lumma | 3e71545f4b04343713c06054b07040353056927933f857b5d81ee36378b65b55

Resubmissions

21-09-2024 00:36

240921-ax436swgqh 5

21-09-2024 00:33

240921-awe3naxajm 10

20-09-2024 23:30

240920-3hgnjsvbnm 5

Analysis

max time kernel
1800s
max time network
1709s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-09-2024 00:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CheatInjector.exe
Size

373KB
MD5

0df0f27aecfc29a8063f0d51b4dfc928
SHA1

50c78883ecd4e77744668bbd1e72b2eaf5bc8cf9
SHA256

3e71545f4b04343713c06054b07040353056927933f857b5d81ee36378b65b55
SHA512

eef31af5604a1cd423622f401f5b1c9bd6ebe743abb3b7933c0febfbb565c5c0f68e9c25619a37cb2bd58142a72ba381d3c227dac7abaa052c80514d56918b11
SSDEEP

6144:QH+0/UOMmtGunubZUXsDdLEgyDe4KBAfWyrIOr8mRx98402WHpXvLXQJDod5h4:Ai4xubZmsDOgyDl5f3HrZlMp/cF5

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://chickerkuso.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma

Suspicious use of SetThreadContext 7 IoCs

description	pid	Process	procid_target
PID 440 set thread context of 4372	440	CheatInjector.exe	83
PID 3364 set thread context of 3872	3364	CheatInjector.exe	103
PID 4788 set thread context of 1300	4788	CheatInjector.exe	110
PID 1668 set thread context of 3656	1668	CheatInjector.exe	115
PID 4292 set thread context of 4716	4292	CheatInjector.exe	120
PID 5064 set thread context of 2956	5064	CheatInjector.exe	131
PID 2920 set thread context of 1480	2920	CheatInjector.exe	134

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 9 IoCs

pid	pid_target	Process	procid_target
3256	4372	WerFault.exe	83
4960	3872	WerFault.exe	103
4904	1300	WerFault.exe	110
4516	3656	WerFault.exe	115
1648	4716	WerFault.exe	120
1448	4716	WerFault.exe	120
3200	1300	WerFault.exe	110
4296	2956	WerFault.exe	131
4836	1480	WerFault.exe	134

System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CheatInjector.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CheatInjector.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CheatInjector.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CheatInjector.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CheatInjector.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CheatInjector.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CheatInjector.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133713527371023851"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	taskmgr.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	taskmgr.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	taskmgr.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	taskmgr.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4420	chrome.exe
4420	chrome.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
3460	msedge.exe
3460	msedge.exe
2444	msedge.exe
2444	msedge.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4316	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4672	taskmgr.exe
Token: SeSystemProfilePrivilege	4672	taskmgr.exe
Token: SeCreateGlobalPrivilege	4672	taskmgr.exe
Token: SeDebugPrivilege	4316	taskmgr.exe
Token: SeSystemProfilePrivilege	4316	taskmgr.exe
Token: SeCreateGlobalPrivilege	4316	taskmgr.exe
Token: 33	4672	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4672	taskmgr.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4316	taskmgr.exe
4672	taskmgr.exe
4316	taskmgr.exe
4672	taskmgr.exe
4316	taskmgr.exe
4672	taskmgr.exe
4316	taskmgr.exe
4672	taskmgr.exe
4316	taskmgr.exe
4672	taskmgr.exe
4316	taskmgr.exe
4672	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4672	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4316	taskmgr.exe
4672	taskmgr.exe
4316	taskmgr.exe
4672	taskmgr.exe
4316	taskmgr.exe
4672	taskmgr.exe
4316	taskmgr.exe
4672	taskmgr.exe
4316	taskmgr.exe
4672	taskmgr.exe
4316	taskmgr.exe
4672	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4672	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4672	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 440 wrote to memory of 4372	440	CheatInjector.exe	83
PID 440 wrote to memory of 4372	440	CheatInjector.exe	83
PID 440 wrote to memory of 4372	440	CheatInjector.exe	83
PID 440 wrote to memory of 4372	440	CheatInjector.exe	83
PID 440 wrote to memory of 4372	440	CheatInjector.exe	83
PID 440 wrote to memory of 4372	440	CheatInjector.exe	83
PID 440 wrote to memory of 4372	440	CheatInjector.exe	83
PID 440 wrote to memory of 4372	440	CheatInjector.exe	83
PID 440 wrote to memory of 4372	440	CheatInjector.exe	83
PID 4672 wrote to memory of 4316	4672	taskmgr.exe	98
PID 4672 wrote to memory of 4316	4672	taskmgr.exe	98
PID 3364 wrote to memory of 3872	3364	CheatInjector.exe	103
PID 3364 wrote to memory of 3872	3364	CheatInjector.exe	103
PID 3364 wrote to memory of 3872	3364	CheatInjector.exe	103
PID 3364 wrote to memory of 3872	3364	CheatInjector.exe	103
PID 3364 wrote to memory of 3872	3364	CheatInjector.exe	103
PID 3364 wrote to memory of 3872	3364	CheatInjector.exe	103
PID 3364 wrote to memory of 3872	3364	CheatInjector.exe	103
PID 3364 wrote to memory of 3872	3364	CheatInjector.exe	103
PID 3364 wrote to memory of 3872	3364	CheatInjector.exe	103
PID 4788 wrote to memory of 1300	4788	CheatInjector.exe	110
PID 4788 wrote to memory of 1300	4788	CheatInjector.exe	110
PID 4788 wrote to memory of 1300	4788	CheatInjector.exe	110
PID 4788 wrote to memory of 1300	4788	CheatInjector.exe	110
PID 4788 wrote to memory of 1300	4788	CheatInjector.exe	110
PID 4788 wrote to memory of 1300	4788	CheatInjector.exe	110
PID 4788 wrote to memory of 1300	4788	CheatInjector.exe	110
PID 4788 wrote to memory of 1300	4788	CheatInjector.exe	110
PID 4788 wrote to memory of 1300	4788	CheatInjector.exe	110
PID 1668 wrote to memory of 788	1668	CheatInjector.exe	114
PID 1668 wrote to memory of 788	1668	CheatInjector.exe	114
PID 1668 wrote to memory of 788	1668	CheatInjector.exe	114
PID 1668 wrote to memory of 3656	1668	CheatInjector.exe	115
PID 1668 wrote to memory of 3656	1668	CheatInjector.exe	115
PID 1668 wrote to memory of 3656	1668	CheatInjector.exe	115
PID 1668 wrote to memory of 3656	1668	CheatInjector.exe	115
PID 1668 wrote to memory of 3656	1668	CheatInjector.exe	115
PID 1668 wrote to memory of 3656	1668	CheatInjector.exe	115
PID 1668 wrote to memory of 3656	1668	CheatInjector.exe	115
PID 1668 wrote to memory of 3656	1668	CheatInjector.exe	115
PID 1668 wrote to memory of 3656	1668	CheatInjector.exe	115
PID 4292 wrote to memory of 4424	4292	CheatInjector.exe	118
PID 4292 wrote to memory of 4424	4292	CheatInjector.exe	118
PID 4292 wrote to memory of 4424	4292	CheatInjector.exe	118
PID 4292 wrote to memory of 2428	4292	CheatInjector.exe	119
PID 4292 wrote to memory of 2428	4292	CheatInjector.exe	119
PID 4292 wrote to memory of 2428	4292	CheatInjector.exe	119
PID 4292 wrote to memory of 4716	4292	CheatInjector.exe	120
PID 4292 wrote to memory of 4716	4292	CheatInjector.exe	120
PID 4292 wrote to memory of 4716	4292	CheatInjector.exe	120
PID 4292 wrote to memory of 4716	4292	CheatInjector.exe	120
PID 4292 wrote to memory of 4716	4292	CheatInjector.exe	120
PID 4292 wrote to memory of 4716	4292	CheatInjector.exe	120
PID 4292 wrote to memory of 4716	4292	CheatInjector.exe	120
PID 4292 wrote to memory of 4716	4292	CheatInjector.exe	120
PID 4292 wrote to memory of 4716	4292	CheatInjector.exe	120
PID 5064 wrote to memory of 2956	5064	CheatInjector.exe	131
PID 5064 wrote to memory of 2956	5064	CheatInjector.exe	131
PID 5064 wrote to memory of 2956	5064	CheatInjector.exe	131
PID 5064 wrote to memory of 2956	5064	CheatInjector.exe	131
PID 5064 wrote to memory of 2956	5064	CheatInjector.exe	131
PID 5064 wrote to memory of 2956	5064	CheatInjector.exe	131
PID 5064 wrote to memory of 2956	5064	CheatInjector.exe	131
PID 5064 wrote to memory of 2956	5064	CheatInjector.exe	131

C:\Users\Admin\AppData\Local\Temp\CheatInjector.exe
"C:\Users\Admin\AppData\Local\Temp\CheatInjector.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:440
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4372
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 592
    3⤵
    - Program crash
    PID:3256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4372 -ip 4372
1⤵
PID:3580

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4672
- C:\Windows\system32\taskmgr.exe
  "C:\Windows\system32\taskmgr.exe" /1
  2⤵
  - Checks SCSI registry key(s)
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4316

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\CheatInjector.exe
"C:\Users\Admin\AppData\Local\Temp\CheatInjector.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3364
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3872
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 1364
    3⤵
    - Program crash
    PID:4960

C:\Users\Admin\AppData\Local\Temp\CheatInjector.exe
"C:\Users\Admin\AppData\Local\Temp\CheatInjector.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1300
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 1336
    3⤵
    - Program crash
    PID:4904
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 1364
    3⤵
    - Program crash
    PID:3200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3872 -ip 3872
1⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\CheatInjector.exe
"C:\Users\Admin\AppData\Local\Temp\CheatInjector.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:788
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3656
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 1340
    3⤵
    - Program crash
    PID:4516

C:\Users\Admin\AppData\Local\Temp\CheatInjector.exe
"C:\Users\Admin\AppData\Local\Temp\CheatInjector.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4292
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:4424
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:2428
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4716
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 1360
    3⤵
    - Program crash
    PID:1648
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 1340
    3⤵
    - Program crash
    PID:1448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 1300 -ip 1300
1⤵
PID:1672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3656 -ip 3656
1⤵
PID:216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4716 -ip 4716
1⤵
PID:4508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4716 -ip 4716
1⤵
PID:3400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1300 -ip 1300
1⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\CheatInjector.exe
"C:\Users\Admin\AppData\Local\Temp\CheatInjector.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5064
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2956
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 1360
    3⤵
    - Program crash
    PID:4296

C:\Users\Admin\AppData\Local\Temp\CheatInjector.exe
"C:\Users\Admin\AppData\Local\Temp\CheatInjector.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2920
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1480
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 1352
    3⤵
    - Program crash
    PID:4836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2956 -ip 2956
1⤵
PID:2744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1480 -ip 1480
1⤵
PID:2828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc653cc40,0x7ffdc653cc4c,0x7ffdc653cc58
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,4766161145372923891,15802149040085719410,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,4766161145372923891,15802149040085719410,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,4766161145372923891,15802149040085719410,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2480 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3204,i,4766161145372923891,15802149040085719410,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3236,i,4766161145372923891,15802149040085719410,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4648,i,4766161145372923891,15802149040085719410,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5032,i,4766161145372923891,15802149040085719410,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  PID:5308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5104,i,4766161145372923891,15802149040085719410,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4436,i,4766161145372923891,15802149040085719410,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  PID:1960

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdab0746f8,0x7ffdab074708,0x7ffdab074718
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,546534345059020094,3821294313902801440,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,546534345059020094,3821294313902801440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,546534345059020094,3821294313902801440,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,546534345059020094,3821294313902801440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,546534345059020094,3821294313902801440,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,546534345059020094,3821294313902801440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,546534345059020094,3821294313902801440,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,546534345059020094,3821294313902801440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,546534345059020094,3821294313902801440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,546534345059020094,3821294313902801440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,546534345059020094,3821294313902801440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,546534345059020094,3821294313902801440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,546534345059020094,3821294313902801440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,546534345059020094,3821294313902801440,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,546534345059020094,3821294313902801440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,546534345059020094,3821294313902801440,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,546534345059020094,3821294313902801440,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2372 /prefetch:2
  2⤵
  PID:3640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1288

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5280

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:3956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
d2fb266b97caff2086bf0fa74eddb6b2

SHA1
2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

SHA256
b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

SHA512
c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
944B

MD5
6bd369f7c74a28194c991ed1404da30f

SHA1
0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

SHA256
878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

SHA512
8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\76e3243f-29b3-473d-82e4-926f2b8ccdbb.tmp

Filesize
9KB

MD5
9afc2f73dcafa0a9d09b4d2c1b662731

SHA1
cbd20190fcdc1405067878fa36d2667009ab2f8f

SHA256
bcbc0d96612842a5cd1bf24b52b7c02c411ef59a047409db5ef2106a2fefbc8f

SHA512
9b2728fc7fac916c085b0d5ba6c4ef2298106448f1c399b815940601afdaf944e05e8cca1ed408d565b4360f3baca230211ddb7ea77586983baafcecbee048ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d916e7706d1d44b0b235a2c3c178da15

SHA1
9a14f84d928b6e579386254c2c6224021811002b

SHA256
0a57254ab217a231e09d86a82dd2a442c35cf6254da0651bcce52c7f4dbf8392

SHA512
a949fb011e33d18545d7c5138dd67495e8390005bd379bb560fb3ae3d3f926228e2de4ced310c6d3d629b3fb2036c59857614736c2a7c11baed79d653c66cb80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
359039683d7356373ac65e00b95d900b

SHA1
f65080fe6b9dd895026a6b49483160fc346f4c65

SHA256
03d4b3daada48e7da4ea88f676b65ff592fcb9451ae8c824a62b58bfbf46ada6

SHA512
a8926c3af67a70792a6f6dea3ebb8bd1934cf550174fa1c546521dc986ac771034e9f149ef2db531d3297f8c5c447e928273d7c5effea87475f0657fe98fb4d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
241a6dbcf414468e4659fb54d3c0de86

SHA1
77755b35096fb220006e4baf01bf34f3f710bca0

SHA256
f1517a758f2c88ac114b807ee315b6cac1d0d65c48b36e9c99c5585463276819

SHA512
5f9ed135411c96c4077a7d01b3805522e8296d6223db2c8fcb38122322c212a43d7eff957c5842d06e7f5483bc15b4c14bd197da007178d9ba9e0401af596d68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
bbdf59fe01a6ae40b1629533037a7fd3

SHA1
4691fb7081f53271f4d956cc90a3dfa0c1211c2e

SHA256
ae596e5e8f058bdbe5977e4268e03a477eabe0afce413b2693d77e33d320fe05

SHA512
bab083863a62b58ad444f92462118049379e3fd32b3333c83ee4ba2015a3ebea35718aa313f90195d7db5b67e04c99067bb96c036a12dd3160b048505142a4a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e29c5bc284ff6a0aa0aac4f9b4498dc5

SHA1
40d5b9c1585bf445b2ec949e611e149138f14cbc

SHA256
0db907d155142a55d5a416536f9aaa46dedfb6ef7405d194ff482009a9e04025

SHA512
4cc0fc833505813f29a211081f5c1830dfdaa139ea99379f142a7da9124d2151c254b9b4e5729b812294066fc22af8b7db6c28c052dff20cc1aac801a4775a52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b0fc5fbea92d816d00114a76ae614b46

SHA1
bc6f435a3132f697232373d5139abd66a284093b

SHA256
ec1ec403193d855a6cf86b07b174e5dbc91319a23fcdebf7e2b74568cb00ef79

SHA512
eebbebb6d3b9fa58658b423dc63a8e4d727b5360780d73c1e4c44481f4540ec9c89ec62a5aa7bc03b6416c26acbaffbd5629402280ba5384c185a8ad566f16b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
877534b30e20004216d7a54811b1ee71

SHA1
86b1a2bd9a3814e25be474404574608cd34058f7

SHA256
e1903a7d60a7f361d83c403c9442dbb9ee4c240c6b22562804962e0b0de8ba3a

SHA512
c5e02fe016fabd5f0b966670631da047dd5849e050267813cad4189a8de6fc224980461c1222fa6d0adb9023b33eeb955607e88240cc6de8d783bd4a6891ddc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
535610a4f497c382f815684e5445429c

SHA1
f5eb5f9f216be749a05e5106d849993f10efd321

SHA256
7203c3e33210f4272d536df7fb8d390dbf47af94b226203d04956edc3bdaa5f9

SHA512
68766b47c11dc57c2fb56516570efb7dc0b96d0ddbf58bec1c68716cd7d5f244182873e373c4cbab338ba6f0aa5bfb42c1a930cb3884d530804b908812f0d5f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dcc1788fbf4598ab683d9e05718eee65

SHA1
77d902695e421aa9e262becf0ec18fe8d1a328c2

SHA256
51eb29c17d940f3de5aa8f38e3e3da828668070c5f27fdcd673bdb63704d314e

SHA512
720408a3971da7fdfbbaa826c0162ec52376d3574af86736c9e322b56b7902bfc338e71813833c3331888a83466bbe2479f8989ead66205972142a69a770a5b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cd6ed7d3413bdeaf83ce2c2733cc85f9

SHA1
f4ccba53e37cfccac9c02b881627c55899bff740

SHA256
ff086ab06b183d4e1ab4a5ae7595ceea0eee7ae57204fa644a41a6aa676a1f00

SHA512
be117c0286244aec1aeb8723ee2c089f7bc7cbf0f05db9ef25ef1c6d4f55a06c0f5cab5cfb146c1289d653fdb2df98c6803d2e9dbdc613562d62d2e7e6a7631a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3d64b60c01444ce268f7ebd831f1bfb6

SHA1
d66136c6cf05d8d00b24eb05e75cf803d4882e69

SHA256
23134906b602a6794f29b96bd97834767580a592682c79222194b49ee3aa7f80

SHA512
c98e664244d60e7cf199c9cc81f904f8d7989dd5f0ace588ceb91180805e2fdf629247a876f2cbcc079300e4e04a2afe08dac3a8d733af4d9d684fe87e9ca973

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
57054ad692478e6d3c92e12591b7f894

SHA1
b859089a9f53ddc4f0f5a4aba7d8ea2c254c63e2

SHA256
cdf3c6af8209c47c8132a738f8bd7b0a41c3eef89914a3d69a18658158a3a99c

SHA512
d69b16a50fcdd558b88477de429623ba4a6a3b41c0b3639340f5f14a845d4f195735262dee9defaccc31817e3bd8bf5f65f958e2f76ff069b96303415b72f488

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1f9e022fc939a2f0fca8c4719798fded

SHA1
a5be86ec2b2d6951d8fd1e74cfe7d803e8d15711

SHA256
303cc969dc5917b37c7142f5eeb6add9fc02f80f4bb6b0ecf80fb1c78565b4c2

SHA512
8fe5fa9aba4c83be5f9a779b72932f66ba2e859c6b97cf67e935fb5fa5f1db796f20948cb7e71fde983bf2526482141b18e985132dc7fa601437a644a1a94332

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
814f50cbfaa2e8f432398ac8667c2bf2

SHA1
e19e84940990a3387f6a9788bf8e283ba88120ad

SHA256
970ca4b6c4d21e39ebda38d6d96463e2169e5d2cf2b699149ae938b855bde1b3

SHA512
62987a551ba3227d43551b5a244be87d97ca0128565c9f1d85d1775370f69fdac94dd060a8983d25169be24875a0a3cee21a9449498afb0e6625417c121471e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
de08da14e3c523b9181b804c0b916d46

SHA1
8acd7ba6ced5ff07ce0ecaac281200e645f27184

SHA256
d2a4022a1529c5721cc74fe1f7b97262164b0626b42a33288c344dc6e1a0186c

SHA512
e208459188b970edf840a227b74e27d0bf9ccddab87c016f10354283fcff514f01315328063254f386425c5cd8795e467f38da5e7a8429daddcb98097af4e92f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
71bb44fed9567240663dcc1257869263

SHA1
f90695b78d1535714c33653345cb4f117f9870c2

SHA256
8a9acec51f8bfb944c758d8d104ffe37b4421b6438ffab2d0f31503069d040aa

SHA512
48f32765b7fe7d5ca9473665db69b6fa94cd71074ce5a02e60d2c22249f8ee581998a795991bf53b1f476f8d4961f8eafd516a666edbd80ac21c35ed47373f22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
70474df8c1bcca2b3ae4d52f0e9eb49b

SHA1
a7c43466978f8ea13e71c2c6cf90834ed1ce601d

SHA256
f94c0bcabb8e487b2e4d434f45b04bc9149745266a0de709c589717f16914bde

SHA512
4cd17104298b777baf2085f03645e236ccc79ca286cc62b04ed5e4ba79fd2340c6fdbdb4b7d0897440f6ae222a481bffe2b9654ff5f3588eb3415a8926a95b57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a9f96620ab9796a6a914cc8d48a64d09

SHA1
6a8dde5db0ce0f682e842bb777ae2a016377676d

SHA256
ee23bdcf81a6d48d38aec6f7609f28ecb6a87793017905ed208e74252f678c7a

SHA512
403bbbf37d14efb15bae89fadf459e16d8123794a1d611174dd6fac259521203c01ac7995d3442b4c87ac20a19c1c63cde120c56c5a26e5cea6be0fb05d91255

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5730fef879387d5b3f63cb14fd8e2575

SHA1
d3144320dc170598c0845024c961638303a90699

SHA256
6efd4b237f47ce75821ffcfdcc83b8895b9e97ce251e5cbe23e51c392b619d2a

SHA512
e32755176f3316af45fde53b6146da4da4a56b79b5c57426c0e8243c954c9bf7ec515979f7ca18b329f64012f605ca13de80c98d70d3164a61a6977cdfb5377e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7f36f81062aba9c6bbe849df72824d71

SHA1
1cfb3a02a29db99f8af5901933d7bcdbf6adabbf

SHA256
4b285ca390801b74436b03c3af64a632da19c981be54b8a750f6a9e6c5b05fa9

SHA512
1be92bf01124018a0560bd7ac0916a2556ee40c7bc7cfdcc12258325dbf2eb5a63af4e888fb4054752300e39a9228fa57e12e395700c6995083517ac8f1ce9b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
229aee3225f6a1ec9bbe666cae65a24e

SHA1
096e2613333fea299524d01830b95f42d266f497

SHA256
4cf4819a1fde5e4ca7beae9465f27e79fc911276b2d3ecb9f4119ffcde345d9d

SHA512
e4745931c4e8c2ad59cf100a6d4986df7784dc8ac73f2f99058528b8d2cb078ef0499e1c9bca7eb408b5084957851880987b6ff00030ae50285481decc214373

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
314fd6cc8da8bec2968e7a2b12baf43f

SHA1
3f0ac10a8985a5389361768b5aef77599356d312

SHA256
aa789f6f1d6bd9b20c97c8ea50e9fc353db35b215cfb35643ab20a8dacac31ae

SHA512
b14defdf0753b390b0de63b7db00942dcbf3d9ed85ba98040af2dded5e920b9972220051d954f2fba868216c294a68055a78fa76810a472be84b23f8e1a5a35c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6853a737e9edcc6ce11cdac8584648f0

SHA1
7d6d6df3651bb77b39a5c35755e749f05bfcee09

SHA256
29ec79c7c94e72e5f248bb8659d3212932cf319cb42970c62c9a6e8c98cd475b

SHA512
1d566145deefd711b832a546f3fe6c60af6896134f1cf184902248d26e758cd58fdaeffdbeb51fb7dee526f285872f771f552942ab9d55b340bb626aaa43ba32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c8e42c4d1eadc09dde9abb8688916c80

SHA1
2bfc84bb926710543bb3b32d093dddbb28b2d70a

SHA256
8b0229b42ae65bec15fd441022951f104e2d5f41a1a1eb389efeb892a798e52e

SHA512
765ae741f146c32c59e918d6a814cf90041b7791970110bc10590b45501e51736b5b666351198b820f932e1c49ad19ebad6704ea335a1046e52f48dfc2405426

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8bae2c195ee5a58b1e3ce9b0ed939239

SHA1
d72e28157bb826f64934c3230f29991e0e201721

SHA256
31bccb5c9294765008d308670c2698dd15f311147a81c2ff92f2cc52825b543b

SHA512
72aecd4d4cf448b3ead1ce85553821bb270c314b27df25829bbaece758a6959b66f2ee60372c04f50a50ebf24caea750af0dd3545ec43aa1ada28598752efc4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c966df1437339ed484e781c9eb7b8a75

SHA1
08a0cc5960686ff6743afd69a2d7751b9d15a51d

SHA256
ef96e277c827f9d1afbb7a91018608b4475c777f442f73801637468a75a270c7

SHA512
5a61e9fcdd8bacd5ea82a7b29fc6e6c4ff77ac71724300e44d63e7c61048ae4c80f08bd5cbb8eb6ecdac74c35e0d002644c29247f0a1f79a6c24dbc089e8f469

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
32589e504802ee9b253294d3ba444243

SHA1
bc9b3fb7bdcfd48844e89228a3766ba6646a7a39

SHA256
2219fed14a970cf83cb953c7da0219bc6b57872fc2051b121be3a0a8b6048d1b

SHA512
27ce33c3d3ca9535fa99f1e6a9dd3bf6ccdc475d4814a2919991653e59f8748315c8ff9500bb4c23bf1eedbff0a1322d199461a3ae9e3b835bf512fa77c219c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2cec5e5ccbbd21100cf37003a53662d9

SHA1
aab134b0f8c03640ca1b4652c64cd0b39d5c36c1

SHA256
3b7d39fcc65b4f17ad4cbe68a15286f885c171c4f477a35362ea65b9049f7bd7

SHA512
894dec0eff88fc7b474a18ad10ef74d5e3eb9ae061d9f4f9c44bc5e2f6c8d1956c6ff7e6cfd9d292a48f009ba523c1d3cf3abd06462e06cc0ce621350b039260

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
27efe461eba3b1c420c5a1511e62b94a

SHA1
7e116f229e192db2feae7694ae027406e7980094

SHA256
0dd43f68237227ca8101e3f54b7fc5a3f1ec49e2f96bbce434d44a45b720715d

SHA512
9bc5519e3c446e6f9c7a10d7e555244e88b4c726506bdc4076d7dca4bbd8527c1754dd12563ab913909d957177ef012a8bda17fec1fc3a4b283655c2de3a341c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
06cbe24f3c2583af4b9dd4cef8930409

SHA1
ae87f8bf3cb74c39891c37936110093d1e3ea73e

SHA256
9319e1ed42e2a8d40a14914ceaf3ef7730011f8f961ba6c748aec1dd28da34ce

SHA512
632bd79376ac3c5468188cf65b9d31d251cbeec5105e3ba5b97a694dba5138c36d7c88cac1794de35e287829d3f7a4d33928f259c8c24bfbb83ef575aa4d821e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
47e1c65b818d85aec19b8a09b9fc8e12

SHA1
29afe4e4a17bb26be378a0022a93f689389547aa

SHA256
c587b19fbd19f03265fbd9a595e31e234254602b781dd986035762f3802da860

SHA512
9682b77be95008cc010cad19b212c8db96de54fd985e43fddd0772faece871944ab0dd785a636ce47142394590d17792b3517b3b043135f758892b9210e1ee8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1386393e392db96aaa13550a95067d7d

SHA1
b06e57d696bf2396a28498b87cf0734dc4aceed7

SHA256
b071acea6c1648ee0f96613f5a63c085ebe7d1323bccae5a34b35d32d2ced385

SHA512
b59b87690ad53f21cbe0585624ef89a48d191f57017415b260e120fd6470cf9cea60b6512250945cd278f8ff7a9bdabd3d39113d203432567faacc610316b41c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
beee3b33c8d2e63fc1e5542150ef2b0c

SHA1
1f45fbaf07e39636a48d35d721aa946149855cd1

SHA256
4d8871399b71f08f82771fe9d3258d6bc2c3deb7705859f8b00d05a3f390b0c1

SHA512
8600be1292460da107847deeda6a90ec07d97cacb567d6b262ea1ed3cd44b81c7441361698141d36b701aab81eb6fd0209211bfa84dcdb7b37206d0bb731f70b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6aa02518ccdeb46ed7254514e309e300

SHA1
47a3ccf5f2f70623caf8d96abce8fd8b80d0de52

SHA256
e920c9d9eb1750c4f9b0e8d5036ef57b53ed6a92b615860566a1c108a1098134

SHA512
093885dcb29a3e8a10cdd28a1862039abd38de084d7d3c8d3a4808a8d4b05e2495435a67de7f8e52c6d86ec2135aa40a94330a0b5b4fc818596e39e4f9b22fd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
534d2973906c4abe150150eccaa7c58d

SHA1
99d1da44b16e8619c56617927ef8eb90ee3a707b

SHA256
87181abfd317e433008149b64c96c04d52425fa037fcb58c7d168f674199c717

SHA512
3269b6d2243a3cd1f674fe6f45bbac0bd9aa01c34ab07414fda19bfcbb129ad79e5c0e3da348af08dc534ab47abc08580cb57fd657f5df070f9d93ba998efd0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
96a4716edffbbb68cb1a89d1bd684c3c

SHA1
2c1a2e59aabd273199e883da7da8fc88b1b37482

SHA256
2251eed402dc155a250cfa780125ededc2fce7de4c73d5cd3059f18d1d4c4d79

SHA512
ba773155cb7fbdc341159d3dfd27bb70c0122b73707f0d286411b1589747cbb261afc132e2ed39094eba185a47f064f1801bf4916e0218160f0c8eccf099e306

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d66a83be2a3cd0ed4b9b0f36a4bf0593

SHA1
6c1abc80d9b0b2841a1f9b7738d5f2cf956f95dc

SHA256
91fc6ebd3b030f20745ae5d0ce23db825f7864544442eb7d221076419f96d563

SHA512
9dfa1669e506e7f0e2fd6b9a238fa257f9966de7f2dc94a79529bfffdd797a50c01f6d32afe3423f969951f3800572c8c764495cbca4375a654102ceb5e5cd74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8dbc23bb23c9893f0932b0c2c7240762

SHA1
d525f2eb1a9ffb3f01c2f1ae55483a85388787db

SHA256
d7b074f5bd953ccff3181a8491cc530d7bbda4ac5133f9300715ae41f072d3f3

SHA512
364ddebd0e963ab4bc0fbc42e692e1540d52b092fc5f3cfba55940f008d20a6fa5f739b7173d9444a1f84ec142470ca664b77c43b12437f58a87e74072be868c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
615852e3c7938738366993ac17765449

SHA1
6f7ba34ffb9674efc03e985248cb3615dcf228ec

SHA256
e132928bb6a7cef55e8f1bfca85c1fba125841f9da7139fdacf87d542b714cd4

SHA512
ac16765dbfcf5926e94244116d3f1d78817d268f94739d92a04b9c9e3dc2c46a7947f3bb61cc0fec82174f589e3d806bdb9b81e42f0b84dc5da106d60fcf91f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c591f139fd25246b08b7b63d947a90b6

SHA1
44265952a99c26064d069032a52018b685fc959f

SHA256
c141548b6a82d97f9d03b3e60e998cfa4b05eef5380df806bb8a29bac5ebeaa3

SHA512
2d083c01b12571b7e0a7519b82528f968293ce55637e646cbb4b2fcb48bbde856a14c50697e57900106b14eb81af0be58ba6c6bba4493e750080a830d1c0fc12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
20d4c6cf0459a28a77b3348ecf4e252b

SHA1
070883a70687473aa00db0f281d366e2fe81d012

SHA256
737d1e32467f05f7eaa4ebee610e9c084aed519cb4ce09d95f037a8d6da98438

SHA512
c2a72779b1cf5df1ef4fd9d1e9efe4065b2b5ac548409de894175eeecd3601162037d1b9c47d89b6942b3a0a9ceaed337174092409b0b00651d290af2559a365

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
297636f3ab5dfc3047aebe4d8129b9fe

SHA1
6bede8c7880eaff9690320fa959c3597f05035eb

SHA256
077e9ed6b3301eb2f45f8012616a83d81c528a85c8eb115113caa092956e9004

SHA512
3dc228cf04697356162153076f2e0fba231f5cb570207819a1a2da32a88c53e0ecae8ebe2ca56bc2ed832e468cf8e3d42d2e2c5c8f58ee4feb32886a3d0f9c83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
89b570b692460478e7789f875da8454f

SHA1
9ca555f8199e1e3c5d894413e2fdf8b5f1d7f424

SHA256
7871dd0cab4292802dcfca8267cc84857add1a4aca36d5a981c7f0cc54472c67

SHA512
a199cd97e97403f4b86dba310004cfed470d1c8312ebf827e46594c12593e682d6b30b9e5b941f54e8106ae488a8340a22893cdc93b583608cb4da6da1be1d3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9414768768894bd05d253fcde1f4c9ec

SHA1
72260d51b8f92966c90e6b929bbb56d6042f3280

SHA256
c7e5482ce76096865d1031221bc6f7a14fcfda9e817f2f751c3390d647810090

SHA512
3dca48b73fcd862715a70dbea78c8c286604bda86217c493cfe57834d38e6f06087941df3468628e173084f6a48931aaa0b811e7b939309057f77dfab53e84a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5bf1f0b428bc8de8ed50a3591a3f1838

SHA1
b212e3d72f93b1fccf4a72068c7556d56b07264e

SHA256
08bb04b97b4d849c90f767910968b4ba769c30878cab2b425f58f4d16007c95b

SHA512
5d9612254f3edc290f2912a84cd6239279d33df83165f0bd9e4c19904ed1fc13b364a4952942e78beb769ee50328255dde1f2082189caec8950033a981f3bc48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
808d159804c82d63a5f269658bcfff55

SHA1
ce308b2b9ec8e006d55e5bb975660cb21306bfdd

SHA256
db7c73bb3f81898c9d6d3fc5d5833374a43295c3a020d99ff8564d3679dda56f

SHA512
169fb63e31f8c0180ed95bf039497534fae5c0fd238c0c97de3a3f690975c9c6e37543197927b124ebe12c167b1441069ca6ac6ba4ed40f1b57803e74f7101f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1a687afa2e87f7c437981be6875afaea

SHA1
fc7e2bfcf26ecf07e526f1dc397bd9946e0b3010

SHA256
37424f7318ced2befb50d38f822edd70ca9ed2f21a6d1aab13dd761ee84fca4d

SHA512
d5e905288bf93df4eb35198172d89b7291503104ad9bd02cce4e8420303e52a5860ab607de6c779ba3e0ad196621df9ed3b57d295ae72109897b1d3869d66544

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
57fc754016db79faf8a51549e368fdef

SHA1
8796ee5151196ee6a5cc25ab5462272b2a41ce82

SHA256
3ee78d1aa2f930d222b4b039f57afd4b25b77df52a85115ff15ed2c67fb0f102

SHA512
90e23ef958298abba7ce99a305ea70c255ae567c5461f5c1226f5212917994ca1dc391cf5e26d99b76ec5537302dc85d879baa6d4eff1abf074937b512cce094

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
46ea2310bad90ced02a18a63a21b382c

SHA1
27b4edb2dbe8df08dc726eb3c7a672fd29300822

SHA256
418c1d86eba5d13c5bccf721431260085561348a19ada99dec93c60420051a41

SHA512
2c8fc2de703a6b18bfaed3b492fd9bd428801d9b2ed3713d3edcf8242d59d369c10e08f2c2125da5ea5029e0572cb4b358763cfbfadd076d4153db1f6c0f5ff0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8c6b79d2f4e28f39f8a6bdf03dfec7b1

SHA1
fc8120462c21a99d81df2f33942e21b5a83728e2

SHA256
fdf719c3134a86efc67f1bad18b78058f3422594967279feb44566a20482b976

SHA512
c4a382301e1ba3756082ed6859f50f7389814ac83e43020812b35e8986579b330617490325b39097160e3bf23a56100763113f3a3e9fa1f43802fc56b33688cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d377af03a5a92ce91d36674c3ef6752e

SHA1
e36e2e25f34a1884e6ae272491ce3c1be105f521

SHA256
1da358704746cf440f45ac42785fbf19f9ccae0cab43771b8411073ae59ae9be

SHA512
77e73da788c6a038afc56dc66a17881485612f4c52738835a4009e18aa99f7a48cd446bb18a7d96bc1b2fed503341095e43b008ffecff2301c0e8260bbd34bda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8ee0279a7f41880e7799ff578b2d99c2

SHA1
66852eca030bc8310e44d259d1e58ff929b3ad75

SHA256
f2f33bf0947e04d5c1c76f917834662b88a77419293cba49aa83a1f5505d59c3

SHA512
3428a1403994d5a79a25aca7c5333f57299be9d4248459b0b8881053cc3cc428161edfdb7b2dbb5cd31ee0bc7b707495dff8a6d0f1468495cbff8372a281aa54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
37b050dffe82af6ffed657016155d34b

SHA1
b7d0ffba6e0d17c515414956bf821f628f6cb36e

SHA256
d8d9123fd86250bb7f44576a4d144389ec3f705a87ad7c6fac160d2cd31bb452

SHA512
5828eb78d2d0c84cf09af6169864e352c98d81546cb72e44ad76fc23b12c644e50994a6dd285a72d827d88e53ad04200f2a31761dd2c1068dcc9145eb4e0002d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
93301ac9ad6b221627f8f08f37d53b88

SHA1
45c4394302f0dd92612b1799fe139de3bc015510

SHA256
f47bcee70897af140bf689d84948d1f94d5790898eb474623821f4c5f5a69a1f

SHA512
e5400c9279511252f28dbafec24aed032be2b8c1217b4defd51f010ad3ddd32e2f3e98956683000208bf766e03eedc16900e6a53672229408c185bbece03247f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a81bfcaf2dccbf71ad2ce3c86075868d

SHA1
2702d7ff629289c7a0c20d631e7c431a7353cffd

SHA256
81c4c5250f65ee26e46db1255e10e7c2484d9d6fb7501fdce0f8761610d353e8

SHA512
45d680b9a31bab0740b49cfe39a166a841c786ab93071388004dcbf3f170623e00221f2f8df2f90ae1edb757f726199f25f8deee3fb290cebc854284e6656ddc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0271a6cd193e874d87018dfa250a35e2

SHA1
c4ec180d96cb5082b6f89f7307deac957ed49397

SHA256
0ca09bc054856d773c979e7e9ef8be16ab8a0c70f1a89ea0364f6d101d3df4ca

SHA512
f284bb30acf0caccd2ceac3d2c6fc9ff849928a6ccf8aa9725ae2d10654ffae76778f5158c084ec76c678a119aa05f26f62b88398d0ffbced68bff7bcd872dea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6818c8efdd2d20e7233872a92d783933

SHA1
f4d4df909a18f953ea293271590b543593595c93

SHA256
28ab71adfa196625e2747ba2d827b12aef6746944c3e67e575e9164da3b0f29e

SHA512
3417487cfbab84a2f97d8051337a3627abd706c35eecd8bbae801e71302161f65ff22be0e95da9199a70190337fcfded1d097d08cd11e614d599b65f624830a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bc0d456fa42deb49cdd9f7a5681ddcfa

SHA1
064b814fefee0035c99e194bee8635bdda984f80

SHA256
13482e48918780aa24ba4c313c0aa88152612ced831a4780b8716131671357b0

SHA512
93c266ce7c9c204f0bcc5b622ac7cd986136ee5a0621bae45d069cc6bdeb0e5bd5fc672015c39ab4c9168f333cb0e1d254a21f9f89374596f9b34ee4925f2f65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
24b617833025dd1bc905b9ac61a27277

SHA1
40cfa9ac0069be5b9ffc8e262a78cf1de81a40b0

SHA256
37b1545adb19c3faffd5de9e0fd635c649086f664a40b6fc6f9677e5a1c23e04

SHA512
bf928cd17098c7ac295c40dbd9f218e05cbed4b076cc8c9ae2f7d4be31c45f0e3b4250b153c28ea7dbe14f1c2a406440fe816ec498054088b18d0c71d0cc970a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dec85bc3496e18c2bd3832aeb4de234f

SHA1
9483f574c54733c35d49818e6a9dbae81112da2e

SHA256
94c33c206b1edf7498c069d306d130f2ccfe5c5a5804e17fe8077be200da527c

SHA512
16665c73c99e10bcba5516e2be6df30829c9763421c0ac54f49756d3753c9cb8dc0bbe9d0a69f7187fc6a6840ea5fca39ef9f49b615bf84e4f37c78ff84de63b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9798932305063759bcac574c8bafe57d

SHA1
9ca6dee74e057bca7bdeffb5f63ff9a2ec0b4c16

SHA256
4b8e9f7bec6c58dab3ca8c62bae39837b215b7d2e4f553f7d2c3aca4738b76fc

SHA512
53ded5289853e31d8751703b7749de7892454cb49616da6f9aeaa7dd9b5dcdc7abe9cf50686a7213dac901cd5cc2b5752b0c5b6f0e7c74dd974116e2e0a18302

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1d1799b639471bed6ac86bff51e751a6

SHA1
e30ad1716117d391455f19f7cb3fb87dc478db8a

SHA256
f7b6cc73fd8b6e2b6efc0bc53e7e6ffd6330c7161c04ca39e7c82fe6334f0e50

SHA512
0848af8549ccb675cd838f9d5e39e7f78a6fe26c6dd1628d03549da83e7b84fbe83abff7ab54d00299afb08da05cebee6c7ce5bfda4ec2a7d657cb0983e4eb00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fd38a39fd0afd34ae4da098ab5da1e7e

SHA1
c67abe6d4bfc0d7abfc15ca0b758809a45564bc7

SHA256
326eb5ebc6f5dd9679fa09ad484230688898b5a67d5cb4f20f70282dc9e2b72d

SHA512
99cfdb0ebec536d65ff198cbf2d557800193112f1b99bf8690ce50d4e7474851c6167a047c434ce6c14d80bb0fb915c2af0aff8e6daf805ccf82a6468b3ee5f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a72afade6f071f68fb01dbd611d93c23

SHA1
264cb97676e50ce651168d853047bf14266b84c3

SHA256
33578e2a6c002448462efbc65ac90376df0760e6ea06ef27d4058016a72ee61e

SHA512
08ca9b4decfc539949ade8c8c83e06be292e935c15c475435579b885e5a61acae05e0ac067bc84ed4eb2a10c82754afd4fe37da64c5fc13a5aa558bc2b8cbeaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a20734598b03fb427cd2b136f9193784

SHA1
9f0218a96a53e29489e79b46dcebd73cf9e2438c

SHA256
4a5f6ba10237d81850beb0c7aac66089f4475f781c14f87c103bf94acd2d3585

SHA512
74434a1a0ae0f2b253a76e9b60e47a892de7aae31ad3b2b3acca63d4f4b1f4b4045ea97c1f367ce9eed68606eb496b6fdeb1cd51d788e9dbfac5a4a3dd60b157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cc09a12cd61b98d78078fd0659fdf9ff

SHA1
7b12c2f61a7e1ef4027fed20095c2468eaee955b

SHA256
8c72f656e883a275382e6276858660fb8d096bab57842adadbc339cc4b9a15e1

SHA512
92548df39aeac8d2b8ee58b849543b8dc64b1a752c000d015bce14a95925316215ae5fe7fc5d1f334a7779a8f044a115f43473f96b03d58309aab56e499422e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
98eaef459e62cc5499a32978b492300b

SHA1
61f09e0ef163d284345f99be206a9a5190262880

SHA256
c8fa8b9cc5b9a26ddb261676195d62a0dcda03eaf9d1d5a9f89ecc66f9609b21

SHA512
67d74f122f0228db36ebb2b193536c9b8b564536351e233764d6ac14b0f8398a278970b87002030d66748f867fe060a8d9ce3775ae2c9d28fb5621d9815d45d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bc57823b0d1b4f0f445e83c1eec91b48

SHA1
13f2313faa703ba8f0e496320fe9650a63b7c6ec

SHA256
0c4b352e1472714ad4a1b3e95ab632afd30f8cf198172ccacc36b48a161c8067

SHA512
5ed7c8cdb710486902bdf692cdb5caf87040ab71ad1eb31756ba40fc3800cd7ff6acc51c25291141b8ae8260a97cd5b5c1bb6e7a9bac8b033bf129820fac1b33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
722dc183741bd609194f4e6c8186a7dd

SHA1
4a91a35381b87988b2050ed9c832e6f496975fdf

SHA256
485abda35932bae39d64a5e1bc05cffa61fae2418d275be8bc7ab781221f1fa0

SHA512
83b69879016411b04a10fdf53a9ea75ae8d38394fabe0ece83901abb774881acaf527f12d5ed37b04de6a7d00d5b6d7a736de45c2ede534dcee8153b4ad8fc03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a57998cd-aff1-4452-be42-158f45af8a4f.tmp

Filesize
9KB

MD5
5162163145665ed5bfeb282caed41f0f

SHA1
ead2be66cd61de747a6bad59c32710bf90a5286e

SHA256
73971a7e3dc69087524889393b7d40a34348c71a60db777d8ca18b470c3effa6

SHA512
e426aacf38d6f4e0676ea246cac4a603a601de8ce4e9d875115f26ba1a02fc70c1d347ef9ab9b936c85d4e878f72946d198b8fc50dd65d552d5e620413dca708

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
ece6a0603a0f72ad2d78d3d46d0efc0e

SHA1
ccda9bb2f5149487e1057bcf0b36846f7d591d4e

SHA256
a9e054b93e441fd8c3d08bbcfa4cc545e9142cc0475d178eaba9704b3d46aa01

SHA512
a077d5ca9ed3527c05566e2a8cc79d2398e6a7ad458c47a0f518e23cadcf6ebb1e4939b19a0570ea7ce151b9013b5fa1f74ff6cd143866bb459c91eec2b45952

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
0bdd0991f6f8dd6208efdeeecdf3f35c

SHA1
48d63317106147b694843fdbfdcd4842362fbd63

SHA256
206ec5c9ce378e9196dd32946a5dbc8ff88d40e62f7f0670b87dacdabc0a127e

SHA512
e6c7ad8de93e22f181a8972677fb48c8eab80b4b893588aec26bd3dee885c3153084e23f97bcb91561e5dceb501f05397aeb2ec360e5ae39e9afdd10218d6652

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
b4f08da1df53133b927559b7d6d1f06d

SHA1
ba1c1db5305ae92b186b0d2ae88ff888edbcc735

SHA256
5255006f46a5c16b70dab084aa965a8eb26ca54d8067586dbf09699ea867f8c9

SHA512
fc06f3f1f3641cc7c96a2ff1fbce309d8bd44365d09c718c5fe1072159b2a517bca9a2c75dac710d738570e91ce4cd8baf6c061badc22894ea8a56d6a68b207c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\CheatInjector.exe.log

Filesize
425B

MD5
4eaca4566b22b01cd3bc115b9b0b2196

SHA1
e743e0792c19f71740416e7b3c061d9f1336bf94

SHA256
34ba0ab8d1850e7825763f413142a333ccbc05fa2b5499a28a7d27b8a1c5b4bb

SHA512
bc2b1bf45203e3bb3009a7d37617b8f0f7ffa613680b32de2b963e39d2cf1650614d7035a0cf78f35a4f5cb17a2a439e2e07deaefd2a4275a62efd0a5c0184a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
184639c2cca2714a905ddc7ee81e9dea

SHA1
34590781d93c2a5db9da4d25912f1eb24ba15348

SHA256
ec96e00476b309dda67ba56d7e2e2a3ffb0009bfefaab7164122da6afe3b26b4

SHA512
855ef32639eb00218f4dfdb57f924a42160bc83a33601d1155dbf3329d4ef4a9172f219734410271146e79d88f6d4631d3bb768b6ee4a4a6f1ea4544b9b08f2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
768B

MD5
9153e8a279d9bb831c039ade9a457363

SHA1
b2213aa0a993c03cec16829ccd4629f561fd2833

SHA256
d2c20f03c3dbbe8665d392c231242a6238f54128f14420ec353efb9d222f680e

SHA512
26588e95cb3d3e933d3c65622be9d52106cda501332d6bfea59f12b4712944f0c565e72048a798647d8cc124c4754f9d9d9f7b15b3628e31dc503142c96df171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
770B

MD5
3f292abf2ac07c31bd03d1a990961f4c

SHA1
2413d83bf701b1d408964be5fe7557e3f1dfbd2f

SHA256
d6d4c13eb4aed996e073a2cd19402acc3eb7603966495047a26edab9d1370ad8

SHA512
9a4028c227a3cd39d537a6b9e1c3205bdfc5d898b99777b6afda27b3a0d6d534488e757cb641fe07f74eff2f8bc37855f067170abf26cf1bfd239e3baa8fe8c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
678B

MD5
fecf0f286be5440b8c9939503e216cf3

SHA1
ae72bee27876e6643aaff5ede1a6da9f15a10040

SHA256
c2e85b3e599a5fab05758da9b93bb989910a543d1dfcce4865d50bdf26744dc7

SHA512
9186e89f337f799113a0b4b756c75bbc236e1cdb192225c5175c7a7ef4760d94eb8a4ead7712f49b254d794924f81c349eeb4b39f885d6e46f956af4884856bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
768B

MD5
bda65ffa35ab63e569b80f3bc6fdc9a6

SHA1
6dae5dbcba2fdd5e798d7ea73a0f6ad13636540c

SHA256
63171b5e65c070a569fca2be3a702ba10c08922a091b872a0aac6bd42bedd785

SHA512
5c3858acf667a5537af182efd959af210bfa8ccfc42a6f8be42b76de6808f2b2b2d01c1bc08a82443f07caeb183a1892972c196afca938874412b41ed82c7df2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
768B

MD5
1f705eee11675372b5965738a03da298

SHA1
0ebcbf60cbeba28a60d2830db323090d412a1842

SHA256
c66735bcce97eb15cf1552aa2aa33d54484f36b024f8884b6a2dfe1e793eefc4

SHA512
2afa166f72d58382da405a6e4c8585f9c8cb539f1ffae2e1892ce6e58477f1ff0a8d0aa1c99cd5fddb164fbeae513ed689d883677ddf62b9b63aadd6e4b86f85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7ab8a97559519cffe5f7398c0e8c9386

SHA1
699be5a144f1e7bc45474ecc49abe68dad093cc4

SHA256
0ec3ccb84708f250a4d7c4f682c87129e090685d50106d3ae1b96847c2eebe8b

SHA512
50b5520b2d632579aa8f587a80b7939351f6fb5d15f9db18b0187bb5e2965056ade6924aa1512ed071bfb1c48347ae514c2d9b015db43402d118febd77ca2274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5f4cf907a27589eec138162e1bfba98a

SHA1
b45ff5046a7b25868060efdfefc9d1da7f3501c0

SHA256
4454dee7c01dc0605f35870273db8bd36e9faae0371a34ce3cbe7ef34be328f5

SHA512
aeeccb8c68f3bc548a37046e47ba93116b4341d3c724f2770e5f3c52f316260a8cbcdfa087070ed83a8b15e36cd98f96d955bf9a9c25926ebe70c9196b1aebb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1e9cfaafdf38f522c7e165f028601a5d

SHA1
1dce853718926d22cdb7acf3fc3dd3d7860a5352

SHA256
31e0ab42c58587545ae9845746fd44ad9d6a9b477c0d9f6cf73852385fb3cfaf

SHA512
eaa0b1788d4c370d6baf4e262c31d705fba02237500f541c34b661ee319e367359da3e221ea2f67ef8c4302af16f63952d9c71e4971b60e29b9cd1c2bc60a4f2

Download Submit
memory/440-1-0x0000000000EC0000-0x0000000000F22000-memory.dmp

Filesize
392KB

Download
memory/440-0-0x00000000749BE000-0x00000000749BF000-memory.dmp

Filesize
4KB

Download
memory/440-4-0x00000000749B0000-0x0000000075160000-memory.dmp

Filesize
7.7MB

Download
memory/440-11-0x00000000749B0000-0x0000000075160000-memory.dmp

Filesize
7.7MB

Download
memory/440-2-0x00000000749B0000-0x0000000075160000-memory.dmp

Filesize
7.7MB

Download
memory/4372-8-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/4372-5-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/4372-10-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/4672-21-0x000002562B9F0000-0x000002562B9F1000-memory.dmp

Filesize
4KB

Download
memory/4672-20-0x000002562B9F0000-0x000002562B9F1000-memory.dmp

Filesize
4KB

Download
memory/4672-22-0x000002562B9F0000-0x000002562B9F1000-memory.dmp

Filesize
4KB

Download
memory/4672-23-0x000002562B9F0000-0x000002562B9F1000-memory.dmp

Filesize
4KB

Download
memory/4672-24-0x000002562B9F0000-0x000002562B9F1000-memory.dmp

Filesize
4KB

Download
memory/4672-19-0x000002562B9F0000-0x000002562B9F1000-memory.dmp

Filesize
4KB

Download
memory/4672-14-0x000002562B9F0000-0x000002562B9F1000-memory.dmp

Filesize
4KB

Download
memory/4672-13-0x000002562B9F0000-0x000002562B9F1000-memory.dmp

Filesize
4KB

Download
memory/4672-12-0x000002562B9F0000-0x000002562B9F1000-memory.dmp

Filesize
4KB

Download
memory/4672-18-0x000002562B9F0000-0x000002562B9F1000-memory.dmp

Filesize
4KB

Download