lumma | hxxps://fromsmash[.]com/Winter-Event-Prime

Analysis

max time kernel
1199s
max time network
1200s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2024 15:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://fromsmash.com/Winter-Event-Prime

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://powerful-avoids.sbs

https://motion-treesz.sbs

https://disobey-curly.sbs

https://leg-sate-boat.sbs

https://story-tense-faz.sbs

https://blade-govern.sbs

https://occupy-blushi.sbs

https://frogs-severz.sbs

https://understanyb.cyou

Extracted

Family

lumma

https://understanyb.cyou/api

https://occupy-blushi.sbs/api

https://blade-govern.sbs/api

https://story-tense-faz.sbs/api

https://disobey-curly.sbs/api

https://motion-treesz.sbs/api

https://powerful-avoids.sbs/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Prime - Winter Flavors.exePrime - Winter Flavors.exe

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	Prime - Winter Flavors.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	Prime - Winter Flavors.exe

Executes dropped EXE 20 IoCs

Processes:

Prime - Winter Flavors.exedecrypted_app_1.exePrime - Winter Flavors.exedecrypted_app_1.exePrime - Winter Flavors.exedecrypted_app_1.exePrime - Winter Flavors.exedecrypted_app_1.exePrime - Winter Flavors.exedecrypted_app_1.exePrime - Winter Flavors.exedecrypted_app_1.exePrime - Winter Flavors.exedecrypted_app_1.exePrime - Winter Flavors.exedecrypted_app_1.exePrime - Winter Flavors.exedecrypted_app_1.exedecrypted_app_1.exedecrypted_app_1.exe

pid	Process
3428	Prime - Winter Flavors.exe
5684	decrypted_app_1.exe
5672	Prime - Winter Flavors.exe
5692	decrypted_app_1.exe
2476	Prime - Winter Flavors.exe
5068	decrypted_app_1.exe
2408	Prime - Winter Flavors.exe
944	decrypted_app_1.exe
5356	Prime - Winter Flavors.exe
1004	decrypted_app_1.exe
3184	Prime - Winter Flavors.exe
1504	decrypted_app_1.exe
4412	Prime - Winter Flavors.exe
4552	decrypted_app_1.exe
524	Prime - Winter Flavors.exe
1336	decrypted_app_1.exe
5804	Prime - Winter Flavors.exe
5076	decrypted_app_1.exe
3492	decrypted_app_1.exe
5208	decrypted_app_1.exe

Looks up external IP address via web service 35 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow	ioc
416	ipinfo.io
460	ipinfo.io
459	api.ipify.org
461	ipinfo.io
462	api.ipify.org
535	ipinfo.io
320	ipinfo.io
321	api.ipify.org
417	ipinfo.io
441	ipinfo.io
317	api.ipify.org
516	api.ipify.org
537	api.ipify.org
556	ipinfo.io
443	api.ipify.org
514	api.ipify.org
534	api.ipify.org
554	api.ipify.org
555	api.ipify.org
415	api.ipify.org
418	api.ipify.org
497	api.ipify.org
536	ipinfo.io
515	ipinfo.io
557	ipinfo.io
440	api.ipify.org
478	api.ipify.org
495	ipinfo.io
496	ipinfo.io
318	api.ipify.org
479	ipinfo.io
494	api.ipify.org
558	api.ipify.org
319	ipinfo.io
480	api.ipify.org

Suspicious use of SetThreadContext 11 IoCs

Processes:

decrypted_app_1.exedecrypted_app_1.exedecrypted_app_1.exedecrypted_app_1.exedecrypted_app_1.exedecrypted_app_1.exedecrypted_app_1.exedecrypted_app_1.exedecrypted_app_1.exedecrypted_app_1.exedecrypted_app_1.exe

description	pid	Process	procid_target
PID 5684 set thread context of 5852	5684	decrypted_app_1.exe	189
PID 5692 set thread context of 6056	5692	decrypted_app_1.exe	203
PID 5068 set thread context of 6120	5068	decrypted_app_1.exe	211
PID 944 set thread context of 1588	944	decrypted_app_1.exe	216
PID 1004 set thread context of 6060	1004	decrypted_app_1.exe	221
PID 1504 set thread context of 2144	1504	decrypted_app_1.exe	227
PID 4552 set thread context of 4036	4552	decrypted_app_1.exe	234
PID 1336 set thread context of 1316	1336	decrypted_app_1.exe	239
PID 5076 set thread context of 5312	5076	decrypted_app_1.exe	249
PID 3492 set thread context of 5712	3492	decrypted_app_1.exe	257
PID 5208 set thread context of 3772	5208	decrypted_app_1.exe	260

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 20 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

dxdiag.exedxdiag.exePrime - Winter Flavors.exePrime - Winter Flavors.exedxdiag.exePrime - Winter Flavors.exedxdiag.exePrime - Winter Flavors.exedxdiag.exePrime - Winter Flavors.exePrime - Winter Flavors.exedxdiag.exedxdiag.exedxdiag.exedxdiag.exedxdiag.exedxdiag.exePrime - Winter Flavors.exePrime - Winter Flavors.exePrime - Winter Flavors.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dxdiag.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dxdiag.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Prime - Winter Flavors.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Prime - Winter Flavors.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dxdiag.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Prime - Winter Flavors.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dxdiag.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Prime - Winter Flavors.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dxdiag.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Prime - Winter Flavors.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Prime - Winter Flavors.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dxdiag.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dxdiag.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dxdiag.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dxdiag.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dxdiag.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dxdiag.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Prime - Winter Flavors.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Prime - Winter Flavors.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Prime - Winter Flavors.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WINWORD.EXEtaskmgr.exeWINWORD.EXE

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exeWINWORD.EXEmsedge.exeWINWORD.EXE

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133771076243632704"	chrome.exe

Modifies registry class 52 IoCs

Processes:

msedge.exePrime - Winter Flavors.exemsedge.exetaskmgr.exePrime - Winter Flavors.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	Prime - Winter Flavors.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\NodeSlot = "7"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\MRUListEx = ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 03000000010000000200000000000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	taskmgr.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 03000000010000000200000000000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	Prime - Winter Flavors.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000ac8f87539918db01b202bbf1a218db0109cf6aaa1540db0114000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe

Suspicious behavior: AddClipboardFormatListener 4 IoCs

Processes:

WINWORD.EXEWINWORD.EXE

pid	Process
2404	WINWORD.EXE
2404	WINWORD.EXE
3956	WINWORD.EXE
3956	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exetaskmgr.exemsedge.exechrome.exe

pid	Process
4108	msedge.exe
4108	msedge.exe
4700	msedge.exe
4700	msedge.exe
3484	identity_helper.exe
3484	identity_helper.exe
5036	msedge.exe
5036	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
3980	msedge.exe
3980	msedge.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
2860	msedge.exe
2860	msedge.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
1672	chrome.exe
1672	chrome.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

taskmgr.exe

pid	Process
4076	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

Processes:

msedge.exechrome.exe

pid	Process
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

7zG.exetaskmgr.exechrome.exe

description	pid	Process
Token: SeRestorePrivilege	840	7zG.exe
Token: 35	840	7zG.exe
Token: SeSecurityPrivilege	840	7zG.exe
Token: SeSecurityPrivilege	840	7zG.exe
Token: SeDebugPrivilege	4076	taskmgr.exe
Token: SeSystemProfilePrivilege	4076	taskmgr.exe
Token: SeCreateGlobalPrivilege	4076	taskmgr.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe7zG.exetaskmgr.exe

pid	Process
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
840	7zG.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exetaskmgr.exe

pid	Process
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe
4076	taskmgr.exe

Suspicious use of SetWindowsHookEx 25 IoCs

Processes:

msedge.exemsedge.exeWINWORD.EXEWINWORD.EXE

pid	Process
3980	msedge.exe
2860	msedge.exe
2404	WINWORD.EXE
2404	WINWORD.EXE
2404	WINWORD.EXE
2404	WINWORD.EXE
2404	WINWORD.EXE
2404	WINWORD.EXE
2404	WINWORD.EXE
2404	WINWORD.EXE
2404	WINWORD.EXE
2404	WINWORD.EXE
2404	WINWORD.EXE
2404	WINWORD.EXE
2404	WINWORD.EXE
3956	WINWORD.EXE
3956	WINWORD.EXE
3956	WINWORD.EXE
3956	WINWORD.EXE
3956	WINWORD.EXE
3956	WINWORD.EXE
3956	WINWORD.EXE
3956	WINWORD.EXE
3956	WINWORD.EXE
3956	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	Process	procid_target
PID 4700 wrote to memory of 3056	4700	msedge.exe	83
PID 4700 wrote to memory of 3056	4700	msedge.exe	83
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 2000	4700	msedge.exe	84
PID 4700 wrote to memory of 4108	4700	msedge.exe	85
PID 4700 wrote to memory of 4108	4700	msedge.exe	85
PID 4700 wrote to memory of 3760	4700	msedge.exe	86
PID 4700 wrote to memory of 3760	4700	msedge.exe	86
PID 4700 wrote to memory of 3760	4700	msedge.exe	86
PID 4700 wrote to memory of 3760	4700	msedge.exe	86
PID 4700 wrote to memory of 3760	4700	msedge.exe	86
PID 4700 wrote to memory of 3760	4700	msedge.exe	86
PID 4700 wrote to memory of 3760	4700	msedge.exe	86
PID 4700 wrote to memory of 3760	4700	msedge.exe	86
PID 4700 wrote to memory of 3760	4700	msedge.exe	86
PID 4700 wrote to memory of 3760	4700	msedge.exe	86
PID 4700 wrote to memory of 3760	4700	msedge.exe	86
PID 4700 wrote to memory of 3760	4700	msedge.exe	86
PID 4700 wrote to memory of 3760	4700	msedge.exe	86
PID 4700 wrote to memory of 3760	4700	msedge.exe	86
PID 4700 wrote to memory of 3760	4700	msedge.exe	86
PID 4700 wrote to memory of 3760	4700	msedge.exe	86
PID 4700 wrote to memory of 3760	4700	msedge.exe	86
PID 4700 wrote to memory of 3760	4700	msedge.exe	86
PID 4700 wrote to memory of 3760	4700	msedge.exe	86
PID 4700 wrote to memory of 3760	4700	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://fromsmash.com/Winter-Event-Prime
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad86346f8,0x7ffad8634708,0x7ffad8634718
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3524 /prefetch:8
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6540 /prefetch:8
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3548 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6744 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1952,4863168008398123641,1307209134908327773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1544

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1700

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap25757:100:7zEvent28996
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:840

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffac601cc40,0x7ffac601cc4c,0x7ffac601cc58
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2016,i,17581348339889075179,11803859833002781437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2004 /prefetch:2
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1940,i,17581348339889075179,11803859833002781437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,17581348339889075179,11803859833002781437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2604 /prefetch:8
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,17581348339889075179,11803859833002781437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3324,i,17581348339889075179,11803859833002781437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4552,i,17581348339889075179,11803859833002781437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3736,i,17581348339889075179,11803859833002781437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  PID:5560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4976,i,17581348339889075179,11803859833002781437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4908,i,17581348339889075179,11803859833002781437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3728 /prefetch:8
  2⤵
  PID:5848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4980,i,17581348339889075179,11803859833002781437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  PID:5900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5156,i,17581348339889075179,11803859833002781437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5260,i,17581348339889075179,11803859833002781437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4952,i,17581348339889075179,11803859833002781437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:2
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5392,i,17581348339889075179,11803859833002781437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3232,i,17581348339889075179,11803859833002781437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4528,i,17581348339889075179,11803859833002781437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3732,i,17581348339889075179,11803859833002781437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3496 /prefetch:8
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5020,i,17581348339889075179,11803859833002781437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4564 /prefetch:8
  2⤵
  PID:5460

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5324

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5576

C:\Users\Admin\Desktop\Prime - Winter Flavors\Contract for Partners\Prime - Winter Flavors.exe
"C:\Users\Admin\Desktop\Prime - Winter Flavors\Contract for Partners\Prime - Winter Flavors.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3428
- C:\Users\Admin\AppData\Local\Temp\decrypted_app_1.exe
  "C:\Users\Admin\AppData\Local\Temp\decrypted_app_1.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:5684
- - C:\Windows\SysWOW64\dxdiag.exe
    "C:\Windows\SysWOW64\dxdiag.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5852
- C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\document.docx" /o ""
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:2404

C:\Users\Admin\Desktop\Prime - Winter Flavors\Contract for Partners\Prime - Winter Flavors.exe
"C:\Users\Admin\Desktop\Prime - Winter Flavors\Contract for Partners\Prime - Winter Flavors.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:5672
- C:\Users\Admin\AppData\Local\Temp\decrypted_app_1.exe
  "C:\Users\Admin\AppData\Local\Temp\decrypted_app_1.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:5692
- - C:\Windows\SysWOW64\dxdiag.exe
    "C:\Windows\SysWOW64\dxdiag.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6056
- C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\document.docx" /o ""
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:3956

C:\Users\Admin\Desktop\Prime - Winter Flavors\Contract for Partners\Prime - Winter Flavors.exe
"C:\Users\Admin\Desktop\Prime - Winter Flavors\Contract for Partners\Prime - Winter Flavors.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2476
- C:\Users\Admin\AppData\Local\Temp\decrypted_app_1.exe
  "C:\Users\Admin\AppData\Local\Temp\decrypted_app_1.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:5068
- - C:\Windows\SysWOW64\dxdiag.exe
    "C:\Windows\SysWOW64\dxdiag.exe"
    3⤵
    PID:2548
- - C:\Windows\SysWOW64\dxdiag.exe
    "C:\Windows\SysWOW64\dxdiag.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6120

C:\Users\Admin\Desktop\Prime - Winter Flavors\Contract for Partners\Prime - Winter Flavors.exe
"C:\Users\Admin\Desktop\Prime - Winter Flavors\Contract for Partners\Prime - Winter Flavors.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2408
- C:\Users\Admin\AppData\Local\Temp\decrypted_app_1.exe
  "C:\Users\Admin\AppData\Local\Temp\decrypted_app_1.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:944
- - C:\Windows\SysWOW64\dxdiag.exe
    "C:\Windows\SysWOW64\dxdiag.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1588

C:\Users\Admin\Desktop\Prime - Winter Flavors\Contract for Partners\Prime - Winter Flavors.exe
"C:\Users\Admin\Desktop\Prime - Winter Flavors\Contract for Partners\Prime - Winter Flavors.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5356
- C:\Users\Admin\AppData\Local\Temp\decrypted_app_1.exe
  "C:\Users\Admin\AppData\Local\Temp\decrypted_app_1.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:1004
- - C:\Windows\SysWOW64\dxdiag.exe
    "C:\Windows\SysWOW64\dxdiag.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6060

C:\Users\Admin\Desktop\Prime - Winter Flavors\Contract for Partners\Prime - Winter Flavors.exe
"C:\Users\Admin\Desktop\Prime - Winter Flavors\Contract for Partners\Prime - Winter Flavors.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3184
- C:\Users\Admin\AppData\Local\Temp\decrypted_app_1.exe
  "C:\Users\Admin\AppData\Local\Temp\decrypted_app_1.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:1504
- - C:\Windows\SysWOW64\dxdiag.exe
    "C:\Windows\SysWOW64\dxdiag.exe"
    3⤵
    PID:4808
- - C:\Windows\SysWOW64\dxdiag.exe
    "C:\Windows\SysWOW64\dxdiag.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2144

C:\Users\Admin\Desktop\Prime - Winter Flavors\Contract for Partners\Prime - Winter Flavors.exe
"C:\Users\Admin\Desktop\Prime - Winter Flavors\Contract for Partners\Prime - Winter Flavors.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4412
- C:\Users\Admin\AppData\Local\Temp\decrypted_app_1.exe
  "C:\Users\Admin\AppData\Local\Temp\decrypted_app_1.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:4552
- - C:\Windows\SysWOW64\dxdiag.exe
    "C:\Windows\SysWOW64\dxdiag.exe"
    3⤵
    PID:6028
- - C:\Windows\SysWOW64\dxdiag.exe
    "C:\Windows\SysWOW64\dxdiag.exe"
    3⤵
    PID:5348
- - C:\Windows\SysWOW64\dxdiag.exe
    "C:\Windows\SysWOW64\dxdiag.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4036

C:\Users\Admin\Desktop\Prime - Winter Flavors\Contract for Partners\Prime - Winter Flavors.exe
"C:\Users\Admin\Desktop\Prime - Winter Flavors\Contract for Partners\Prime - Winter Flavors.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:524
- C:\Users\Admin\AppData\Local\Temp\decrypted_app_1.exe
  "C:\Users\Admin\AppData\Local\Temp\decrypted_app_1.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:1336
- - C:\Windows\SysWOW64\dxdiag.exe
    "C:\Windows\SysWOW64\dxdiag.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1316

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:3248

C:\Users\Admin\Desktop\Prime - Winter Flavors\Contract for Partners\Prime - Winter Flavors.exe
"C:\Users\Admin\Desktop\Prime - Winter Flavors\Contract for Partners\Prime - Winter Flavors.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5804
- C:\Users\Admin\AppData\Local\Temp\decrypted_app_1.exe
  "C:\Users\Admin\AppData\Local\Temp\decrypted_app_1.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:5076
- - C:\Windows\SysWOW64\dxdiag.exe
    "C:\Windows\SysWOW64\dxdiag.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5312

C:\Users\Admin\AppData\Local\Temp\decrypted_app_1.exe
"C:\Users\Admin\AppData\Local\Temp\decrypted_app_1.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3492
- C:\Windows\SysWOW64\dxdiag.exe
  "C:\Windows\SysWOW64\dxdiag.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5712

C:\Users\Admin\AppData\Local\Temp\decrypted_app_1.exe
"C:\Users\Admin\AppData\Local\Temp\decrypted_app_1.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:5208
- C:\Windows\SysWOW64\dxdiag.exe
  "C:\Windows\SysWOW64\dxdiag.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3772

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\" -an -ai#7zMap13650:110:7zEvent10043
1⤵
PID:5528

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\" -an -ai#7zMap7670:110:7zEvent533
1⤵
PID:5880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8b8b9510-082b-4524-9c19-ea1b1e2af927.tmp

Filesize
10KB

MD5
6f3ecc96fbf6336c65008475db592d5b

SHA1
3c707bc5cab2bec0f7a4554359086855e50ed2de

SHA256
6efae8060a465a99dc73e2d753bc088ead99fe679026dc16f55b649ad2a6a5db

SHA512
1085637545b11fd9aa6d7a721aa9e8257ac4f2213747555007821792d74a3df77551730bd18d8da7ab0b0f58259cafdaf63c482d6b1398c34afd2c047ed2bd1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
53928f06ccfee293edc75bb5a7feecfc

SHA1
dbc69058c11ea504e0d9e8c9c136833c8d6aff80

SHA256
01b6915b83355c0eaaf39622d40b0a08686170be0197386924be6530d128aec6

SHA512
8cc8a8a8dd6a4be4807cda39d0211e0049aff75910381590cb5b0fdb1994da481f133b5545d411fcef9730c1321666db9c3a54cd06f3bcb19febaeb8975726d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
90KB

MD5
48743a670fa866d07b162f046726b2ec

SHA1
5f180be674c56c4519f531f0796b5b958c20127c

SHA256
9d436fc2f3d4ec40a0e3ae981b315036ac944d2347995d37c27b059db59ce966

SHA512
cbeb13a3ab5e6cd811bc64a14304f389d56de091db12618d62fc223de96e686545393eda1fde83ffea24468ff77953054b25a4a7a87ae2d9f61283c3ec46f69f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
82KB

MD5
f1c75c939f83265b455547c2ba1f801b

SHA1
c5c32588fd86d406211ba59ce27e370559024641

SHA256
3f6875bec6442af524c30e095f3c1001827e44b61547c7fa8401b16cd417e19c

SHA512
e2e45c97f9a91c581a4c9dfa60beeccbcb7025ea516ed4629c6fc36ded9346790d231bb7354c56d25fb16fe8ea6f45c19ac5e14853871e3384c3ada7ca0334e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
1.6MB

MD5
3eceb7c84cd81bb538eecb91c87ab3a4

SHA1
a51aebf5950ba8741502aa675fc73b6f082c4f4e

SHA256
3c7b256ff11ed227790c9f2671d4ba51d7a4d8ab3fc966866d4bdde15e1232c0

SHA512
9c4b75533a97d0600292c3a5035d4fed7cbc84bbd38f701d52466067cde7339e8310ad4dd8356b46da10201d96c9c9957202c7dfcd66d7e96429665fc30f41ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
28KB

MD5
d216aecb7fa1d16672397b7659d5da23

SHA1
ed5ce28c97be0f6d48a58171162ba4fc2ee470ef

SHA256
1849bbf2dea87eaf82b79d38fc8ab9772cd0be9bd834587562adf2cc2bedf78d

SHA512
3ffc447b987b0b85c529abb2d855f7532107599cdb6ee402d4be0a53b1a21051195fb115835d1be25ce3beddb61c05b2ac0cb233dc2bbe60cec6a604bc96fbdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
78KB

MD5
35a46116980c974751122a331d47fd84

SHA1
cd6e9014e38596c681641a27706124b5b69f86fc

SHA256
ccab92b9bfa43457f743cd83e454bcc63a768deb352fbad2d06d718eb2815a66

SHA512
aa4f484d3ca65525d5613243797d7e025e552dbd4e68bd9887d88d32fc6928c13dd7a47e8f97c77436924478d451445fa121d1bc1958a0ba94a2a05159345048

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
21KB

MD5
e905a9be581b8c837c48020af6c606a0

SHA1
e00c1833f1c65b812094c149b314800350f54685

SHA256
58180e3cba5a736e1875c690b3a756dabc7ee19960f4c66a692d42e5679c13d0

SHA512
bcaf31fab00b69fc58aef04efc77c1e3786cd46e294b67ae862eb6e9d29fa4515e884ba6e105907d1e50593ad8220ddcda428125cae5118383a9bb6ceae2549b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
125KB

MD5
53436aca8627a49f4deaaa44dc9e3c05

SHA1
0bc0c675480d94ec7e8609dda6227f88c5d08d2c

SHA256
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

SHA512
6655e0426eb0c78a7cb4d4216a3af7a6edd50aba8c92316608b1f79b8fc15f895cba9314beb7a35400228786e2a78a33e8c03322da04e0da94c2f109241547e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
36KB

MD5
cd615e14f20c79e369a29a7e49dd6160

SHA1
21f9b955d0f375f405fa2e90f9cebbc28f593320

SHA256
45defd6cce9a345a5bfd3a558a473a54ea918dcabfa001c829923dd6a9b58fee

SHA512
9e14c44319d7e29856542413b20e9e66c549452968e00f55a64ce4160c8a3a15c22d8fa3d998c385b5d1a677d81b45968885631e1a34f2523db3db91a4d07665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
da7780f78e805b83a6bb5855404f388b

SHA1
e0b38741521a1e6720a6292a8f1df78cfcce33ab

SHA256
9c99eddb52af6c62e39106ca512205a2c43c492561e0416c792841a8f62f81e2

SHA512
aee0496e934929c36583691e3e297f804fea2e1c1aa3f6ad4244c164b55ae9d2422ddaeb3afc3216611983384e0302e70578053d39c2d8292cd188053fe9c810

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f8b1d1f0dc0b52dd449df18fbb79d733

SHA1
95d59270e0bd666589b75ca5a305ba70c2f047af

SHA256
a5c0e1fe3ac2b0aba604aa3cd7fb10ab6702d694de58544de9a4cbcf36de0a7b

SHA512
bdb6fb67dc64904e58c3b815f519c6be893fe8a2a67235bf1099525f1ffee915ed8aa73c48e7fb6314da53d5f37d3220ff50387ab083594e54ecc33f09ed3f27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a7726a8d5d3e68ca050dd702fcce5b3f

SHA1
9df047cea1f0232f045fc5de187fe2a63380d141

SHA256
5490d22dad1739921491f3bd24c097ba53b78d4b0a56812a53af9b331de930bb

SHA512
8517ced4bde48f90949001f48506e8eadafc5e61af25731358ae3b363ccbd72a388a724f339535a5a15841daa7d5382ad02d2071e9f793088094243269d42a19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7bc479008af15863d8ec0fbc9e67d400

SHA1
dad975fe2d052763a06b92d418f9f5b894da494e

SHA256
d8d07336124c81e81c64b93863f436ed3273fdb2fed9eacf9181c7efb358aa77

SHA512
b30d6cc954efbf21e6ad3e93b44170fc3d996aeec5c7763756b9eabe82de4bbe45fbd45ae420277278a46d1b11c4b8b0487c52e5895243842d1655c8f2ae4699

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
e17883cd4aa4b699df8722b2e42bde97

SHA1
70fdc2e5cbb285eddb9f2860a517efa6de5be2f0

SHA256
688b632b2e0a457cee1434097da7b9dd935ef085a093ff5f561e6d742d365143

SHA512
2200bc7528e71763c0025d146ef97c362174269b43c78daeed8f5871f52bc2e7de7449e6311ee75880f17b3d8ebd3b964e4592d4d786fb7e92bd9a2101242cf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
6ed61656d437bc38949bb3d6d1a62855

SHA1
bf46eacbc17e1ee90df7957f3f9b321ad0669bae

SHA256
9c1597acab10212033e4cd6a71205b3451c3f212dd023409eaa848958b81756f

SHA512
e63396dedf0dde13f8763b0da3c280a8cbd2175897bce6e9d752b38bc7b7de31c9a26e579891cbe709f5dd3e8169fabd2b2dab0b2fc35723bd3203ec8f81a76c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2f729e0a65ade7afbdd5c2575688b083

SHA1
41122cbba424cf561d27fb97ce21ccc54880b5b8

SHA256
3b0a5f461f7f471d87a0f7e7291d1e0217b17818a6b1eac72bb14fdadd5c320f

SHA512
af3a76153a7ac956ae414eea0e0424485658b4d464e077a362870f441ca3402e1a8c161b3c27d52b989028043d938e92a4d0654b8a3d19ae266dc502821630c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
47af25dcfaae56ba861b3d8045daa398

SHA1
5fe53fee14f8f0e61f5f3afeec0f95f794004267

SHA256
d500448649660136903e780523914db6f1bad9b2c368c2eed16f28cf15f13358

SHA512
f9ee92e54bdeed10ba7c8b057bcea5f28ee6f0543a582a8dfae832a4aff518c3cedf3c68b2f465af3ccc6dc83c5f2b7325caf9e55893117a1f67018fa639fefc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a9cfe4856a58e98074807669148c50d1

SHA1
e4d6685d756c6029ec8a5673b6439500df7a6868

SHA256
e741c3a0b14f82f0206203e531a73d70aae011a1923255fb02070fa4e3b44732

SHA512
92d849d9a8fd9be1e9db1c420614dc5f2cb11fca07997c96726ed6755ea992e988f6f266a1ac0b0de9e4c900b703626d8ef1941bc8300634c151a79200192890

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7f2a4b1d277fb19058e8c60b9e47f732

SHA1
6989430a18089b3afbc862681cfb4ebb02e2eb4d

SHA256
d89a18b8548b123fdc801f1622a63faef0f798c1396a0bc3b144fe8ff8a8f507

SHA512
38a36f15bcbf45791b0de651780a7e6acfdf43c0da54dbc2f30a24e5f0f52f205ebaef37d6dfc84dc151e1b2d35f3e67429abf7f97482658a8ead8c1c189ab06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
237d02faffad94246aec23762c7b7450

SHA1
05c66afd144367347880d2c5228fa9a78b4e2a93

SHA256
1e1de10dceb004dcb78fee0f8cec77326fbbcb1e7947f77be2fec339ad7d3836

SHA512
5c7a0b4be566685d042d680275b499c01a2b307c4e3a29434d7aeea7cef74d7e0ac3fd543502859d76a15978c6ffc2bfcbb753e139aad9db0d3211eda84b1824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
61b1ac5099b83331e3571d10d1b13781

SHA1
18734d4fe3514a81415cdbebf9d75c54b25aefb7

SHA256
102b14224d4143c58c35e42288f27708ed685eed7ece55fc1bbcb0d40d019d42

SHA512
01d8ee03eec3b41901d705317d1e8a7071965445c63ac3c87f30e1c22fff27df2e61239912a3cc6c38efdb80513a0efbe7932d76ed6494b8dcc0b16006ada9b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7823eb7b3165e3c256d25ed29c72f0e7

SHA1
df4c2646fb92684cd3a859c1fdb70e7a847bfe58

SHA256
aa9dad18aca30b89c48f8e71827a411800bb98d2edf46aebffbd52965197da80

SHA512
6885cf18dfbb46091e19d7253a1a1399b27b95dd121c3ca5f7bcfbbc7062f4ee042becb95badac723fd20de946ce9e175405f869632c4739080f21ba47358fa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9aae5eb299c09433f76c640c8c21402f

SHA1
5d052ee727e452cadad1077d265091b6c62fd446

SHA256
3e84ed933dc07f01bc991170b6c787529b1c865fa95b08abca836904e10de47f

SHA512
8a331e03531e714fa3c9c22ddee58f740febe80623a3f95d9d163930e64f9e583c2ce4aad3a075f1722ab26f2a6748314a130eb795e90f38a3a72f3098e77fd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d975dd2ac6178460a14d4ec4ebffdfde

SHA1
f3374a01f887f698eed64cbb9c288c8f225d451d

SHA256
fec761da7a6574c42a52c682a083312d66800c40eb5937378e568d95ddbf676a

SHA512
55204027a0dc2f021fa6467e67908ea41dfffe52625c611a11c7637633e60bb49f27b73eb65defaad138e8a5cb84c51562232b64ba0f117d8240039eabcbf954

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c4e6c6ba21e285d076efa7d35a7cf840

SHA1
00d702bcf19b94b4abf68bc1c5949e1c24f19e8f

SHA256
787874e5cefcb1f4d9b5e2e9f3c63913b7d8ee50c5a4bd2c142f58f103f4e023

SHA512
e4eec3d73a04217b714fe4727e0b23d7c2374d149fde1aa973010fe69fb3eaa9eb5c27db8f2c3921cb73186ef92a11360b0354e4007d213496a9c0ed92fb3b6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2b15bc87d757c360a119a294f3384265

SHA1
f9d455ab56c072c97641cd72e5e991bf9bb6fe52

SHA256
ac370e61486bab42ffec766ecdb18874850c2e0c6c84d226dd5ecf772421559d

SHA512
1e6364c878189779aa9e9d440ab9be060c1b9d3ad50fdb7d494a856a6b56a018f2ddffdd3f282378029b49a50aa694a677aaaf8fb5e2b27ed7ef64ca8124bd8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
750945f1994371263a5d4a1e493fbcb1

SHA1
a709ed0d42917924bf12f272c725956c3d752cef

SHA256
67ca83af6006150cf35f14b6d92efd162921ecb287f5f8babd3194a58b802bb6

SHA512
fb6f811d432835c223748dd53534bf089613413fa5c84715ad01f84711dc49c24ec6c5226586dc497173ed8105865c630994eb8b04400f1d77b57721f5c835b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2df8d978fb47acb2ca05c10af123dd9d

SHA1
200b05cf740603d19ff87aff5d67fc419946a44d

SHA256
c7eaaa37febe6253621231adf908c9d2282ea0cea2a872eb6536ceef7aa52214

SHA512
f82350b2d736ae2d63c4ff3c40f47ac05492a156927b424d36e4673883575ce335052294313805362a51cffd0bc5c330a150d8d26690799738bed716a0f83faf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8332041d8ab0e8b3fa191e6c4eb532eb

SHA1
c7e894cf5394f4faf075aee8a1d5d30b7a3bd6c4

SHA256
7cdb841c8646aa6778427c975c75e020f572af5bc9005fd075a04e679a8f6a61

SHA512
d81d09a70fe89b8cdf8d71cb41a2f96adfc789f44344c884917bdf8c214ccfa28f5aa0073a142b5f2a5580ae1c85a4cfb98e5bf0e6879e63d7d7d81198d920ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d277079b1465c5bfcf1ea607c2e04799

SHA1
b59ed7246460035e551342b03b3334cae642f6d9

SHA256
e4f212b8fe7452f2046d5889b9de26d777bbbf1d3294cea03446d5f0940488b1

SHA512
bbe221565d9608cfb5021479a693b8738715569ccc9a7f4ff3dec9f74e2926885cdacf401c498bba5f443ef72d2866d5fe8cfa9e3d52fc9c0f4d3aa01c254e76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
157b9e0ea42d70bb69bf84223200c231

SHA1
81aacea2d7d88f1d24712371342e0c160e8269f7

SHA256
1db2dad08c6f39fb205897653c79ad98c2fb7ce08ed08b8686b0bee1900a98e0

SHA512
538df19416486c55905cd6166e0233be97bba33fb3e5c9580f3d8249e8f446df3c511faf5268f04c79e3d7f070f0a7362505bb77f414147f065b412200d62fde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
13c4b58c18c684cfd315571f8bb887bd

SHA1
fe41df4a53134e4109c41de6ec01023e6e514d7a

SHA256
fcee4d47fa71cba09258ae2569fd6db408d86f22e3e549be2fe965b20a356ab6

SHA512
956ebdac1b1acb49b34cee0ceb6851622e21d7905806cbbe9792f37e89e652a7f93ccb2292d27bd082b31629faf863ffcaa26e8086776023189e900cfe42a866

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
39d3d04427c5f409f6ed39aa593e1da2

SHA1
28ec8d6c6eed62abb00df8265fd3c668f1263e6d

SHA256
913b7142987b7b133ec30fb8e177c45ae10e9571c8d4ac4e9e3479188b064638

SHA512
8282c5664caeddec5d7b2aacd62ce1b290501f645493e1ff766aa9d8e7baa809f8ae31190203097d0cee2a0e89a1fa4e4d79995c70e7f6f311fccb98616e8ec5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9b861aa9c6e68b59b1a5111af7230e02

SHA1
f1c0c03574670ea2f2df9cf621175ec490163314

SHA256
aedbd1815390f287a1527899b8739c09a17b2f5e6ddf98fceb90e063817b59b9

SHA512
c8524a10c5d80a470782dba5e5c3c6819c28d8381081273978d537b6297f878c58ed08a455cce5c13858335290680ea9665c6bb3915b73fddd08f5b7c1f12617

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dcbe99a236d131ad2393b724b71c8a5b

SHA1
75ce29092377b0ab4751c8bde96e9944c874dd32

SHA256
8f889b827f5b8e81bee46bcfa5c28bbc5c0ca791db212639ac88bbda3275e6b1

SHA512
4ee6dfeafb85e14ece5ba63a8ddd78fa771f64aed3d895ba8034fbbe455464030f3e80e4850c58dd483d93887118297d35fbe08b8212e2c26166806ac51bf5ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
726788a5598867ee92d272f365e58c1d

SHA1
cbfc312d7e5fe5ad298d888eb5eba4a581f05495

SHA256
e155a1fac610a9c506df6136e0094d3391893c5a8096d072faedce2084c8b029

SHA512
e00bb138f121edb6adf0632441127f29e84680d3bd017f5f5ca845a1d64eeed5d01a8e483207b5436fefebded1bcc55f5945a9362966c6eb002f8d96fc1f2adf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e3486dc977ac22e231ff7314a7d449dd

SHA1
5c2d2442d644fd358dc6a78f8b14b6e76ea3b5e1

SHA256
76a82dd2f5212ef1c83b2ba08820b1ead839ee09e179fd01479e020fdebdd5a7

SHA512
e79a6cfa48cf5841c2f86a3c0bbe2865013e2d7a333d5738e74929bdb9e6f2dbb6ddb47d9faf1136117ca6ad4f2ed040747147603980564e48fea14e91acb708

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
17bc31eaef2d5c1f5648e4e4515d251a

SHA1
4d8ff4462e31081f4a36e4c249b24ebb71c7da45

SHA256
46b08a9dbe3879b9d3398e143c143d0d787124c2eaeaef98be1415e4e5cb123a

SHA512
497ffe8ceec020e9abdc4a94050874804ca7fd0621cdd29405f03d4f888a13ab195413b7490bd831016dcacb2ea6009fab5646de87802c4207b3806c385c1c11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6b2504ed87883bf605d2c2ecc88dab77

SHA1
07ba67a44ce4e7518d3a899979d8f74e016a9056

SHA256
6e6f2f9cde87e523c2438a6319df4d8e21ec7e41e066526d9868f1658220f3c1

SHA512
dff4723df618f5ea3f6c4c12df7b7223f7d805624f1bf52ed73c3d5d03cd51a901f07504217c9022a14793cd5047e8275856d643cb09a8e23b110d2f26bff6cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9efa0d8c7e3c774bd8fb45c1f601d215

SHA1
65c4316b1eca726e77371a9136cbd24abe0c0967

SHA256
951132b34a5ff1c7bbe359ed8c369fbc4212bea9d615d9b1000056b886b8cf65

SHA512
54e5ae3a06296a98930f6aedcb8dddfed58b34f3126287b33c011ce9c79953a4b41d52c715d8b6d20767e6ba55f21d46e75b04d6626dc7eb76a4cfbadbcb6a3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f6b7a46cb6059f8d4c79d66becde2ec1

SHA1
3e5d7622f50f3a338f2051fc91a8c416f7477286

SHA256
54b0a95425275b2df453bd835df43dcbbc655feac964b95fc6971f059ab3d68f

SHA512
9e55057c4d7b3fb595461bb16ee10d3b8b8db8876c4ddfc7fe4e7cbb3f1eecbc2e735f2daa63752b600d089d4223f6dbe2cf908a43312fdfce30423693d0648e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
680a4bf21de91b11d5b494084fdc2aef

SHA1
8ed376e61dc06a054cd2d8c7b33714267a4a6f15

SHA256
b94063b29d1a7c0c9ed851e4b4e714bdfbc7107a9b93df2a7fbb257e68e4bce7

SHA512
ab781f7f8758bc5e7d05243d248772f2eb41ee764f058abea126de12c6523f8e9bd9ed8c59c1b34a5c710a8d002d072351eeffdcc8d07a8e960b61dd2087954e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2bd54b9548d15de2aba435bf935b6356

SHA1
4d495c8a10238f29565a3b3d018edd05eaaa59fd

SHA256
39d25d362d25227fbdc7b274349bba6dd47cd584d65325c07897b920e8ef41dd

SHA512
843a0c7bfd640f140ee97f40ff978f667cf6acdbb8f436f1900c2514b2dba19e7f676048c055415d86baa9c6917e89b7e9e877437201e6fbe516373ea0aa19d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
da5367647b03707fbdfc3c391895e26a

SHA1
4f7c6e22c440ac67a14f22f3035d0bf50202092a

SHA256
029019534f6b42b0d7cb43b076314c500c39b3b9e86345e381ecfaff6a765271

SHA512
2e3d0688e2cbf32a6dbccc5273d5d7a348e096c64bb28258f3162af58ba36ec9c0528ac117d8c6e69e02402071a685708dd89b5e5b6719399065774fabd1c4d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6dc97201aec992cc0c8cedebfb01cdd8

SHA1
695d5d88193f60a85d13c53adb2810ccc512600c

SHA256
359206e908e354e256f7079bb10eff66ab5a81736d39fe33898e19a7add2a3f2

SHA512
27d62c3ef6ce9bbe97f72277d4310139b3512aaec44c4cb7cef7e2e9b3632c44cbe97d81862f843ea0c93627f4a2fac46179b84d7e32c9c1ecaef1c70fe9231f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ae128ad69d84f10d7cf3602a005c8014

SHA1
5addecaf0e9523ea893ff65b7dd7d5855f76c308

SHA256
74166374af1cc74bf1b87a5a773df1aadaa316793c096d627cf4a8a87e8a44b4

SHA512
8ff8012381868f42d4b64e4701d369c1cc2564a37b5749ec6a54292615de4681af87b06385919e42f8bf4e56c5e78108165cf2ddbadd1cdd67838dd740ce3596

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
22a788f9a7827b5c47e33f505b58b51f

SHA1
3494b8981c560189beacdd871fb4e71dd7b10af8

SHA256
8204c5d21452ec6d282008f5b8685a44836330f18e97231ddf26114b92c2be33

SHA512
065f3db08124d41451874bb945083116bab8b081c0c4a0337505ca12ea50b604e902bd2e0ef8ec9e005930d829b754e6235205b46868620e8166127d20fc87c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b8059895082ae7d188fa249c1645a271

SHA1
fa179c7b5d990e1c97d5aa214cde2d57be79d5ad

SHA256
9c9c2f44c337fc195bad7de7112cd78e4a452243511d2436cb5868457a4e3cf8

SHA512
6778a612d59ef1d4d423410487a854afeef552b987c51e85adfba436504d33abedf642dbbbf228a6e9598625b2accb5c3aec09e129919a200ec8fdb8f21b84eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
68d3980b56375d92d57feb09bdb96420

SHA1
0aac75b2b2d7683d5a8ed0ade1a71d1f84831131

SHA256
b36f035e55b6a06a5b4aefaaf419283b8e55fae9c538c23de5d526d570c45721

SHA512
16186a653750bf24f20925b813463e270b518b8c3dde07aba3f644e6e5110e70e0e1f33c837b0bf3e88c9aafe81afc4bbe9d75e92dd9762daa5845514ae2c99d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1ba13798c99e0415fef873bb42551a2a

SHA1
4c0319b65fca2a466ae3e55bea7d34c2011c45d6

SHA256
a2fff7ff40000ed9cd81ddd01776f6494a7356bed42c5a46f17c0f8a9870e3eb

SHA512
75f8f30985d7c7f8ddcd2e5c7529cf0803aae939d1ecac2cac339d3c2cdbb25eb4460c890ff3af9c19523cbcb6bb7e0bb4ce3caf576406cd0eb9b627e7e0a678

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
23a2c57895cab2d10b1e603ed0054a24

SHA1
7d5c6eaeb2d52a4029a63b356d9569222337b697

SHA256
6b46e0f2c2786126b602e62eb96055d1c78aec108361f25b240025d74ad1022a

SHA512
18ebeafd4763814dda927d1c1d51da85599899274263e7daedcd7fefd6629704759cb725c6500c5a166938d70e1d488127f1ea8b1f0ac60bdf25cd5d82b69e25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b76309ed3318392650feb1780ada7b37

SHA1
07465d7d1facda024c3f65f7a749502bbc54c301

SHA256
1deee5f27956c679cc37da93a290f12447f1407085901922871ef92be44c8624

SHA512
c2d13c8d97e8baab6cf08d10476b31320764beeeaafbecd1af20742d810c32c8a25415e52a68e5518a677332e54e025cb2c1af2342e38bcb9bb1153e4d8a7f78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
09a1166cf30b0bc96faaf0aae6229b5d

SHA1
8817dbab5a4dc3fa1e1bd313d5da4f945a452457

SHA256
4cc14b3c76f649c814951aebf779425a1a358151314da88dd9fe3d74b40c683c

SHA512
5c99653d71d509cca951f247e280ba1b9f97a7b7a50122e03e85de8a716a47e83d2431e00f1d3687f9097223b096bcdb805eb9a9c03e9a1624a3f3f925c6b17e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d95c05a1271092eb08069f7a3dc308dc

SHA1
4ed296b9986b7c2bfc30abac29e5bd8cfb96a8f5

SHA256
e15a8551ff7a4e82f77d57653f7a9d22251af2e2bf287c7c24762f19896d0676

SHA512
235b8337cd364467e4cb39cc4d0a6c5e7a7e43684b08ccc204003755c86cba0ae5ef2e92e1bd88f60dc0d88574dcdb2271cf025ef997088116d0b3f66d06bf85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bf31b2d6d65698a24578042f3964c658

SHA1
9585eadb3e033304b4f3726164e866ac375c57d4

SHA256
98bc03080ce9a265dda64d6c1d0a8ce004fd2afd63f9a9df23f2045f56d5db02

SHA512
a8cb1d30924874110f9bc488b16d0988a4c6f257cb2cc5af76e92d9da202424d57d02ba335cbf578d8a261f3fecd56f0b4b51f1e85543255e0f97f56e0e4c0b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e2c4044b522dd4b34d1a8b0a1b8ec33e

SHA1
56dc1901ce2783895f11a60e7f49d2787675836f

SHA256
bdcaec8f29dcfa8d05d508effbdb99306b6424a874a530aa9409cec5b76f1752

SHA512
c42a5e34e9b3f95e248d67a5da4ec71462d1d4fbf777acf6f85ec6a208e3522fed8c8d6bcef9144820427da9d2df4cdaeb2df789aa8fb83c7258e5d0c614f6e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
97276d13ce1fc9f0cbcdb4e6ac48da9d

SHA1
45dda70d4f54180278c1b4239622d816e379124a

SHA256
7668895354fddc5c853fd8d1178390e2259a2e743416b01a445c12d834896334

SHA512
749b844437afa389511cb46a6323eb54bb38879e321d59abb27ec2514cb296ec57d3c7e0f059d5a2a7e21f5a8a7e0f1bae6acb4380f5b6fc737b242c6cff6878

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0186ecf11ad1d98940d9548d64d63aed

SHA1
8fcc0b41c32ce08e8a6de2c0393e69c65bf31e39

SHA256
32574f577746a1f2da2cc1cfb09583828398297a73fc7a55a1e834fc3991b2d0

SHA512
7221bdab4d5fa9d8cb3a45848e52bfe8b9ab1e183d7740932f44468e7364e9ccedc1d3fdee5df80ef6c8c49e3e7849262a7ffb513afe0d0e2d1a47027c8b533d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
942eea0f2fb68772e40a203f0a138600

SHA1
9672ade6aee29375f646223a2c3df31d395b4c44

SHA256
98ce122249b3434598f4d06658916b59cf917c819b2643954827fb312f7ce6ee

SHA512
e844ff5b055a32ea28e74ae2131541c41ad5ec3ccc821aa2ec69de6d3568818199414288e704e6b9c85e419ba128d4e22ddf9e965219688af136f312c2c488ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
74890cf46dfe390d00f350d71e20a9fc

SHA1
1c9fa95b18c588b388ddd910d91b324ae3b0de45

SHA256
aca74f6de32d59193464d2cd91ca34af24cd6ef564b184a6d7e3ce0300e7825f

SHA512
5febd07df810cf10fa8307981ce8783666280e659f3f30f68c7af109a1db06bc3e004df1fa53efb8ab940bf6017f2e32e8633be73cb4405bebdc4f432581cf62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
31ecf9e904f32830e3a00affdd41b8b8

SHA1
9b8286caecaf68277516f44645e8a99ed548b94f

SHA256
7ae0b65e01c754a111a26de4764d81c6575f2f0e2cb74a7affeeff2a1f69ef43

SHA512
4495f963f08e2164a1c8d32eb8f6b739de0b5d77ea9267e710fea169f545e4917013b7ad6a33b5e6122533d14a224386285b695134b3674f797c10930641285c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c889ec206eec22fe691f278b130a97c6

SHA1
97f0d83c88109ba2bd34320e8341267940cbb3a5

SHA256
ea76caf93af12db03434df5d522fce657f7a2dc4588d7a3eb66e0b9f9e9d197e

SHA512
a536743a884c7a945993486309a408dc5402410a12d1d0adde9ac1f5bdcba90d7fcc25993cc9af6c7679538351f60d09220dcf12b79fc616e78a330825b78fc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1db337f6e7a446d1e1e2446c37b0eafa

SHA1
8c69fdf3de151edfc276c8ebec767d2556a7fe4d

SHA256
7850bf555148d374fe05d05a05bb807950d816f7430368d271306c9373e992e2

SHA512
1b900b3850992fd58be519d021e38b9741cddf1a4e4a9b75512e4140f09fcfd4956a91d2691fec05ebcd9f6aa57ac2c91b19b80c8f1a4a9b10cad303d2bfdcc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
aa1040f32947fe852109aff39fa6cfc6

SHA1
3478f55d9ec22e5437b606daab62cb4f8f4e25aa

SHA256
0c0eee45d8fdd2b3a352452b5c9efd0b8ba71bb032d73624dfdb042192c9c222

SHA512
3524916ebf2d273966f05f4b5d61a294ae6572a6bf75ee32765705366aab014d9109421a06cc43ceee22f27f87edc95715089abb53a276969230f2d923e63fbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
182d9db16b7dba4a27a52ee0e55cdaf8

SHA1
409be5306f4b9c6cc1673e24c7238200f38de0e8

SHA256
9fd80db4314aefff8876edbbfa10201b3169c913073c7bfb5eae9bb2e3d1302c

SHA512
dbae98bd58d9bf1dc2705d98146a4403cbd2a07fdf57b12dd19e7d5f70865e879ea908da8a708579f9334b376f9ad047d465e372805545ebb38438265328850f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e616dbde217fdb8607fd7e677eb4d80d

SHA1
b63e4f82bd3ce762842cd0f255ecb0cac33f3b5f

SHA256
ce7ad1bf3bc4a9860f0c0de780becea6fbc46974b95240e7be2e4b80343f5fe2

SHA512
6bb8da08f5e87ce9475e50b5a2e4ab703ed66f4dc6442000b1b4dcab03f48d40864337c99c47f7333fabf77560861e11607a51319adbe949ddabb3879d0c4bcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1aa90c86993e814d33a5bc3782c32fd9

SHA1
db551293f80254422be3e0e38cb72f71f693dcd7

SHA256
401e2d840e2b702a48ddd64b6d8b12fc5cfe2edffa2240e5bd3151de49aaf807

SHA512
1d8388684b2a0343c982bcbaa1d967907e7b6d017a4b1244b7eeca62e007552386b9e3952ff65c1867ebd23127cf63d809058fc3f6d421fe991a2b5746fc4337

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
65e9c2bd16ee8640ff109b7c140b727d

SHA1
90687fb098143ccccffb3f618b86f020977a34b7

SHA256
41abb7d179bec08d58a60bd9e05fbbfeb2cc3c6cf671c478babcfa021d912a23

SHA512
a90f7a7aabec1f89567e5898a9946fbf57f7011ab257c35bb52092ed80edf4e9a4e31180c001eeda25dcde8a8114432b933b21b8bd05d68a63b7435208c86354

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8e656458cb3809bf466b0c940bfd41a1

SHA1
c6aa76888b423f92ec1c73331d69f661d699c2cc

SHA256
77b43c1e76fd0cb1426bd7425a3024826fe4384eb1116475df0cd6554f9368de

SHA512
5b9e92b455efe404b20e59b42490fbef17c64926a71d043c4562ff8a82aed44d45c7fe466a4f3b19156545a4380d82b0e5c24b4cbd7f90aa8fd38ccde7563582

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
02befe4e65f4b5019d61412bca0f46d0

SHA1
ffca165583990cac1500bf342f77b5081c4be602

SHA256
59b00d89745d6fa2f64ac3fe8ce3dc7fcf2978b3dfd3fd3edb441fec91f3ccca

SHA512
22e94c562c22b11dacbbeadcc8623f380d55b1e8fc598362cf530559f9401837b73c6dac377e543befd5cc9a6ab1da9893d455539f77d468c3e45da0d8fa4102

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
22dfa872588d99fb60e947fae0088880

SHA1
2f766b073a6cef725787c26fbedddce8711a6331

SHA256
43fd1d6dd6a3af98651a989680107b962d0fe22391c5e5c871479778044d687f

SHA512
2799187b08ff01c7114f23711a8ae92619f4dbc1d16aff26d2a2040bdb4bfbe7ba0953e2da3d8a527a834abda753e808ac7cede5daeafcf660621c66a14e9286

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
39ce35c90418d7a54b0a6584ffe56f8a

SHA1
1e4c073d4cb85a441de7cd3c2a365053b0739b92

SHA256
e22050207b11e62ed0ee891516d3d187956e03062af52315db7977d119dba8ae

SHA512
3aff96976f202dc24ae9d8630a70b2490b146862fc41d164ecd303ca382a803d6eadb87853c8ac8f8352881ec81b3f1e34cef0dc9d57fad69eac70584c64be41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
195c68873f2636ccb06e95df72903268

SHA1
8edc47c7aba6b8531f11a6c2c0cda7d704d2e0fb

SHA256
3d20e2bb522a2bee80e91f4b0ecc3d95c569832f67d609232c7056d708018a7f

SHA512
a2a8e5b6338e7181ba8b9522818c627311181a63ab8978cc4a4c6d6660b1828d9dbb99bcff27d5d79fdad125f7d937dc50fc0c522835fb6c3f8b08eca30d2043

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e7e257166a56b3a07279526067cb0dc1

SHA1
b9c7157e7dbcc17deafc8338601577906b2bb62e

SHA256
bb8d5c42e164229e6640aaa7abe1bbb11198f9573061fb4a26a02fd962766f74

SHA512
112b6d4eebb18da0393a2eaba8c4ea5a0b40a79929e54a7e7657085150910270847de60800e92c5ab5024d971ee9372268c8d671f3d51ede6f29b4155ce442ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4b8e01150a72cd83f10d3404cbd4b818

SHA1
c1ac59610364d7e6cba98f477114de1ca691d8b8

SHA256
b51361095278f0b24ea05119c33dc995ae7e77e1100b3109e436415b9bb612be

SHA512
a5a56dbdba41f075e2d2a6a9e9221bed508ffbb89f68e438e94ce1b031805fd370274a6b3207a28e0661ffc71cb094855892624c4d69bb9df1c0dde6671d2110

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
09e3bb104670c8a2c038a1e663ba8a87

SHA1
2ac0e335237456bb12af67aaf2bf61e8ba718b93

SHA256
a9199759d4bc4ba6ee95aeedb2a13533ed1ee2f2e40a92c62049a4d6b4e41bc1

SHA512
0dafa55a8ada3fd7a4feac4cf6ce4a5c1f3bc7c6954993ff66d7dbc12fb4e0521733ed778fd54e77ed220f3003f6c8876021dfe3f4f4f289f627f0313f2e8149

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fc71770b6dae39eaf64d838ace98d269

SHA1
faa38c970f220cdb013a15eba68a2293a78cee81

SHA256
25e8a99334a10ecdba76b7e1cc5a581af1061705932a835bb1285c3b2ba6c8d0

SHA512
441af2ea5048e5287f9ac9e8d7be8e3eaa29ae18eaae5aad099620c3ebcf223e8c9fd94f455a671d2a77b59ae1a396b8c5552da605458c84c27a158eaa18005e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9c11a664c5749aa51877b3fc58387768

SHA1
519bf51048a1231d87cd5c8e6470228dfbdc787c

SHA256
cc2e83d563c9fe77bbd14567da9c20e422be6a1a315d10911eb9013e8dd17200

SHA512
243dd82db9cf86b8b038189980fbc2f2734a1445995318301e8bcdfafac74a55673baef1c6f5a4bc14fc2eda51248cb63295bf7d3f6187140f7ee8f1ec605c2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d767c575406c862cfc878d7fe11280d4

SHA1
8e3f9bfb4de153c416646ec6f4f9d034547c71d9

SHA256
b28cf202c9f0006d6e41e3fece4fab7651e11230db223378e0101a7c2aa7bb43

SHA512
a7d11af3e894272b11d173b87c58f47dff0fefeac062e07dbdd109140fafc462b826233db35efc1b0bb020fb4c17e9e2bf00362f83dba05f51497576742605af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
81383d4af3a44576b735e39bd540fa0a

SHA1
ce19ad87905bf1b0d8597f046ebd2055a19930ed

SHA256
6d8b1a1f0de1e5672b1e6f66aac485e26c8d3bee907d1f977d82f5b2df59f2b0

SHA512
996852d9ffc5c06a5f436b5f5b58644ae941c7c79dfa5b383a1b62bcc6cc5cf2eeeb6e1b92066f4216063078828ff8f806f7645ec18677558b688c7d3565e0a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ed90f4d093f9f0b5e28f0acc45110dfd

SHA1
6affa82ba0229a80d1f7fc7ee7c55dc0f362f492

SHA256
178b0e6f64a8aefa0b848cd3183fcd71acbf65c725aab2e7d73b946e7297ceea

SHA512
63a1a7789b7c2ba5b13d8ce92cc8a54ceb28c952039ba218187233ca77af92b01dc7a48b034f2ab98b45377690c1bbee05fb6fa8f79cec53756d2f6ecd738b76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
96B

MD5
0eb007ee39f4e147f560596e690137c4

SHA1
88c9cd3d16689c289a7b0cbeb95062a9f4ea43cf

SHA256
ab900dedbe69ddac2ade4d87225c4f56957b96ef15f61d47497987e331b76c9b

SHA512
e89e766a911c80e2121e3cf0ab1fff5d7bcfc8c9a28a6cbb9bdd39b1089140f01457209b9ee3cb1b5602bbc3dcbf1e19d53b315d90419e4da287e79ff48647a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
13a1a8022917c0a31c75c1eb7c9f8a89

SHA1
2515d380be9dd06a41633b64fce6dd6dc3b709e9

SHA256
802f5f4618b982ff9e149aa1fa6f87c24393d9fda648ab7e71cc55eac8cbfc67

SHA512
5f0d31d598fb18cce825534937801dfcd4f2d251274cac0ffe47f48fdc3b69cbd773e1dd0c531d4a08009969c19d61e7874e27d042f7b500fe20caf815bacef5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
1f4eaf78ae3020849b483a8f6e6a84eb

SHA1
efd893b04fe986faeb0cd29c512bd50b746c2c3c

SHA256
026b8278e573a7d5b370643f28dcf7550faaa3fd45ba1efc7af8ca142436ba1b

SHA512
11c5b21913126d50c0548a988e46d89f38141cc5d8042e67adad8c836c8696c1e8ca9dfc6bd6fda4c2f4292d716b2015fab4f06a3ee05e87df2c084f8bec8812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
41KB

MD5
e319c7af7370ac080fbc66374603ed3a

SHA1
4f0cd3c48c2e82a167384d967c210bdacc6904f9

SHA256
5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132

SHA512
4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
27KB

MD5
6b5c5bc3ac6e12eaa80c654e675f72df

SHA1
9e7124ce24650bc44dc734b5dc4356a245763845

SHA256
d1d3f1ebec67cc7dc38ae8a3d46a48f76f39755bf7d78eb1d5f20e0608c40b81

SHA512
66bd618ca40261040b17d36e6ad6611d8180984fd7120ccda0dfe26d18b786dbf018a93576ebafe00d3ce86d1476589c7af314d1d608b843e502cb481a561348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
c70e33184cab69f1ab909ab116dea5ee

SHA1
1a230d5032b35a00a20300f04a14b73b9cbef688

SHA256
e7d95419a90a870c01cd6bc1d5fe81e915c969eac9afba0ded32aefb22787a28

SHA512
fec40474cebe17d313c2c3dffc5cc48e6496a1176088767f4c7f5f604b8f9324c529c97a755d8305273640ca4f3f3af7eb1a0d53804a8df8cb8f33394dcb4dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c6f66b33ac2ea66da36965c72120683e

SHA1
235b6cdd094043f9fd6157f38de0945d451580c0

SHA256
d12e0e5f8d5451818493c4175c5780e124ef9b6e8d36d9ea4c679390fab96553

SHA512
226ebd1bb67fa49a0d57af2f09acf79ae24fedf03896af3ab2e49a7eb03d7bd220bb291ca453db384ad0d0f62e5ba3041af03f68c766e567a00060022a944f83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4a1a120c01e1bf1f57997e90c5df7fbe

SHA1
084ab7f299480ce436ff8e633adc174a331a3533

SHA256
bf6f06918d469e1c952c6471cb1e5adcc426c32d45eec629968e4db17016e191

SHA512
4331546c1cb10a206c142d342b303f2a0e58bbb36adff3ca3c36563c54e2199438557176949014f8d018b7e7c16a27b85b5d67c3f104b06a668fe43b20603719

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
4d1c4ecc79683031af629f9267d27af5

SHA1
8e79e0a708a4a0eed40b8f1f0038e93ee331e250

SHA256
61d77dfbf56d1a34006ab284b6f03ab11c5df817481cc198c1b1a7795d593771

SHA512
cad68863ea554212e6388c07020b5b555a2a9c2ee1f510d6df36abd0e65e843541beb136148bc127d63c21e92f00ebe1f076c720f3012ee5bffb71359a559ce3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
286bbbbc9f1739b1aa333321c29c91cd

SHA1
93ba4a141488ffba09dd49a34c5f30fb32fad27a

SHA256
3300654ef7b5d64311631bcb21fd852e90463e7fa82f18c00a13c599bab28c30

SHA512
95f5c958cb22fb0b768409186daabae1ccb2e57252f6ed9973a63100e6c7024d9d7c4909dcf7c54b26258813c2cd66809274b52990ad39852e0c0fb26d6919c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
e7a81a7428e1669172836324d9f03371

SHA1
70797c7d7dda032848d7fcbd9902228144a80027

SHA256
cd0cc140ea01518b686c784b20168d61a7fe0d5c8d264a5de8b18e188cc20ec8

SHA512
763104680690b4f3bb724a414950dd6072067cb575d5793304243319eee9307112f0d0e36c04c6b18ef214886398309060910aa9f9fb45c8eeaccb14258aedb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3b2e33b46333872237cd0ab9936815ad

SHA1
fb402a76a731cdc1d8cfbdf0cc8a56693d514e0a

SHA256
09cbdb6d06f39dcd25b599999223e6fe9635cf8cf7511933e890286991ecce5a

SHA512
cf37014f54439a8dbe7d90026f7498aa644dab59471385a27d875c452fb09174d75a2b2a32dffac70a254ac82407f032e731036f7774c5e7cded39f7d03079fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
40b728aa7c1c0aa978ebf53cdbcb561a

SHA1
10ac4df9f81f1c1f50f94f1988b5935ff291238a

SHA256
9ec4e60590b3664d2137357879cabeb4c377eb3d646a7546c5c2fb0b08c41521

SHA512
cbde0766fa549d2942bfde2001f414c16253fe501bc69f1806d238557338bef263e9ca1e44eabadf98c7848ef85a39b8267216ecd148b0b5d3a927e748542d48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
958b890fa847713fa832ec45f0dc0db2

SHA1
f93b39700bddcf4015fff6cc65233c8b9e00dd3a

SHA256
78479337cc256c9f438a3588feca2fc95dd81e5d0efe2132c72291eea3aaaaff

SHA512
5723735263cbc889574548f2d3a5e765aee6548aa4b32794abe298f723f8f3e7a9f3204956a8322c3f37f89e85a3f3c3b382d06167d731b0b3a21117900659f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6bfe3e1a3bf47288f9b74c23112ef0d5

SHA1
63a461ecedaa21aaefbac59f0ab9f880b8f7b3dd

SHA256
a1c6a2f4f288fa3ffe4dc399b7e3e7d5b79ec9b067b2364062dc3c5a44873f3d

SHA512
4afe9cd88c0536f54362d6632f45a27a239e822eddfc9b6991e19664a695b2165200811a12f7ae21fda672780db1531cd0158fa8c3810285826505d2b3471f6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6c5f648c597a70343105fba54c72ba12

SHA1
8d561254bcf700c8d3006baf9662e27e54b9e102

SHA256
d906078dd5dfc6c4c18d23dd0e428723ff7dc3b5c995affef487da32560c6bac

SHA512
1f563833b861c84c43874f4bd2b934c1d46f20fbd7c8d7cd23984b23cb60e6f2712d7f36c58ba2a1450cbf42b747a4f23e6472a904b65ef0958da01760931da6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ba04f044b68bd1c3980e0adb6ddbbc0d

SHA1
fd6fb945d53f3a6aec38ce583419b7ff597c1eec

SHA256
5c2525750bec0aeff7bb04c19536c6d979163587235bff73e7a2f2f4539515f2

SHA512
9d7c9cc388b67bf603ee8dd6447d474d17c4234b462ac9fe120dc2e4f90687da9f6b3834c3fcaae1ddb057e74cd25841576e0880541146e62858a624c852da76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6fc75c58d6310e3596d8663c5adf0608

SHA1
e48841602bfbbbd41155d5fc35040ce22b994038

SHA256
60ffdaaa042eb54891cd0c3f07412a40aaf5ebf4e782af049393ac8afe69a5e6

SHA512
042adbcafb50a11552dfa5660fbcd055ae0a3989223c4caf48a26dc51c46f6f15770f9b96ebc586e1224fa59b63aedd7e836524e87c1df878901ae29174ab60d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d8f969e56eaa883217dac492ca2db54c

SHA1
3eb7578a63916a09106b162234c0db7ce743cea1

SHA256
3810054687a1b0f9b3ec3fc26586c0ff6aa21640c204a1cccf92ce3371f2d4ad

SHA512
1ed35666fbbca3204f17b3093bfdaf78039fcd017c5fd7d9d54c7b80c3d09fabd08d2df549c1317cc3f835ddab2ecde1bd5f90b25f6cf29341b47baa9cd25595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b944c80db428f7d12a2e5119de8b2e9e

SHA1
95992e593cb825e97f341a5f88778c86fa5bdb84

SHA256
7b127cbf8cc4cfbbdadeea57bab609b7e44f38d703600abae16f913c78a94b38

SHA512
f54cee4703f948220973d0fd255bee66862895b01babac77ac7ccbca5c06ab173cc0b368447968fadd2b0d73413d82517b537f8c39d019d93be93bb6fa9b9edb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f47d8611fea0ec40c316c5f399ace93e

SHA1
9dbd94bf881a166f98a3ee5c2a59e6c6f1120fa1

SHA256
0cb5369b64f37f7dbfb2ab3b016152ed940de223674047a170828885d60e44f7

SHA512
06ef05c174dea083efcadcd26ef2c49a5f6bc8b5de93d1daf7c7798f2ff02eb75ae6a1c989a4f0951e0d78ffe67fcafddd3b2e307acf3d8f3bd6b9eab02377db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fcfc8b57269d94be9690171dd1148dc0

SHA1
07c70db39243bef608267131bfe53acadec2dbfa

SHA256
30089424f44602e1c1a52e7b22adc60065d01a154cb61bb5534df6d3bcc013a7

SHA512
5d743c4e47c6fd246b6b8637d4e22beb81a26b4f7468eae084da2118b93fc14ff5ea1cc097bf40836c562e14766e3bbb10e3faafc82b28a7180a67c59d41496f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
105b8615e2f8e003a51f8f339498a901

SHA1
c37b515dd9c8d0373c03a6faa61e3429a1ce94f1

SHA256
ac36c1d4dabe2c146c4a9840253b80f706933173dc208e2f9c698c44e5b8b04a

SHA512
a0271fc54f565359edfc875fe20739686aabd76b2d0614dc84dbd7f045f39a503894c75535e79147e920dce8b79d4c89ef09130c81ade2dcddfdd8c0d98b834d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
e74f7fdace17acf5e43528dc7ac33812

SHA1
0259227cf582ee7dc449f35256d2df620b9d78f4

SHA256
fefe4d67be2fe02e4d434fbd154c820b5882f2cb42374a1a5d9ba6ab7eace03a

SHA512
164c92f1e3cd33790db04b2c0ceea548bb4b28247da43c6b89020cc4fb9e934412425daac262525054490eea4e0f30400f20800103de59e866071cfad7a38f5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe586a6d.TMP

Filesize
48B

MD5
db8d6c924fd62fbdf7bf3473bb9b9df6

SHA1
e5329ab667b3151e164389b705f0b0f429496fce

SHA256
fbe586dcf24165c582d64dfa0f7ebc6cfde77709d076c4d82779c8022a8c0ec5

SHA512
f01087eb954314d81335e80dfc0052a56f0098e31b8e3c008f9cf830eaa2c03635bc88d2dd91a46e5313140c65561101ecb37330dda5a19ce8d2c5b4cceb468b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
d17b3b4aad273cc926317b63e4865cab

SHA1
6b3885fb2943e11896f60468a668060366520b1f

SHA256
cc8015ef08814766ee8eb3fbc4eb3adf9469b47bf42944858abb86bfea26f2a4

SHA512
92a5372b3618908d8ab814aaa39709b825f032745a86be98fff8358cc228fe7c935ed410de82102f333a3cd6a3d7ff6e2685b81bfbfd1e4ba0105617f8daf723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5812d7.TMP

Filesize
370B

MD5
502cc1f58dd3650fa1ad9cd19679b106

SHA1
d33816abb8813195c085c408e9fb81aa5bec8a56

SHA256
84d99af1e0485aa6785af48f3156c62b3ee846621a7e5708fa0a81f76d2dbbd8

SHA512
5135427a92b98e6062aaa2952bc695c55e30f9b9173fb02da9bf09753303f285ef369de84925944d6ea5e08066076976b402b61081fa068639500c6d92a67043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e44f64f6-262a-4108-93df-c589ec8fe245.tmp

Filesize
1KB

MD5
c129c2bcf8d0db29bfcf847da4e5fab1

SHA1
d1ae4a2c23d8c873885c07ced1a7c6ce6142ed4f

SHA256
321d6e3ca5e6b5824b100e16516ea357fc060516d84a3154e42aa1c04c00b7d3

SHA512
699019d7920844ea893dca504fe0f7f61b93e2097c81aa949817abb9fabbb965c62e82b8fc84b99aff0be12184aaad02a2fb6249e88b2e3f122bf6695cc9fa36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8f9c876103553b12b916f1da015e2060

SHA1
8873eefa5847d21f641b4aa4b3a153841db2b4ee

SHA256
822f48495a7d04676e3161dac63466fcfedfe8ab361305e9fa8472acb5880113

SHA512
ef4e8307e36b58c943abe934a19db0f7438991b761359ecbd9835af9bb3c986b399716b79c0ceb79cb7ba846955ed2198ac7f86f2c40f1737ab22675de82eb2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
59760c92543ce308657c0182f7542e32

SHA1
4e53384802d32cc853c042efa338a25bf0da9252

SHA256
bc386a8e006990515c68c2f8150c6f2762a5a194e261ae2dae1e64b86ed3aedc

SHA512
032e3def42d50a078bf65e6fb033b4b84235bbbef82e5424da03629a05ce6ecf4e96ff0175cf753eb6edc4d23dbc16dcd412232215f0c276096663e27d21e2c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fa6766d741512c6db68f0dc21e9b4860

SHA1
db4496f417d53329db5444e3445b6194f4978ca1

SHA256
d9cb1f1575cc0a945706f9e3a0e21d6476e061f68b499a1e720badbd9397e3fe

SHA512
30e9403e18227f3240469828abb51784904510d57d546fb9337a335068155ae049b54dcaaa88c467096ea5ab1507249c5743fe879364a78c32a74310ab197892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4394404a3234ec8f8cf0e9094ca11b4d

SHA1
1ec88e64cde0dde2c233b0d672f61058359490c3

SHA256
76b4c55aadf8a5934810aaa5c14d477bbd5b410b5824fbf18fdb3da6e715543a

SHA512
6f41e5d29cac9ec73778c4c35b09dd4b1508fb05540e90dfe441793ec4a0c05f27bb01b7729fc465729444d433f34f8fadb9a162cab3b19368fd1d9eec059630

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ec7c7c457105fd1a1b21646a96763cf2

SHA1
6cb1eb15ad68a1f8fc312db075e6bc4fe5dbc865

SHA256
dc913b48acc35209b86de141b2f77e59a8df89b5b1a7757ff4d9ab3005ebc7b5

SHA512
af5e780ac4ddf192882de5f0b6c258cf9436ed92a759f1fdc0b14c6f70d6b361b1814b2d9b45910fa4c0fcbaa0b1ae9e9d835879a307427f564d15b79719daa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ad0f9aca8931b9e76efe92f2a14cdcc2

SHA1
e9bbe1dfebec1dade07cb4b6ce46b302e3897de1

SHA256
8f97aefa9bba6cca7267cc7f7a96ddb81c795b0b8c3d5b9cc5468fe39b766cc1

SHA512
e9a6eb2bd5edd9196ecc37b16685c39c3e67d9665efea8ebe61a797d299bfc3e1eaf7d0cdbe1d07c2da8b600383bbeeeac117270ddf7d490ce948536dffe134e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.Settings.json

Filesize
87B

MD5
e4e83f8123e9740b8aa3c3dfa77c1c04

SHA1
5281eae96efde7b0e16a1d977f005f0d3bd7aad0

SHA256
6034f27b0823b2a6a76fe296e851939fd05324d0af9d55f249c79af118b0eb31

SHA512
bd6b33fd2bbce4a46991bc0d877695d16f7e60b1959a0defc79b627e569e5c6cac7b4ad4e3e1d8389a08584602a51cf84d44cf247f03beb95f7d307fbba12bb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
e67a5b8937ab666a448e127a9d89de3e

SHA1
e29ddba4348a165c08df02927fbab07a56e0ea47

SHA256
3ab1b9359791d23d548f27906a7b35846aed1f64c5e82baa40852ff2dd882015

SHA512
d5f4940668656f49dce219498b69319f8f21133f7b1999d9a20f7d0199948e866a7e1878c7c039e93363eb313d8bbc94ea82225255b28fc97ce5a309bec831bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db

Filesize
28KB

MD5
af0e6e831523d897f2720fe91dd7a7dd

SHA1
1abb34b229423a4b6955666a7714abc89fc8f392

SHA256
e87bb93284d2575d4d3609a226e5abc64059f72e0fe0f95662a2c6d817984fc5

SHA512
4d7d09d0a54af87a1e4b83c3e0f0610030340b9412b86524de418eabbe8429b65fc3b0f13336a8d495c9d1c6b0e5e25202188cc3aeaf49e9abf7826a9a676db2

Download Submit
C:\Users\Admin\AppData\Local\Temp\6fa52fec-c271-483d-8730-ffeee68e9162.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\decrypted_app_1.exe

Filesize
12.6MB

MD5
9a11d578aec96645e55e6d3ad1a10754

SHA1
68081fd06eb00b786eedd77d04bf2bcdd8c96c59

SHA256
41f3765a0f5435e542209f28978ed7ebcadee49913ad39ca5e07bf3fd65e365d

SHA512
ed422416b6268d9b34d5c007db106532b3f9d23786fcb9c06c05cd5f741381b5668a9a75feeda7ae2aa21fe3f55dd19ab85a55fe8685ac9a382036cefc89139a

Download Submit
C:\Users\Admin\AppData\Local\Temp\document.docx

Filesize
23KB

MD5
7774fc53641105b7bdceaaa6e4df119f

SHA1
aab556c5d4c72c8c82a38d71870367ad5248fae4

SHA256
a605577bd45462cacac21baef5f13d350b252824a2a8fdf75b1fadd6175166a9

SHA512
bcd6b9af6ea413e95e8f9a4c67e387accba69fe89fdd8ec778f0f765564286b98a87d5fe4329c16adac37243ba0fa8a63f6ba77aa8da6cf7f9c92dc51a5a1336

Download Submit
C:\Users\Admin\AppData\Local\Temp\mso3B6D.tmp

Filesize
663B

MD5
ed3c1c40b68ba4f40db15529d5443dec

SHA1
831af99bb64a04617e0a42ea898756f9e0e0bcca

SHA256
039fe79b74e6d3d561e32d4af570e6ca70db6bb3718395be2bf278b9e601279a

SHA512
c7b765b9afbb9810b6674dbc5c5064ed96a2682e78d5dffab384d81edbc77d01e0004f230d4207f2b7d89cee9008d79d5fbadc5cb486da4bc43293b7aa878041

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1672_604568477\3b643f05-12ba-4b78-9f78-75fa7108f5d6.tmp

Filesize
135KB

MD5
3f6f93c3dccd4a91c4eb25c7f6feb1c1

SHA1
9b73f46adfa1f4464929b408407e73d4535c6827

SHA256
19f05352cb4c6e231c1c000b6c8b7e9edcc1e8082caf46fff16b239d32aa7c9e

SHA512
d488fa67e3a29d0147e9eaf2eabc74d9a255f8470cf79a4aea60e3b3b5e48a3fcbc4fc3e9ce58dff8d7d0caa8ae749295f221e1fe1ba5d20deb2d97544a12ba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1672_604568477\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851223[[fn=iso690]].xsl

Filesize
263KB

MD5
ff0e07eff1333cdf9fc2523d323dd654

SHA1
77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

SHA256
3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

SHA512
b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
1KB

MD5
417caa264e8d32fdbdc34fa4cc51b5df

SHA1
fb171164b70f70790f45c481c1f9ac9d49df52eb

SHA256
27070fa3c7c6da1daa72d40e8ddd1f72ef3b9ca1d9471eee7e256a82202ef3bd

SHA512
6e25ec48726a3ec8f9b2b514665d1465ccf675aeeb755eacfab5caf64fcf32c3b929b5934c5dc7a8d1518c850416c1b51adae7a508336d0741997bb385811fea

Download Submit
C:\Users\Admin\Desktop\Prime - Winter Flavors.7z

Filesize
29.8MB

MD5
ab35a433a93996f89ffaf837a815eb84

SHA1
248b0ba3a356a5e94c088bf5344f6ba96ffb09b3

SHA256
74c62de05adece3dde3dd1df1c841679f2bfe8a9e9cedf76385f06955ad91a27

SHA512
14206e483a0060f6a6b8714700512361e556c148a14e70a4029e7b6bbfb8d23f40129b25bfb4b4cb0b9c77523c558e01415e8343d7765cd8d39c8a3cce00d2fa

Download Submit
\??\pipe\LOCAL\crashpad_4700_KAFRZRQABQOZXEMD

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/524-2537-0x00000000142B1000-0x00000000142B3000-memory.dmp

Filesize
8KB

Download
memory/2404-1765-0x00007FFAA70D0000-0x00007FFAA70E0000-memory.dmp

Filesize
64KB

Download
memory/2404-2371-0x00007FFAA70D0000-0x00007FFAA70E0000-memory.dmp

Filesize
64KB

Download
memory/2404-2370-0x00007FFAA70D0000-0x00007FFAA70E0000-memory.dmp

Filesize
64KB

Download
memory/2404-1771-0x00007FFAA4F20000-0x00007FFAA4F30000-memory.dmp

Filesize
64KB

Download
memory/2404-1767-0x00007FFAA70D0000-0x00007FFAA70E0000-memory.dmp

Filesize
64KB

Download
memory/2404-1766-0x00007FFAA70D0000-0x00007FFAA70E0000-memory.dmp

Filesize
64KB

Download
memory/2404-1768-0x00007FFAA70D0000-0x00007FFAA70E0000-memory.dmp

Filesize
64KB

Download
memory/2404-2372-0x00007FFAA70D0000-0x00007FFAA70E0000-memory.dmp

Filesize
64KB

Download
memory/2404-1769-0x00007FFAA70D0000-0x00007FFAA70E0000-memory.dmp

Filesize
64KB

Download
memory/2404-2373-0x00007FFAA70D0000-0x00007FFAA70E0000-memory.dmp

Filesize
64KB

Download
memory/2404-1770-0x00007FFAA4F20000-0x00007FFAA4F30000-memory.dmp

Filesize
64KB

Download
memory/2408-2452-0x00000000141B1000-0x00000000141B3000-memory.dmp

Filesize
8KB

Download
memory/2476-2438-0x00000000137A1000-0x00000000137A3000-memory.dmp

Filesize
8KB

Download
memory/3184-2500-0x00000000145A1000-0x00000000145A3000-memory.dmp

Filesize
8KB

Download
memory/3428-1751-0x00000000143C1000-0x00000000143C3000-memory.dmp

Filesize
8KB

Download
memory/4076-686-0x000002B3EB0D0000-0x000002B3EB0D1000-memory.dmp

Filesize
4KB

Download
memory/4076-687-0x000002B3EB0D0000-0x000002B3EB0D1000-memory.dmp

Filesize
4KB

Download
memory/4076-681-0x000002B3EB0D0000-0x000002B3EB0D1000-memory.dmp

Filesize
4KB

Download
memory/4076-690-0x000002B3EB0D0000-0x000002B3EB0D1000-memory.dmp

Filesize
4KB

Download
memory/4076-685-0x000002B3EB0D0000-0x000002B3EB0D1000-memory.dmp

Filesize
4KB

Download
memory/4076-689-0x000002B3EB0D0000-0x000002B3EB0D1000-memory.dmp

Filesize
4KB

Download
memory/4076-691-0x000002B3EB0D0000-0x000002B3EB0D1000-memory.dmp

Filesize
4KB

Download
memory/4076-680-0x000002B3EB0D0000-0x000002B3EB0D1000-memory.dmp

Filesize
4KB

Download
memory/4076-679-0x000002B3EB0D0000-0x000002B3EB0D1000-memory.dmp

Filesize
4KB

Download
memory/4076-688-0x000002B3EB0D0000-0x000002B3EB0D1000-memory.dmp

Filesize
4KB

Download
memory/4412-2514-0x0000000013AE1000-0x0000000013AE3000-memory.dmp

Filesize
8KB

Download
memory/5356-2477-0x0000000013741000-0x0000000013743000-memory.dmp

Filesize
8KB

Download
memory/5672-2384-0x0000000014151000-0x0000000014153000-memory.dmp

Filesize
8KB

Download
memory/5804-2625-0x0000000014171000-0x0000000014173000-memory.dmp

Filesize
8KB

Download
memory/5852-1760-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/5852-1759-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download