848db7fd2e97fc55b86ea5b52db37680f1f7f80e0940483002d7e903266180d7

Resubmissions

16-11-2024 14:20

241116-rnk3daxkez 10

16-11-2024 14:18

241116-rmjg6axkds 10

Analysis

max time kernel
147s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
16-11-2024 14:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NovaFix.exe
Size

15.8MB
MD5

17660ffd18fea1aef4b0211aa64eadaf
SHA1

c490b67db3ca9b660bdd75e9289a6320c8468356
SHA256

848db7fd2e97fc55b86ea5b52db37680f1f7f80e0940483002d7e903266180d7
SHA512

bda84e8618df836bc287cd676eb8894ea76ada0df120f7f3697bf8eb6089d74e19c3141b57d32811c8edbee610b9347e40c0c1e78072bbfe2d70b71e5652857f
SSDEEP

393216:uiIE7Yo9+4uOwKntpUTLfhJsW+eGQRe9jo7BGcG/3JrO0WCWLu:v7r9+RONHUTLJSW+e5Re9M0VWLu

Score

7^/10

credential_access discovery spyware stealer

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NovaFix.exe	NovaFix.exe

Loads dropped DLL 43 IoCs

pid	Process
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe
3588	NovaFix.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 33 IoCs

Web Service

T1102

flow	ioc
12	discord.com
18	discord.com
19	discord.com
39	discord.com
42	discord.com
45	discord.com
2	discord.com
34	discord.com
40	discord.com
44	discord.com
38	discord.com
14	discord.com
24	discord.com
28	discord.com
29	discord.com
33	discord.com
32	discord.com
43	discord.com
9	discord.com
10	discord.com
11	discord.com
20	discord.com
23	discord.com
15	discord.com
16	discord.com
31	discord.com
35	discord.com
41	discord.com
13	discord.com
17	discord.com
21	discord.com
22	discord.com
30	discord.com

Looks up external IP address via web service 5 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
2	api.ipify.org
3	api.ipify.org
5	api.ipify.org
26	api.ipify.org
36	api.ipify.org

Enumerates processes with tasklist 1 TTPs 1 IoCs

discovery

Process Discovery

T1057

pid	Process
2004	tasklist.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133762404862675623"	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4632	chrome.exe
4632	chrome.exe
4008	msedge.exe
4008	msedge.exe
1824	msedge.exe
1824	msedge.exe
3668	identity_helper.exe
3668	identity_helper.exe
3716	msedge.exe
3716	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2004	tasklist.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4656 wrote to memory of 3588	4656	NovaFix.exe	77
PID 4656 wrote to memory of 3588	4656	NovaFix.exe	77
PID 3588 wrote to memory of 2596	3588	NovaFix.exe	79
PID 3588 wrote to memory of 2596	3588	NovaFix.exe	79
PID 2596 wrote to memory of 2004	2596	cmd.exe	81
PID 2596 wrote to memory of 2004	2596	cmd.exe	81
PID 4632 wrote to memory of 5084	4632	chrome.exe	89
PID 4632 wrote to memory of 5084	4632	chrome.exe	89
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 2348	4632	chrome.exe	90
PID 4632 wrote to memory of 4444	4632	chrome.exe	91
PID 4632 wrote to memory of 4444	4632	chrome.exe	91
PID 4632 wrote to memory of 4516	4632	chrome.exe	92
PID 4632 wrote to memory of 4516	4632	chrome.exe	92
PID 4632 wrote to memory of 4516	4632	chrome.exe	92
PID 4632 wrote to memory of 4516	4632	chrome.exe	92
PID 4632 wrote to memory of 4516	4632	chrome.exe	92
PID 4632 wrote to memory of 4516	4632	chrome.exe	92
PID 4632 wrote to memory of 4516	4632	chrome.exe	92
PID 4632 wrote to memory of 4516	4632	chrome.exe	92
PID 4632 wrote to memory of 4516	4632	chrome.exe	92
PID 4632 wrote to memory of 4516	4632	chrome.exe	92
PID 4632 wrote to memory of 4516	4632	chrome.exe	92
PID 4632 wrote to memory of 4516	4632	chrome.exe	92
PID 4632 wrote to memory of 4516	4632	chrome.exe	92
PID 4632 wrote to memory of 4516	4632	chrome.exe	92
PID 4632 wrote to memory of 4516	4632	chrome.exe	92
PID 4632 wrote to memory of 4516	4632	chrome.exe	92
PID 4632 wrote to memory of 4516	4632	chrome.exe	92
PID 4632 wrote to memory of 4516	4632	chrome.exe	92
PID 4632 wrote to memory of 4516	4632	chrome.exe	92
PID 4632 wrote to memory of 4516	4632	chrome.exe	92
PID 4632 wrote to memory of 4516	4632	chrome.exe	92
PID 4632 wrote to memory of 4516	4632	chrome.exe	92
PID 4632 wrote to memory of 4516	4632	chrome.exe	92
PID 4632 wrote to memory of 4516	4632	chrome.exe	92

C:\Users\Admin\AppData\Local\Temp\NovaFix.exe
"C:\Users\Admin\AppData\Local\Temp\NovaFix.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4656
- C:\Users\Admin\AppData\Local\Temp\NovaFix.exe
  "C:\Users\Admin\AppData\Local\Temp\NovaFix.exe"
  2⤵
  - Drops startup file
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3588
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2596
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:2004

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\SuspendTest.cmd" "
1⤵
PID:4464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb62f6cc40,0x7ffb62f6cc4c,0x7ffb62f6cc58
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,4636135084502055339,9890891877458837908,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1760,i,4636135084502055339,9890891877458837908,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,4636135084502055339,9890891877458837908,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2244 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,4636135084502055339,9890891877458837908,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,4636135084502055339,9890891877458837908,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3076,i,4636135084502055339,9890891877458837908,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4432 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4664,i,4636135084502055339,9890891877458837908,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4824,i,4636135084502055339,9890891877458837908,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4992,i,4636135084502055339,9890891877458837908,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4168 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5108,i,4636135084502055339,9890891877458837908,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5052 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4924,i,4636135084502055339,9890891877458837908,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4296,i,4636135084502055339,9890891877458837908,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5116,i,4636135084502055339,9890891877458837908,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5252 /prefetch:2
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5148,i,4636135084502055339,9890891877458837908,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4800,i,4636135084502055339,9890891877458837908,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5432,i,4636135084502055339,9890891877458837908,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4624,i,4636135084502055339,9890891877458837908,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5388,i,4636135084502055339,9890891877458837908,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4256,i,4636135084502055339,9890891877458837908,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3696,i,4636135084502055339,9890891877458837908,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5060,i,4636135084502055339,9890891877458837908,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4936,i,4636135084502055339,9890891877458837908,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4300 /prefetch:1
  2⤵
  PID:1420

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:388

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb678b3cb8,0x7ffb678b3cc8,0x7ffb678b3cd8
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,14323724727330157064,3685494812783617186,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,14323724727330157064,3685494812783617186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,14323724727330157064,3685494812783617186,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14323724727330157064,3685494812783617186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14323724727330157064,3685494812783617186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14323724727330157064,3685494812783617186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14323724727330157064,3685494812783617186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14323724727330157064,3685494812783617186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14323724727330157064,3685494812783617186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14323724727330157064,3685494812783617186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14323724727330157064,3685494812783617186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14323724727330157064,3685494812783617186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14323724727330157064,3685494812783617186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14323724727330157064,3685494812783617186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,14323724727330157064,3685494812783617186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2016,14323724727330157064,3685494812783617186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14323724727330157064,3685494812783617186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14323724727330157064,3685494812783617186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14323724727330157064,3685494812783617186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:4112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0927508c754b9fec10e44bb33ca10ca2

SHA1
70d9e00df56643e1b7461cacb3810666e183d5c8

SHA256
8291da2d79b10c72e5a275f2c6fe3e885b6a3e844898336795ebb8b7b2e0dc68

SHA512
27f7d605fc2cceadb8da7a5cce9aff27fc36ab3c2d714b931270b3074cfcb29a87e7b4f2021a132a9959470b4eb2becce7b465d4cb31d48897b1418f15ae34bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
503766d5e5838b4fcadf8c3f72e43605

SHA1
6c8b2fa17150d77929b7dc183d8363f12ff81f59

SHA256
c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9

SHA512
5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2299b5f5b587bac5_0

Filesize
375KB

MD5
a4f9c8a39f151e23c85a10d56543e6d4

SHA1
c3acf7842f372c69f52b78138c04ba108e27a030

SHA256
7b0ec281427883ec67c90dd0021324183145092a03b1fd296e5e1888da6965d0

SHA512
5d5fbfe1a88a57b7bb4ea147857870216ffb1dceeade56b45913e663f40ac8c53bdcab3d8e9d09b801101519e7e6cbbd6e081652bf3df166209226f51dd74bfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4b4bfcdbca80cfd9_0

Filesize
289B

MD5
4be4dfae88dd7c5218d761e6e9eb531d

SHA1
7ec0bfe10a78efb724c698d8a836a7eb39b65747

SHA256
fdefc7146150ca871125092d97427194c047d3297377cac352834e5244083f8c

SHA512
57eafda55cb7e930291923a7dc595fdf616c1cf85a6ae1a562a379fefa40c44bb4cf14d3d527f12b1e667453e0069cc4398e1613029bb2fa551fff48a9705f98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a9edbfd7c362f63f6f6e04a474d5da43

SHA1
4674dbe1073426a3639b7645905e28b73159cc6c

SHA256
9406eeea4035e10f3d25311bb39b6884bed2031afda26f73bdd0f5716b167c76

SHA512
c4357d759f4e6aec458ac75d862af9ff84a2503f6c6ab5edf1218d7b7765cfada5b92907c9ba6e00fd573f518ac671b58c5687da5f880c34e51954922930a59e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\474c7890-6921-4895-a1ea-4e7f570abc20.tmp

Filesize
354B

MD5
06264996711edf09348317d01659d1eb

SHA1
eeec33f1a58961c49ffeda42bc41bd5794152144

SHA256
caaa12aa1bab9efa34845ef59c4c025997b50739de92910036e63fe183897d1b

SHA512
0e4409f8f8b1fb519ca48398c1af7a0cee4099578aacabf0119f6fb53733235c2d6d7b740dd661b27fa9600fdfdff2ac2cd80f252507e6f778f29b5cd10e1603

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
538a305e0cd099525c8e4c71d8cb1c7b

SHA1
a8fe8b6b907161aefb4a6c34dc0d2cc235b2b98e

SHA256
ec5620139089829e4e377bbfb99732d0b19e051bdad46db4321c66b8c270af75

SHA512
40f6572ecd684d020c75af0850741ef2008de3b69f20e927f3002982c97d9c14010b6a64d0677801bf3eff2dfe50b8e538535b8ab200078eb08d5c17f85d31c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4761b3e541b6bdc6e40e4f12317e2364

SHA1
15ec62d2a94914d2d6f430bfb9d8a9e5d702b0d2

SHA256
d36460ec330744922b1ef7353fc035579f0989bd9af378923f667553f1ed8e5f

SHA512
55e72f5a4b4108bfaf07b1028883018570ea072a0694e54433a207b75a80f3fdd23730693acc5b62b4a868e889fd4fdaff79f3abc17b20a766157787b89239a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
e36242ca76f61c69246f53ed2a3b0ca8

SHA1
d9b71a4fd1c2cc1f3062727e083821e59213c2f6

SHA256
6a39a4d17a155c33c6ec6b32cd7395286740ad4abc8a30285e26cb2401ad1c7f

SHA512
785d5ee1c3e42160f30ad26eb080ed1b4d4121da8f1b8727d5c5a61b04a75b17f4c54eef49f6c65798597cab033c6baa1b5b4fa3ce26a24f50d4ffd6df23bae8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
9a8288e396461bdbdbc550520dc09f8a

SHA1
3a21f6ed823d164224cd920e82d60d8972eb9848

SHA256
d79d07519d042d26c170f5b5a5f7b448218a5ee5512a658bbe4e4a27d5fcbbb8

SHA512
bf3bc752b230f2c9924d502ba462c42b59d98366c4b3620a0888b8c0226015f45bfcc4c1994413cca3351eae05106792a7d2dc4c39a6262247977a046548d175

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
b115d03c8d16dba714adf072056db6eb

SHA1
f5e85b3eba6c1ece93ccec1a0a4e075b289e6391

SHA256
cf55748e71c08717e32dc266247d943687d05a087cfe8b054a303134d48c35f1

SHA512
0118000da26840bdb9a5e9ff2093d092258d8fe8be1a8ca279267982fd14fbc7972decb5a911a7a773037aeff1cf6988ec76083ad651be466287e7820264d587

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
34e63806fb00cac3dcc66c0ecd65900c

SHA1
79b7792533b8198311e693946e1d34d5e5ae5d64

SHA256
0652ba2ee685524a8007848bc8ff72f393488062cd72e7ece07b1a3af221109c

SHA512
92c36fd5a5c54f0b01dfd84df7f4f9f0021c941c6bc99528be12bac72ecf948b7091aca02729cab2090e0785bb6eaf36ba6b035df1b8a8012978d71784841f79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
732b6f6829deadb7f6d594f24d90a87f

SHA1
bb82b3aaccfa8bfdaca72215579644af05ad9229

SHA256
0b2fb99928aa1e7c7b241de4d2784f3c032466900caf3fc6f86a889893a7be50

SHA512
c867ea535bd1f7fff137b6e5fc559f6def7d4af008a31233f94479f82e2617b7964768298a29ede558f6240f14f347ca6ef087f271ab68a4c38e8004df1c3dd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ef84eb26ad7716232b83b143924a8f2b

SHA1
74a2c29406a52078c5f7d0e33e80121291df2a8f

SHA256
0c47d272a49b04a4b2272a6dbf229559e115c49cdbfe360494db8712c6ecb632

SHA512
7b955814b1ac95d9070ee0c2c2c80adba1fbb003ae930a32d08eba4ca1c389c63b20480b1b31ef39a54cb582ab5d4084feda2841d72968d0b0a8e6866d014db4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c879a7bdbe367eff5bfa4468852e117c

SHA1
03862770c87e8386e247e79b0ff4df39c0db67b6

SHA256
98eb0af89250fdbbe9ebd4cee7b5f8f9588d63b8937b974e0d82903f27263399

SHA512
0655c32ff36b6100ba8f28c9bc892c9d5bcae058068ff05696c8ac45cca7c5c66825c04c136bc42321c1c5d9fd0a053b3d602c3e347134585ba89be8f38447f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4d305046ce62f1cfd8ef11e1c35cc61b

SHA1
ca930b8b6c9bc35ca459eaf655b78ca3ed341ace

SHA256
1d244d5016f127c695b4f1a392c05d932d433efde50261b0eea0371b7893b917

SHA512
6d7b86df7f2e071c94c33c303668f6ff43365946ecf3e6f6d99cb3c30f9f2659a3c4f5b9611097a2d39565b79b85a91a3b23b50318ec8370aae8caab7c8c3506

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2197b784b189526cb2b2399e79d697cd

SHA1
2ea27cffd857764a7012cde1c4558d3a7f9ad6d7

SHA256
b8d6796ad46c6c5629789d46f9ed78ee2963e2c2f18e937fac32119b02c6339d

SHA512
ebb2f47b7439d284eca66304a7d315637133b32340a7736a3976bb3bc1f64fd6b78a84f1f1c19da2d485afbdbb08bc559dcca462eb4ca4349a451b0ef8649c54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
570fecc8d32529d672d5447825d317ef

SHA1
caf9fd8bd28c8bdbdb97de0dddd4a8626b200e1f

SHA256
10a6655820c523bb10fb50fd702cc3e411cc680067dd14aeab06e160639d3844

SHA512
0872dc9c917c50220f84e7dbe5ecffc73cea17c81f756fb4162b10a7d9ad09df4e6f15856eb5639b395911cf009372dc14539479c306f70631fbb40c304737f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5580355b6ae860d89f5b89afdda6c5af

SHA1
453864be5602486dff57b9bb9b6783b486f5cafb

SHA256
6022861df33c5a9d165f309e7da4c0b1fcb95914b13481a5bcf3cc28665c4460

SHA512
ceaa10049b8e19678d99e2c4acb34f3ad3ad07fae1b5d4ce0f15672859bb11d518267ed7909941fd3d6d9f3e3b75b25e68b6b891cd3a9df21b2c09aef4199dcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
8d48fd68fff2161fd87d69e25a550d54

SHA1
a0d85e04c2624bc32ee883d2ab6d6ccbfa3c606a

SHA256
88eb767fc75d5419b23ec6f7fbf9560d4dbfa6092abf2d00a0dddab2770bef8a

SHA512
ceb2695b3f219820f78b8807ea6cad753a6b90b291bfbdb1997f18042f521558ba8c5913301ec6eca2ffb18f997f4360002b81120cb7abcf868d2cd9f4f154e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
8e3a6e77b8f3b70f89da8aaea4785812

SHA1
9709096ecca0e60422dc6de73011c14bf744ab66

SHA256
c31c81f4f15c12a88566561aefb3f0d53391705da3e278278b946eb1f8eb6cb8

SHA512
0001f53e8f80fabc8218596ddee87b4a29458f15281a4ecd09d7d9505d334956595a37a0ac9eeb3f4472f7c730a280eb07a70c0da517f364ce8451803a10cdb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
743802529ec57ca41b91b0853f1ed205

SHA1
461a2047a28531e970ef7cbdcd4c6d1bc30003a3

SHA256
70505df0bd1ba91645c42247af7aae988d881fc039d0f77d6c618b6ff70db68b

SHA512
ef01cf15c7d477e993c4c9fae0768d47efdb3a8d8cab9fbeb3613ef1d7bd151cd2ba4dd4c0bf1b63dddc69d61c3390ebdd758e7039c833f498e713ce93924493

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
ecdb46b3b0550e4e5dfd8b4a8c9ce120

SHA1
d4cae39f3320c5e9335f93cb2dbde3756eb75ab8

SHA256
10f9e4c3f302f01786eef7f2efb1d4302adca333cfa98ffcd2cdd438be3f8b19

SHA512
ce33fea5e980cef8a3d6b799d7d3397305868f6f266ab757dd73ed0054f44504eddb37cac27a254ad8649dae8942250bd1764b77c48b152a1b51d61586f8aadd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
793ab6db55481a7aa2de53e134f0e714

SHA1
4cb4df2f269e95cd6f894936416d774bbd6c1ec8

SHA256
b813be6727dc978fabb1a1d76ff754aba6664d81c52432967184c5a34b6a1b03

SHA512
d082b288ab34738ed4035ade4d2874c7b8023a3203a9a9b084b5a8532d577f9216727ad2cb647c1e515b555dc9bcbe6472bcff7f63935dd170af6dc8f452bd6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1fc959921446fa3ab5813f75ca4d0235

SHA1
0aeef3ba7ba2aa1f725fca09432d384b06995e2a

SHA256
1b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c

SHA512
899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a2c784e6d797d91d4b8612e14d51bd

SHA1
25e2b07c396ee82e4404af09424f747fc05f04c2

SHA256
18ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6

SHA512
fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8b93d303c328595bbf44a69125780ed6

SHA1
bb20e8b985e0dcd410cc2f2b3e7554a3789070d7

SHA256
32b429c41ae7b945454234ef298caa66b2e59994afc6474549bc8586cb247882

SHA512
1278eeb189581398a66f30798552f43636c2443af40dd33d604b6a30acfc2d000d6080cd7c09f322f3fc3e65343da6e11a2aaa98b2dcd2d23f127f776a78c8b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
42fd0fd2ed4253d98b249cea4e57e20f

SHA1
80746c76df10f0fa38a189064e3c4a7668c59005

SHA256
0b967f6721e2e0dd00d317baddbb234e48c50583a9a0c0e58401c7bf7b1e5572

SHA512
eb5433124bd64802b1dfcc4dfa70e6ca174fb73de07ba1b47abe023d796e5178209e4bd56296eff7c8addd976f70772b70387f854cfc9a1f3d9cefd31b28135c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
95a5f6f8a386948e5cb852655f0a55f2

SHA1
a0b3cddfe2e99386e1e02d8c9ca784cab42a6269

SHA256
f8b5d6bfab2c792646bbb26384aefa9dd48bc4e81ea67424d296db9ed158266d

SHA512
454ac12351070e4b2a3677ef2b3ca13b3f3787814bfba2dae7144ce06fa867a3f0d55f237e3903a29220b8a7dd154cae73646ee2e8001cd1700d251396f20aea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
868B

MD5
b3fe49fd410266cbc74de15e2b8e422c

SHA1
8464ddac6787fe147bf1b78cc953eeeceaab91bb

SHA256
6756da078697925aa910110aeb3fd4c44de580246f31ee907d06618b7e53add4

SHA512
828926d6adc15875373143ce18865c3c1685ebfbca5401bbdcc135b4a0fa622c88a4a366db5576309e216cb93d30844b53b25fd3d6bb92fa005c8a6522f39f61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59af70.TMP

Filesize
868B

MD5
ca03f8235f3d48031349957c3b815b7b

SHA1
4704e3a0bc4bc1e21c986c62f92adecc9df31c1f

SHA256
88da4cc1a3295489beaafa6814962b8803a85f3eda6e97a6042742c452a3826c

SHA512
dac26aeecb052864d0e331990e54010c5b3bbdc9fc8c2ee8418f305346747803faa0c3bee535348f2dabb4a51f44a3436a8d3cda49a8bab1fe551f635e8712c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ab86a918-0587-48ec-8011-d20584a824f4.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4c058c2b0c8ffade2554624578c20806

SHA1
2019da83c5598a35b862d71414765efbcbbedd8d

SHA256
4fba8897d734b49943848e0f8b0e28b0bfe20e8771197f08e3154fd50963958c

SHA512
612b7c673422b17ea5888e69da415a4e40493410dce42d77b5bbad5f41e965050af63c9069790460aaa34fb45fffdf9d3aa735fa6432672df6282548b2769da2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\Crypto\Cipher\_raw_cbc.pyd

Filesize
12KB

MD5
0c46d7b7cd00b3d474417de5d6229c41

SHA1
825bdb1ea8bbfe7de69487b76abb36196b5fdac0

SHA256
9d0a5c9813ad6ba129cafef815741636336eb9426ac4204de7bc0471f7b006e1

SHA512
d81b17b100a052899d1fd4f8cea1b1919f907daa52f1bad8dc8e3f5afc230a5bca465bbac2e45960e7f8072e51fdd86c00416d06cf2a1f07db5ad8a4e3930864

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\Crypto\Cipher\_raw_cfb.pyd

Filesize
13KB

MD5
3142c93a6d9393f071ab489478e16b86

SHA1
4fe99c817ed3bcc7708a6631f100862ebda2b33d

SHA256
5ea310e0f85316c8981ed6293086a952fa91a6d12ca3f8af9581521ee2b15586

SHA512
dcafec54bd9f9f42042e6fa4ac5ed53feb6cf8d56ada6a1787cafc3736aa72f14912bbd1b27d0af87e79a6d406b0326602ecd1ad394acdc6275aed4c41cdb9ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\Crypto\Cipher\_raw_ctr.pyd

Filesize
14KB

MD5
a34f499ee5f1b69fc4fed692a5afd3d6

SHA1
6a37a35d4f5f772dab18e1c2a51be756df16319a

SHA256
4f74bcf6cc81bac37ea24cb1ef0b17f26b23edb77f605531857eaa7b07d6c8b2

SHA512
301f7c31dee8ff65bb11196f255122e47f3f1b6b592c86b6ec51ab7d9ac8926fecfbe274679ad4f383199378e47482b2db707e09d73692bee5e4ec79c244e3a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\Crypto\Cipher\_raw_ecb.pyd

Filesize
10KB

MD5
dedae3efda452bab95f69cae7aebb409

SHA1
520f3d02693d7013ea60d51a605212efed9ca46b

SHA256
6248fdf98f949d87d52232ddf61fada5ef02cd3e404bb222d7541a84a3b07b8a

SHA512
8c1cab8f34de2623a42f0750f182b6b9a7e2affa2667912b3660af620c7d9ad3bd5b46867b3c2d50c0cae2a1bc03d03e20e4020b7ba0f313b6a599726f022c6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\Crypto\Cipher\_raw_ofb.pyd

Filesize
12KB

MD5
a13584f663393f382c6d8d5c0023bc80

SHA1
d324d5fbd7a5dba27aa9b0bdb5c2aebff17b55b1

SHA256
13c34a25d10c42c6a12d214b2d027e5dc4ae7253b83f21fd70a091fedac1e049

SHA512
14e4a6f2959bd68f441aa02a4e374740b1657ab1308783a34d588717f637611724bc90a73c80fc6b47bc48dafb15cf2399dc7020515848f51072f29e4a8b4451

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\VCRUNTIME140_1.dll

Filesize
48KB

MD5
7e668ab8a78bd0118b94978d154c85bc

SHA1
dbac42a02a8d50639805174afd21d45f3c56e3a0

SHA256
e4b533a94e02c574780e4b333fcf0889f65ed00d39e32c0fbbda2116f185873f

SHA512
72bb41db17256141b06e2eaeb8fc65ad4abdb65e4b5f604c82b9e7e7f60050734137d602e0f853f1a38201515655b6982f2761ee0fa77c531aa58591c95f0032

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\_asyncio.pyd

Filesize
69KB

MD5
2cd68ff636394d3019411611e27d0a3b

SHA1
da369c5d1a32f68639170d8a265a9ea49c2c8ebd

SHA256
0d4fbd46f922e548060ea74c95e99dc5f19b1df69be17706806760515c1c64fe

SHA512
37388d137454f52057b2376d95abcc955fa1edc3e20b96445fa45d1860544e811df0c547f221c8671dc1a4d90262bb20f3b9f114252f3c47a8c3829951a2ce51

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\_bz2.pyd

Filesize
82KB

MD5
c7ce973f261f698e3db148ccad057c96

SHA1
59809fd48e8597a73211c5df64c7292c5d120a10

SHA256
02d772c03704fe243c8de2672c210a5804d075c1f75e738d6130a173d08dfcde

SHA512
a924750b1825747a622eef93331fd764d824c954297e37e8dc93a450c11aa7ab3ad7c3b823b11656b86e64de3cd5d409fda15db472488dfaa4bb50341f0b29d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\_cffi_backend.cp312-win_amd64.pyd

Filesize
178KB

MD5
0572b13646141d0b1a5718e35549577c

SHA1
eeb40363c1f456c1c612d3c7e4923210eae4cdf7

SHA256
d8a76d1e31bbd62a482dea9115fc1a109cb39af4cf6d1323409175f3c93113a7

SHA512
67c28432ca8b389acc26e47eb8c4977fddd4af9214819f89df07fecbc8ed750d5f35807a1b195508dd1d77e2a7a9d7265049dcfbfe7665a7fd1ba45da1e4e842

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\_ctypes.pyd

Filesize
121KB

MD5
10fdcf63d1c3c3b7e5861fbb04d64557

SHA1
1aa153efec4f583643046618b60e495b6e03b3d7

SHA256
bc3b83d2dc9e2f0e6386ed952384c6cf48f6eed51129a50dfd5ef6cbbc0a8fb3

SHA512
dc702f4100ed835e198507cd06fa5389a063d4600fc08be780690d729ab62114fd5e5b201d511b5832c14e90a5975ed574fc96edb5a9ab9eb83f607c7a712c7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\_decimal.pyd

Filesize
247KB

MD5
21c73e7e0d7dad7a1fe728e3b80ce073

SHA1
7b363af01e83c05d0ea75299b39c31d948bbfe01

SHA256
a28c543976aa4b6d37da6f94a280d72124b429f458d0d57b7dbcf71b4bea8f73

SHA512
0357102bffc2ec2bc6ff4d9956d6b8e77ed8558402609e558f1c1ebc1baca6aeaa5220a7781a69b783a54f3e76362d1f74d817e4ee22aac16c7f8c86b6122390

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\_hashlib.pyd

Filesize
63KB

MD5
f495d1897a1b52a2b15c20dcecb84b47

SHA1
8cb65590a8815bda58c86613b6386b5982d9ec3f

SHA256
e47e76d70d508b62924fe480f30e615b12fdd7745c0aac68a2cddabd07b692ae

SHA512
725d408892887bebd5bcf040a0ecc6a4e4b608815b9dea5b6f7b95c812715f82079896df33b0830c9f787ffe149b8182e529bb1f78aadd89df264cf8853ee4c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\_lzma.pyd

Filesize
155KB

MD5
4e2239ece266230ecb231b306adde070

SHA1
e807a078b71c660db10a27315e761872ffd01443

SHA256
34130d8abe27586ee315262d69af4e27429b7eab1f3131ea375c2bb62cf094be

SHA512
86e6a1eab3529e600dd5caab6103e34b0f618d67322a5ecf1b80839faa028150c492a5cf865a2292cc8584fba008955da81a50b92301583424401d249c5f1401

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\_multiprocessing.pyd

Filesize
34KB

MD5
811bcee2f4246265898167b103fc699b

SHA1
ae3de8acba56cde71001d3796a48730e1b9c7cce

SHA256
fb69005b972dc3703f9ef42e8e0fddf8c835cb91f57ef9b6c66bbdf978c00a8c

SHA512
1f71e23ce4b6bc35fe772542d7845dcbea2a34522ba0468b61cb05f9abab7732cbf524bcff498d1bd0b13b5e8a45c373cca19ad20e5370f17259e281edf344be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\_overlapped.pyd

Filesize
54KB

MD5
f9c67280538408411be9a7341b93b5b0

SHA1
ccf776cd2483bc83b48b1db322d7b6fcab48356e

SHA256
5d298bb811037b583cff6c88531f1742fae5eee47c290adb47ddbd0d6126b9cc

SHA512
af2156738893ef504d582ace6750b25bc42ad1ec8a92e0550ce54810706d854f37a82f38eb965a537cad5d35c0178c5eb7b4d20db2a95bebfecf9a13c0592646

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\_queue.pyd

Filesize
31KB

MD5
6e00e0821bb519333ccfd4e61a83cb38

SHA1
3550a41bb2ea54f456940c4d1940acab36815949

SHA256
2ad02d49691a629f038f48fcdee46a07c4fcc2cb0620086e7b09ac11915ae6b7

SHA512
c3f8332c10b58f30e292676b48ecf1860c5ef9546367b87e90789f960c91eae4d462dd3ee9cb14f603b9086e81b6701aab56da5b635b22db1e758ed0a983e562

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\_socket.pyd

Filesize
81KB

MD5
899380b2d48df53414b974e11bb711e3

SHA1
f1d11f7e970a7cd476e739243f8f197fcb3ad590

SHA256
b38e66e6ee413e5955ef03d619cadd40fca8be035b43093d2342b6f3739e883e

SHA512
7426ca5e7a404b9628e2966dae544f3e8310c697145567b361825dc0b5c6cd87f2caf567def8cd19e73d68643f2f38c08ff4ff0bb0a459c853f241b8fdf40024

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\_sqlite3.pyd

Filesize
121KB

MD5
cee93c920951c1169b615cb6330cedda

SHA1
ef2abf9f760db2de0bd92afe8766a0b798cf8167

SHA256
ff25bdbeef34d2aa420a79d3666c2660e7e3e96259d1f450f1af5268553380ec

SHA512
999d324448bb39793e4807432c697f01f8922b0aba4519a21d5dc4f4fc8e9e4737d7e104b205b931af753eda65f61d0c744f12be84446f9c6cb3c2a5b35b773c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\_ssl.pyd

Filesize
173KB

MD5
9b4e74fd1de0f8a197e4aa1e16749186

SHA1
833179b49eb27c9474b5189f59ed7ecf0e6dc9ea

SHA256
a4ce52a9e0daddbbe7a539d1a7eda787494f2173ddcc92a3faf43b7cf597452b

SHA512
ae72b39cb47a859d07a1ee3e73de655678fe809c5c17ffd90797b5985924ddb47ceb5ebe896e50216fb445526c4cbb95e276e5f3810035b50e4604363eb61cd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\_uuid.pyd

Filesize
24KB

MD5
3c8737723a903b08d5d718336900fd8c

SHA1
2ad2d0d50f6b52291e59503222b665b1823b0838

SHA256
bb418e91e543c998d11f9e65fd2a4899b09407ff386e059a88fe2a16aed2556b

SHA512
1d974ec1c96e884f30f4925cc9a03fb5af78687a267dec0d1582b5d7561d251fb733cf733e0cc00faee86f0fef6f73d36a348f3461c6d34b0238a75f69320d10

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\_wmi.pyd

Filesize
35KB

MD5
ee33f4c8d17d17ad62925e85097b0109

SHA1
8c4a03531cf3dbfe6f378fdab9699d51e7888796

SHA256
79adca5037d9145309d3bd19f7a26f7bb7da716ee86e01073c6f2a9681e33dad

SHA512
60b0705a371ad2985db54a91f0e904eea502108663ea3c3fb18ed54671be1932f4f03e8e3fd687a857a5e3500545377b036276c69e821a7d6116b327f5b3d5c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\base_library.zip

Filesize
1.3MB

MD5
4cd74e70336c96f7172a114dfa74eb25

SHA1
4d96748b2221857d3698499597884ae0ea639ee3

SHA256
1e5198462510015a5b855ea01e287fa9d765be4357cba60cfedafb9b1b33bdf4

SHA512
9cd4e846aadfe79d086ce285e9dd58f241f67791a9b87c327852676f3c3f543832032de1dd6bac33f268bd782c2fd30fce49e4262da8ff052bc3f4684057dba9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\charset_normalizer\md.cp312-win_amd64.pyd

Filesize
10KB

MD5
d9e0217a89d9b9d1d778f7e197e0c191

SHA1
ec692661fcc0b89e0c3bde1773a6168d285b4f0d

SHA256
ecf12e2c0a00c0ed4e2343ea956d78eed55e5a36ba49773633b2dfe7b04335c0

SHA512
3b788ac88c1f2d682c1721c61d223a529697c7e43280686b914467b3b39e7d6debaff4c0e2f42e9dddb28b522f37cb5a3011e91c66d911609c63509f9228133d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\charset_normalizer\md__mypyc.cp312-win_amd64.pyd

Filesize
120KB

MD5
bf9a9da1cf3c98346002648c3eae6dcf

SHA1
db16c09fdc1722631a7a9c465bfe173d94eb5d8b

SHA256
4107b1d6f11d842074a9f21323290bbe97e8eed4aa778fbc348ee09cc4fa4637

SHA512
7371407d12e632fc8fb031393838d36e6a1fe1e978ced36ff750d84e183cde6dd20f75074f4597742c9f8d6f87af12794c589d596a81b920c6c62ee2ba2e5654

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\libcrypto-3.dll

Filesize
4.9MB

MD5
51e8a5281c2092e45d8c97fbdbf39560

SHA1
c499c810ed83aaadce3b267807e593ec6b121211

SHA256
2a234b5aa20c3faecf725bbb54fb33f3d94543f78fa7045408e905593e49960a

SHA512
98b91719b0975cb38d3b3c7b6f820d184ef1b64d38ad8515be0b8b07730e2272376b9e51631fe9efd9b8a1709fea214cf3f77b34eeb9fd282eb09e395120e7cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\libssl-3.dll

Filesize
771KB

MD5
bfc834bb2310ddf01be9ad9cff7c2a41

SHA1
fb1d601b4fcb29ff1b13b0d2ed7119bd0472205c

SHA256
41ad1a04ca27a7959579e87fbbda87c93099616a64a0e66260c983381c5570d1

SHA512
6af473c7c0997f2847ebe7cee8ef67cd682dee41720d4f268964330b449ba71398fda8954524f9a97cc4cdf9893b8bdc7a1cf40e9e45a73f4f35a37f31c6a9c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\pyexpat.pyd

Filesize
195KB

MD5
f554064233c082f98ef01195693d967d

SHA1
f191d42807867e0174ddc66d04c45250d9f6561e

SHA256
e1d56ffbf5e5fab481d7a14691481b8ff5d2f4c6bf5d1a4664c832756c5942fe

SHA512
3573a226305cec45333fc4d0e6fc0c3357421ad77cd8a1899c90515994351292ee5d1c445412b5563aa02520736e870a9ee879909cd992f5be32e877792bdb88

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\python3.dll

Filesize
66KB

MD5
77896345d4e1c406eeff011f7a920873

SHA1
ee8cdd531418cfd05c1a6792382d895ac347216f

SHA256
1e9224ba7190b6301ef47befa8e383d0c55700255d04a36f7dac88ea9573f2fb

SHA512
3e98b1b605d70244b42a13a219f9e124944da199a88ad4302308c801685b0c45a037a76ded319d08dbf55639591404665befe2091f0f4206a9472fee58d55c22

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\python312.dll

Filesize
6.6MB

MD5
5c5602cda7ab8418420f223366fff5db

SHA1
52f81ee0aef9b6906f7751fd2bbd4953e3f3b798

SHA256
e7890e38256f04ee0b55ac5276bbf3ac61392c3a3ce150bb5497b709803e17ce

SHA512
51c3b4f29781bb52c137ddb356e1bc5a37f3a25f0ed7d89416b14ed994121f884cb3e40ccdbb211a8989e3bd137b8df8b28e232f98de8f35b03965cfce4b424f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\select.pyd

Filesize
30KB

MD5
bffff83a000baf559f3eb2b599a1b7e8

SHA1
7f9238bda6d0c7cc5399c6b6ab3b42d21053f467

SHA256
bc71fbdfd1441d62dd86d33ff41b35dc3cc34875f625d885c58c8dc000064dab

SHA512
3c0ba0cf356a727066ae0d0d6523440a882aafb3ebdf70117993effd61395deebf179948f8c7f5222d59d1ed748c71d9d53782e16bd2f2eccc296f2f8b4fc948

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\sqlite3.dll

Filesize
1.4MB

MD5
82ea0259009ff75bba817bd8c15c7588

SHA1
04c49687d8241b43ae61a6c59299255ef09a7b39

SHA256
8aa8b909a39fcc33d1ec2ad51eac6714a318c6efd04f963d21b75d8f64809ad6

SHA512
1f8b3343898462e385d25e1820a3d7d971d633933e482ea9ffc596e7e1f902f5657a9f2c104cf320eeef34cce814261304e2e1c063be4c6a807adc9b75f3e670

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46562\unicodedata.pyd

Filesize
1.1MB

MD5
a1388676824ce6347d31d6c6a7a1d1b5

SHA1
27dd45a5c9b7e61bb894f13193212c6d5668085b

SHA256
2480a78815f619a631210e577e733c9bafecb7f608042e979423c5850ee390ff

SHA512
26ea1b33f14f08bb91027e0d35ac03f6203b4dfeee602bb592c5292ab089b27ff6922da2804a9e8a28e47d4351b32cf93445d894f00b4ad6e2d0c35c6c7f1d89

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4632_227076572\5713a1b2-87ed-46ee-9b41-946b38ced485.tmp

Filesize
132KB

MD5
da75bb05d10acc967eecaac040d3d733

SHA1
95c08e067df713af8992db113f7e9aec84f17181

SHA256
33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

SHA512
56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4632_227076572\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit