hxxps://drive[.]google[.]com/file/d/1GZjlJx_17a_ZZZ29DVilHNZWhoa6-ueU/view?usp=drive_link

Analysis

max time kernel
237s
max time network
240s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
30-10-2024 11:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1GZjlJx_17a_ZZZ29DVilHNZWhoa6-ueU/view?usp=drive_link

Score

9^/10

defense_evasion discovery evasion execution ransomware

Malware Config

Signatures

Modifies boot configuration data using bcdedit 1 TTPs 3 IoCs

ransomware evasion

Inhibit System Recovery

T1490

pid	Process
5992	bcdedit.exe
5712	bcdedit.exe
6036	bcdedit.exe

Executes dropped EXE 7 IoCs

pid	Process
5344	Ultimate Tweaks.exe
2428	Ultimate Tweaks.exe
2960	Ultimate Tweaks.exe
1936	Ultimate Tweaks.exe
4660	Ultimate Tweaks.exe
5836	Ultimate-Tweaks-Setup-1.0.2.exe
5344	old-uninstaller.exe

Loads dropped DLL 26 IoCs

pid	Process
5344	Ultimate Tweaks.exe
5344	Ultimate Tweaks.exe
5344	Ultimate Tweaks.exe
5344	Ultimate Tweaks.exe
5344	Ultimate Tweaks.exe
5344	Ultimate Tweaks.exe
5344	Ultimate Tweaks.exe
5344	Ultimate Tweaks.exe
5344	Ultimate Tweaks.exe
2428	Ultimate Tweaks.exe
2960	Ultimate Tweaks.exe
4660	Ultimate Tweaks.exe
1936	Ultimate Tweaks.exe
2960	Ultimate Tweaks.exe
2960	Ultimate Tweaks.exe
2960	Ultimate Tweaks.exe
2960	Ultimate Tweaks.exe
5836	Ultimate-Tweaks-Setup-1.0.2.exe
5836	Ultimate-Tweaks-Setup-1.0.2.exe
5836	Ultimate-Tweaks-Setup-1.0.2.exe
5836	Ultimate-Tweaks-Setup-1.0.2.exe
5344	old-uninstaller.exe
5344	old-uninstaller.exe
5344	old-uninstaller.exe
5344	old-uninstaller.exe
5836	Ultimate-Tweaks-Setup-1.0.2.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
5	drive.google.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Ultimate Tweaks\locales\sw.pak	Ultimate Tweaks.exe
File opened for modification	C:\Program Files\Ultimate Tweaks\	old-uninstaller.exe
File created	C:\Program Files\Ultimate Tweaks\locales\cs.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\hu.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\ko.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\pl.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\ur.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\mr.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\vi.pak	Ultimate Tweaks.exe
File opened for modification	C:\Program Files\Ultimate Tweaks\locales\	old-uninstaller.exe
File created	C:\Program Files\Ultimate Tweaks\ffmpeg.dll	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\snapshot_blob.bin	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\ja.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\el.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\fil.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\nl.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\ro.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\uk.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\d3dcompiler_47.dll	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\ar.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\bn.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\resources\app.asar	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\database\Fps.db	Ultimate Tweaks.exe
File opened for modification	C:\Program Files\Ultimate Tweaks\resources\	old-uninstaller.exe
File created	C:\Program Files\Ultimate Tweaks\locales\id.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\ta.pak	Ultimate Tweaks.exe
File opened for modification	C:\Program Files\Ultimate Tweaks\database\Fps.db	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\v8_context_snapshot.bin	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\bg.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\gu.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\kn.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\ml.pak	Ultimate Tweaks.exe
File opened for modification	C:\Program Files\Ultimate Tweaks\resources	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\database\Fps.db~	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\vulkan-1.dll	Ultimate Tweaks.exe
File opened for modification	C:\Program Files\Ultimate Tweaks\locales	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\fr.pak	Ultimate Tweaks.exe
File opened for modification	C:\Program Files\Ultimate Tweaks\database\Fps.db~	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\uninstallerIcon.ico	Ultimate-Tweaks-Setup-1.0.2.exe
File created	C:\Program Files\Ultimate Tweaks\locales\hi.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\it.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\nb.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\zh-TW.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\resources\elevate.exe	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\vk_swiftshader.dll	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\am.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\sl.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\sk.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\sv.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\tr.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\zh-CN.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\chrome_100_percent.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\de.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\es-419.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\libGLESv2.dll	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\he.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\pt-PT.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\fa.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\lt.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\locales\sr.pak	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\resources\app-update.yml	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\uninstallerIcon.ico	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\libEGL.dll	Ultimate Tweaks.exe
File created	C:\Program Files\Ultimate Tweaks\vk_swiftshader_icd.json	Ultimate Tweaks.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	Ultimate Tweaks.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Ultimate Tweaks.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Command and Scripting Interpreter: PowerShell 1 TTPs 6 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
2080	powershell.exe
3228	powershell.exe
5176	powershell.exe
4676	powershell.exe
768	powershell.exe
3328	powershell.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Tweaks-Setup-1.0.2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	old-uninstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate Tweaks.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Ultimate Tweaks.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Ultimate Tweaks.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Ultimate Tweaks.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Ultimate Tweaks.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Ultimate Tweaks.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Ultimate Tweaks.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Ultimate Tweaks.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133747623289226976"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "3"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000b400000030f125b7ef471a10a5f102608c9eebac0e000000a200000030f125b7ef471a10a5f102608c9eebac040000008700000030f125b7ef471a10a5f102608c9eebac0c0000005a000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000003007a318af18db017a376bbdb718db01ddc22a3dc12adb0114000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000cc69a518af18db01b8932330c12adb01b8932330c12adb0114000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000003201000030f125b7ef471a10a5f102608c9eebac0e000000a200000030f125b7ef471a10a5f102608c9eebac040000008700000030f125b7ef471a10a5f102608c9eebac0c0000005a000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 885486.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Ultimate Tweaks.exe:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\AppData\Local\ultimate-tweaks-updater\installer.exe\:SmartScreen:$DATA	Ultimate Tweaks.exe
File created	C:\Users\Admin\AppData\Local\ultimate-tweaks-updater\installer.exe\:Zone.Identifier:$DATA	Ultimate Tweaks.exe

Suspicious behavior: EnumeratesProcesses 40 IoCs

pid	Process
3564	msedge.exe
3564	msedge.exe
5008	msedge.exe
5008	msedge.exe
760	msedge.exe
760	msedge.exe
2820	identity_helper.exe
2820	identity_helper.exe
5680	msedge.exe
5680	msedge.exe
2028	chrome.exe
2028	chrome.exe
5344	Ultimate Tweaks.exe
5344	Ultimate Tweaks.exe
5604	chrome.exe
5604	chrome.exe
5604	chrome.exe
5604	chrome.exe
4676	powershell.exe
4676	powershell.exe
5176	powershell.exe
5176	powershell.exe
5176	powershell.exe
4676	powershell.exe
768	powershell.exe
768	powershell.exe
3328	powershell.exe
3328	powershell.exe
768	powershell.exe
3328	powershell.exe
3228	powershell.exe
3228	powershell.exe
2080	powershell.exe
2080	powershell.exe
2080	powershell.exe
3228	powershell.exe
5836	Ultimate-Tweaks-Setup-1.0.2.exe
5836	Ultimate-Tweaks-Setup-1.0.2.exe
5344	old-uninstaller.exe
5344	old-uninstaller.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2428	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
5836	Ultimate-Tweaks-Setup-1.0.2.exe
5344	old-uninstaller.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 908	5008	msedge.exe	79
PID 5008 wrote to memory of 908	5008	msedge.exe	79
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3164	5008	msedge.exe	80
PID 5008 wrote to memory of 3564	5008	msedge.exe	81
PID 5008 wrote to memory of 3564	5008	msedge.exe	81
PID 5008 wrote to memory of 2980	5008	msedge.exe	82
PID 5008 wrote to memory of 2980	5008	msedge.exe	82
PID 5008 wrote to memory of 2980	5008	msedge.exe	82
PID 5008 wrote to memory of 2980	5008	msedge.exe	82
PID 5008 wrote to memory of 2980	5008	msedge.exe	82
PID 5008 wrote to memory of 2980	5008	msedge.exe	82
PID 5008 wrote to memory of 2980	5008	msedge.exe	82
PID 5008 wrote to memory of 2980	5008	msedge.exe	82
PID 5008 wrote to memory of 2980	5008	msedge.exe	82
PID 5008 wrote to memory of 2980	5008	msedge.exe	82
PID 5008 wrote to memory of 2980	5008	msedge.exe	82
PID 5008 wrote to memory of 2980	5008	msedge.exe	82
PID 5008 wrote to memory of 2980	5008	msedge.exe	82
PID 5008 wrote to memory of 2980	5008	msedge.exe	82
PID 5008 wrote to memory of 2980	5008	msedge.exe	82
PID 5008 wrote to memory of 2980	5008	msedge.exe	82
PID 5008 wrote to memory of 2980	5008	msedge.exe	82
PID 5008 wrote to memory of 2980	5008	msedge.exe	82
PID 5008 wrote to memory of 2980	5008	msedge.exe	82
PID 5008 wrote to memory of 2980	5008	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1GZjlJx_17a_ZZZ29DVilHNZWhoa6-ueU/view?usp=drive_link
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe4,0x10c,0x7ff852913cb8,0x7ff852913cc8,0x7ff852913cd8
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,3019157847165868837,1873568228561219987,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,3019157847165868837,1873568228561219987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,3019157847165868837,1873568228561219987,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2500 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3019157847165868837,1873568228561219987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3019157847165868837,1873568228561219987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3019157847165868837,1873568228561219987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,3019157847165868837,1873568228561219987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3019157847165868837,1873568228561219987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:360
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,3019157847165868837,1873568228561219987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3019157847165868837,1873568228561219987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3019157847165868837,1873568228561219987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3019157847165868837,1873568228561219987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3019157847165868837,1873568228561219987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3019157847165868837,1873568228561219987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1932,3019157847165868837,1873568228561219987,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6008 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3019157847165868837,1873568228561219987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,3019157847165868837,1873568228561219987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4456

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2720

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:5084

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xdc,0x110,0x7ff840f5cc40,0x7ff840f5cc4c,0x7ff840f5cc58
  2⤵
  PID:5548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,10059169067494410983,15875970378957550263,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1776,i,10059169067494410983,15875970378957550263,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1976 /prefetch:3
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2084,i,10059169067494410983,15875970378957550263,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2228 /prefetch:8
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,10059169067494410983,15875970378957550263,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,10059169067494410983,15875970378957550263,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4432,i,10059169067494410983,15875970378957550263,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4656,i,10059169067494410983,15875970378957550263,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4660 /prefetch:8
  2⤵
  PID:5896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4728,i,10059169067494410983,15875970378957550263,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:5944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4880,i,10059169067494410983,15875970378957550263,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:5956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4672,i,10059169067494410983,15875970378957550263,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  PID:6012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4760,i,10059169067494410983,15875970378957550263,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  PID:6124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5068,i,10059169067494410983,15875970378957550263,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  PID:6140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4328,i,10059169067494410983,15875970378957550263,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3676 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4392,i,10059169067494410983,15875970378957550263,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4344 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3468,i,10059169067494410983,15875970378957550263,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3320,i,10059169067494410983,15875970378957550263,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3300 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5312,i,10059169067494410983,15875970378957550263,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3260,i,10059169067494410983,15875970378957550263,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4676,i,10059169067494410983,15875970378957550263,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5132,i,10059169067494410983,15875970378957550263,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5736,i,10059169067494410983,15875970378957550263,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3264,i,10059169067494410983,15875970378957550263,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5604

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:860

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4192

C:\Users\Admin\Desktop\Ultimate Tweaks.exe
"C:\Users\Admin\Desktop\Ultimate Tweaks.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:5344

C:\Program Files\Ultimate Tweaks\Ultimate Tweaks.exe
"C:\Program Files\Ultimate Tweaks\Ultimate Tweaks.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
PID:2428
- C:\Program Files\Ultimate Tweaks\Ultimate Tweaks.exe
  "C:\Program Files\Ultimate Tweaks\Ultimate Tweaks.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Ultimate Tweaks" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1692 --field-trial-handle=1688,i,17535261664905305236,12018139152223899702,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2960
- C:\Program Files\Ultimate Tweaks\Ultimate Tweaks.exe
  "C:\Program Files\Ultimate Tweaks\Ultimate Tweaks.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Ultimate Tweaks" --mojo-platform-channel-handle=2152 --field-trial-handle=1688,i,17535261664905305236,12018139152223899702,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:3
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1936
- C:\Program Files\Ultimate Tweaks\Ultimate Tweaks.exe
  "C:\Program Files\Ultimate Tweaks\Ultimate Tweaks.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Ultimate Tweaks" --app-path="C:\Program Files\Ultimate Tweaks\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2360 --field-trial-handle=1688,i,17535261664905305236,12018139152223899702,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Checks processor information in registry
  PID:4660
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "chcp"
    3⤵
    PID:2832
  - - C:\Windows\system32\chcp.com
      chcp
      4⤵
      PID:5964
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:4676
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:5176
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:3328
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:768
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:2080
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:3228
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "bcdedit /set useplatformclock No"
    3⤵
    PID:4656
  - - C:\Windows\system32\bcdedit.exe
      bcdedit /set useplatformclock No
      4⤵
      Modifies boot configuration data using bcdedit
      PID:5992
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "bcdedit /set allowedinmemorysettings 0"
    3⤵
    PID:5216
  - - C:\Windows\system32\bcdedit.exe
      bcdedit /set allowedinmemorysettings 0
      4⤵
      Modifies boot configuration data using bcdedit
      PID:5712
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "bcdedit /set tscsyncpolicy Enhanced"
    3⤵
    PID:1376
  - - C:\Windows\system32\bcdedit.exe
      bcdedit /set tscsyncpolicy Enhanced
      4⤵
      Modifies boot configuration data using bcdedit
      PID:6036
- C:\Users\Admin\AppData\Local\ultimate-tweaks-updater\pending\Ultimate-Tweaks-Setup-1.0.2.exe
  C:\Users\Admin\AppData\Local\ultimate-tweaks-updater\pending\Ultimate-Tweaks-Setup-1.0.2.exe --updated /S --force-run
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5836
- - C:\Users\Admin\AppData\Local\Temp\nsf3F0A.tmp\old-uninstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\nsf3F0A.tmp\old-uninstaller.exe" /S /KEEP_APP_DATA /allusers --keep-shortcuts --updated _?=C:\Program Files\Ultimate Tweaks
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:5344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Ultimate Tweaks\chrome_100_percent.pak

Filesize
150KB

MD5
b1bccf31fa5710207026d373edd96161

SHA1
ae7bb0c083aea838df1d78d61b54fb76c9a1182e

SHA256
49aff5690cb9b0f54f831351aa0f64416ba180a0c4891a859fa7294e81e9c8e3

SHA512
134a13ad86f8bd20a1d2350236269fd39c306389a600556a82025d5e0d5adaab0709d59e9b7ee96e8e2d25b6df49fefea27cdccefe5fba9687abf92a9a941d91

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f3faeddef729c3353073f3b4af1e84db

SHA1
223d9956570a41722f4425b038a1319b9d1c9f79

SHA256
fad7879ea9ee2b5f84ac9ec164c3d0604e405482765947fdb20b85000d963848

SHA512
e28480024eeca707af6442cb43e0934d51dd347aac3cf7054a86d8c77eeb3a4ceee7192d8c706c339bbeb257642261b95e6ae8f461b24b84dd9c45a10e618b70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
38KB

MD5
d4586933fabd5754ef925c6e940472f4

SHA1
a77f36a596ef86e1ad10444b2679e1531995b553

SHA256
6e1c3edffec71a01e11e30aa359952213ac2f297c5014f36027f308a18df75d2

SHA512
6ce33a8da7730035fb6b67ed59f32029c3a94b0a5d7dc5aa58c9583820bb01ef59dd55c1c142f392e02da86c8699b2294aff2d7c0e4c3a59fce5f792c749c5ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
90KB

MD5
48743a670fa866d07b162f046726b2ec

SHA1
5f180be674c56c4519f531f0796b5b958c20127c

SHA256
9d436fc2f3d4ec40a0e3ae981b315036ac944d2347995d37c27b059db59ce966

SHA512
cbeb13a3ab5e6cd811bc64a14304f389d56de091db12618d62fc223de96e686545393eda1fde83ffea24468ff77953054b25a4a7a87ae2d9f61283c3ec46f69f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
81KB

MD5
cef898454ffd1de05970f65bb6293057

SHA1
6d63d9cbab9bfdf9020356e0b558d76233301e17

SHA256
8f06cdb3f4fc2010140f5686e44ea9ce51c4729d5583679b6a9dd09eae7861e4

SHA512
838ca95ce0d8c7dcd1bfd410664c7424b9a331743bfd18c557c5017b9fb7ce2fddab7010a3617f2ddbf193d8c6af798888ebccf97876f6c3104ad9781b581946

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
98KB

MD5
9ba0db14dcc6b13dd2784f63c2d0bb9f

SHA1
83c21d630e56514b6d7f73c1118f4b0484ed9fea

SHA256
d7b2431475d6a74cd49e0b9a11007f0e57bdb8e0d0b79b6ae8451df1ed20f65f

SHA512
1709c29d30b48a4688ccd0be6dd8355975370389812d8f9c3b2b0ac23d166512ef8d5434da02881cfea6a83da3a888f91d3314c6ec45a5ae62c2981571272d37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
1.6MB

MD5
7e118bdd2983deccf69de2d741814736

SHA1
9b0e0d0ed11e747e8f4f50d9d95b4b474e0e20c6

SHA256
624ee0f5fed43909083d5b9f2116c9715ddb44d57f157e7d8967db00fd1f34ab

SHA512
306c0b62eac64cd04a0b301dbae7a3c3a3b1ddedb19b9cd0eac898785d419e22544ebbcccf31679bd765f34fccc197514ef805ecb20c36d2d9532565261cd450

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
78KB

MD5
35a46116980c974751122a331d47fd84

SHA1
cd6e9014e38596c681641a27706124b5b69f86fc

SHA256
ccab92b9bfa43457f743cd83e454bcc63a768deb352fbad2d06d718eb2815a66

SHA512
aa4f484d3ca65525d5613243797d7e025e552dbd4e68bd9887d88d32fc6928c13dd7a47e8f97c77436924478d451445fa121d1bc1958a0ba94a2a05159345048

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
100KB

MD5
bc49552bac2dc59da6edd535ed6da107

SHA1
960a030c00cfbc3a41c6317901b8705446eeb820

SHA256
3353f5b311b24595ed8e2cc47280ee874c75cb410fab7b73d757d7cb96f7135e

SHA512
36b2782106e569488949c758826fa4deb88603a6726048dc2d20c88aa397a040a99aacad293ec59bd51df08ae0923fedd0bc07c6f0e18c54c31ea982644fe662

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
125KB

MD5
53436aca8627a49f4deaaa44dc9e3c05

SHA1
0bc0c675480d94ec7e8609dda6227f88c5d08d2c

SHA256
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

SHA512
6655e0426eb0c78a7cb4d4216a3af7a6edd50aba8c92316608b1f79b8fc15f895cba9314beb7a35400228786e2a78a33e8c03322da04e0da94c2f109241547e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
20KB

MD5
1435f3cfd01bf0f3c24b8983e6780db0

SHA1
439ab7ffa6f9d5b654710691d8736eedf2b6e892

SHA256
8cd3f9f312e86bade2e77eb25c28eba805707909441d49e29288944677ce6d47

SHA512
dded0517b2c8f6c6ea045ba87f3ae870df63843291c3e2219e7bdeb4e33baf360b5fdb6065f0566fd1c79253105574ee4ca8cb13a11f7e6a51bf20eacf03155b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
41KB

MD5
e11b24745e4f36a28da0d2869653de44

SHA1
62bc6f63371bc184c60bf34535ba7b219e3e36c7

SHA256
7b981a978326bc88d40e28d641babb501b9ea4262e8eafe811b6aff84080d165

SHA512
e4c3b699e427375287c56303989317ce22c0617c46a44fa24304282f756291ccd27a40858dffb72c90e005814f4c30b1d2375026ed8069b5f0b91b698e485db8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
215KB

MD5
0e3d96124ecfd1e2818dfd4d5f21352a

SHA1
098b1aa4b26d3c77d24dc2ffd335d2f3a7aeb5d7

SHA256
eef545efdb498b725fbabeedd5b80cec3c60357df9bc2943cfd7c8d5ae061dcc

SHA512
c02d65d901e26d0ed28600fa739f1aa42184e00b4e9919f1e4e9623fe9d07a2e2c35b0215d4f101afc1e32fc101a200ca4244eb1d9ca846065d387144451331c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
36KB

MD5
21894931796cd6b921b959ab2c91f411

SHA1
9a5236066ecea3800d2b17572b7725c98a0029cb

SHA256
0b698b2fe63dc0e9174c4616de60a256050d168bcb752f51b3517f7946570708

SHA512
3f3d159dc57417ba65bbe4f57386094364818cec63e7078c811fa25a717ce0ffcff8e1ebecbb0cbe81089bb80e8f1e3f808a2480b774dfe21efb86bbe3f9f78e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
33KB

MD5
8697d90d422b11e1478b832fce369f6b

SHA1
abd555b7c0f6dc3e30582dbe3e9dfb7b667a5823

SHA256
cc2eee0abfe80d80bb97581e4d20006201557cba21e4b121b8278cf703d57449

SHA512
2f6b96f1000bf45e307ad913f9a9d447f696e50e4d32b779c49da5318e5ac824713167e3834fcf90063f32540917bd3cc877a7bb4c45eb6796d0bca9295ec325

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
19KB

MD5
631e3f92d7aa2aea1113aaa3f2c46248

SHA1
0b31240990445dd5e86af75ff07de838bfefcd91

SHA256
5fc2372a903e84bc94a386689bf3a3841ce29683c2e25b984b3dc5c77f03136d

SHA512
a2a985e19a74696d288a9ad528344d8867c723bd4c3bbc8cce5f81de9c31ade340a4636ba07749379d2c3a4d0353916f4e772c99e83af07adffb9c8a11a1a406

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
19KB

MD5
50851ef85b317cad97fadb597d025e11

SHA1
fd55fe6bfb613dde0894927eacf3484224632027

SHA256
db0af4d4d4f938fec0af0a20e240457d7ed6269b34e848dcdb16afffc77c98af

SHA512
87d9c1f9e8aac1f438996a357a38c795f646fda341607028f184667115adaee58ad5add2c691fb04aa2db48beccede60b38feac057bf359952c8f40ac19fb904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
16KB

MD5
1c66b1b957cb345776e5d87a74348af1

SHA1
10332fc01b028a8607489fc127c12697d28d97d9

SHA256
80cc735e8838731eb406a00d0a93a93f45e5bb3c37aa661a69cf2448bfa25892

SHA512
8ac79b415c31b64a6e981396670f8722fc5bd2a094733b9dab501e3e69c93f978eb260982023f325bfcd9fb410098110777b33656ae2a66ac4f5c29256cfdf90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

Filesize
93KB

MD5
3cbce08aaffa4c9b44fd6c929e6455d9

SHA1
b76cc2653f095e09139bd2497ca0fd6e91c8af57

SHA256
9b83a72e09ad483c62a59745eb4a72164b9ac105f29d410bf8c8a795395c9d70

SHA512
f78a058040a82f68716cda34f5b4d7124487c5e4bc1008abedf1b195620f29b95d3741b0e3b66eb0d1c9dcae6f33bebc7606cc0363e88eed3e4b1d00849ae157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
52KB

MD5
b818ffdf3dcd3efb5ea267c5637d6ed5

SHA1
840998a7a7d828cb555147dbe985100ea4d3a5ea

SHA256
414ea49c41caf4b63ec0e1d5820a63f87e3b75c0bd6c894f06663ba827d91aeb

SHA512
b6360cd088efd8a0e7bb7d385171db10d4c773001a9c45e7b106d5179e87580ffd4ccb69e78b2ce721ff5f522241b0ead8b042c4340dde343ab5b697a8f6cf77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\12cdeda1a3bd8188_0

Filesize
293B

MD5
1dc7361781ab701eda214e80bd46c83b

SHA1
e84b567e5eb724a95175551ad4c2511a9f567fb3

SHA256
52085d5c47805f2c32552fbc34174e52a0d67221ccbcc5bb53a1e8c14dc8d65d

SHA512
f8165e068b8d3a0c02125b96ddc27cf54fbee08ee71dd374611e0cbe0c94ee959875803a92cc3a5910215b090259a39a5ee2a0febfda84b329ec726a1de01c9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\561c9385a05ddfc8_0

Filesize
470KB

MD5
b437ed317301342ff76b61e08323dc79

SHA1
d6611327ec68a6dfee1504bd7688a3b21a640c1b

SHA256
116188f749f07525e3d27002133908a568c1a6dcbe3ee53c0827f69453e11d7f

SHA512
1ffd95c68e975988b4f2e4dbe84217ee7eebc2e23cb3a710cbcb1d54b469f6d6586c6a5195fd2efbb305a2a245d6a6e0943093fe7dfed03aed1ef87e65564249

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
00cc190b4e36c3f845bec9bbf52ec8ec

SHA1
961c25e7e91a61cb5019033de24408a466d5a21f

SHA256
a57b904765ca57e236b16a8fbb88d0087c7537ca85427350f63927fff3b64fed

SHA512
2fdbccf9d1fd0e431839d812740a08baac1b1a007cc57aebdd3fccd6783214baa8a30e82663cc0ccf319670b07ba32617668c0663469440215b3b2bbe443f87f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b85e1514b9c937beda1dd58087e31e2a

SHA1
0059838fe975d4c3fdde17eedfb49b3747801c82

SHA256
523e22ed279f1dbaf6005a9b65be3284692d82a3904f70208214794df3dc727b

SHA512
eb20c0474707728004d8df2a18a332a6ad4210937d913acbdbca246025d526fb6b778621b2416684b6becbe88489cfa85287365bff3501f22c5caaceeb3b3c0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\000003.log

Filesize
20KB

MD5
ec448e79247d83d11784b13d0c52f45c

SHA1
f988f0492672223616fd7ea398b68a3734e75a56

SHA256
b863857d9a6752b487213a91f4992db6a22941b8969a090c24f960e09fe25b03

SHA512
68029834b1fbb37f7a5f5c87c312c0db76a844f09e3bdc4fc2a7493b3b8dac1debc8da26efd66e1c16e878c8a4944d8a30c6293b0ed3d74158693eb7face132e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\LOG

Filesize
355B

MD5
7f9e4f0ad6ce3864c4f779ad4c25e5f6

SHA1
b0300b3b5176ba18cf954b9ae7aadadd2eb88629

SHA256
89ba37946e07cc172ae0967de4d6123f19ef1e0b20660a084391fe7aa2343040

SHA512
d53cad3e47d4629c0e9e9f342b52f745ddf0f4c33a5f1bfd54b47229ba65dab36c70f7376852e27e73c0b86e3af56d056630dacd5abcd2dbb9c62178604948e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
a9d14f1e56796dcc6648e4b2da96f7fa

SHA1
694f122b7bbfa85d94605c04d197d831c05d42dc

SHA256
ecc3e2a5fb2eb4ea0c50dcfa265223705d72ad501e3b2ee89e040b8c40082487

SHA512
b9700978e342196ce6df5ff44a2d91cadd43e34a6540ceb0ad2e70b1ab45cf2257de636ac4e9f03efa1f6ec1058e1959873150dd3a592dcf1084566eedc43e19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
4026adef214364d968d852a9fe7d9f22

SHA1
b0a0fec8e18bf9f9505654fe065de37ab0975bb5

SHA256
622ee3bf3a4fb964cd1f39a16423e37a0dcb2c4782fdf20a1f4c1b70b2a7c021

SHA512
7ad75fb8d03fe83d7de20df17e8e0cb1a20960c6c1bff5181264eb3bb5b20d39434e25a03ad7954f11dd944b18a271324a6b2e4b8debbc9a7ddf5ec81ddd87c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
2c3a5cf50e95186893c923e697d2652a

SHA1
8811eff0cc7e1888969bd47ab9f42dea944a6ee4

SHA256
e7e8190771ba0360d4e5987cc7312ab2ea966d502661eff537827943f635daa7

SHA512
4acecb68225260681fc27a9704cdc6dd45849080e1934fd57b248314361fccdc0d163ab767d3734829d466cba5877af632e32b5f8a9d58faa30b084fab01c5d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
f3a888e3457c456502760e7b35e0d942

SHA1
9dafc185032062c678ef3140b8ef348e7cbaed52

SHA256
25c92970465af316ec5d628f1013f03df61ab95d28a87c5f1a95877aa863a838

SHA512
a6d02a10f50b0cac3bbef441797fa11031c29fa7db4999df4f3818c254857606da0286c9c306b2e63479789381b40a43279b4db3e130b93cbfff1401de2a2813

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2f9e6cf64223b0cd984582afb5dfbf2b

SHA1
9385b0e0355d4912e4954632ee64784260991d15

SHA256
1175570e630bceb9015eef234c69afbac15d93e939ee545ad2ba1eed0db86f8f

SHA512
d3b34813efde48c807c1db9c9b6eba6d634c9c4c9b63ad874cc5980c9dea4b814727fa28f55f3bb78c893a239e18eb25262ae6ee755f52647de626d986b784d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1e971fe530ee13cdd97b459e41dbd17c

SHA1
9d9ae2b9bf60f53a1c6d34adc354111f8bf29432

SHA256
d3835b4efe70f43721b09578dccac70c3468e1ee7c1256969c90350646d2e027

SHA512
78b09db7820ac58c6db47f33562c2449778f2c81f4b032eb3754ad251eedd732d7b0f746ce2e175c1e709138bc18091a2681b167e24d3421c263962394dab13b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
56f530830d6c43cc847b80448d240449

SHA1
063be10777323750f334acf34522eb3b903581c2

SHA256
722aa5ca6af0b6435e526e9a9579dacc04770a0f88fd65c874d47347a7eec6f6

SHA512
30a5c04c7ec22e68ad91ebb4196e3262ae67e5debe0e60aac274f0bd0a7050bf714e3a743b3a3f9d7e0e51f91fe3c5140378ddfe4b5e64092caeb2e510391192

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3de83f1cf4f8b3c64cb9cc37823405a6

SHA1
9b5bec9424569bf2f0c6086ac96817498b92c308

SHA256
c2d896c436cf758dc6d2625717640b85974db56e93f5d60a24de48c4c20a5dae

SHA512
88d53f7e4539967510fdaf4011d232e5dabbc6efeb4a3e25bd5a80ecadb832f02b005beb0741ea1189e1d105155eeff785143391549b958f8941424783d63fb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6743e9eef3abd999d38b63384e8a5aea

SHA1
0a9b5face051c25660a810ddf9a4893ac8769854

SHA256
4b73842e6558e3775848afa18e3d12fbfbdfbc22ef4e23d7399bdd255277fa3e

SHA512
5d90bfe48103fa00b0352eb198033f1a3d7e0f3c2f32fe3f35256db3c30984c79aff31b654a795c69c0fac400e1226b4bea8aaa1803486d2663f88c7eb4519b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c682d32252672137bc0199a34ce36fcb

SHA1
cee3f00311070ca8a083dcf99bb5013610156547

SHA256
b6f8b73155403968af5a7c9624748494b96eccd323ae2a76a8d767470377e2c3

SHA512
6d5e44146a95b3c679ceda6e600aae0e9bb9dd052ceb59b307340b9022df88243eaaaf553189763bc3974fb0f1e462292e116444f9c8bdf240ecc63a0783ec96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7aaecc354f4ee934de1f00ec1ee75253

SHA1
f8dcba390c0c57bfba057293eb88f2402ef9a9d3

SHA256
6060ff970406ad70bb282d9ee00ed01efc17143109996972e0d62428e7428000

SHA512
480bdb85d3c31c214bac63be333c4465af6916c39581a7af424182c6a4b6b79328965978ccf7d4bb4792ea7f6d4b3d163b80489310ddcc395c6414b10c65893d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1b85628c216bbf707d0c66cc67f6561b

SHA1
ef80452638259b415bc8cc85390617afe0398a6a

SHA256
f117f7db2ff88ab343edde9e3e93c3915890f002797383e9440428e877fcbb75

SHA512
1a74bfe02abd2a72a28c09a5bdf04be293068b7c755480a354cf2d8efc8b7245fa45e2ae561b85a3ce442168ffe56dd8242bb222cc4b90be0d471a393147ae87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2e9af49b8b64b579288d50060fabc54d

SHA1
3ca7417d1f141972ae40786f9f54c699fbecf3b5

SHA256
37130bd0b379eaa8639a0f3354c4df31c94a9545277a93ee60e6bfebe5db69f8

SHA512
44a910a7cfa66be32a55e5a6abcbe121248b9c80886dd6374bc1b69b14fd1a77065a09c8fb9ff97b36976dc0e3d1088e21c4e3ebc9beb3f9f7b16a64eb65cb25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
042c56c6ad7b6d55de1a4cbbeac54ac8

SHA1
58f4d447c5cca04b635a76a44eb0b62055057478

SHA256
8d48788690e30ce7c9172ee62811c20d719fdd9eee296a74c8c57e5467ba157c

SHA512
51149a28c1e8c8d31caf0386b4a88494262fbf89c6b1c6d057a5bd67be4b05c11757ad186ea203507dac713894422938f4094ab04c79631637141cd441491236

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9d0f486ae85bd6bb7e2b2c9b0b0c42b8

SHA1
4702fb16f8121bbc8167a6b1c443ad767d15cce2

SHA256
e98e58e15aa8cfa99ddeadd2a5cdc2cf01147b2d42a38b546a9574405be52e0d

SHA512
3d66fb212b910c4d5451f9849ddfea80ffaef44fcdd4de758b2664353d72ce2e95664bcdd6b78237ca57304a735be0fd183ebe62a90304d243b706f768d2b53a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ca9f8b82ff32fd15948697dc0f5b0fb3

SHA1
bba3a0d5e353f13318feb92285184cac83e28b45

SHA256
2c8d8bc3eabd2646eadedf577ad81326d09dbb9461399609aa77f19fdf7d6e55

SHA512
e77e61598c19af7cc30702114ccb603a92d3d1f6159d9938e521dd30b40e5dcfb0d62e2e1ddb94f869f84e5f503ba5d3b55653f6676b48178c6b5eff5d4c5bd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\63d73c7f-3966-4031-8677-d7ca4839cdeb\index-dir\the-real-index

Filesize
1KB

MD5
0f6541619fa61f3ce6cdd8ead722d3a0

SHA1
b38563dbc5f8893b3e4295ec7ee13f4b789ecbf5

SHA256
85f067a0cb2bc24a9bbd12851103fe47ae3a4f691fa0875d0babb818646aabaf

SHA512
022331dc7e7decd35aafa25faed0639736632ccbaa457ea5f968cf5e36476e1a9ef12e86f92b91deaf9791cc9e30e74f501208e85440e0065fe7d08440dbd849

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\63d73c7f-3966-4031-8677-d7ca4839cdeb\index-dir\the-real-index~RFe5a43f0.TMP

Filesize
48B

MD5
f095b82aa614f5a53f33c3b17f955a2d

SHA1
8526e0ba6e6712e65f80ab627aba1e97047db503

SHA256
32c623834db7519359b29a9eecbca1425fc39b50c804f491dca6991c59cf393f

SHA512
4084d6d4fa122f36f6d5813b199e6a141ad39baa11cf91459638d7238041c43072723b4404aaa347841d41f32224dd6c3be6c9d83ddeeddce6d09f1700654a5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt

Filesize
124B

MD5
4dc78cf0f31ec7aa66202cc9b46b486a

SHA1
9b51a2f7b83707e9a74dc78618f92e643580b851

SHA256
ded28602c423b4eb82bc855b59d15d7e7c7b2477c244edf54784bb302ac64678

SHA512
f7ea8e608249e0dd7e341e52a460fed6a2e818ee4a502acef8901bf81a3f7f01a8afbc4570fb4e01dd847f27d8c45f11489a8a9c1b78982639f7ee9f5eca3a41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt~RFe5a441f.TMP

Filesize
128B

MD5
dc21a2876efac32643cdc0df6bd4e03a

SHA1
00cb3287e65741e134e54745c1a534ce20e61ac2

SHA256
420da7294b77e974643623cac0f92bbaa630a81f1b1d261fe1929171f74f0aae

SHA512
18bef3b8f2fcec08007e0368d31684cbef133b7438321a92810cea948a431ff9fcb9312c1ed090e91a7e8c3153c42ba1f40d0a13702d0d7a47b7068dcdda9382

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

Filesize
123KB

MD5
828d7c8f4709487053ec35d38a50af51

SHA1
470fcf32979f6d2344fb5cef0a784961eb2f9dc5

SHA256
9eda91d9f66ab4cd7d911bf25160227b888eed0313cf624ea1a8021cded8713f

SHA512
6e14f04d2b2037e9a6d15702372afddecc8d63557a9691caed583d5b157b30295e4bdf33b0438cc3fa196c09fb810d719af5f79559292f3e9145d69cc58bc493

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_1

Filesize
210KB

MD5
5f70c8297bc0abee21570b488dd2c5fb

SHA1
a644424722dc54a43f4eeb0fe962b67af4341a1b

SHA256
99c0b8448b5b5430749866a49aab5404d156d856db3d270f46369a14e4dd3ba8

SHA512
08f11f574c0d2b69502cfa13a9d0630409f8b43418a8bceb828de38b7f34aa1207525bec37a7adc64fe7fd20062d7894b449d6b9d3ff373c73be945a61725624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
580d1e82bd1a34a1e324e3b316e9f97b

SHA1
5e6b4b196682fc52f73058715e29d97b1525bc49

SHA256
ca87d26e2c7bbe2f09b0d6bd0006be210d0cbcb8ff37e6f46dbf92110af0385e

SHA512
dd7df9e00c6e93533724177ebe2ce91b8af29e7a90d8a119f5e04e4e080ac571688bafae1515f58b0e2fbaac767a6514ac6ea10bb98f572c55213a9e39e54895

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
fdb2e6e882090aefdb0d244735196a4d

SHA1
d91a2c2c213f8351d724bdad8cb8f9ac9cbd982d

SHA256
21e7e727e3d1698598b154a27abbedebc61fbfb5d4e04cd61e3be48da699f6f9

SHA512
bc328d4301972d72133ffb0ed8f5be47687350e53cfa668349caee05624fb1c2bc3f0b26df7f2384f180946112a5ba26ef76f4386d7ad18760a2a028829600e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
9917c081bd6ebf19fab2b4426f5483b5

SHA1
b4f60e1770484e6bb4a63a8fe7f778d01e4e6453

SHA256
dde4fda89992ee8e4a9827a788e45437bbb9a78e4493d9bac50002a1ab86afb9

SHA512
5825e9e2fdfea75b6b4f23b91fd6b027e3b118db94aa6b3bf9aac8bde77e94e6211c4e92f520b4f241fa08bbb5fd8fba6a5b1cba1bd8a577596d883799a01b7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
b1ff35e0829bb5da89b3861425882148

SHA1
4c4fadab4cdf424bf9214e9f094fdcfe01c399aa

SHA256
2c04cd431c02c143f8ced84c6550aec65c9740bab29f34859cdae339cf89a7ff

SHA512
77ed77df22274f08df5568234e480304caa21113c07fed27baf218c1e97710e53059640a170a8a276e8a8c210e5b45352d4c2b444c684e02078b1174b66d3024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
826c7cac03e3ae47bfe2a7e50281605e

SHA1
100fbea3e078edec43db48c3312fbbf83f11fca0

SHA256
239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab

SHA512
a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
02a4b762e84a74f9ee8a7d8ddd34fedb

SHA1
4a870e3bd7fd56235062789d780610f95e3b8785

SHA256
366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da

SHA512
19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
d2ce1da0330385cf2d3f28e1d3dab81d

SHA1
2e1a098bcbe9ba8a04325add39fd1fffe3070481

SHA256
6847dd4766feb34e0c8882cc98ef52a57b620a625de94727ea02103f0987df45

SHA512
c85b324cbef53c189800a851872716baf0c3c97bfaf0d9f1cebb8476c982b3afa66c282b0c50d5918b8197db5d39eedd2a3082e76ff190eb36400158871f8969

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9459fa03e7defcfd38d42a526c89bce5

SHA1
2ee4cb2aba061a5a3b83f6a5a9ab82e4831a74c6

SHA256
3bee14327437199f78fc26c2ef3eb7ec671849ea0eac16749a4d776cdf40da55

SHA512
1e4fbaf40877a4fa72558622090d0b1826f8cc660e258b846a6535dc9083ea4854a1c5e813a4b87b2ce114ba450e657560f2d5a6579126db55b157b5c89226ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e338c6700c9752101104960e41217800

SHA1
23725481f20466fef534a63167953f8948045b26

SHA256
690ca10c089227ffe379d96b238645d69df9143f6798597551f80a5cbf818253

SHA512
c2df97263828b725257bc0c186a4ec8547773cc352d18e9956ae3f9cd9bf6f6c356b7d3ae3f4550d177a9361e1566b6b779b6eb2009d3c9d4579b65638340b7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4b20431e666f378e970ec8ff497e4912

SHA1
5be702ee611cef6d9170153d7d48f94f4116136a

SHA256
c83e3fd0a6cb83e0f86043ac78d8c2fe2493f3e654e590bd82374a830f708f6d

SHA512
1f25ad2a1ed916982fd471a89eb86f76e8f9f3a3183faa844bf6c001f3c3364ab2df9476ef5e384b2fc654f637e4d5723396f458b43a4ff480577f2b41bbe5be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8624c5b1231b7046c1e8fdfde2e1d583

SHA1
b241ba764341418bd318544328a90406c5b3f758

SHA256
6551839e290b14af9659fc9743d4adefd070a2101a053e85a669be03d0368b8e

SHA512
ad1ff94a46a31bf08a4fe62a4de3d69ec05d48f38647703aff3fd75c921926eaea95930b80572fa64664154e7ea95e25e13b9bed8869065541f168a7b426b3e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f776a61fd6304186ceeac3d77c9bcf8a

SHA1
01411984a876969d693a72eef2de689e008bb0f4

SHA256
4cb9a1f18e178ed69f5a69d33db878d7c2d26d97f441ab231154f99c2cd3c794

SHA512
3e871a33fc536b9442f2886db21bf3c94a8d99928a66d17f447d39c4f39eea74ba16efb89565aea78ef4628858ea92aa7ab4c8ef2537323ccfa6e0aa1116b9ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c500914afe7f9d099ed48afdede797a9

SHA1
635b178e6778fe53a78a47b5460d9b0210991c36

SHA256
223a8adc07307ad8db0cec882a68aebf10cde8e3dd252e575c14e6412a5916df

SHA512
aef01993be235f812ab90cadf22f124d013e6f3e004d1022c86cf9963fadbc4498d3452e2a3d6ff0b3f7f2fdf5f42c81cc5eda6ef34a08653be02ab695b1368f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
878d0cd2640a73309d9754f924571fd5

SHA1
91ab9be2a0aaff2bab14acad81463544d0ef39da

SHA256
6e40c86a372c3eae22efeb65ee3649ad2b8ad40ced02b7c6c8db763784582bae

SHA512
62a10a5b5b8eedbc871b47dd52cdce24a93e7347f844faaec017f81b7457500bd7fa30d8386ab1b72714e6d9fc654b79fcc358fbdce268589fdd493fdc63e3d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2b1cbe4d9eb7d3ecd477b7271988ae8b

SHA1
571d3e0d95a3da52ae58f7bce17f65bda0a81ca5

SHA256
d24b45fa3e8d91a6cf4f162b465cf8c98395e58cfd831f64b0a777b4b1d2af89

SHA512
728eb35b94390a631dd34595a73e42690da4d6af415631315a138e0a018d5664269c94c01b01de4f11ebc60e86949e2917ac0a107368ce40583698c938ee747a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
161cec04d06a5d425c32d3ae7156de5d

SHA1
c890216f36b0b5121bed967550c4868cdbb8792f

SHA256
934767f24f74b8cd3f7b3dcf252f2f7a827362dbad9d28510f9606fdb2d1857b

SHA512
f4aa5897925d891a37a572cdc2e9ef7dad94a7527ef19a904e89230cd6e490a9c50b3ae68002c66fc2dfacec0be5e604b68030badc95f1e9a7f7005f9b453c75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cb55a80858c8549f151705714e0f9b80

SHA1
9cd1815ed548dfe0888e374dbb8d54ed2119f40b

SHA256
afd91bc1f35d99ab5d9a8be68a9c9db02276027c153601060586815f3b0ec910

SHA512
9eabd412ca925b44ece2f25890c2344e530c124b1e85cea3b3a73203dd640b5546fc8df249f1918cbb10ae69bd5ff85f3119cdfa4594309bf2582683a9280dd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db

Filesize
1024KB

MD5
8b441006b919f3b1b436c33d1173d172

SHA1
f3d713b345f7a45eac2b8bb4501b03e5dacd53db

SHA256
aeb8fbc8777042ff6a4c3653e5e862ff06cc044ab396a2534db4ff6be58b4422

SHA512
9279745ddbd9fd57e3f893d1a9bcf6a6d3086be304f08b4714c0d65683d958f849b34d380f8c55241b984b2ae28592ba4b3c729b44452047f21c0327983478a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db

Filesize
1024KB

MD5
7911f9388ae340c160201aeb2695397a

SHA1
1c492272ec5fb9607d4ba0dabb85f9accb8010df

SHA256
698996b0dd72a706728130d795f64ee84fc8029694f4cf351453b487d9b0b37f

SHA512
ba597b9d97144ace98cc786c9dc35bd8dfb620884a4ad4052b4faba7c112126aa6728bc38193b5de7ddc7bf3d358749b4f47ab8c1a0565b52860da6d41cc6d7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db

Filesize
1024KB

MD5
44d8b005af1681a51c5f643aaf9e3700

SHA1
1b312746eee169b8a781663379bdfeb07d00fd81

SHA256
096b7ad5b4eea5cdcd79364cf3bfd85fc13cb9cb9f044ceeed87668fca6f0442

SHA512
2d33732c4459d3704a51f6955a313d08adcbec6e350fa14a5238844e5c506a4ae7269fbe6a6d428a57244f39ddb87d8d8d64c05f5c5a62b113a20cce03d791d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
7KB

MD5
c80c6e2628f33c49383354413578511f

SHA1
3f8fdabbb148d26423412061f9c0ad38854ea60a

SHA256
063ef5aa385c7aa1fa24dc9d8b12e932474daf021aef44cf6d9244cbf6c0f408

SHA512
9b4399fe0fc8afbf15cb47c5a1a8176ded323bd89b9f9c16af5c9466afe2c2ebad1f3b480b649fa4825542be3c41981abfa518901c9da370ec0021040ff495cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2afgw53f.jvd.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg417B.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\LICENSES.chromium.html

Filesize
8.7MB

MD5
bd0ced1bc275f592b03bafac4b301a93

SHA1
68776b7d9139588c71fbc51fe15243c9835acb67

SHA256
ad35e72893910d6f6ed20f4916457417af05b94ab5204c435c35f66a058d156b

SHA512
5052ae32dae0705cc29ea170bcc5210b48e4af91d4ecec380cb4a57ce1c56bc1d834fc2d96e2a0f5f640fcac8cafe4a4fdd0542f26ca430d76aa8b9212ba77aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\chrome_200_percent.pak

Filesize
229KB

MD5
e02160c24b8077b36ff06dc05a9df057

SHA1
fc722e071ce9caf52ad9a463c90fc2319aa6c790

SHA256
4d5b51f720f7d3146e131c54a6f75e4e826c61b2ff15c8955f6d6dd15bedf106

SHA512
1bf873b89b571974537b685cdb739f8ed148f710f6f24f0f362f8b6bb605996fcfec1501411f2cb2df374d5fdaf6e2daaada8cea68051e3c10a67030ea25929e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.7MB

MD5
2191e768cc2e19009dad20dc999135a3

SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a

SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\ffmpeg.dll

Filesize
2.7MB

MD5
bf09deeeb497aeddaf6194e695776b8b

SHA1
e7d8719d6d0664b8746581b88eb03a486f588844

SHA256
450d5e6a11dc31dc6e1a7af472cd08b7e7a78976b1f0aa1c62055a0a720f5080

SHA512
38d3cac922634df85ddfd8d070b38cf4973bba8f37d3246453377f30165cc4377b4e67c4e0bca0ffe3c3fa0e024b23a31ec009e16d0ab3042593b5a6e164669f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\icudtl.dat

Filesize
10.2MB

MD5
e0f1ad85c0933ecce2e003a2c59ae726

SHA1
a8539fc5a233558edfa264a34f7af6187c3f0d4f

SHA256
f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

SHA512
714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\libEGL.dll

Filesize
467KB

MD5
3a5cbf0ce848ec30a2f8fe1760564515

SHA1
31bf9312cd1beaedaa91766e5cde13406d6ea219

SHA256
afef052c621f72ba986d917a9e090d23a13f4ab6bc09f158eeb73fd671b94219

SHA512
bd5713e1d22145b4cc52f4e46b464f443aad6f783a5793268e7d9dca969f27b70e706eecd54cb01be1c94256e6a95864c6b7e50027cef7fa870cdb16820ad602

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\libGLESv2.dll

Filesize
7.3MB

MD5
c783045e4b7f00c847678d43a77367f7

SHA1
7f9192ce0b23ac93561aeec9d9c38daa3136c146

SHA256
3a39137dcee6cb6663ae9cca424b6b05cf56c0ad7e32fb72cb94549ea9dbcae8

SHA512
64e6d4fc84f1217ceef05a22ad63a6618ffdc470b1faf4ad9e2d7bab59e9285527b9c5fd7ea4be673a08b9466434e3c098e839bf6955597e3d8aa0e80589f4a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\af.pak

Filesize
478KB

MD5
9554e414159d76754147d7e185056094

SHA1
e0fb0c95cef8e8d1ebeb11a6e2ea03b9067d799e

SHA256
f402c0d8494c9a2fceedcd7845ddf43b62e7d01ddb1d9c8e132efea83b724824

SHA512
9e8b41f69605d7bd426243e49b0f22347b211f7d13038ee6350d86d06cc7274bb2ef1918e27548802a5437903a653d86fce85338fa97f8c9642c0e74ed59ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\am.pak

Filesize
776KB

MD5
92ffe73f193d41c5a90303955b2da67f

SHA1
1d4136d8bb752da2834ebf0f4f62de56efefd78f

SHA256
325dd137903fc0d9e5010a62a314d9c6984ff82afbdff2254f7c48bd03dda06a

SHA512
6c4f0aac10276ab84ec4e63ec9ad0e20a1b3ce9d2368ec966cc6471600c3d28df8f9e501b4843bafa5bcf2aab57242559ba430d58853180ea653afbc8f468e67

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\ar.pak

Filesize
851KB

MD5
7608398c66cd0b55396f7250b3c8747c

SHA1
7e8417dfc7055fb9ecbe7cfc97a8aba0bd5a0e13

SHA256
3bb407fa588fb801ab241e8dda018461b54010a38648c3acc1e3550c0dfbd75a

SHA512
5dd757e4f114782eab9ab8cadbfe3179ded594285b3d0f7f6fa5ca50d80d866e7c8ff6a1f44deba8bdf09c04106de635c1da22597c008023b1fdf1cc747b6f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\bg.pak

Filesize
885KB

MD5
c80a2008d9f61c182430a728a6e059af

SHA1
2f2aa33573156d9939e3fc81f8d81de4aac21e61

SHA256
5947f567ce1f4ab945dc6dab1599422d412f4417b9097905150d669122e43f7d

SHA512
016ce835b6bac4d5b38d72c0b3adf4d6b4e0ac04677d70c53e5938acd28b12220d2878bca7875471d008b779ea6ab4972a9875b44304e867d0bb5e4318c0edc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\bn.pak

Filesize
1.1MB

MD5
d179d38e8b9f7e60a943e2fc9f9471ad

SHA1
8d109081959d194c82b89fb25a514a65233435a7

SHA256
a45279ccc13390e0d93cfe1e33a7f276a5d9e97f6aefa6b6e14ecc4289703bda

SHA512
fa6f3e45f40e1e48f191e4a65f5d15dabd7058af4537eea3e34998dc67dd250b00e52d1f07b10a73a67a15aada4523e50f40160d98a5f37ef4684a30ff338468

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\ca.pak

Filesize
538KB

MD5
bd846046383d64073da6eb192f5cddb1

SHA1
6dd4bfb982101ecafc14eb35834caa1fe5b1e3f5

SHA256
1dca9a7fcd850aecd48288999b436ff7e70cd4a96f47b40319759a800fb8eefa

SHA512
521ddf6e8fb444b911212501825392562af14cfb5b31a80707fdeffb13c8afb04852b0e3f7e3363a1c3a37c5c35bb1cbe84b458e14e30b5e8d8cb00a6a349ce0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\cs.pak

Filesize
555KB

MD5
926b4d7f540ce0b1912e5fb6383dabb7

SHA1
a7adbc83ef38092a90d964d61359a6caa1253090

SHA256
2964edcdcb27b2edf73515615501d8af28ad94b5dd31d2794f2624808c74de38

SHA512
bf6160e46eebf16d6b6f05d330068fa226118457ff03277b59ed4e1a6d2d28b212155cae2f48c34adfa81d20ff71e4206f25052257559f4768323b342dd16278

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\da.pak

Filesize
501KB

MD5
c54edb2260d2b907049cdd4772d5313b

SHA1
a12f623e6310b667a9c38b4c9143920d08564377

SHA256
318a9ec9e9fbe35d5d8cb9b719ecfbe1ecba9d8f246876c949c082107b439ddb

SHA512
4eef045080fecaf55bf2cca7d72d039b7d7a7b28021b649becee320a3a8c0753f4e0e5f869a188813e746bad05fd08c726b5c25f40ef9555967fafd93f7f6989

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\de.pak

Filesize
536KB

MD5
5a252c49719970b8fb33fbc8ec98971a

SHA1
931834866af36a9e25582a1f631a8cbc965a8e84

SHA256
d5746f48800efbff7db9d1bb8d6e5a5102eb7d79ae136e0485fd427be1ca63a1

SHA512
d4e6ab68d0b1a564b886c8bbe60e7bf67c3f71e6fc70ed5bfbb63a974f72afce62e03559f29f46a424908c256e990ff6cebeab8fddfbd79f6deca997cf7117cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\el.pak

Filesize
971KB

MD5
35ba1b364ecfff6486daed2a33cc6431

SHA1
b894b392d400fde4d35bc3b4edc130853cda340b

SHA256
c0434492be64b08f9ad00bc7cff65314822406dfb0c591fea0df6af9b6fc89c5

SHA512
5f5d2cf1d5c8158c62fe310338bfb1c9683ea2f43726c9f02fe6d2c29482e3211fd3d61a30dc0cf738549dc7047dfce0dbac36b9d22dfffb558f118fdbb3d856

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\en-GB.pak

Filesize
436KB

MD5
a44922cb4cd8816b9ce3d018dba9e6a0

SHA1
2ed3a8bd4a11bb89d3699f583372ad7aecc46ddd

SHA256
e0df967ffdf872f0a9589a0d74d68a742fa9b956add7a6736b82aebd9e8f02d3

SHA512
461b04a170c562382f6c1022f881db9f6928a36c962a2e3aeabee62dd4c46e08b59ef33a2d1d26af21dcc47d00b0c51e10b43f14dcd627f84104ab4f31a9e526

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\en-US.pak

Filesize
440KB

MD5
731c45f9f23957acc11b43d775758aaa

SHA1
12e66417a2dc0c5211ed67f026208ef02fcb40af

SHA256
02b97817b6eebd7caeaaff750f6462abc68911c398ddf0571b7900ff9b4ea9a2

SHA512
1a008df585ef76d9cf4459fc3e617b8d4397e7078c77852712fc7cf4f304081bc5195243437e64074016b05a8cd671db93666042e59b959595ba854ceb330a81

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\es-419.pak

Filesize
530KB

MD5
763f8c8ce092a3d64bbebddf4169e108

SHA1
89f2834c1b4e3f84870af29650bda6fe360350f5

SHA256
0c816f00b15d59809d30b6611aa455ea1bf8b022d2f887137f1c9d7a5600d5d9

SHA512
8401cec52e80a5136543473b317f0e2d920008c83b9667605cd0deb9fa5f933deeda0aa475b436520001c6a7c91118a4d9b11e28a9f4b31271662780e678dc06

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\es.pak

Filesize
530KB

MD5
f6f452e9fe45b56b489b2e99c99848d7

SHA1
c64384626ea966d3a24dfd4d6c2f42c1cc082d2f

SHA256
54f85551269c8b5f3985a09d313fdc04c4595e5058163cf147ede049b8faa605

SHA512
f3c50308531f9654ff394cbdfdcc6029c60dc6659fe60e0326b4855a31f3eedc86f3df82a96a9e7691d12c7a69079c4abe2722f599aae29f48b291fb5a39a3a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\et.pak

Filesize
481KB

MD5
97918bb7b36900705b1a53b7851db6b3

SHA1
f8cca656478c6e15baa8f344dda2704087f54776

SHA256
8021814965878c4913d1f9f9d226da49cc2a37746d976f3b84aad7fe096fd14f

SHA512
6daa8f56c231cfd7dfc17bb5d5c56afca9490f953f22c92365a1f88e995c3a1705de98a725177001bb449070c860fd1c843ee0a499c6dd8321f2e6f4cf914da9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\fa.pak

Filesize
789KB

MD5
04f629bc5fa6d761f1d7b5dc28a6b97e

SHA1
d80f74a2b6508bae49b8344809062b48dc2b2dc5

SHA256
9b5334e4883a716c5616c859889aacd7b179b30ac65e5657198eb4e877700f81

SHA512
ea412096170ae29b33f3d54f17fb9f2f5a41035df56e2af9596ec7c15422277943c5c651df6b3a232aca4e979946732bec496da03b3e47e0d4629675751a4c67

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\fi.pak

Filesize
492KB

MD5
3acdfec7edd4d3eb473f0deb32713c14

SHA1
41fdd4af5f9fa78f4f81d3996ecafd69587f05ef

SHA256
4bf099ac8a76449bf597caf005790f5c02efd533b9a329c5fdc460d38f77607e

SHA512
b167caf1e5ff38b0c80f891715866a7754e9bf3f1479aa1faa3cf3e8ae7fe9b71a87109239750f71855330b6d20704b43e814f188672aa52a5dc6912297f1997

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\fil.pak

Filesize
556KB

MD5
89a63085d14b1b80f259e166e6ffe56d

SHA1
d1326c879a6ad203489226f7c5be08c897be71ac

SHA256
00b8cfe6131499a8a67a51dd8560a965a2abb863d52635dd3931df0479c3f5ee

SHA512
ab48fc4bc604648b4cc010a530fbcc5138b9d0a0f09398d2a69b6219799a43a052722c47dba96c9d001b4f6ddd491683c0a871c19ac2abc12843e68f9d4c2cf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\fr.pak

Filesize
574KB

MD5
6708a286a0529ba7bed9840d53035be8

SHA1
af289ed518d9d90c75b69a870615e3f475c5d0e4

SHA256
7169684ff44f342b98648839b8963916f7323115dead332c2471baed6264b80e

SHA512
b329798fd85eac1505d0af5cb827ba11a5850eb926be39b414c40b5fdb56432db5f3dbc45237510bd4d1174c1cd62f623c6cc8ab10eb0ca51dea5d5487f0b0fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\gu.pak

Filesize
1.1MB

MD5
ba34657d3f5ebe61b36a807c4a053d72

SHA1
163875c4ef39e3473d9d5aec4b6273f34a90a02d

SHA256
8c762963cca8eef2cbd39bd7bcd8b809f3b57a75353e687743894add9c19440f

SHA512
cb1c4adc59c3e99f819645ae84e3e6b601b340e05ae2182c0b1568bbbcd3eabf7bf09ef34e5d0757530997d0734dc52dd744b8b0edbb3702a3c06e29ba7f0c4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\he.pak

Filesize
691KB

MD5
c47322869b458a1cd231f3dc385f80fb

SHA1
4155444dcb69c5b64711139cadb32a6df95ce3ae

SHA256
9e5544340da0e0aa28298e68765716a3960a28e50d86146b5324fd70fd756b41

SHA512
ca4664a9acbdd5896c6a0921e09d99f1a7ce3d7a80338c1a4310ad499a5a2cbb60ca074a02fcff128789da0a4cf82d3869f83836ae3ae3171085e58d6155fb73

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\hi.pak

Filesize
1.2MB

MD5
6d3ce5a6049eda31ecbc55a9d3abb163

SHA1
100afed265c77a20f6636a0ab48c8a723e30b087

SHA256
8dae029a489f1bd7530650a9cb1be1f03741e1d7018503feb3c78759da8af531

SHA512
3668952ea707da9ee8fd3753c04d5dfbed97685b76dcc75dcf8d6a3699a832c3ff0db9cd40810f6ea9364f2b7aff4b1cd68980c74b59808fcb4900a36d933bba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\hr.pak

Filesize
535KB

MD5
2f7462a076c14f2c2733a41dcc5ecf1b

SHA1
c453dbf62d1cfe85adb64ae374b6a79cff2ef97f

SHA256
6dcc7d5d771475874471b78ee84db0230341f8634f4b38a9cb90c37226d70b00

SHA512
f1df750b779c908547a38b49bae0ed8734fe37cd96d3502186926e6cbd657c248c528cf9944353dfd26695ab384f17f22f0bec251e65a20906da4d67852cc516

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\hu.pak

Filesize
576KB

MD5
f55e37076460b2e8b5ed0f414618d256

SHA1
b313287de6197f1bf9f9770e3d2c99e70c4d8179

SHA256
61854ab102bc57a7ad7b85a4fa008c3f071306838ba1a0491f68c19153decd49

SHA512
e8121a064a3209878f24c33e9c20c810c56aa15476909de1ce076c80ef635e69a60ac655b7714a116951de5b99bb690827edafddcd5e6b00ee6310807d78ce58

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\id.pak

Filesize
475KB

MD5
260d34aaada70c9d491bfbedcf5ca8d1

SHA1
5fa83a3e53e6aa9eede9fa34a84eb55ee8493314

SHA256
64a8a25717ffae1855114d84b02223ad5b3963c1c6a21c826636146726d0a8a2

SHA512
a19ec6fae22689a8f851c1a782eb748ee9f38dfad89f05291c01a6070b24a8a02fac4bb4a441421f411966e8bc08e996900871d498efa307ac1793191710ebd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\it.pak

Filesize
523KB

MD5
cfb2ddc4caafd038db00c1e7378d316e

SHA1
2573f32a41735efde916f0a73b415ca689c0dd36

SHA256
9395bf9a547561df6cd20d8e076452369cb72184f215448d1acd802dccf3a47d

SHA512
8a02ca980a8de8af8b179d610ff25557f81f67bfb5a9f82511641ec87b378a2ab7214d5ec681797acba1a865bd726cb9c5f609647ae6ee71a393b7e16fc06f8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\ja.pak

Filesize
639KB

MD5
d84e12cecf6e4355933ed68816f090f6

SHA1
eb35ef52f341442dd887d43a52af7f02926d5288

SHA256
8de18410e38f4036367113bd4ed253a4957709d87e0aeb11134742bc89e16d62

SHA512
9dbe703493acb7b48ee1dbc4458ce0b9d757419e3fbf01379bc8dcbd22cc30a99348f7cb96840c19e873d6d97bb4d1a3baa4fcd6e0d332480273020a6e13a375

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\kn.pak

Filesize
1.3MB

MD5
a4cce1cfe646eb2c268493603dcb358b

SHA1
aa19ee1cdf8776d07bf35614ff063aed5a798ef8

SHA256
01250aec7310bb59e0e847382325f940ea2cdab00369c1c7efe2f340d01ff806

SHA512
cecb7794a288e879324e74e7522bee61a43072ab58a289b686f1d48d98fe9a0d29a5505b8c891fe411b823c3d8366d6c1cffbcc1deffa6c7d3a04339a769dbc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\ko.pak

Filesize
540KB

MD5
c21dde26f43530135ef37323b00dc1fd

SHA1
a118e9713b155bd2999f04c3075f2e1bb05bffaa

SHA256
ff88b56be0614232947bfb07e6beb88327a18ebec98cece17caa9b7cd8e6dd24

SHA512
0db144f03992c41c3703719e985183a6ec988265e5a629d09bf683d9b208656d605565d6b5597cead909c814f25ce200739e65b1327172afe10d395a5018206c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\lt.pak

Filesize
580KB

MD5
93a0a8181e8c251a2375645a552293d6

SHA1
57faf2e9f965a49d5294cf9759b9b50d87c2ad1d

SHA256
f87b2baacdde69b2b24dc7859d47bad0844cf4d275072812aaf4eedb10318450

SHA512
51e1ff74442cfd51fd2fe218755335ed99e4850c8266425b8d55aa0abde2712ab765ff909d6ee620268ade9d7b51a93be659d6a52143da2abf4ec309bbe9f2fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\lv.pak

Filesize
579KB

MD5
07405dc51eddde72e367737c093c20db

SHA1
c66b8eccf167060c43b3c53631fc0c95b3afe05d

SHA256
dbc860a35ad08e4f502b8784ca1548110d3c7334478f6c392db42f52cb3074f2

SHA512
98f276fc137d6592cdbc1c804dd59983e290409bf7908137627ab114ab485e332f568d28c60a35d1dcb3d9753c2d1740065c654396af5f56f0dd5e1dfcffcf71

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\ml.pak

Filesize
1.3MB

MD5
70c0c80fdfc006be0ff502e0e6115b2b

SHA1
43f96be4652ecbd22677b18ffe2260b79bcca19c

SHA256
878e268428ec7aa51105c921740931c545d4ba6a274b367c52675c90741d23bf

SHA512
c463c5d91b3cae6b2c70ef6b7e3758bacecbe76088d813e2632bde7939c1fb28bad3cccf914a14861b8611a490ea74ef2d8d10e7336b203d12cee9904e8f9423

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\mr.pak

Filesize
1.1MB

MD5
fcaca3a4264563461b42b16d8fde4b02

SHA1
af37d4e73588d4a6d3d52f2dba67414393c9b168

SHA256
362df1aa112a0a521617c0496087b3547a242eb79a5416b8414c5798f31e187d

SHA512
9114dc4e7da2affdcee5c86b1f1f78e47279c31d0f76c8deb1eac545e0268b9592463bbe1a4b433ff4fcab1ad4a596655b775608515bf7455fda550d3bf47b8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\ms.pak

Filesize
498KB

MD5
578dcc1aef901d00a57f2698a6e15826

SHA1
4dca370c3b22f9f54a62d31166a84848336a8fea

SHA256
e5e77421c5fca5b1eaef96fbf33c345c63119015986163cb43d65075df6265d0

SHA512
073aecedf4132faef7e896e6840bb6297e866a06fd65a7490f0a61179013f27b6592a4fb2be91cb5e139c77f6db7695bf60e5788154e51c9ab7889f6e7040a33

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\nb.pak

Filesize
483KB

MD5
c2c49ebaebc448cfeb7933ce2cbd6ca6

SHA1
c3efca0fee40a3daf7d69768d7659de60b3e2c4f

SHA256
67d997fff8a24eaa030eadede7f5345fff5e954e96bc8f36d399839bed998774

SHA512
c500bc1097ed9077742c5708bd55dc4215c45f751522131b8203d7ae802d278ffc3a9ef607325bbea5b650d594dde0d74e7fa4502e1a0f905534c32fa1521bba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\nl.pak

Filesize
499KB

MD5
9229e4ded3219c948747a4dc9a6a5e32

SHA1
9147b2f2ac3837588aa3b71eb4a255d29cab0e74

SHA256
d88b02d74e01b9350d3ac9c48fe08333ca9c68e3e3824d64fae86c5b8b531feb

SHA512
8a81cefd9fa718b18de87555cb2d5c8e87ed14921fd3a0247b47988a1f3896d63b16dbf86fbf103097c73181473c37393c0f4e9e0a07d95d847aebcad526e8e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\pl.pak

Filesize
557KB

MD5
ab94060826404cc09d5fed31f63cec05

SHA1
20d1cea9d2e60b9bbd4fddb38a652856a3561008

SHA256
03258ecf731487231cc7eab8f6cb96e92b7ede4cc5b63c3def6ba08e0f16da10

SHA512
a9ec28912bdd2b8b1e1b3fc4d5c76139253ee4ada8f0d562ecd611d7366b0cdc97c379c5ae93c9db69eb045d8834cd0e1e0ba84813ac0071b5a2bf6cea81173e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\pt-BR.pak

Filesize
524KB

MD5
f18cae95b8bb6760d370b435235c5629

SHA1
eb62bc4249ea8e5688c67aa65bfa2b628fd5e1d8

SHA256
952234ef1d2792204f4e65cc814e9fc6dc007610668ceffb980c74fc0167ba0b

SHA512
218e9e4e59c875fe7931f16e6df877f67b8466a5e8a5565a1cab0f091b40b0652eefcf205536f5f4b8697966aa201092c26249142dcd8b40e055529e23ef7819

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\pt-PT.pak

Filesize
527KB

MD5
4aa908b531adedb0ee795704ab72e248

SHA1
2ea9f4a7e561e70b06b675b3fe35ccb0f2a12fca

SHA256
72ca754dcb34c54b72087ab7fd5a4a3fa03e09cd1ced906d99d6525c7a19ee9c

SHA512
7d4a1add737136acfc7ed7848b0ee54646d5c8aa3a54addd7cf0340ebf42b58f6ce2eff56a2ba94125475e7b64989d06fedfc8b1ee41ece63b18b1f95686ad08

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\ro.pak

Filesize
546KB

MD5
36f8327b36f2c6c003f864895968af2f

SHA1
248d88aa9fe46cbcd013ea7d7270f8483215c073

SHA256
6343589863bdd2ae81ec9c33e335048fd8792d2c2e8872f91f7a325a1f0d97ac

SHA512
bb03b5af3ddf676dadb35d5b94f40ae1c95cba2e7175c87d128c319e0055dd91f412883daace89fa33a17b9761f1cd7bccdf261b16ffadd6e10da594445c2c8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\ru.pak

Filesize
897KB

MD5
a0072d84d1bcb2fa7bbe7ae4e06151ba

SHA1
b9227c6cd4ff9f6db6a8edf694c444beccd369f6

SHA256
8c169d6995d97feae8b8ec947be27697ca0ff731b593fff36163e4f31969a6fd

SHA512
fad335e81a24427f2b0a2853733da94c9839139a7982796bf742eacba306ecd9998914bcac49b925d5bb18953091a4dcc62ea6a628fff125c086099cfd33e3b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\sk.pak

Filesize
563KB

MD5
e9bb6352cdd0f1c2fdd543a48ba076fe

SHA1
50053620d7be5566bb3ee588feda1a4daa207672

SHA256
441155d63257beaac9e2998afa1a9e65957286ed1cd9e0670072a63e24ff3f8b

SHA512
c1f87c7976159c8ff3e28185adcabf93d47ace0dc9b95fbaa4d1e5ed9ea8257263276880486a4c17a68a5869e6ec640eaf81f5ae6c4481e351e73e7b4dd9dd9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\sl.pak

Filesize
541KB

MD5
299acf51d74b95ae4272730c437763aa

SHA1
8a0ff73f37d830b6677e514371a5825631aa455d

SHA256
26e29cd70c4143d7e9fb65e86e02c9173997f2fc062633a5edb2b7df55942157

SHA512
d7d298a4eb476a3cd4411261058f6f9409d0dddb3756cdc1e27e64280efc8b84fe40afbd92c754d56f58ea333623b0481766320b5969f5dd71f0c2a93be8ff77

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\sr.pak

Filesize
833KB

MD5
02bdb4d99bd466eed5fed3445560d52d

SHA1
c24e1895145b3066840be0d349f5e866e46e2a39

SHA256
ac09005a83d4ac8f61855c7e301e48a753d2f3558a04cdb94f23b539e2086e54

SHA512
fac7bcefe31f41b6e37f215f271b33ab21dad281c1b0bdaf28769c99e31bccca625f213fcfd7c0047b3e2104a8f51b2ebc5fb374b32f58ae22c4130e315aee1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\sv.pak

Filesize
486KB

MD5
eb39645ebed4f980ab12585feae2f4b5

SHA1
fc7c471b93f59bef13f7bb4669e683385a8b9dec

SHA256
ca34ee1c147358b5e32b5829acc0c355708925dc8df91c21d8e495c7485fa5c7

SHA512
5fb25d7dfca3483967a5262d2c62b5d37a192f5a7a19dcf6722a9a8753e299e567bf7f26171859c374c8d035bb521fb4eddc4821aebf9ceea1253c63e1595c60

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\sw.pak

Filesize
512KB

MD5
e2958cf2ab6cc74551c8360e6cc34333

SHA1
806aa1129f228ee48744cfa55d061149b37522b0

SHA256
51482431411be2d89bfc026b9acf9ce1a0fb971376468a47829a15392b47178a

SHA512
1f5f306b7233279800d18fa461f4c94ecad809b2bb7c292fce16abcac2e963f7567a86e43a3c950fc86bc73b4fef8451389fc57ac6750fe7546afad8ae00f589

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\ta.pak

Filesize
1.3MB

MD5
474a2016df48f886e91fb9fd331d9bf9

SHA1
2548525143292d7d150f5014b44ef294ba7c4189

SHA256
75638ac7fdb226c0840d5c2edf763bae35afa1f47e89199d9724ff46c003a2c2

SHA512
a4c2c2c046420c77948a0479cbd2be3aa11c1b347eb508d020231eece5cf0c2cba8d4f6a0e9f875dece4a16413157fd9e9f1cf09e1746335eb11e8f8590cd013

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\te.pak

Filesize
1.2MB

MD5
1f20952c1a61fa6e42a7f055de8986ea

SHA1
301ec89ca80695865d884927c4c07c6777fb321e

SHA256
caeba6c853a0ee12a802fb9f610a95c676071414c1d8407d18b05f2fe8ce6bb7

SHA512
c43f5316dff21cd08f86e0d3d7c407449cdc751ff466683dff9a51e3a07bda203e8e22064bf240726e6e389b661d6dc2bf5ed5dc42750539990379e513228d53

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\th.pak

Filesize
1.0MB

MD5
7512a162ea0b65dd9477ac8c190136b9

SHA1
ae5fbce9516882a0d58da9ebee3c767c7ba4c305

SHA256
d01ecd4edecf1809d5c2133366df2502a4621e88d894817e80b913f3a0926fa4

SHA512
425fd803cd3ed9589df5d04bb8ca4b62af0e573301d31c48a1a05bf3b707a0672e1a033965946223e5873a98eb3c9d52bcdcc1296a08cb4971d0b1b6d2e95eb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\tr.pak

Filesize
523KB

MD5
4727af70df9094888ba46f3a62eff264

SHA1
d2ead301efab607d040c69c238a06d3b4d080717

SHA256
026fc65ed90fe356ce2b5e2b459a4487512d89e48f0ff8b044d6739ef51c1658

SHA512
5bb8dd6ad100581a7e0cb87b57e054ab23551c263144f7ffebf729b2280a1bd95e92eba9c64b80e2f77ce59c3c4315ba2b5253ac83dbb540828e7a59a70e74ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\uk.pak

Filesize
896KB

MD5
7f8d31b43f7319164bc0f6453bbaf007

SHA1
4be254da0ccb13040489403cc2d8015f448292da

SHA256
e33b1a611feca93d105dee7c867521b5fbf27da38532ea3ca0aec61bec7f6108

SHA512
9569bd24aa5d2f9b0a13784f5f3d98e636f72177c7ff7a14c7d390f1d5f0b39ffab512276f70e4d2df0d37fba94a2c2322a840ba303a4cde33ccb20f7980395f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\ur.pak

Filesize
782KB

MD5
305d39b5de5a1935d786da4bfc736dc5

SHA1
8dd952fea4dae937b9f87d229638cd22ca197a8c

SHA256
b551a93a300ab78ee6da5087ea417584c4fd3941fbac99c84c9c58be2c88a7e8

SHA512
d75ef12a56c2dbde5c7a1967297270f7d717a366776f6b2a316784f033c71fcb9d25dabc857398e8459d8ac40aae1bae59e82f551e00e9b96bfbea00a54fcde5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\vi.pak

Filesize
619KB

MD5
593d33203c539d027c5b5bcc13bb38c9

SHA1
2f6288bc43ddf31e49a733af97e3e9e2fb8a2940

SHA256
d435c4c7154c24982185842a09cacd343cea77a5eb7fb859c4d38973cf240a42

SHA512
7c41c74f7220270da242562b93db8db053c0a7b08fdc1864d063706caccbc6926f288ae6bff1de43af656af67fcf2d8ad57f53d791bbc47a3b29a6a0856a68e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\zh-CN.pak

Filesize
447KB

MD5
156894db535f0fbe193d66c0afb4b112

SHA1
e347caa3c41ea7461c217c029dbca54567fbe27c

SHA256
cc5a411d3bf0ddfba9e5041dfeeaed70265ba949f7b7ccba0170b88e3e14ceb0

SHA512
e81a0968598536e91c17a1998682cb5fff42bd3199c41b64e2d76827c96b187e8f86182843c061735dad2b7cd5e32750e473c1a5f9c82bcc0dcc30f1bdb8b806

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\locales\zh-TW.pak

Filesize
442KB

MD5
337bba163068f2dd7ff107ea929c8473

SHA1
536ec5756f229696dd6f875180778afcee1966fb

SHA256
58753d4313ed7f548df16a9cd9aa1f0e30cebee675a76b8359ed23fc95825574

SHA512
000b98249d7b0e4c7e463bafdf827e3dc5afac447750320d6344c984f4ad41cab5795861920525f03dcaeea5aa3615684101b08bbc103d3ba01065676c8bd64f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\resources.pak

Filesize
5.0MB

MD5
67bb5e75ceb8ced4c98cf0454933cb45

SHA1
c2b1c8c8d753318bc5ec18762c27512a5eb9f9cd

SHA256
5d63acd4034f7771ca346d138d7478014abf1f3f4386d07fc025dbc2c2bc0bff

SHA512
fd213d59ebc625f6f8b20cc8fde1a22132ce827b81deaddb9ca7993fe0d9616de17e089def338d23c4b6bbd7d3a931ee73aa329325eaa17f8145a58fe11d8c38

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\resources\app-update.yml

Filesize
106B

MD5
b0e31c54422860c9390a2e456d8f4624

SHA1
1b73cc7e00cbcae94a3ed921fbd055a393dedc0c

SHA256
897dac554968a2c49044a5e601cfcaf7c24d41599a58c03e91c62bd664b60ecf

SHA512
561cff0a281e073b0b2e3bc139a18b44ee1e2ab147d99ff007d5deae48c0c4c847bee4e14ad2e36abb27f7d9240f95aee7fcc9987246c717ba48666f550cc121

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\resources\app.asar

Filesize
7.1MB

MD5
8bcbb3a116b0035d6a5621f6ce6d4ba9

SHA1
0f974db0d87af4aff602a410e7f09e6821f30ce7

SHA256
f975415a103c1faa4c7aac4f31868c0e408a24615bcac355e3f7640046df995c

SHA512
463fbc355f8fb4268417acc0e82d7774894fb076fdce5f6e3b59a7353f8af369e4215cc3722b34cb1936ca849173912d05e2cfb01a3146b1467239dd2a424c8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\snapshot_blob.bin

Filesize
298KB

MD5
cadef56f5fb216b1fbf7ada1f894ea6d

SHA1
373d2a4266be5c8fbf61d4363ec47ddeb2d79253

SHA256
0976145cc8c02f3e64ddbf51dc983bdbb456be7fcf3ce54608e218981671ac12

SHA512
9c90e8943f9ef6d644fe0fbe55ab25ed371739d17da8cf973893a2e41ebfa0a92bcf1761e72da032f9f3d1c6f1080c62f856aa07a3cbb609c9e8c186f92216b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\v8_context_snapshot.bin

Filesize
663KB

MD5
81870fb2f641c8b845e9c6d1a632f0b7

SHA1
fcd47d8d1232c189a1c4087bb03a015ce14c25ba

SHA256
875515af4e7254458c17a98bed087fc609d45fbc8ebf60663e112c37204f6840

SHA512
7748c8fb6f356aa45023a56245c43c5171d0413617fb1ac6c75650be75bbe94bd5528e9aa83cd9df9a08af65540a76ab59bc866e5dcf0fa7284122f290bd45d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\vk_swiftshader.dll

Filesize
5.1MB

MD5
0a071201e4dd76996e273c81533bfa74

SHA1
5c92c634027692c344a8e74eab8b4d5c3e049497

SHA256
08e34bc25653f9357a4ccf62966d698b7cc6265dc668046a28403ae5786132ee

SHA512
b5de6548c5c743b6f119183fa06aaf67dcd4cdbc3542378ff87916b670ace1e2f4270f6dcaa4caabd01460c638bd02b565267e7bd9617ca92d72187d374bb7d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\7z-out\vulkan-1.dll

Filesize
932KB

MD5
a6588e66186ccf486eede8e9223f0d41

SHA1
777a5c4028c7675ee1fc4e265a825b35d5099577

SHA256
419488597ea255ec61f028aeecd36572d072dfe49b7ab716cd2c0a8e186f24e6

SHA512
ba8b9577f47ac5b9503aab8d4cca6059c7208bf0eb37999f4fbef0c2cf03032a9359559a0221f332c6cd66c38366fb0e1f1d32173f282afd639fabea8fc9400e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\nsDialogs.dll

Filesize
9KB

MD5
466179e1c8ee8a1ff5e4427dbb6c4a01

SHA1
eb607467009074278e4bd50c7eab400e95ae48f7

SHA256
1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172

SHA512
7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh927E.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\DawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\GPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Network\Network Persistent State

Filesize
977B

MD5
93fb1dfb7367b91d33a63305141ab0c3

SHA1
fd355a03aecc9d19d28cbe35ca729bbfba1236f7

SHA256
a9de52447461ff2bc6d2dbdefb6f214e7d75da442a5ea765738ac484d78a5e00

SHA512
769b8964cf7d108979e2bcdfc9cbec3501ed3f22f1404f1389098ad5229b767e560171a3d82f98f716a682265da3a51549de7c3e91a4becac1949e41cfbd5637

Download Submit
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Network\Network Persistent State~RFe5b3d63.TMP

Filesize
59B

MD5
78bfcecb05ed1904edce3b60cb5c7e62

SHA1
bf77a7461de9d41d12aa88fba056ba758793d9ce

SHA256
c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

SHA512
2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

Download Submit
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Preferences

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Preferences~RFe5b081b.TMP

Filesize
86B

MD5
d11dedf80b85d8d9be3fec6bb292f64b

SHA1
aab8783454819cd66ddf7871e887abdba138aef3

SHA256
8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67

SHA512
6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

Download Submit
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\logs\main.log

Filesize
4KB

MD5
651b316d1653f3bee5c740e5d8be46cc

SHA1
80da31930fcfd89ed9f9099b750af9a439fd5956

SHA256
5ebaeb90b74b6900ec00ee1e9ad0278af90abb7ecbc55d0c32784a4ae07a6065

SHA512
48fdfcdb797fdfba7571044876518fddf84f482bfed2fd3a6c7b9b950dfb3d6a1578346e691f68861c1150950d72780747f5876fe504384f1111e36f24f5dd05

Download Submit
C:\Users\Admin\Downloads\Ultimate Tweaks.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/4676-2295-0x0000025A44AC0000-0x0000025A44AE2000-memory.dmp

Filesize
136KB

Download
memory/5176-2311-0x000001F122CF0000-0x000001F122D36000-memory.dmp

Filesize
280KB

Download
memory/5176-2318-0x000001F122D40000-0x000001F122D64000-memory.dmp

Filesize
144KB

Download
memory/5176-2317-0x000001F122D40000-0x000001F122D6A000-memory.dmp

Filesize
168KB

Download