA512
dd8c39947e7d767fbdccf90c5b3eaedf3937b43c55200d2199107333b63ac09e5356c286618874fac841e1357dd927e0c70b5066c1feeedd8cc6c0fba605ee5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\am.pak

Filesize
142KB

MD5
e1b02b36ce38a843a12867d2700a1bee

SHA1
4e165fd9290921b9acbec8ff24e6987f36a2f3c3

SHA256
e9c78c2410d5c81e0cd5d122462e852143eea15ca69cd01b85322cede1e10806

SHA512
46ce9cc38ab338187fbf0c07a8a9fc1a96bb1d9181fb3b26741ecdc5e1b9fd2ac91b3b9e33d149bf07e6ef5879f72a589954e9314b47fd7b833677384d8b1933

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\ar.pak

Filesize
144KB

MD5
985efad36a2c07c95fc304319d6cd1f1

SHA1
6bd0adbb16ca511850df5132d78322bd7c525a6c

SHA256
1cdef40ba8343e7f826c2020906915efaac5e56f543cd2ed6ebf704882525d8c

SHA512
7176d5254dad1ef91a428087099b1729285c5a58bd2f0b20e51b340d298973be2e36ee32128f71948bff3b013f42fcba01f37eff8f80bb2926695bfb65a02316

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\bg.pak

Filesize
154KB

MD5
26a0431ff9f22716c55f68f7e164c595

SHA1
9e9924ad447907031bc9d1cb753e0d0f66125b19

SHA256
1bb8c5ce9215d42ba9ceec52f86fbff46df668ce48ff56bd1cbe96adadf4922c

SHA512
486ab8c00646afc60193f97583324778c9010e0cc3b4c2f74554c25515c1edba92d83c44bfc6b364b388621c1631f2f51de19a325382ca5e668dac3a75bc85a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\bn.pak

Filesize
203KB

MD5
5d7894bc1947927acac8491e1036d44e

SHA1
273b9438740d379d1a20a7c5ed4275940405a44b

SHA256
f7d704207cb3340f1ace2f2e5af031e816bb86e4bf3f665907d837d094bba37a

SHA512
6179ce46ba48fdd110a8c7d2ae17b43b064b45d147b18e9f20223c845382dc01e0e4f3fbe549ce3a23b6f46e59050f9337465d73e748003a1e650bbfdfd21b8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\ca.pak

Filesize
99KB

MD5
d92f01e66dbefbe28d9ddc0a0b318258

SHA1
8c2b07df543e7b523ee6a682450eb96ace988c46

SHA256
14e99f4d94868a454f40ee8e0f62d056e0abb303caf6e184a9a61bdec18ac271

SHA512
0a27d8533128cf03568e8b1e8223188415429a8be8919cf3f81bc041ee93fb530d465d1a8313876c3db9c83b9dc04cb4ea0d9bab0dcbb3373813aedb5803725c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\cs.pak

Filesize
101KB

MD5
b7ed7dd838c0c0980d7c011a3cef03b5

SHA1
d752b7e7098e5cb2c894ac35591db2852946d497

SHA256
9651b8f3304c70d96dcca76cfffad90ce8afcab6231ffd8e4e9beade3d510841

SHA512
23a6de6b8093c8f87e84ab7cbad1910a96f228900967b16cec9852fe88f756be7d5fd45b45b4f0b4caa4db05aa315f21c73b2c1c6c32e11d55ae6b810dfed49a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\da.pak

Filesize
92KB

MD5
55a82964b36308b838d627e7ce708078

SHA1
c685eeae43f85346fc984d02c9fe4120f8b5467f

SHA256
1d1a3e38ddf282969bca2a5d893b3db4a0aed10b53eab37bb2dad7d2d18c94de

SHA512
57f7a23db6ffeb0be0b90005fa8c4ca22294b27da7a14e6afd70ac417b05122bd3ebacc41a168e28586a157521ca0e3093cb18d4bd7df71cdbc0f95b2925ece8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\de.pak

Filesize
98KB

MD5
9b1f23b3e07d947c0227f640560bc0a6

SHA1
17908d26037c885655a40e470fdf004a3367ebed

SHA256
e71f4320553f65cfd0356a4b30f3aec2eec7b4fd327866d528917b9909cfa761

SHA512
72de618027466a819692425fa028d65d432e825f6eb9a3bc100dac808c4e8acaec7c515a7d7674f04f0343edff731ea07381a5159b817b86d07359e324bd829b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\el.pak

Filesize
172KB

MD5
5949036e7e364f5c97fec60c80a4740c

SHA1
6380125302942906a7ffac45c724c9a1c392a50b

SHA256
a3431d3ac720f871c33d7e522cf506b2fa8ea1872bac02a4b4b427a6d063af38

SHA512
017fd71ba9ca2718e138fd1baf8893bf0e6ae86d947774671a72ffba6bcf330d039e313a949ca3c869186155c7243059885931a7de0804ed9ce4faf0989de94a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\en-GB.pak

Filesize
82KB

MD5
32f8d0492b73ce67df70c2f6b65a9db6

SHA1
eb7cb21681e65869a931f50d83b19d06f60d28b5

SHA256
c4fdfa9c6f30ad657bf12ccb95f70542a0fade45d8490259a4507629f4b33299

SHA512
04d80661d37c5c99657f9ac268674c058fec4a25fd9aa30c0a2113558e51aab4cb2f01baea3d8625d744df29575944a19f8575579f872c0716876819e933d693

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\en-US.pak

Filesize
83KB

MD5
bd8f7b719110342b7cefb16ddd05ec55

SHA1
82a79aeaa1dd4b1464b67053ba1766a4498c13e7

SHA256
d1d3f892be16329c79f9a8ee8c5fa1c9fb46d17edfeb56a3d9407f9d7587a0de

SHA512
7cd1493e59e87c70927e66769eb200f79a57e1eb1223af4eb4064088571893d3e32cbc4b5ece568fd308992aad65684aa280dc9834f2b5d327bdee514b046e5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\es-419.pak

Filesize
97KB

MD5
a6de020b1ec17664d99aa372dfc3aeef

SHA1
b7c2e6af4854252df86ea49c625f15ee094c891b

SHA256
64df687bbb37bcd92e609f7e3bf950ee5629b693ff8636607285f5753b1bdaae

SHA512
6af0488ea1632e6aad16b149166319dd9039f00da56c740c196dbcfc5265a0c225581450efe616e0d9a82e6d6a5bb50f2e0ee90f095628dfc5acb9f2d160193b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\es.pak

Filesize
99KB

MD5
06a2c6940def84d9327083aee446f446

SHA1
a542fd511568ae5f90e86259d427b7792ec52d03

SHA256
eb22282dbf211f64142ef4dfac2c1d811d65decd617c4a3d1c892967dc72ac07

SHA512
23d0547ca962419bd6013f094de67a6f20779440674fef3bd38ae613c72daef6072a217d7832e1c62dd68bdfdb1eeba241ac302f72cb710015d8924f8e6797c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\et.pak

Filesize
88KB

MD5
ac38b14b7663b5e4e98baa6bc47143a1

SHA1
d41c2be94d6b5aaeb23c17b9a6c453a5ac9dceba

SHA256
b3baf825f9b237565260ba2935fe9acf2ae381e3bfc6fbf837dbfe6fb83314b5

SHA512
930a9ef5b3cfabec18b18b52d6b3da8f91e6c4d4b03e311ff34eb8f5af85c6b91077c7cc1bda609f114935d6b287a503f5e1ee792548cef0a5686bf4a3c433d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\fa.pak

Filesize
138KB

MD5
a6c8f787f9f3ef00bc38673f806e69f3

SHA1
6be8d4a7afc97748b1bf619d10086a6d27c1a519

SHA256
8ea08e9874892edefcbdc55c393dc00fe451f3c7f29b57d7105377349eb4bfc4

SHA512
64668ae3d459c95f22e580c2f637c8b739ecd7c177243d505544b4b55f0c70710cd99ac71215412d04845e170d47e7ef69e9cde1e698c8898692a950619388db

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\fi.pak

Filesize
91KB

MD5
8cb6cf7f173c2deac78fa136c8eb94c6

SHA1
c873e1cd9a2db4997683574f1a6fa2f6c53143e4

SHA256
bfc24d41ea8e362bb1a18c11860d2217fc100b1a422cf54629c7d0c6640d5ed7

SHA512
e8600b3fdca4c0c0f27d3959087616235c537b8ba6cbc85177cf96f2a9b50add40989d56c9ed92c5793fd3b55515ff611a6e273d622a1c25a301d35cb52d2d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\fil.pak

Filesize
101KB

MD5
91e33c418c453abcbb8ea4fc89d4b673

SHA1
11a4293e6a1e1a9dba94b80ab812f305bf70abd9

SHA256
75d473ffd351a828bd7854067ad986908efefdfb75800650587b8bef09f9ff2a

SHA512
b77b1533fb26832f9de21dc361ad58088d7aedf26bfb1111872cbb1b0da8b8f9061b8ea9c561fd645b8d683110998c71acbfedc02d9399e4f4aedb8c717cf97c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\fr.pak

Filesize
107KB

MD5
5d2e3041fb2154b01cfc628935aeb183

SHA1
620a2aaba08d430251e408cf99186ae0439f8a60

SHA256
b387afb8c8ae3c3ce90728fb7eb39a39ec789c6e7bfe4dbd2b5d49e72434db1f

SHA512
8709fbc3e63e94f61918872128134bd3636ce69765437272c99f1529801b97283d4baa4b3e61f2dea73cfdecae0321ba30c903d6055068d62d024843d6213974

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\gu.pak

Filesize
194KB

MD5
7e5416a501994ffbebab3edc57756b3b

SHA1
c350fd10c8d7584f6d92612d9afce4c62e0e54ea

SHA256
a49597e67fcf93448c89e07f9cc3519b3b1b77505bc30adf3f25c250718eec0c

SHA512
611276c8d8a42c4258c9ae33f3e95b9b44932aa04c27d985dc70893cad75135b9d4ee74c1bb7c96449053debf5e0cc2e261ae1909b0b13126193b955069382bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\he.pak

Filesize
122KB

MD5
b73d141efba773482bcc09853c4598cb

SHA1
b1768edbe4c2efdb39a3d5629999bb9f9280e595

SHA256
7420e94f19bd61f33950e120f29c9783305f218d089f0a7d3ea3451655cdda1f

SHA512
f61e2d92dd77a24301d9c658560fcc9ceeb59a7ddf3eebf1872aaef2de5f8607b95bfef61ad386d5705c796b032f0471a85d43dd2a5e6d9da3725e466382b3d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\hi.pak

Filesize
201KB

MD5
262a8aef9a1160a55b193c4a0caf0e73

SHA1
5ce45534b4d133c7f65ee03b8c2e14f3a7afc209

SHA256
acc53ca41a9a04a57c1f18fea58cc4329b8add0ded37f9f7d7a73584a910d6c9

SHA512
6b8b910588607bb080e66384c10e8d72803fdac3b2acbc65dff54ba32563a0768dc11af6806fabb82f7bf877333f6dd30d61a6630ef5b2ae291fcc59f3246fbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\hr.pak

Filesize
96KB

MD5
0b263bb9ce59ac162811f06f441f5944

SHA1
073d6a9de44affc840c68a0e8c5562c922ba1582

SHA256
e55d011ac0cc50d33bf22d43a9c5a6b59f5c31bd2884789efee124929be9a7fa

SHA512
64d69dcf063e4328ea3874ea0d3c29d2387117cd3927096dd6ce12624f802ccac4cdb8157757d70be8656c5a9757538f84d946eff48878c4763cd2bfae274d87

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\hu.pak

Filesize
103KB

MD5
0b3b9d23034926aab2e6a2f9795ea640

SHA1
01ead327ee1a66e0c741e411c4ba0185951c36c5

SHA256
030cbf833a350946959afa0d2b699512c0b715ff7b38b613bcd16b15282b940a

SHA512
15ba2136cfb870dac7bd39f287b35a756817d05003d545063b4e8f8e99698f528ccc652be83c45f6dd8b125f9f5eb7ff8bff8e95d4569542954d47b38774f3d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\id.pak

Filesize
89KB

MD5
978465f6021894f8f1eb0db3719cc720

SHA1
da37cc7d02a2ec1ef136127314a994316f1b9c62

SHA256
d12d87d003bda037b411daab09d1698671f8284e4297ffc08b0558749df6495b

SHA512
6383ea1e0c731ca93a9a121e4ea919b4be9aa48ba3e288ab511dc8ab873a3099f683c9c665c3dded79ee74bfd9729623d9a8fe323d2085f4d81dcbe6cf104dfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\it.pak

Filesize
96KB

MD5
f89173cbd42ec09af2fb0a86aa5395b2

SHA1
3dc7ac0c537e2ae37c579ac7352330bd3bccab3f

SHA256
266f501703d3899000d5eb60d55ccc8f59f186e862a4a9a34910e81699ea289e

SHA512
41cf233eacb47680f3d8a17b9cad17ce872c6a9c443929de776a315c0436568e8150ca75e7bcd46ff1a4814517a8c78d7694dffab00509977ac7f45676d54dcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\ja.pak

Filesize
116KB

MD5
25eebd1c10519b8c1c01d05c5a9c75af

SHA1
aa06f180ea9a48c7e032e52614bcf405c4dbdce9

SHA256
4d0910d196b6b5652e3e5d677ddb048b8dae1ec974593484df2838093c96fed7

SHA512
d278e262df63b2f816013449870f096796ec70eb0acfdc5d0700be07dd70fa87fd8c1f08fe112a919904d77bafcab0519ac13da82de1c10a03745c59a2c0bcf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\kn.pak

Filesize
223KB

MD5
f83907e5b38876e6c50480f727fc2497

SHA1
517f0d01d47c6838e008dec87f089ebfa1b036b0

SHA256
f25c8b41249c8f54224702795644c80bb5a7eaaeb6f0af5b6a1048960a27c827

SHA512
e4c1c23cd72197616e3e7a9fea5924b4ddb01d717810bd69937de49526fab9f3f368df896771eca697de77cdafa2207992cbc77a448082d65ae25894484131a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\ko.pak

Filesize
98KB

MD5
7f61b6f66e6d22083bf0b2ca8b64309d

SHA1
748a0198780c238346781a0c1df3d84963591877

SHA256
99addd110ae7ba9fb37daf5c32ad2815172840764da0c71d0304dc9562951d61

SHA512
3945e3821cd2f4a420770182ac29cc2e2db72335d934ade001c196357dcbecd33428689a7588f62e7b845f63765fa102ddb6aca07ac7e7b7104a9633015126da

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\lt.pak

Filesize
105KB

MD5
99e0e932b751c50565af36025523fbb8

SHA1
1e5d3b2f722efe60d4d4f2d81cc5183309313547

SHA256
9124dc353864cf6570580ae3afa0a7f09f5e3d32a61e71a64ff4cf824ad4fb29

SHA512
a94b4565acd04ddd9265de072fb2e1887c21dfa251afbf76b30824cf9de84791ed3658c6f71be17366cbc0b7f73921e045ecc125c42bad3004d189c7943c7f3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\lv.pak

Filesize
104KB

MD5
05a27f135f550fcce9c1359730aa334f

SHA1
1e23b09f0f7aec17a64c9f09de1955ee6bc5112c

SHA256
6861e9a4e8a9f2493f0103afa0f860c280478a64293a6de883ba9cb6a45776f6

SHA512
980c32e547fae231db2758978811d49a9a631ec95a3e47f257e1387f276d94005925ec432551368eaf3dcd310cd6219902dd360aff8a67033797ed3e7fb519c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\ml.pak

Filesize
235KB

MD5
7fdcd82db37be12740f93b8511055703

SHA1
606547e1cf56a68df1299bb962fef86cc6e99e20

SHA256
cc9fd4f2d44df646c6117465f820ad390efbc9cb64eb4ff898a50cdfef8f324c

SHA512
f92b42994639f48e5bf949efd6b483b1502c6204d15cd32ad6fd53f0f76886d10caa802fba7317421225a214c479fbb1509a03b7f4092b0b2c47f68ab7615848

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\mr.pak

Filesize
191KB

MD5
be54eb7b1f16378e07d88072912e0119

SHA1
d54ccc3aabcdf06968f6cbbd61bee3b316d062f9

SHA256
5f1ffe801f3701434a73d3ad3d04e9fcb6238f0f3b14e9325413910799954543

SHA512
07fbe367d6caa27e24b66551f1d6fedc17702a39121c48e33d2bb6547214aa7480ac8ec8500f1f3da7c064d1174270056d6f49757e9f4d67fc44ea5b9eae993e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\ms.pak

Filesize
91KB

MD5
08d7bd42520462f677a3b8204feb1777

SHA1
0dfcab20465137c4ee25f285f82a499b9aa3205c

SHA256
f4f6362d9963b7d244e29e85c7ecda552ff7756621f6efc9f3b6f12940896a81

SHA512
f48373053bc7bb197308fcc3133dda664a7d1babe5e188c7498be3396ee94e43d27fd2ef233318271cf11e1ffb75dae3d0ee83f78b590690fdb84e1d0cc832ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\nb.pak

Filesize
90KB

MD5
fcbf5dc281a9ab77d7bb03751b9563e4

SHA1
e4c4e499431a3e693bc262a25ac444cbb9ef1ba9

SHA256
efc934122d4232276f9f2317e5906517bd91ec2a6d76995fe8aae04eff866a50

SHA512
502eb74466ed1efeb61688e7b5f6904014e72be9f701f18ed49dec1547fcb6303fe816e4340b97b410cc1f76bc715cd836c3adbc84cda1c8ebeecc64a0f477be

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\nl.pak

Filesize
93KB

MD5
e3fc5005e01568eb856d1edcccc200e0

SHA1
b105b8d844cb2ef868d56057cde0e491b9b077db

SHA256
4669c10a7fcc8a150a641e73320547ed1b966a92fe78041a860ce4892f79b0cd

SHA512
288cc9c97e781d2ae4a95e2fef230f3c04b8419b87840c4ede04b3d8a7798e78bbd69be37b374b179e9f10b50c8c997834cf9d8a79266c16b3dafac83ad8e9e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\pl.pak

Filesize
101KB

MD5
7a4ef59181d02e62cc295b676d479d7f

SHA1
84fe4e425f1684f5d3efefb7e571ae8853ef68bd

SHA256
ce84676f37bf97078b3d087d913a874d3c092f76b729f43d3e9553d3c9754f03

SHA512
53c8c9526f3a655af2251fd599f130606eae88692a726ba25e2b09c129ad89f00f833e6e4e1b6d82200cc110b8988b61c0a2d678c712d7c0f1b2e67b1aae1e01

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\pt-BR.pak

Filesize
96KB

MD5
5beaa2cb0bea5d59f461c8c076236201

SHA1
65228896fe64734a7b56a735e5b5fed8e4b85d57

SHA256
7cca8f6ee8b2a19c8ea53b3a2bb2af4ebbb2b8612caba87f581938e7d6aa9f18

SHA512
39ad2f8d072469843b939e69dc7e4dc408b366a07168234d2c45a32d6100e904646e66a966e457aacb65a2b07ec5f51dbba71fcfa3c9e4afe1684f42db01bb6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\pt-PT.pak

Filesize
97KB

MD5
2ae2e6ebb6ecdc5dab094ca28167a27e

SHA1
499c9a7169ddf760d9395b5801aa90632ea6323e

SHA256
7f0b86e4f6391e48fd045c8b967a1ad33d9c54f5a6ceda98d800c254dd2ec059

SHA512
9b3f6df3d9d2dfbb5f7319c41ccaeb66ec4d30b0c0c505ecf6031abb5e36f95e0435d91d0913def09d13abf38488a9285e170d502e3e3ab2cb44effbffee3f04

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\ro.pak

Filesize
99KB

MD5
84d177ee0f1409e8d69b9a559fb176d0

SHA1
f22ae3c93347b0947e7d440a311f3856dc1f913a

SHA256
60859215a025b95a1ac06333a66d14e1698b28ae31451c999e8adc072401a86a

SHA512
85fec9c41cae2191650654addeb6639c8ce09198a023e8548cbefc7778d1a0ec27214b7c755c10ff403b6435260537b9644dabb0c37d01b297323152ade5bddd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\ru.pak

Filesize
157KB

MD5
bfc17d03eec2df2985249a96e4476a11

SHA1
5399b5054515bdb48942ac7d662d936eaf65e253

SHA256
5c93984215f69bc6c7a1430fedbdc619ee6ccc9e491354e3541fdc8ed1947f8b

SHA512
faa2f3f0176cb8b1484e4e8fad6a019a4198f549991f4aba52453c077156e5cc00009a9c1c08cff999deaa87d2c8bc31c385b22bd10e8818e68d3fe61f07db60

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\sk.pak

Filesize
103KB

MD5
800dc45f273a82862fc0b0aae4f3e908

SHA1
8cd818ee32f9ec697226659b3b86df2ba35d019f

SHA256
4a09c8f22d1fe71cdfd0149599c59ec3059cd35f7dc8f33f22f967a237f7def1

SHA512
6fb7674ddb299efe896f3c0f2255295d0489d86f1bc492fb95d7e9eabd63847d2cf162f008e7e715a6fd3a409a1a3d6675e095ef910f52dcd28e302627f09ea1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\sl.pak

Filesize
98KB

MD5
fd9efa0cde455dafa0905dc1b06cd02e

SHA1
9371bea539436ac65dc13ea475d6ca852f236caf

SHA256
1ed9fc4abb8bef48e0fd5e10a107fb456dcb0c7a275bb789cb0728cfadfdcc42

SHA512
888b83e1d111ade5b2260ef2b7458928594d8bb0dba9722d4a1e343f58ee0a668a6731a99f84601149ed4e56db39073f562255850a9cdfa406c7b8236c5943ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\sr.pak

Filesize
148KB

MD5
e64fbe3d0a19f6c48bd7f81a093900db

SHA1
a63d6e8c469dac2bb68f1ccdb43bbb78a769f210

SHA256
362a50ec28da0af4c6b8e282ad64d45298b939a03883de22c5a33adfa919bc74

SHA512
390690233c9b89eb9fc962e95066fee0e8b2356bd9816025f7f3218e442324edeec5d1e4990c073e965c66dc6126136d975aa3deeeb65b090ae6bb0b89415617

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\sv.pak

Filesize
89KB

MD5
f03c7cdb6921e881c788ecb10b8ba710

SHA1
e40e1b540be2eff535e62e44931ac5bafb21e524

SHA256
cfe9ad173d516a3e1855f00f53fcb20a53ade93fef6256e909b0f0da12723cc2

SHA512
7de1c83fbe86d552044e8663969b5c49aabdb762ef73788e6082aaa2117bf1f2788df6b8a28d65cb3be51a9c6bf7afadcecce716bfe7fc6dcdd646730897cdfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\sw.pak

Filesize
91KB

MD5
59e99f7b257d5f0d0575038c8332138c

SHA1
0deff978d72e4b6eb2ad0534be5cb573b3a662c1

SHA256
26fbb15e26f5a4c44bc0e86326fbff28686c771edd11bda6bfea178364299eaa

SHA512
fd0f603d73a96fe1b40030067e6eaeeb4c6ef18bab57288a4a049ed2c687c85836d10c1b652d7d1ff2030903dd5e3fd4c222b987b87464b5aaa916a9f12d0f22

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\ta.pak

Filesize
230KB

MD5
1518a611019dbb88dbf9af005d31cc2e

SHA1
6ac31736c93779f279bf893f869f6e0a251d9766

SHA256
2363b6a8cce7868830915303dc2825351e7ea9dfd98568e448cd8b71c7ceef90

SHA512
341fd001613772a495909420bfae00439bd0320a27d7ed10b7e76f64634ee7f9a36751b24388853723f41850d125060f7c0ca6aaf6ff0f768c5fadb7f5f42b9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\te.pak

Filesize
213KB

MD5
15d65c33aeab73a95a183643b57f5fd0

SHA1
66037e1366e4631a412fb5caa0a18efd1fb0411a

SHA256
c9f427a4efa5d9835432e3a190e26d684c18c26e13fcda1b7e73d6a7527cfd4f

SHA512
9e99a60110126ae311e2a428ae121d4671db202c2cfae96317119f3ae67520af50a06d0ea58477a199aa39c3eb0f4f5d14954a7b7c6a9aeae8582a457cd07ab7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\th.pak

Filesize
183KB

MD5
d2ffd3529b4880f2e8a8d0f01ae69395

SHA1
451ebcf352234a4b343d30a172054558c259ec83

SHA256
301966a229a09b37e5b2bf12c89522a33144c977411099b81502261c4ca554ad

SHA512
c4d3f5c3e7b307caf6a51fd74e828fcf8eaf41a07dd198ed5844893e3b27af20cdbc7b33d58fe2ca0e487ea546a4d1fc58d99faa9e14ed0a55bfa43265211256

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\tr.pak

Filesize
94KB

MD5
7c897de0ad3c9d9da88ffd01cc7a6e99

SHA1
4864bf127f5de75c9f3a2cd4b13b6cb56c3c0a14

SHA256
81694a8258624f82dfbe0af43aa0ce5fdf1304c25a2f6735b972a2a29beb8e15

SHA512
2578bce090dc69d9743684671bf6ea68efff7db900128ee0703f4eb3c34db2a92f0c805c6febc8a978d1488511250e9f133d500c551cea22d091a9150f0dd88e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\uk.pak

Filesize
158KB

MD5
026ef6b51c0b2fc92211aa0a6a1ddbcf

SHA1
d1a5eb09b90d04fe02560b33acbb55ea4f6352c8

SHA256
27d3c996804b4f4c106f12becdaeeb1ce65df53abe12658574852ab7b6643bc1

SHA512
b8efeeb10841dae8c23e1c8d2e939b809d4f0aaba56521e037ce5d1ab6748a119a6d064f767dfd209415b4f6ed94527132696fe8c12a71c0c5b61637414c23c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\vi.pak

Filesize
111KB

MD5
b7dd26646a77979ee0c4776ba0b1a52a

SHA1
4b9ba889a4aeba5b162dada01982420527a76007

SHA256
7f94586012c85732d23b05dbdde2c497326d5fcab87de83aafa3594b614dbd36

SHA512
a8f4f2decf5367c02c8847bb6873a44a3389f4b3e637ab54197df5c56cef70c293a849ed260bde922b4d6a4bda4c95ec03c9d94a837028e21f74df699c434c03

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\zh-CN.pak

Filesize
83KB

MD5
dc160104962893fe87f3a5088a78926c

SHA1
775945e0c70ab40d2b7ba10e58e7e0f857a95021

SHA256
44a9dd0a830ce2feeb81523cce7fae8a0a553f05921b34d34c7826d50ac3a1b7

SHA512
4b6bebf59513c27d5e022ae01f15fb0ecec0be4b547a1231eaa79555948c7ce92f08a7b6ddc6cea7484f945afd2eed5a29acb98afc568d21ec656b076912171a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\locales\zh-TW.pak

Filesize
83KB

MD5
4bc50b6f5c29ea7cb60d5b79147326e7

SHA1
c22a956b438fe25987ffb4654321dababd49d1ae

SHA256
268041a1a95dd540cf7e92a01802b65df8c8d1c80726007da1bb8a9cba6e5414

SHA512
4c65d6d3b3db84412a589ea5c9a19e609d4b47e37b752d4231dd5ce02d5ed8a9ad4eecf23e321e4f48eb96c1e14f2da2a38057e6ca4079d0b025a2266783fd85

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\resources.pak

Filesize
4.8MB

MD5
d13873f6fb051266deb3599b14535806

SHA1
143782c0ce5a5773ae0aae7a22377c8a6d18a5b2

SHA256
7b953443e3cd54a0a4775528b52fbfe5ebecbc2c71731600ed0999d227969506

SHA512
1ab38fcb70d1958c74da2493459532b52a04b884009509a1ac8dd39f6e9e670658a52f4d19ef57f1bc71dccfdd6ceedbc18034bbcad0b500d75a97c74aac6939

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\resources\app.asar

Filesize
8.7MB

MD5
74ab52ec0cf50df2b91b90d47c1d0a07

SHA1
93546c7c1fcaf180b87b3b02585d8b4a5a50fd50

SHA256
80bf486fb5a482a49428a31dbe71dc667a1b702a0a252b8201118126fbb84838

SHA512
19a015c2b7d1a904d2c830c32344d597c3b37a6bf89681bdd15938b0166144f118e0781963f76ae84ff836cf9476a8a87d4158e01fd67ab7f03f7be80e25c27d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\LICENSE

Filesize
1KB

MD5
7bd114b023fa6209fb7b02150a202ccc

SHA1
4451515f9d7b16ce8983abb4e85609fe4162c4d4

SHA256
455dda47a3fc2f58ab06d8e526f490ec43d0fc23a5ea80dd0942644397316d9b

SHA512
87ee4dc1da13937055eade250f1f8a357f549c709b9659258c137009060080aca5cfd979890a7b2d662083f4c646cce9af6e20774b58541af9e712fb5f4f1c60

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\dist\index.js

Filesize
412B

MD5
0b33e83d33b01a51625a0fdcbef42ce3

SHA1
1c29d999ff7da39426b97f2eb31a3d83db8f5fc7

SHA256
a7ff0225cb5ebcbef8499c6c8ac2be924f584eb375dacb1d8bd3dc6540b510f2

SHA512
1d04caf4fc2e876bdf2a089ae938a41fe4d3f2928aa846709bafd2de236fa8c754fcc84d7e8a5f5734bc1cecc04b395ab9d2114945b35e8c85cd3b9ee8f9799c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\package.json

Filesize
934B

MD5
83a6b767cd4ade2116654eb0a90fec3c

SHA1
07a0f29ddb1c8a48947ee05bb4d6ec3d2abe1df9

SHA256
59f4704391d2247b2a8d029d7338566d47d2ff0cd7477c49343efe93475f7a12

SHA512
404ed15686b7d611ba8aeac12e706af75a876502c51e40e48a598d05a9ac89f88902b2830a5c679f9bb7931f5c33bb10da3a32753fdb8c71a9d7b4346a1be8d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\prebuilds\win32-x64\node.napi.node

Filesize
137KB

MD5
04bfbfec8db966420fe4c7b85ebb506a

SHA1
939bb742a354a92e1dcd3661a62d69e48030a335

SHA256
da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd

SHA512
4ea97a9a120ed5bee8638e0a69561c2159fc3769062d7102167b0e92b4f1a5c002a761bd104282425f6cee8d0e39dbe7e12ad4e4a38570c3f90f31b65072dd65

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\dpapi_addon.h

Filesize
206B

MD5
ea1e5899ec0210d7de4ce325d1d94022

SHA1
464da48d40547cb08a67a1ed38cb0ae8369f2f42

SHA256
18280b1135123aff82fbf4188a5aadfc9a5d6fffad9309f72f347f380f2da550

SHA512
6dae672ea822a7dc5e42914def21c019c0fa8aeaf1c27c155b78312d8a33a63ae9a1910dd32b72760578671780b8c37b91ff5e1f6588f08c7fbaaff80d8fb6fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\dpapi_not_supported.cpp

Filesize
327B

MD5
c510e65ebcb2fa7c00712e770ec8c692

SHA1
ca1ea3c8340dcf69f344d5eaa884631eef37472b

SHA256
7c03cec11c438b6d2512239477d9f1b45d6e16763122a3a36458ab339f50d3c4

SHA512
b0b312426b4409c80b45a0f3337069be9870e050dc8b55184fb2bc63532c247089c8d35cbd1f12f0bd2bd38d581566faa74a6469b548a1ad7d837285ad37c178

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\dpapi_win.cpp

Filesize
2KB

MD5
4a55597a2c7466278439452bb708b822

SHA1
eaadcda8f410f2dd1fd9522fd7a2221624dd1713

SHA256
da37b02fb0babb651244479ea019d229fff1c41ecde74bc06335b5e603d9b30e

SHA512
b20efe8026de41dd8c13c6f844455cacc13fa80bc3dd41fef422fb178054a7c8d6f14af8b1d6928e52648ab95a793aee1f996dc2aceead3aa8d317a99aad23bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\main.cpp

Filesize
698B

MD5
88934cc736b505ada3d07afe22083568

SHA1
6d1d112f4e7fc943dc5c9ce5ad2f32154aeb2f3a

SHA256
1ada21451bab629832372d519e366bfb08c80facfefe5a40c76a4f10a697c905

SHA512
9f45386cba32d13a50360916b0c2f240e43cba5983a86ad80f85c75cd8e6ac2c6b931992842a736e84e234b91fc46a7a66824a3a2748f474cf1bbd22ec138a99

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\LICENSE

Filesize
1KB

MD5
79558839a9db3e807e4ae6f8cd100c1c

SHA1
ae3dbcee04c86fbc589fcf2547d4aaaeb41db3c2

SHA256
7686f81e580cd6774f609a2d8a41b2cebdf79bc30e6b46c3efff5a656158981c

SHA512
b42c93f2b097afa6e09d79ed045b4dd293df2c29d91dda5dda04084d3329b721a6aa92a6ad6714564386a7928e9af9195ac310deecd37a93bb04b6a6f744be46

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\common-sqlite.gypi

Filesize
1KB

MD5
92c4c5168a6a883f2a69ea4a1a37b7b5

SHA1
6dedc03d603631c1f70c626f5ef9d8ee6f342efa

SHA256
7b557c097c162c9ba04985ab822f92a176bf848c34ca38e54f061057ad0d8bd0

SHA512
904e605fe5bf1134031edcadc91ed55bf72d7fb1c862f99f25a672d29fdb34af22d4114cae389a853d703bc35bfc2c8429f86608fed5eec897c115ac3dea8de5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\extract.js

Filesize
224B

MD5
f0a82a6a6043bf87899114337c67df6c

SHA1
a906c146eb0a359742ff85c1d96a095bd0dd95fd

SHA256
5be353d29c0fabea29cfd34448c196da9506009c0b20fde55e01d4191941dd74

SHA512
d26879f890226808d9bd2644c5ca85cc339760e86b330212505706e5749464fafad1cb5f018c59a8f034d68d327cd3fa5234ceac0677de1ac9ae09039f574240

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\sqlite-autoconf-3410100.tar.gz

Filesize
3.0MB

MD5
c6d5034cf39232299ccfdf8e3ddc5781

SHA1
e77599a2df4c5b114c942ddba4483550d8982bf2

SHA256
4dadfbeab9f8e16c695d4fbbc51c16b2f77fb97ff4c1c3d139919dfc038c9e33

SHA512
6e6dafc35b8b11df3cd3bea48aaf84a102893242cffbe18eb7b111791563095111a2a8a5632636b8f46523d98d16e2b48dab79ee6707a141b22c2e6fde3002a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\sqlite3.gyp

Filesize
2KB

MD5
0e4d1d898d697ec33a9ad8a27f0483bf

SHA1
1505f707a17f35723cd268744c189d8df47bb3a3

SHA256
8793f62b1133892ba376d18a15f552ef12b1e016f7e5df32ffb7279b760c11bd

SHA512
c530aba70e5555a27d547562d8b826b186540068af9b4ccd01483ec39f083a991ac11d0cc66f40acaa8b03d774080f227ee705a38995f356a14abe6e5f97b545

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\binding\napi-v6-win32-unknown-x64\node_sqlite3.node

Filesize
1.8MB

MD5
3072b68e3c226aff39e6782d025f25a8

SHA1
cf559196d74fa490ac8ce192db222c9f5c5a006a

SHA256
7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01

SHA512
61ebc72c20195e99244d95af1ab44fa06201a1aee2b5da04490fdc4312e8324a40b0e15a7b42fab5179753d767c1d08ae1a7a56ac71a6e100e63f83db849ee61

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3-binding.js

Filesize
241B

MD5
ff6a0462767c6bf185a566f4aef65ba5

SHA1
7a3c3ee6748d00fac6e51e366518bb48a41794bb

SHA256
049b7b1b10417274be6c3e6a9518ac364729354435298d70abf834c35e8f3bf3

SHA512
088d706f5a18323128547b0f126564fb7fa7a36dc8365ee8287663b2cb63da2d02a991bc5cda19af24da2aa063357c25f21347835f9a8aaef341b33bd21127df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3.js

Filesize
6KB

MD5
275019a4199a84cfd18abd0f1ae497aa

SHA1
8601683f9b6206e525e4a087a7cca40d07828fd8

SHA256
8d6b400ae7f69a80d0cdd37a968d7b9a913661fa53475e5b8de49dda21684973

SHA512
6422249ccd710973f15d1242a8156d98fa8bdea820012df669e5363c50c5d8492d21ffefcdfa05b46c3c18033dde30f03349e880a4943feda8d1ee3c00f952b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\trace.js

Filesize
1KB

MD5
e5c2de3c74bc66d4906bb34591859a5f

SHA1
37ec527d9798d43898108080506126b4146334e7

SHA256
d06caec6136120c6fb7ee3681b1ca949e8b634e747ea8d3080c90f35aeb7728f

SHA512
e250e53dae618929cbf3cb2f1084a105d3a78bdfb6bb29e290f63a1fd5fbb5b2fab934ad16bc285e245d749a90c84bdc72fdc1a77af912b7356c18b0b197fbe5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\package.json

Filesize
1KB

MD5
f9560f0fb25f1dc014682359373146c4

SHA1
b19c6321292cc63d26a18bef5d80787c5e57e746

SHA256
b145c00c63dde4da0eb3736b0d25fe79fa252a02daa9c3fdbb2d3a5783e98cf6

SHA512
dd51dcca43554f27b2718f87661cdfc86e6a51b36c15574870d793fa358f76816423c0ebcef34dd9a7fd7ce42e6be18f834100a327cdb3e6eb8dbd9d65792262

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\async.h

Filesize
1KB

MD5
7fcbaffdc03bb5164fbb27f8552dcf5d

SHA1
590e3430c1dfa30f241d56ea01f364d5b9e7e991

SHA256
b6e86bf43d74c8ee2c2f57eb1947be6ce5d8c258c4866609571ed6c97b58b53c

SHA512
e44d4850651e0e070d3f686db3d3797632121e32dc65b869739c0b45cfa13c055fc42d650f04c41915264b8772fcfeb2a38148b9fbe21a001af5a455854336b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\backup.h

Filesize
6KB

MD5
283f3987e0e65dca1b029bdbb625ccc2

SHA1
285d7995459c11a47e13834ae3ec0167eacf7d01

SHA256
d3956cdbb650e1ecff8c94fe4e8645f80e10088156d409703c19f186a9c41aa8

SHA512
ff5c21bd53bf75b33a5430d1abdc8a8649af1535ec02aa5fceb91ed1189e44f0818e25556946d3ad8032b077fa30e73503464aff219b42cbace1ea3f97acb605

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\database.h

Filesize
5KB

MD5
f023c6c0baf0411cb6eef0a7b2baad13

SHA1
748b78bf3ed5adc11e83f705033d8338d7eef2b5

SHA256
8c5bcd084dddab2f2994b6cddc9b69a8f78a1034588b765e7bd859f27868fe43

SHA512
08648cb37c0284799bb98fa2eb1abb508c8b992b43425203839e1e7f4092b7d2d7c83f6419417281ae278d3d61ade0b65959cf12f0c449a9688ee97749593dad

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\gcc-preinclude.h

Filesize
861B

MD5
55a9165c6720727b6ec6cb815b026deb

SHA1
e737e117bdefa5838834f342d2c51e8009011008

SHA256
9d4264bb1dcbef8d927bb3a1809a01b0b89d726c217cee99ea9ccfdc7d456b6f

SHA512
79ed80377bfb576f695f271ed5200bb975f2546110267d264f0ab917f56c26abf6d3385878285fe3e378b254af99b59bdb8bbcab7427788c90a0460eb2ee5b77

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\macros.h

Filesize
11KB

MD5
592ca8ac280135c059c9ed651ac738c3

SHA1
ac8e8b5e835ea2810a443df2a57f3bdc3c60b2c6

SHA256
8d1afb5d27eab8302de08aca87eb6edc1b99ae963a854d3bd652a4fc61cbe3c6

SHA512
b4e317200e3cab4dfac93e684150d21f7dd89a656f8a9f576b9cfb22090e8db6c458008a4a1406121fabdac034cfb80200a740d0caf6ec63fbf71ad2fde41029

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\statement.h

Filesize
6KB

MD5
13d7bf3557e57ef3036bad68cfa8faae

SHA1
94c1af952f38e9f1ad2d722ec3a063fbe666e66b

SHA256
2c99d9cef21876db64b610dd9baba8de1f7c94028d6d1c463eb3db213745b3bf

SHA512
63e4543833d602b0c6ad9c21438e61782c252a5e30b776a9c942e1ecc34c1a7c471a39195caa20aefb072add66c83d99af902d620857d18ddad196f4f207a161

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\threading.h

Filesize
388B

MD5
f2a075d3101c2bf109d94f8c65b4ecb5

SHA1
d48294aec0b7aeb03cf5d56a9912e704b9e90bf6

SHA256
e0ab4f798bccb877548b0ab0f3d98c051b36cde240fdf424c70ace7daf0ffd36

SHA512
d95b5fda6cb93874fe577439f7bd16b10eae37b70c45ae2bd914790c1e3ba70dfb6bda7be79d196f2c40837d98f1005c3ed209cab9ba346ada9ce2ed62a87f13

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\snapshot_blob.bin

Filesize
50KB

MD5
db29bb80c7dd644cf9a48f8086dbcc90

SHA1
51d55dcde1bb3aed9f4f130e00020f614f2a8fbf

SHA256
6cc3d838a2b7cf5957802d378ba353b502e8a80b39648213285496a83825a702

SHA512
62e477809c7e4c202d99d1a05c6b6d9e89a307298d783a161bdae1af6f999aa4a26b24de63e94fcecd050aa4fda79fda24f081fdeca56e47e9392fe3d22b6c31

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\swiftshader\libEGL.dll

Filesize
460KB

MD5
acd46d81bb4f34912c255a8d01953635

SHA1
25969cc9e588e174b854566778f283f067c3c0c6

SHA256
bd1bc00a5c29726fb39645041fc6c8295256d90c7f739ebeaa8b6c382a4db189

SHA512
83692654ada422391b428953b2cec67048a171bbef4c59158f34607a762feac8a233b52ceaa528306cf103d9830ee38897afa996389e086d3778f290555a059b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\swiftshader\libGLESv2.dll

Filesize
3.1MB

MD5
8090f82a02c6850cc7bd2b481a7533e0

SHA1
54a0b66d76c1b60e45e83ba4627299d0b2aae84a

SHA256
e9473ba82f6d8742ab74e67484886291aa69037db72e0ae256b19581de0b772e

SHA512
b2e3c57926860a7954ca6e426f5f2fa080cf6ccb5c4edd77f59744f240f597aa9613f46294e8b344db76b46fe78777b5016828b8ab2fc274ca107f3af7abd878

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\v8_context_snapshot.bin

Filesize
168KB

MD5
c2208c06c8ff81bca3c092cc42b8df1b

SHA1
f7b9faa9ba0e72d062f68642a02cc8f3fed49910

SHA256
4a67de195878d290f49b503b83e415917b8bbcbd9936b07a5d33b48e9bc6e0a3

SHA512
6c3c370dd086a976c44d4059a315bd3bcbb50961aa34734e65a40d861cffca9090d47cec74575afe23952e394e4845bda2d8798eebe01fb54a7a6288bce238f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\vk_swiftshader.dll

Filesize
4.3MB

MD5
df2f469b761a706fba0b50149660f7cf

SHA1
2f9d8cb92b6e321e24a5437a1f77745a3507e7be

SHA256
be1e1dd3897dc9a997fdc5b3216f9af24c20fc678963f7486b0a6dae8900c274

SHA512
827e979f573f5cbbe6dd3c6bbe4414ab0d292005856b651b157f150a8d5605c3e77f76944dc0158ae9c632bdc31c243b1e9a467f03d3d3ddb08e95ff5b2e1347

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\7z-out\vulkan-1.dll

Filesize
715KB

MD5
67ebd2114a9c3a1b2ce2635f21e100e8

SHA1
15a8315b28dca9d7b5c1f604882050714f130718

SHA256
37ee8858cada6db0e511d083ba0729282b004b7e239966521300955ad8b1b18a

SHA512
6578d098b657ba4b28da60f338e033f5622e2fa9473d1833af85a44b314c1d662fcf12120dc466c7c19fcd5901b012f1f8ae7c9ce65ff8155ecd68714f25e102

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso832B.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\Downloads\Lorydos.rar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 741721.crdownload

Filesize
1.5MB

MD5
c73433dd532d445d099385865f62148b

SHA1
4723c45f297cc8075eac69d2ef94e7e131d3a734

SHA256
12ef1c8127ec3465520e4cfd23605b708d81a5a2cf37ba124f018e5c094de0d9

SHA512
1211c8b67652664d6f66e248856b95ca557d4fdb4ea90d30df68208055d4c94fea0d158e7e6a965eae5915312dee33f62db882bb173faec5332a17bd2fb59447

Download Submit
memory/788-784-0x000001C669AA0000-0x000001C669C3A000-memory.dmp

Filesize
1.6MB

Download
memory/788-750-0x00007FF82AC60000-0x00007FF82AC61000-memory.dmp

Filesize
4KB

Download