dcrat | f00bc957948a4acb2b43a65702e34de767ad8cdf7efefea11e4f57a039ad5bcc

Analysis

max time kernel
599s
max time network
599s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2024 16:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PyDec.zip
Size

279KB
MD5

cdd0900edeedfc6ecf4cbde8e84dd0dd
SHA1

3b4c43a23e3f759d3dfa21eb3a5f2bf52493f254
SHA256

f00bc957948a4acb2b43a65702e34de767ad8cdf7efefea11e4f57a039ad5bcc
SHA512

a0fbfea4ed19c61795f2e86007744b5e02c6e783a99cd395046f7de27ccc74ca8c824cb121479ebb22d4ff7e4cb43aae1639ac9bd0cc8ef422a759339582f6a5
SSDEEP

6144:kYKEiGGFCPWd83uUeRlKeg8/KZ7h2AVB4+VI+xZ77:BfGMPHuVlKnZ12ATVjN

Score

10^/10

dcrat discovery infostealer persistence privilege_escalation rat

Malware Config

Signatures

DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
rat infostealer dcrat
Dcrat family
dcrat

DCRat payload 2 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

rat

resource	yara_rule
behavioral2/files/0x0007000000023ef3-2843.dat	dcrat
behavioral2/memory/4956-3193-0x0000000000EE0000-0x000000000105A000-memory.dmp	dcrat

Downloads MZ/PE file

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	SmartBinder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	browserFontperf.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	EasyBinder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	WScript.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 21 IoCs

pid	Process
3752	winrar-x64-701.exe
5248	7z2409-x64.exe
5412	7zG.exe
468	7zG.exe
1880	SmartBinder.exe
5912	SmartBinderStub.exe
4812	iBinder.exe
1192	iBinder.exe
4164	blackholebinder.exe
3652	browserFontperf.exe
3384	KBWBinder.exe
4412	RedLionsBinder.exe
1220	SmartBinder.exe
912	SimpleBinder.exe
4660	AlbertinoBinder.exe
2740	Binder.exe
5856	BytesAdder.exe
4752	DaemonCryptV2Public.exe
5552	EasyBinder.exe
5592	temp.exe
4956	browserFontperf.exe

Loads dropped DLL 4 IoCs

pid	Process
3548	Process not Found
3548	Process not Found
5412	7zG.exe
468	7zG.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	Binder.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	Binder.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\si.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\vi.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\he.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ru.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\va.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	7z2409-x64.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SmartBinder\Include\InstallOptions.nsh	SmartBinderStub.exe
File opened for modification	C:\Windows\SmartBinder\Include\Util.nsh	SmartBinderStub.exe
File created	C:\Windows\EasyBind\Include\Sections.nsh	temp.exe
File opened for modification	C:\Windows\EasyBind\nsisconf.nsh	temp.exe
File opened for modification	C:\Windows\SmartBinder\Contrib\Graphics\Icons\modern-uninstall.ico	SmartBinderStub.exe
File opened for modification	C:\Windows\SmartBinder\Contrib\Language files\English.nsh	SmartBinderStub.exe
File opened for modification	C:\Windows\SmartBinder\Contrib\Language files\Italian.nsh	SmartBinderStub.exe
File opened for modification	C:\Windows\SmartBinder\Contrib\Language files\Slovenian.nsh	SmartBinderStub.exe
File created	C:\Windows\EasyBind\Contrib\Language files\Hebrew.nlf	temp.exe
File created	C:\Windows\EasyBind\Contrib\Language files\Romanian.nlf	temp.exe
File opened for modification	C:\Windows\SmartBinder\Contrib\Language files\Indonesian.nlf	SmartBinderStub.exe
File opened for modification	C:\Windows\SmartBinder\Contrib\Language files\NorwegianNynorsk.nsh	SmartBinderStub.exe
File opened for modification	C:\Windows\SmartBinder\Contrib\Language files\Romanian.nsh	SmartBinderStub.exe
File created	C:\Windows\SmartBinder\Contrib\Language files\Thai.nsh	SmartBinderStub.exe
File opened for modification	C:\Windows\SmartBinder\Contrib\Language files\Russian.nlf	SmartBinderStub.exe
File created	C:\Windows\SmartBinder\Contrib\Graphics\Icons\arrow2-uninstall.ico	SmartBinderStub.exe
File created	C:\Windows\SmartBinder\Contrib\Language files\English.nlf	SmartBinderStub.exe
File opened for modification	C:\Windows\SmartBinder\Contrib\Language files\Estonian.nsh	SmartBinderStub.exe
File opened for modification	C:\Windows\SmartBinder\Contrib\Language files\Romanian.nlf	SmartBinderStub.exe
File created	C:\Windows\SmartBinder\Plugins\Math.dll	SmartBinderStub.exe
File created	C:\Windows\EasyBind\Contrib\Language files\Slovak.nlf	temp.exe
File created	C:\Windows\EasyBind\Include\MUI.nsh	temp.exe
File opened for modification	C:\Windows\SmartBinder\Contrib\Graphics\Icons\modern-uninstall-blue.ico	SmartBinderStub.exe
File created	C:\Windows\SmartBinder\Contrib\Language files\Luxembourgish.nsh	SmartBinderStub.exe
File created	C:\Windows\SmartBinder\Contrib\Language files\Turkish.nsh	SmartBinderStub.exe
File opened for modification	C:\Windows\SmartBinder\Contrib\Modern UI 2\Pages\InstallFiles.nsh	SmartBinderStub.exe
File opened for modification	C:\Windows\EasyBind\Contrib\Language files\Norwegian.nlf	temp.exe
File opened for modification	C:\Windows\EasyBind\Contrib\Language files\Slovenian.nlf	temp.exe
File opened for modification	C:\Windows\EasyBind\Plugins\AdvSplash.dll	temp.exe
File opened for modification	C:\Windows\SmartBinder\Contrib\Graphics\Header	SmartBinderStub.exe
File created	C:\Windows\SmartBinder\Contrib\Language files\Japanese.nlf	SmartBinderStub.exe
File opened for modification	C:\Windows\SmartBinder\Plugins\TypeLib.dll	SmartBinderStub.exe
File opened for modification	C:\Windows\EasyBind\Contrib\Language files\Albanian.nlf	temp.exe
File created	C:\Windows\SmartBinder\Contrib\Modern UI 2\Pages\InstallFiles.nsh	SmartBinderStub.exe
File opened for modification	C:\Windows\SmartBinder\Include\TextFunc.nsh	SmartBinderStub.exe
File created	C:\Windows\EasyBind\Contrib\Language files\Japanese.nlf	temp.exe
File opened for modification	C:\Windows\SmartBinder\Contrib\Graphics\Wizard\nullsoft.bmp	SmartBinderStub.exe
File opened for modification	C:\Windows\SmartBinder\Contrib\Language files\French.nlf	SmartBinderStub.exe
File created	C:\Windows\SmartBinder\Contrib\Language files\Indonesian.nlf	SmartBinderStub.exe
File opened for modification	C:\Windows\SmartBinder\Contrib\Modern UI 2\Deprecated.nsh	SmartBinderStub.exe
File opened for modification	C:\Windows\EasyBind\Contrib\Language files\French.nlf	temp.exe
File opened for modification	C:\Windows\SmartBinder\Contrib\Language files\Danish.nlf	SmartBinderStub.exe
File created	C:\Windows\SmartBinder\Contrib\Language files\Uzbek.nlf	SmartBinderStub.exe
File created	C:\Windows\SmartBinder\Include\UpgradeDLL.nsh	SmartBinderStub.exe
File created	C:\Windows\SmartBinder\Include\WinVer.nsh	SmartBinderStub.exe
File created	C:\Windows\SmartBinder\Contrib\Language files\SimpChinese.nlf	SmartBinderStub.exe
File opened for modification	C:\Windows\SmartBinder\nsisconf.nsh	SmartBinderStub.exe
File opened for modification	C:\Windows\SmartBinder\Plugins\nsExec.dll	SmartBinderStub.exe
File created	C:\Windows\EasyBind\Plugins\InstallOptions.dll	temp.exe
File created	C:\Windows\SmartBinder\Contrib\Graphics\Checks\grey-cross.bmp	SmartBinderStub.exe
File created	C:\Windows\SmartBinder\Contrib\Graphics\Header\nsis-r.bmp	SmartBinderStub.exe
File opened for modification	C:\Windows\SmartBinder\Contrib\Language files\Greek.nlf	SmartBinderStub.exe
File opened for modification	C:\Windows\SmartBinder\Contrib\Language files\Norwegian.nsh	SmartBinderStub.exe
File opened for modification	C:\Windows\SmartBinder\Include\Win\WinNT.nsh	SmartBinderStub.exe
File opened for modification	C:\Windows\SmartBinder\Plugins\nsDialogs.dll	SmartBinderStub.exe
File opened for modification	C:\Windows\EasyBind\Contrib\Language files\Swedish.nlf	temp.exe
File opened for modification	C:\Windows\EasyBind\Plugins\UserInfo.dll	temp.exe
File opened for modification	C:\Windows\SmartBinder\Contrib\Graphics\Header\orange-uninstall-r-nsis.bmp	SmartBinderStub.exe
File created	C:\Windows\SmartBinder\Contrib\Language files\Esperanto.nsh	SmartBinderStub.exe
File opened for modification	C:\Windows\SmartBinder\Contrib\Language files\Spanish.nlf	SmartBinderStub.exe
File opened for modification	C:\Windows\SmartBinder\Include\Colors.nsh	SmartBinderStub.exe
File created	C:\Windows\EasyBind\Contrib\Language files\Bosnian.nlf	temp.exe
File opened for modification	C:\Windows\EasyBind\Contrib\Language files\Portuguese.nlf	temp.exe
File created	C:\Windows\EasyBind\Include\FileFunc.nsh	temp.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BytesAdder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AlbertinoBinder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SmartBinderStub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browserFontperf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DaemonCryptV2Public.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	temp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2409-x64.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133793583284036957"	chrome.exe

Modifies registry class 21 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings	browserFontperf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2409-x64.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 755185.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 265276.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
3588	chrome.exe
3588	chrome.exe
5116	msedge.exe
5116	msedge.exe
1644	msedge.exe
1644	msedge.exe
528	identity_helper.exe
528	identity_helper.exe
5760	msedge.exe
5760	msedge.exe
5848	chrome.exe
5848	chrome.exe
5848	chrome.exe
5848	chrome.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
4412	msedge.exe
4412	msedge.exe
4956	browserFontperf.exe
4956	browserFontperf.exe
4956	browserFontperf.exe
4956	browserFontperf.exe
4956	browserFontperf.exe
4956	browserFontperf.exe
4956	browserFontperf.exe
4956	browserFontperf.exe
4956	browserFontperf.exe
4956	browserFontperf.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 48 IoCs

pid	Process
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	1332	7zFM.exe
Token: 35	1332	7zFM.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1332	7zFM.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
3752	winrar-x64-701.exe
3752	winrar-x64-701.exe
4660	AlbertinoBinder.exe
4660	AlbertinoBinder.exe
2740	Binder.exe
2740	Binder.exe
5856	BytesAdder.exe
4752	DaemonCryptV2Public.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3588 wrote to memory of 740	3588	chrome.exe	94
PID 3588 wrote to memory of 740	3588	chrome.exe	94
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 804	3588	chrome.exe	95
PID 3588 wrote to memory of 3208	3588	chrome.exe	96
PID 3588 wrote to memory of 3208	3588	chrome.exe	96
PID 3588 wrote to memory of 3212	3588	chrome.exe	97
PID 3588 wrote to memory of 3212	3588	chrome.exe	97
PID 3588 wrote to memory of 3212	3588	chrome.exe	97
PID 3588 wrote to memory of 3212	3588	chrome.exe	97
PID 3588 wrote to memory of 3212	3588	chrome.exe	97
PID 3588 wrote to memory of 3212	3588	chrome.exe	97
PID 3588 wrote to memory of 3212	3588	chrome.exe	97
PID 3588 wrote to memory of 3212	3588	chrome.exe	97
PID 3588 wrote to memory of 3212	3588	chrome.exe	97
PID 3588 wrote to memory of 3212	3588	chrome.exe	97
PID 3588 wrote to memory of 3212	3588	chrome.exe	97
PID 3588 wrote to memory of 3212	3588	chrome.exe	97
PID 3588 wrote to memory of 3212	3588	chrome.exe	97
PID 3588 wrote to memory of 3212	3588	chrome.exe	97
PID 3588 wrote to memory of 3212	3588	chrome.exe	97
PID 3588 wrote to memory of 3212	3588	chrome.exe	97
PID 3588 wrote to memory of 3212	3588	chrome.exe	97
PID 3588 wrote to memory of 3212	3588	chrome.exe	97
PID 3588 wrote to memory of 3212	3588	chrome.exe	97
PID 3588 wrote to memory of 3212	3588	chrome.exe	97
PID 3588 wrote to memory of 3212	3588	chrome.exe	97
PID 3588 wrote to memory of 3212	3588	chrome.exe	97
PID 3588 wrote to memory of 3212	3588	chrome.exe	97
PID 3588 wrote to memory of 3212	3588	chrome.exe	97
PID 3588 wrote to memory of 3212	3588	chrome.exe	97
PID 3588 wrote to memory of 3212	3588	chrome.exe	97
PID 3588 wrote to memory of 3212	3588	chrome.exe	97
PID 3588 wrote to memory of 3212	3588	chrome.exe	97
PID 3588 wrote to memory of 3212	3588	chrome.exe	97
PID 3588 wrote to memory of 3212	3588	chrome.exe	97

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\PyDec.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb1b6bcc40,0x7ffb1b6bcc4c,0x7ffb1b6bcc58
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2440 /prefetch:8
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4508,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4880,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4904 /prefetch:8
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4716,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3692,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5340,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5212,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5380,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5448,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5344 /prefetch:2
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4960,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5532,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5736,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3320,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3288,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5536,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4784,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5084,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6236,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5288,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6332 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5436,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4696 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5176,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3052 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6028,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1508 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5308,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6048,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=3420,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6296,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5764,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6620,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6624 /prefetch:8
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6648,i,12522184123393643084,18302810323924558280,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6656 /prefetch:8
  2⤵
  PID:1804
- C:\Users\Admin\Downloads\browserFontperf.exe
  "C:\Users\Admin\Downloads\browserFontperf.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:3652
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\HyperAgentwindll\BxJQZG6sHKaLzlHsgU19E4QB.vbe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    PID:5192
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HyperAgentwindll\N3fpcZRn0wVIArOLP9S.bat" "
      4⤵
      System Location Discovery: System Language Discovery
      PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\HyperAgentwindll\browserFontperf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HyperAgentwindll\browserFontperf.exe"
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:4956

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1028

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb16f546f8,0x7ffb16f54708,0x7ffb16f54718
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2548 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6332 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6728 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5760
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2756 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2792 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3616 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,8535907448211345728,15336523517786500287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4412
- C:\Users\Admin\Downloads\7z2409-x64.exe
  "C:\Users\Admin\Downloads\7z2409-x64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:5248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5208

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:736

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap17522:74:7zEvent5505
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5412

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Binder\" -an -ai#7zMap6328:2502:7zEvent21991
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:468

C:\Users\Admin\Downloads\Binder\SmartBinder.exe
"C:\Users\Admin\Downloads\Binder\SmartBinder.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:1880
- C:\Users\Admin\AppData\Local\Temp\SmartBinderStub.exe
  "C:\Users\Admin\AppData\Local\Temp\SmartBinderStub.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  PID:5912

C:\Users\Admin\Downloads\Binder\iBinder.exe
"C:\Users\Admin\Downloads\Binder\iBinder.exe"
1⤵
- Executes dropped EXE
PID:4812

C:\Users\Admin\Downloads\Binder\iBinder.exe
"C:\Users\Admin\Downloads\Binder\iBinder.exe"
1⤵
- Executes dropped EXE
PID:1192

C:\Users\Admin\Downloads\Binder\blackholebinder.exe
"C:\Users\Admin\Downloads\Binder\blackholebinder.exe"
1⤵
- Executes dropped EXE
PID:4164

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e4 0x4ac
1⤵
PID:4348

C:\Users\Admin\Downloads\Binder\KBWBinder.exe
"C:\Users\Admin\Downloads\Binder\KBWBinder.exe"
1⤵
- Executes dropped EXE
PID:3384

C:\Users\Admin\Downloads\Binder\RedLionsBinder.exe
"C:\Users\Admin\Downloads\Binder\RedLionsBinder.exe"
1⤵
- Executes dropped EXE
PID:4412

C:\Users\Admin\Downloads\Binder\SmartBinder.exe
"C:\Users\Admin\Downloads\Binder\SmartBinder.exe"
1⤵
- Executes dropped EXE
PID:1220

C:\Users\Admin\Downloads\Binder\SimpleBinder.exe
"C:\Users\Admin\Downloads\Binder\SimpleBinder.exe"
1⤵
- Executes dropped EXE
PID:912

C:\Users\Admin\Downloads\Binder\AlbertinoBinder.exe
"C:\Users\Admin\Downloads\Binder\AlbertinoBinder.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4660

C:\Users\Admin\Downloads\Binder\Binder.exe
"C:\Users\Admin\Downloads\Binder\Binder.exe"
1⤵
- Executes dropped EXE
- Drops desktop.ini file(s)
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Users\Admin\Downloads\Binder\BytesAdder.exe
"C:\Users\Admin\Downloads\Binder\BytesAdder.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5856

C:\Users\Admin\Downloads\Binder\DaemonCryptV2Public.exe
"C:\Users\Admin\Downloads\Binder\DaemonCryptV2Public.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4752

C:\Users\Admin\Downloads\Binder\EasyBinder.exe
"C:\Users\Admin\Downloads\Binder\EasyBinder.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:5552
- C:\Users\Admin\AppData\Local\Temp\temp.exe
  "C:\Users\Admin\AppData\Local\Temp\temp.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  PID:5592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.dll

Filesize
99KB

MD5
88518dec90d627d9d455d8159cf660c5

SHA1
e13c305d35385e5fb7f6d95bb457b944a1d5a2ca

SHA256
f39996ab8eabdffe4f9a22abb1a97665816ec77b64440e0a20a80a41f0810ced

SHA512
7c9d7bd455064d09307d42935c57de687764cf77d3c9ba417c448f4f2c4b87bcd6fea66354dfe80842a2fa3f96c81cc25e8bf77307b4ace1bbe1346cbe68435f

Download Submit
C:\Program Files\7-Zip\7z.dll

Filesize
1.8MB

MD5
c4aabd70dc28c9516809b775a30fdd3f

SHA1
43804fa264bf00ece1ee23468c309bc1be7c66de

SHA256
882063948d675ee41b5ae68db3e84879350ec81cf88d15b9babf2fa08e332863

SHA512
5a88ec6714c4f78b061aed2f2f9c23e7b69596c1185fcb4b21b4c20c84b262667225cc3f380d6e31a47f54a16dc06e4d6ad82cfca7f499450287164c187cec51

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
696KB

MD5
d882650163a8f79c52e48aa9035bacbb

SHA1
9518c39c71af3cc77d7bbb1381160497778c3429

SHA256
07a6236cd92901b459cd015b05f1eeaf9d36e7b11482fcfd2e81cd9ba4767bff

SHA512
8f4604d086bf79dc8f4ad26db2a3af6f724cc683fae2210b1e9e2adf074aad5b11f583af3c30088e5c186e8890f8ddcf32477130d1435c6837457cf6ddaa7ca1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\06ee9f87-c9e3-42e4-a179-048bf2f27a1e.tmp

Filesize
10KB

MD5
d24a86c303de9d95dd488c20ce20e036

SHA1
3d07a0d992d74d915e3ee35eae82e0574a023d22

SHA256
29b1a1b198c59a3a43eef27b26ccfab25b704c1930ca524741c55f35c1ad9485

SHA512
6fccbcce9f26103f0bbbea479362a8392bb6fa21fc3ba4e2a59bc1cd975af7d2853195c7896065fcee122e436997a26eb3f7c4eee115c75211ae55caa6a73f50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
569cab67b8ff814589c2d4bd13aaeda5

SHA1
54fb89cf267b8ba17fabe341b418d41c6b6aa068

SHA256
83648336a5d0c63642e5c4541a7e9cd7f883f98eac361e22bac4e93a994ccf9b

SHA512
0dfca12e3b8feab5f3c2925bb5f83fe84c245229a7f4d50994d2a7619aa1ea992d64a4b41e5f51e0b28fde07c4fffbb6bb751fac60e34cc4197afa1e59290002

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
76KB

MD5
62fe78e09fe99af95e06ecc38b89b81a

SHA1
a9be3e17b12b939121bc273b9319da0a22a3e201

SHA256
a09a9d19d6ff2be350be2c98994747f95b9dbd199c5b04b766887a3d91ee0707

SHA512
b6b58ec36f9072af0b6a51d70b5c62d0d287c22469d98f56e066d29ec5d57a110cb0ab17fb0ef1b106433b468f773327f375ba631102bd8750a86633a5d0d2bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
144KB

MD5
b6c116fc3737835abfac13ef986a1eed

SHA1
7e522cc088761147737e2cf98b35cd579427c85e

SHA256
1ab293e570f9a9df69668c0847be3714faf7723e74ff1c2153e70e2fe79b10ef

SHA512
20f4c44a2a69bdb70bcae0d37296970c2a56b87fcdd09a049b20aa0be868789312e862801b6bb1dc896f4850d906ffb106c9448a34dc9b300f19a49c1181070c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
58b7ffd7f0113b134256a00e5e4b166c

SHA1
542d7a4b7bb68e1812c22f130d9c2df97329f63a

SHA256
b028052017d0949d99d869c87116316e168f406b0de268e8fc22ad4b55e9efa2

SHA512
7a3cfa7506334162f09d21f1a982982d5522d42e46c2a01f769210c0bcd16b96a499b77f70f0e66440fe5362e4cc7dea5a34dcfb3347b25ff739e0e2f304e7b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
c8b6de38d4497e84745ced57853c5642

SHA1
e62dae40684db7549828203ff1dd32b06446e2da

SHA256
7c7a47d93cfe2f7f9e280425c3b34a5cecf26e519c8a2203036536eca1b17090

SHA512
2989f3dd04ac4159b7c0addd99386f4e617f7cd2ebf241c08065756bd39c727cc5cde50bdda6f0149246cd5fde14994fc36cf5b04bda7fc9dde907acfc4aaece

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
7c319aa7fd3577f31397daed204cdeac

SHA1
fc28c93331f43a94786d2bb6c7650edfed43daf7

SHA256
9c6dff5548471174e3803d767ba10d616c8777e65529df24681a6bb025e7e37d

SHA512
64696723ea85d612bc0b9b1ad46f1e2390eeb8003ce3d6831327133b4111f72fe1d9397bd120a750b772b88ae5ebf024f2f73189cff5788137090d2d7f2d00be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
996dc835c6c674d5c9c9fc58d92ad803

SHA1
d1d058790889ea807acc0242020ecc83eb95ea66

SHA256
8d9239b7111dfe9a6c2a36c8c1981e8789d3c50321b6d3580783d0131cb02bae

SHA512
180fef639209bbd5b7f697236df35daafa7d2bb9260feecefddff2addc5c999e2855b3f8c29691f8c11c38f54df3f930828ad3a70eb9e793f65d5c0a5a7b2339

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
e09d4fa920180d4ed99c0de15ac1f1c5

SHA1
abda828594a6bfc36bcd9bf57c8e5d1760c48a1b

SHA256
fa76140333729bb5d628dc8992e993e234506a9b9686de481a34af643481e125

SHA512
87d8e91c93875cd7580f7fbedc49790baef47f0b42aef60c8c71d3c682ae493198d88bddeb14f9342ad17460d91f9de723ae039c69680fb5006cd6f084bc9a8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
5810ca29bf10b3496d7e5ec11872ce41

SHA1
c7d0bf0f33f66f4f2979e5375346b27fc02bda1a

SHA256
a9d56f56c805d71689c1bd1512c16c496862c781ab6c0c5f6423c5d7177e66c4

SHA512
bd2c41301a5241aa3b68c24d23b925edd483ea42fea333003b70db7e6f6799f1c58c0cb5a4c531fd7a5e0b9eefe0811cfb6128e621a3fc0888704d0a8e7bb8e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5077f8e1d32c7a2069deb42560f94640

SHA1
51705e3cbafed0b69a563850d64e8f5e5482c95f

SHA256
4eea8d8c1afab414855f03393f12543d374950c57adea4bf91ba1594ac54e1c7

SHA512
7b9cd2405ed03cd786bcac5f823fdb46e4863c921ece19284ed3707ac5be2c117b667312ee680b1ba0f8b052a9f46989397146a102b014c19d1dc6110e683f89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\d461fb23-e9a7-48e9-8945-c2dc6f8b1d7d.tmp

Filesize
1014B

MD5
7dae0ab2ea9ff5a4fe952ba9f0766cc3

SHA1
1f8f227a163ee7643a91d7477533ab845ab80367

SHA256
9a5e6c586ac2bec29176db430e70e3effa4df622a6e22c22b1b65e733f81aa1d

SHA512
1498d82db73bd1dd90861231baad7ea1c1403d92f11573fd6afd6c755fa8f737b2adddd740c4ef92c6402e4b25bd51b3ad3b5c0f418077f9fc83e8e3d272484e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
249e4ac7f96c746fc978b4e7e41ebf30

SHA1
74d296ecb19c979a56747b9f9a92cd4cb52b7eae

SHA256
7143240deb83ab6166cbcfa64ea79565546b8eb562fd566a531eeca0cfc55575

SHA512
56acd621194892a4c11e7ae6c0fb0ad49d833151e3aba4b452f8b1a10a977339e3c4ee1f2727a053adbd6a27b8c121f2efeb8580a0ee4d49048d4275b419b50f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
638c8c13b68466394dd5966c63cec0ce

SHA1
a5166eeb7c098629704c217a691317e73dd2e5a3

SHA256
7d94c46dd8cf49ddae4e175b514310a050a7125fedcb52de16ed34d09a9fe8a9

SHA512
aae0174be7a8f36f1d1f1e978eba6bafa1c46f09caf662c0c97a239a9d72ec6228e812fc7174f23983738069fe7435f87bc1f3f949430616ada0bcd8d32ce8d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c30c3e8d20766c887362020d8eb5112b

SHA1
c865758a35be42c36ad9fbe99a618ed23ec596b1

SHA256
2d1399f09d004b755d39b980814cc5cd363e433f2aeba89d9e0c76eec4dc64bd

SHA512
bbb3cabc678d063ae83eced9596e1574746c4a658b3d9a47612d9a4ff04b8221c777c883d492e9fdfcb38e72eb9edc64aae78456216386507344c009a3f870db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a8f2675f7c0faea925eefaea31b40dda

SHA1
49b47cf1d807f55a3c549901a5a8150165e2f67b

SHA256
1364e1357b4a34770d0a4a91af4fa4c28ba194df73bccbcfa33f7c8c6f9ef0e9

SHA512
03339b52def38ce71d84b4f4ec64e3f51a7f721a89c511bb4fa468f5ff57f4e223604eb5f2d502a6f1f00115c551c6dbabd810b054a34bd714aaf4dd1d68a645

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f2d62b2bc1ff8b3120a176cbdb864e90

SHA1
5242d2711d4f6cae83b27621db52ee484c93fa6b

SHA256
210fa456ff582f0857ca72ba8209bed413bf98ef12cc0340b8e48bfb0b69441f

SHA512
c37e9e05ea72c135655786a71e3c94a9b10ee944bf4742db682743f201ddd174a48ec38203db571f9b7312c3a5074782a41a307f486193b0867dc8101e7259e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cd7f1bb3c8a21243fb06443aaeaa14a4

SHA1
d6c8e5b2c1ea957057c0948a43aa9334e9c32381

SHA256
8e0f49c71b948334dd7f825aca32b94de00be2f211af976b88b39e301e699acb

SHA512
d4128e013c7130740bd4ee1db115e399f7ca1e73116ca4fa50f9bb3d3fef5f14798752a643a247e463384cea2133fda60feb0486c25e203e7cf3834edf3de70a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
371e9da4cf71c064182ef7fdf1d9e81e

SHA1
d66a2856a3f087f875db93fb86f5d248eea036d7

SHA256
de277349016086bd646184b7e74fc4ef08f7f0b31a1c8874bb904aa50a20e89b

SHA512
1d710322d8340463e99ba9e93459b395c0bfdaf4b299b074bb2f502fc3a4a5e81f719040bc4529237cf81e8c5dd042589d62e290b6db83aa1cba578cdac1089f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f425f31d9eb9e1cb1f7eb8b5f3cc1df9

SHA1
50bd7c72a95f8c365d8b4a7e2ecbda280151642d

SHA256
46d075d29aef262fcf20b59012a0d0988325972b254e2a7c2a865484bfda57af

SHA512
7602a106ffc216ac7d8d135bda3eda418e2998ad13ea84da3b4fd1967eeb85bfb9f0b7acf6b18a7e10382689bca01916a643f75ec52067ce1bad8aff6ab12e57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a325894edd7604b401af84730d0b2378

SHA1
67e700e7f98bb9e43c7703c4da3c756eb2c88593

SHA256
f86ebd3b01724f32dd91f90dd7d1dbb417f37db182389b62adb2d0eaa4882126

SHA512
265a48bc7c8276e358504d52b3a17332667b3e1513d70d0b18ce1276c3c8ec1d9a29fed10a45bbb707b31b78de64c3343656d4ad8399c0d22774df55c76ca51b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e3f8e1f9e5057137d21f8a4a316f54a8

SHA1
af854cc25d93bbe93d3b1b9fb0e53c90a2fd89b3

SHA256
89339d12af550ea3c871a29999680c20e8f31a1b0abe3652abf128473e20af16

SHA512
7c113ca3d3dabb83de59d22e6e9b7df2355b0791c1415737e3f3eea82d86685f81bf9a719b51adee9a5db7689cef9339bdf5c6790b3f17be25dff4fce2a03dd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a7985c1b59226dddfbc4b9a865d62865

SHA1
f775d8d96de862a4a9c34142e0e31dee423d4c83

SHA256
86f439ac1b11c36e0caabc51f3fd4199e2262b15970f969bf9e3d978ca922759

SHA512
b565569795f97e2b5d8d94b7871bf45bbf7fb2926075ea8b727a2a3ae347aadc31269201268e2dc0c5b03a213d57a7ca7ffbef97ad8a07d0a5012a24374aca8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c5f4d99ace26fa354fcad68c1ecace19

SHA1
b3219051ff6828723c1fece40525313e44f6c476

SHA256
d7fc0c1f6351a1ea95e59873c07158c43c95f64a48ae65f77291dbc4c31dbefe

SHA512
28bee2257b7f378217582935c860bccda59bdee2c266dd143b70a0889940de5e143dca831441b749db59e4e1271bd66f130d0cee8961aa97c24b744c3e09fcab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e0eb2329c9b0427af947b5d0af59fde1

SHA1
53d625c3cb4362f9c4f5eba8167e90fe37be62ff

SHA256
7884e8c3d747af7402dfc96668e45b8f7e5767bc9d0d7e79eba26e9bacebce4d

SHA512
7aede13785f67c6fc945f8a4a3629cb8df61fb280a014e22ed7982a874ff39fdd9b0c9cd8766564b84432a6b3a12054bf04f196302d0a6ba3c16c94e36c2202a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b14567df448c14b34ccae4edeeced478

SHA1
405c023e0b10e8821f26d423c53ebf4e8c83e9a5

SHA256
e56557b94b6983442314c6c38a60e690da4eb529f008b85d00c2d94a03ab61c6

SHA512
f5a705bd416c4ff7ade917eb051e5cdee8ed7e20a9b2acfda4721ef1f2575c43525207131eee75659c4cba273895054346eaf7e0cd08417c0845f6e871049a3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cec35dbd9a9494e854963ac19049029d

SHA1
dc48aa3b507c8567ae6ab2f7b4d5b61cbc52072d

SHA256
a99395351b661d147c0d6ad6c5fe8e7dc344abeaf27c5fccd4c8763881a4b67f

SHA512
e03438ecb4050382ef2e89220b8bf452ecbe833d798ec6728a8bcedc4537f3311b47a6dd24ea031ea823f1b27a5c38381d8c39e46bf240b33102f9bdb84ea5fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f5502a9ddb41b289931ccac439f0af9d

SHA1
a317827500de7b8654d5d1e64b635fc57fdd2389

SHA256
f5068ed466659d91ac51a95a3f619ab5c4546ae1a6290ae3d94c8f5cffb9ba87

SHA512
c002a349dafdc8c60596f88b16dac0ad8c3923cca6c41f7c25f0d0139e47d9a65824f7a0440ed8e3c24b32fc9c5cbb77a3e048384a87f56115391c1be437084d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
86259b0a1970e8210498552073ae0058

SHA1
229b8fec33ba329a0d0d67943bd66e8db03cb849

SHA256
d135f7b89275b4afc1ddabf0112d209b7067edc78f176f1063903f8c5dbfa212

SHA512
c7a303fce23b613c25e7d38b0a7d325d7096cb37675e1f06374f9d126d1e464e9f35429f7779d9c198e5c5986bc3eb4f0036261713f95fc09020c50702b75782

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4563538d9fddd922da33ae6b59876755

SHA1
325d504257ddcccd140d3052c7f5e92eb8b69350

SHA256
c99a8e55f64c5ce3e0864adb628fd69b572e25d1aefb89fd812a6ba8879cec93

SHA512
4c3011518657b09c8ba632f02b856c426196eb4d678a423c679eaf5cc8c19fa5fd629d6bf6cd115ca52a2f27df3d9c91419a26744bda5b40da7d993b81acbf37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5b3637471010db0386487a0923bac110

SHA1
94ac69f0382edcaf9cffb387c8ebaf26164411d3

SHA256
ef0e4bfee51338acac6ec7479f5d645cb47477a86860facbd991b668d50abfd4

SHA512
d5ac4833981faf4bd0e88d48dd2cd4b81e528eea8549d739007318cbc9c57dea0cebf6ace6d1743fda3fc326b580257b715b839be2b61f498daa82698bdc596b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6451a41707854cee8f725a64e17d6ade

SHA1
722ccb3d4567ac1081581be94763c98cd50c953f

SHA256
1b74b28779efb22a7e60bb7a1c12aebc34988ceba1bfc0af8cb947798a3dde1c

SHA512
7228eb58b59a96d21c664ea7464197376cee74d83f4b37f3fb840fad9413a848ee81b04e80ce4e943efba92080533a82cf111063b601c9a3451a4e586d6a1d63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a66f0efa20744a143544a50dfc02f472

SHA1
89b659dc160889cac2e6afb75ec6d4316d27a362

SHA256
0fef2d9c6cbbc8f613f9027d8c1e07de0c7459ca0070eb34840d4783b98b5897

SHA512
42f31928218c8522b945ee438f4577d171e188b9ee23f7c2bffa0f0ef866899820138115f9995baf88581c9b7ebd1e54830ad00048fa34274960476e638bb109

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fd3352fe41af855f9bb915e26928786f

SHA1
8a48cfbc6ec584891ce43c1bd102981e00185984

SHA256
3fd8380ff1d19dd241fa7ce4c2515f5b24639bf8d74fe84a40112743ac41f29e

SHA512
b066e22cf2848c8f76658c596035ca1f43aa65e2f98bc4ac9b70555764b33bc1778250fa5d2c0687fa126809b1c1ce570530403c278468ff9a0aab024def2093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a10594ebadbe754e8cbe25727992b7af

SHA1
e377d57db783d6596b8dca4c2b682e303075ed4b

SHA256
2c3b9ec01d70aead85f46f3aa4322cb8f04cd425dc510b1016e69be31e047159

SHA512
46874c2b4bd20934b4b82ffc1f2071c09b1a59419a384022746c34cf89a948669c1b85bfacf5bf284239b351a93c06e2b519e748a6131f369ff8cf87cb4f0e10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d7fbabff920ac4259dfcafd59025c188

SHA1
0c7c7ae2393a813458d729ed785bfdcf946c342b

SHA256
e53df72b838d9cb9f05b7d343e186cfba68dfd4fd5639e90f94fae726a8eb0b9

SHA512
e9e7a08d17f07a1a10dccc95f0c38e7e6a5b2a7de10ea6e889b818c533cda295645cb0ea46e6c39a7c7977bd1af1b96f4986c479c395233a1c1b48aa13f29fd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8afe92ca87491053b748b3daf5042551

SHA1
0750030db33c1fa9b5b1cf48c6971c9485ed5d19

SHA256
973a331640c7fb1272c74faaf4219251c727b57adb157bc0c8d96a31cb959020

SHA512
bf0241bef3521c656987b1c99752a8c5e64e03d3e37d853af0329546fd7de973270577110e924922646f034ba56b2150162032516744cce4fc00a9d3262c3bfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
98bc79c3f5f6b693557743be6e2a5ac4

SHA1
aaf028d378a12e116c8e790d737b20bab9bfa378

SHA256
6f43fa6660146ba13b4433994eb1565135636fb5d89d33ba136e351183cd9060

SHA512
60647c01ec943b0b16babb5ea38e33764baf97526fa7f16eca8c40c9744c44c5fe835bd155a09878bcf484c7c570f258d721cc48bbefaae8c93627c769fe8bb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f397bd61617648a2af0622ddcab6a246

SHA1
f923e1737d2bc2325598254731724a5a96b4595b

SHA256
c4cc9e56a0c8d56684af9352d517d9e21a641ac17c67e5f4e9595ae1f64b41df

SHA512
61ff357e0d783d5a582cad368634aa3ca47efec06759952c08381905e669daa6f79abb2667d72c2a6438e8d2647232d39ca2601d7dbf890071efb416f58b668b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
60fabd490f1182d3f57b4606a5525dac

SHA1
c51dbfa06b3bb0db6627a56dacc31b1a06cb8682

SHA256
fe3a3249e87a142879ba15cb66b66d74a1aa09e3dee2625b280978584f28b4bc

SHA512
76eae7fe6c7146b6f7e85333fcf293507445fcf60e607d6ed58980b267bc848aebc5bff4cea18c36f80a4a337afc046edfacfeeca1938829e4193541819a330d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7981ad6ba92a1e8792060f3476388c15

SHA1
c313417d78b9d22f663e243349a08e23c5e94d9a

SHA256
70d8ecc2b1ae06a755b2de9a0efa97de47b35947437d7d33d1977023ff2f83a0

SHA512
5d4fa224429bafa2dd240a93f5647785ba2634c4d63e9bd30a901cfa9d3ee154feded3973b10802821fc726a999a30d0cfc7b0d4805adc9a766796a84a680ece

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fcf8089b864c56ca1ef45df9ebd66db9

SHA1
6a2700f8e48133f4e1810502d5ecdb903044972f

SHA256
485c465ceefac3e524824ae18248a309477c045a262002b554f781ebb3c36215

SHA512
f4b3f28d3511bb0c942faf4b39ac17f014f390f58f87ce7b8d08ad27b4c3a3895122ed3cc5bddae833b8ccdc4e13c0327aa136f318969f7bcaedcf713049abd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
17c086e6dadddf31174e08333d67ba8a

SHA1
b710b66ed444bbc6e4c5cb16d01df2985bdc815e

SHA256
5fe065e406cf30a8ead0b460dd71b7c5dfb848b0bf917b7185555301bc3f84c7

SHA512
0d370d44b4fc9b80ca0929cf7e9d1d6bf20a8f885d81bc906a89854dbb673996a39f03aaad0977d4680a9f341acce428beea1758b944380f2a215e0935a3a217

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a8b7537331389753789f6aaea3b31dcc

SHA1
eb0b7804642a0eb2d0c500202707240a7afd35b7

SHA256
3d5e51d464570af66d66660fdc20c0dfe70c8ac0fcb51601f8368c7cc1d0b278

SHA512
888fcacf11fc1e36a12fe76a7534902cff4dc0a2b1a138d47c1dbcb3a2bf055f57e64a7101eaa23a38ef4ef511e9563e8e3a3cce580ad902ed39abf57664508e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a55873f3cb4006b4cbe9308c5d9c2003

SHA1
25832d5d961847de9d26808d7292ea0114900be5

SHA256
3fcfd00752a8554163e13e060ef74605c6983c058bbd1417f61cafecf533dac2

SHA512
ada36a919e89430dbe958f4a79dbff48ee2502104b0a2821fed3918fb43abd9e0de832a342c47c8960f46b10535ce3f0be3dd49903f4b0dda1a0b9194a170e48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c99fcb1634558c2039a72c362343caa2

SHA1
dedb3574691e5da56ec2a27819c9534fa6440804

SHA256
940631cc7d2f8b408b0ffe55eb0d4a25751b2c04e876b37e203befa4a6105ed9

SHA512
c25ed1587b8aad0f799870a11014437bff46a02f9c932f11b9e6c497163797f0d1e5bcf87aea4286c6d434b42ce3c426df38527b180eba7b7f2179f7780cf767

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
dad38f2da4d02d11ac6a9442be93da2c

SHA1
86b2a68dcfd75bf4fdda7c48580ae0673c555d45

SHA256
5ee012bd34f5faf8f986a96bbc72e803c434fc1bbfe9459c5ae2cead4a84cf0b

SHA512
4273e898c33cef80fd27caac82ac4250930684a53c7fea6d2062ccb26d57131b0f146db6f254d492ed12129e4ad9d60081430e7f886df9f6076cd088f792272d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2ab1174749c05e9625287ca5729114c8

SHA1
3864f5409c0db159428d102261324d181100afbf

SHA256
538df2381ec29f684c77ec9d7ebabf3f188873c846c5b06a545005c072c11dbd

SHA512
4c7804bc254dbf804a0283a6f193cef43c46e966f393075b94d608633585bf28f87cebe3c81a0ad81c139abfb074e469aafcf9175f31f8aad6b02d165ed467b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ae90d516-93a6-4864-99b9-21a635f27f84.tmp

Filesize
10KB

MD5
61c9b3a69bd4424856fef3f49fcf2475

SHA1
abde2e4450559ea58c9ee23b8eff256abebef311

SHA256
4e285099854addf2cb25f407db8139ce66d2ce28ed89ebfd8e7a623238013357

SHA512
a5d687603b00176ab57b98d94b5bb24ea352ccecb3168102e49e15ee0fe8495fb6f4dae6291b4bb5005b0dcf43d896dab26b41444338f742621c64cf0c8b9451

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f69489de-2a95-4455-8dae-43bca2889eb0.tmp

Filesize
10KB

MD5
f38fc3ba8f1c951514c27258079f17e1

SHA1
f9f1be48a0117ce1cdc829f5e3e1016cf11c6dcc

SHA256
e562c2c126154d1759463c3248a342ea274f962df95d3387ff1b32fef218dff7

SHA512
789038502b150d229e4192589ea9885a89bdd4f326a91837746e8df67e37303541a9ddc284d85a6136f5a4b97bac3902e42a62a116bdc82023fba578e2553615

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
368f113abbcf74686a8b55319075f379

SHA1
158faefb7615aa8868dc4bfa50213ebb64db5569

SHA256
283c25bcc4cf8e226bc8caee1807108b30bc5d7f15fcaaa5780f69145660f99a

SHA512
92fc6cb0e68d4f936e514dd4c6f1120c7934b95f6d3613e284f1833f160f0fab31a44e29e5a61c83934d3e09b6da03379d555a261689c130609b8ec6d5951ef7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
7e3e2b1030825d2ae8f36c7befbf2613

SHA1
9a25232bb0f4871a3ad126953452ac04d330c6c6

SHA256
32846b0854a4d2cf93803906e5e297384e3ceb39b229e6c37953d9d94a826310

SHA512
b4883401bcdee5c562bfcd0a24551a61d6d2d0308baa661bbda490ec9399954d94d6263f7890226f8596f22bfff8fd50a1643791416e4e67254b5c334db9401c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
da3ce37cf9dc43d630ea41556043ec19

SHA1
41470ef0011b388df8d98394c73ce0a0d9979de8

SHA256
f70b7b0b8232d3aafa3d0b93ee182d19464992b39f1cf8bb003e3e5ee25b8e9e

SHA512
0fb10274d5497e35522f22072c2992fd88378333f83153f2f2a2647b2106e369c165fb15edf73dcd2980689dd4b2e22be7b1f260cf0127f8e238b6d51d6d5cf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
61c7272d83ba41cabb075bab58680fef

SHA1
50973c371b2b337825e64ff7c41437299830a50c

SHA256
7a11bf87eabef8b5751721b290b02ea9fcdae86f9d2267be1859ddf0fd1ab6c5

SHA512
4da54b9a5c50c03763eec201349f65a0144f8cd226484a0c7cdbab0d548bf21c1e6479079e1c759fe6b8ebd11ec08a3e0a8381a8c05c2e7fcdcb707e6f9241a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\SimpleBinder.exe.log

Filesize
594B

MD5
44e889763d548d09132c31ed548f63f5

SHA1
d9829a1b5841338533a0be0509df50172cce73be

SHA256
d29f0e5fe1ab31998f200d4441c0e201a2e3bd6e416f638cbee2eb55354d48cc

SHA512
a1474aaef1132f459e8139157a618368c7623f4a25a754c6fc2672d92929b9506bfcc272eebf5c69901f4140d36e740f5f6bbfb90e000c6538ab492f5aa48a96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8169945d-439d-4a0e-8bb8-46aa6838c713.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
47KB

MD5
9f96d459817e54de2e5c9733a9bbb010

SHA1
afbadc759b65670865c10b31b34ca3c3e000cd31

SHA256
51b37ee622ba3e2210a8175ecd99d26d3a3a9e991368d0efbb705f21ff9ac609

SHA512
aa2514018ef2e39ebde92125f5cc6fb7f778f2ab3c35d4ec3a075578fda41a76dbd7239fe2ea61533fb3262c04739c6500d1497c006f511aa3142bb2696d2307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
26KB

MD5
5dea626a3a08cc0f2676427e427eb467

SHA1
ad21ac31d0bbdee76eb909484277421630ea2dbd

SHA256
b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6

SHA512
118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2edfed7132bff0727e2cc4ff35b11651

SHA1
23009e09bcdecdcc76726f45e7d63322f72cc69f

SHA256
a6e843c2453b4fd2892222ca71b0732d4e2f9059fadbd2594eae15eda99af3ec

SHA512
e991f0dd86216685a3fc6d79a0bd61abd0e3f955153b9175a59abf0a633787f7486cf4e0df9861fe24e2230a5f22dc953677bce06ed62e8eb81c5cfccf017afd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
99cc312dda27415fb3db1cd3db5fce04

SHA1
4adecf7542d887d725c49ceafa762c59497c5902

SHA256
102c8235287c17568d396181fa7cbe5b9987c82e28ad75b905a273f28da258dd

SHA512
664b155a57e3ebbb09bd68a63a9734f95db0a2b76177bcfc65d4abca8f30702cafbbe81baf1e695ba28c01cd8d492712feebadf030a6bcf1f83e3d6bcb8f44ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
9934954a9b96ccb8ed413fd8c733fc1f

SHA1
11d4f24617e52ff1de0f1ea49b4e8afcf36f72db

SHA256
9d2296df0d4d7b545eef406a28307354b8e4cad4507f7df4fe3317c76306210f

SHA512
a6b4628638670fe4412825f385a6f6e582b75c03d153af57276f83b29a9a98310c7e1a97ea6f8710bdc5929dbf0e9ff4c130ad36288da161a43fd4e752985bfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
c61251f3c8fccb4c9edb87f5c8e029d2

SHA1
ed0ad013c50424494bd2709e2249ddcd312406a6

SHA256
8efbcf9f70dcf46bb138bead67efa45f34276184f005f1b9449ca3a6011105a8

SHA512
225da62d8177902725fd789fedefe7744a5791e1b8cb6abe82113cf1a8e6b460ace93ad02f89d782741cfc91bad4900283b6d73334c488919fbb76084a0e8394

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e84ea7ff71c5e65d57491d5741bcb23d

SHA1
b9a8f66e974172dd8242d58002166e17802cad6f

SHA256
e698bb062f12a0e7a2a7e28c18b8fe60ebcb373082e54533c5d4d2c71f3776d1

SHA512
537a289c1d6c1416071f30717396bf0bdbe88ee2faf077b9fde3a566caa333a9b22338a6f75c900fa59a22728ce2de92ccd3f2064c81f182ab12a311e958a791

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
db1f9ca84a05428ee6c74e33f6e0272e

SHA1
e43f1828cdbd3c3a8f7cd11b0df017428db619a7

SHA256
89332f9953ac479e94bac5ae6e96e8d76bb671361402be3540f18dbb353c8b86

SHA512
fc8aced46afbb2327ed515d89dc8383077dff2fb84311624a3508b973691044e22ccf29e8618d89e15f616aa2aef1b2ca54a66af57918d48e0a79778b950ccaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d2a19675fc1e73fb39bdf5aecbb9ce6d

SHA1
f6587a407e71566a0866170c530aed2f040de120

SHA256
5769537529665d94b35b4dd589ca8711e9690c6d83c98244093425afbc502fec

SHA512
b46f72df6acae684a9958d9e5938663e996d40adbcb1acd2f850f2c06a65d591548ea3ea9de7e50f8196be839a38704ca5cb0361367d3db31d69889e770925cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e7bb45178e9290934e40fbb4f6db9494

SHA1
150a9e33661ad08f4182bdc398347a2196af9290

SHA256
21096d1f59b5bc9f3ca521972be74b561f2849ee0eb4b402a6baf42e4f01a889

SHA512
f4e39dce289afc74b5fc11f9bdc8a0474878c9b90210b91f40212cb043b9c01aaffe635e0f7abf38be9165d46447ebe63605c7962f3ddb7edc2659f7b4b7b79f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
abbd31529b47a65abb629fb06673e2b9

SHA1
efd56842cf68988f0ffb340ab048c4b1d48e9bda

SHA256
b54481663cc77cc88742061279fb213c8949f253e96a24e43358e574621585fe

SHA512
c855a0e6e8dc1afc3f8f4223d255a8e109cac4275728427d0b7f71db088f8b1b8bac14d2360cf4218f2137d268c393b1d71b2099e8c7584fd15e249726e243f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
6337e9cb8c5875998b66538e51507fee

SHA1
22fbd7b5bd981afdb397fa29efef2695588c3a96

SHA256
e025f6bd2604a25c4495257f2592bfef7a6ed5195fe68937bf9eeab65de6cb85

SHA512
154962563b5dd2a58e2033784c79718b1c939fb14585d09d836ea7ad1ec2321f9bc8177cf31200d72c8c29fa7cf6043dcc69320cee9cc806e25b9e1373c0d50f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
490a161e91ed8aac40551e336baeea8e

SHA1
e1342c1716b02a884d623ec4cb54233e954ccfae

SHA256
e6b1411b4eccafe02f558fa0248868f901e1d810e1bf9e1a679a1a61cfb44464

SHA512
cd6a468f2c7f94b44d5626983a4128948d98a6f375160b41ff1f79c019cf25fe524676ea90d8094d8fb1bca690b9a754c6b8984c3607d5ef81591fe0db3fedfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58d368.TMP

Filesize
48B

MD5
415ac94c65910abd3e50bd3ed78dfa67

SHA1
26e6ec1ac6eb6f5ee665b4b8584943caeb722a21

SHA256
ad5bab28c6d218b0b47101839645d981cf7a9ef4823950be5645e254ca295188

SHA512
eb81ed72316451bec710c3a28f03e13a484e4ad2691b41b16673f728bf032a66802777e76ff8c9b3834269683240f601ae6e8d5c5c9d7962278f6b2d0ee45cc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d82ae4cb9dfa6170363cd99dbf499244

SHA1
7d7a9a9970c9ed91f3eb71e12a93ee1e62609c17

SHA256
7a554f76194f0c583ecf6ace84c75881c72175542fca2746c8394b49cdaa4918

SHA512
6b9a767b7a9c837612aa8db7791a7a1060c3d8fd920568b629451a6145f8530367fc4eed8216fb96edc364d871e938461620c7eb3925052e6dc44bd5e2f77ce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2ebb3bcf3c67460aa9cd1b97d11d4352

SHA1
56a8c2cb30ed30491bf943bbd19774218c6fc4da

SHA256
78eeb9500ea1e8260a8550b04500c01298ff663d007bba143a2cccc9c175951f

SHA512
075d4484a8125e54eb8512d304d71d9ffbceefe9e945a3aefbf92db1aff6215c515a66ca6cf0dcaf384c6ad8434bc9e407412701ae1db982418defc3f8715190

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
21e0185e2bd0091848f8dad30906f129

SHA1
5588736c1db84eaeced489e966b8bd2e33f81b0f

SHA256
abcf3ea02445e7519fe7ea80b254248e14afe35e963e3b7bd7d697303a4a6be6

SHA512
3f4b1f9e4614aafb608fe3f1cf85cf044b1288e4f8201e8627a61a514522aa9b12ea54a52aefeee5f9a860bb4be885a911229789e99a5998f049aa7c199b2bcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d116.TMP

Filesize
2KB

MD5
e6bfa09d2d42f3c84790d8f470d88a07

SHA1
a8c6b340b1da4594018bdce437a8b388cd581472

SHA256
65d096d45fbba1cb3ed39601b694e6e6b58b36d1a7020190abb4f4b7ef5a82c5

SHA512
93ebf339828ca8d980a8655c310c29e5bb2645b6678a9175958d3b74f5fb7f10669ba4673dcc5e962c9f6eff7cf1bf4dbabdf0edb7a9f72febd7979fa796cb66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b303ae30-aaef-4b81-8c0f-ddf87386cbbc.tmp

Filesize
8KB

MD5
8184bb0f3466cf13303082ad0e818168

SHA1
173ebd155bfb5f7293f00226806a4d77b2ef2976

SHA256
5d1351ee1b6a28f7a2afe4fbaf9ccd179cd1237cfde8002dedceca9f0b829adb

SHA512
630c8292a095b472a9710279db42ad796699e8f50586a129c94bfd8d5e459e568119a3742f021b6c41fe633f82a19032c85a8523e425849955a2a825f2684674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6cb954eac89a5ac01b6b62ebfc5b83c9

SHA1
54d40594371da99506d71405d51bf145ab2825ca

SHA256
c5ff6735697b05d330ada0739ef717a037ce7f356710417a02565dde2d9d8119

SHA512
e4085207c2cfb3c4c927093feede1f268a706482aa34a31a6c40a9c14748977da648c2117e205170885b3fc03d24e591ec2980de4aba76ddd3a7beb84aafcdd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d15277edcf4c0df6bcfa4432b021b51f

SHA1
568709ae23bd8462b2173b2ef825569ad3ef7bcb

SHA256
3261dc6d2db7ffe08147a98a17f2a5a28145fb8697d8688f812d6e64757400ab

SHA512
d85a04e5b56a235050fa9c9c452176e2b70edfe13619d0d807c0b2b2b9f88f1cef649910c7ca5074600f12860eeea4f53102c707ff55033aefd0ff86cb450bd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7b32f2dcaa4b2821b4bfcaa8bc9066b3

SHA1
0ee6588685d4c00c3dab918404cc9e919f699857

SHA256
77415f611e8128b88fad57299de567ea8cd57dac788e40a8a9eb280d1e519c23

SHA512
eb7eab9795d53d9143b552de657021f63df89583767231990f9a104e0f669e0b553d35c039803cf29d6857116371b626aa53d0bb15bcfd12301175021bab28e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f4b2fb959d8655305ca6e761a3cea595

SHA1
79e1f1917188c06cb9f73d1562279a55828437dc

SHA256
cb5d50655c926888a410ebce92c9f4cebf90f50f66b6c56d55faf1f8d15ad474

SHA512
d00f368c4a7c4b3308ad0106cd2d8475039db57cac647a699202de0d9a2575efb5712be80b8d764cc6b44b2270019922c170fe841481350d0c903860d0bfa821

Download Submit
C:\Users\Admin\AppData\Local\Temp\SmartBinderStub.exe

Filesize
1.1MB

MD5
797dcf9ce435846eee773342d337ce55

SHA1
3dd5911b9513a915de1f61b08da4314f020383fa

SHA256
ae1c0a74eaed7601ea341f47e6cabc8b737f9cf275f4dc0e4b01f7d05e58ba1c

SHA512
ba9b00b64e174b1e2555e01ee05e2bf787a20dc58caec0fc7d22d3b9fa44eb9499086f1dbd32552d9a44267dbd403bf682441eb7ebaa8400e363f5149aebd351

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3588_1934308559\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3588_1934308559\fb23f974-9172-4c70-9c40-06991e01f33e.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\temp.exe

Filesize
725KB

MD5
df21207322bb1e8511a824107e852e16

SHA1
4818206adb4235428f76954fc51eb319215d8147

SHA256
5eab7cbc6741aee4fe457138732e8f07751ce360aba25f973e41cf96a6b880b5

SHA512
85981d12a547a24d4218479aad1ec0ad72307f931456c9eb042a2c1647063ade23b2c84229fcb1c4e0c6fc498562fd24eb0d8c9afd46243223f7f4afea2d63c7

Download Submit
C:\Users\Admin\Downloads\Binder.rar

Filesize
19.3MB

MD5
621c7fa4bdabbccf303d0de52a67e5db

SHA1
ffdaf00a108b814391431e51b282bac8ba918810

SHA256
958210bae90f052ee05bc7d267f20ffbc18d3c3cc50647a6e931165e5af4e0a5

SHA512
de6e0fdf5feba0bb18ef83cf79fc79bfddb7b27cc0a74482d477e72a632e975ff3b36d420f0e506eafd0836938462285cfbd04b2786410ae2eec0e51ed6bd5e8

Download Submit
C:\Users\Admin\Downloads\Binder\AlbertinoBinder.zip

Filesize
27KB

MD5
49ec8a1837fc1ae21e5b1a0395dce8dd

SHA1
253a35a0d3106a91d3d882ea3bcd79fc1e383eeb

SHA256
27b21102b4bf62b84b735521951807d5ab248fd69a05ba85491af5b71b9a1959

SHA512
b3bcae4b94d43cc4caf78abfad00c73f78801f1e4d652e5cc845c948d661391dc4c3ae52ccd3121323de8837b506ea96c2eeb5ceff04b6feb5770db04e498208

Download Submit
C:\Users\Admin\Downloads\Binder\Binder.zip

Filesize
154KB

MD5
f75bdd4ee5b4f4935dc18b80ee4d2732

SHA1
c10d2782ba4cd4475148de05a5e07bbcce5845dd

SHA256
8761a2bb05ea9fd0c2420b36d4c626e298a7f2d55a106b6a3dfd298234e4821a

SHA512
19940db0515db50def90f04cd4223e2ba7d657487a605b7a146f4b3084a60fce7c7002468443f6efdb29e53d59fc8514ac306121d99bedf5255c8d6803226f87

Download Submit
C:\Users\Admin\Downloads\Binder\Bl0bB!nderUSG.zip

Filesize
1.1MB

MD5
ecf4c689cb236ece15e2d4847f1b342d

SHA1
c271b0985ace0240add146eef39d4bbe7f67726f

SHA256
f1a8d5f7b52d9fc14690cc06bb0969188ecf5eb25f642a682ea4c18d2b1fd257

SHA512
98188e1599a4dd1ae3ddaa5146df5c0ae168f043b67a4b158de865dbe0ead4754d3bad6204b6cf81d034cad8d67328938b3a440da760983e6e08ee9941101457

Download Submit
C:\Users\Admin\Downloads\Binder\BytesAdder.zip

Filesize
5KB

MD5
927c6de08f49954b99895c56601d6eaf

SHA1
271b8cee956c6b29328777e5f5b1e3d55532e867

SHA256
4ecfd06c421989cf756bae14e17fc3eceef208ffedb5cdc0c790531c8a1c50c2

SHA512
8910a780bc28a2bfaa77aaf92a3aa7bc1ae7224bf46d0388195aa4d2cec7ec03cd86ff06d4d77e27cbc2f7cf5db92608eb3c32cd1d305a07d050bc7531f3065b

Download Submit
C:\Users\Admin\Downloads\Binder\DaemonCryptV2Public.zip

Filesize
115KB

MD5
08969afdc19782dfa1480ed08a44a2ca

SHA1
dc83bd7bdc8c44d660a1e364861d80b607678c7a

SHA256
5514fbb579460793ff05daf071a77d439918538d148443edd0afff3a6982c6e9

SHA512
35187fcbad3d1fc9d2ba189087d1f5df9df2df75f28cfe34cc76c2966c6b681b139132ab1c0e11d2614ed84413ee937cfa3458e578c985237955bcbeec7aeca6

Download Submit
C:\Users\Admin\Downloads\Binder\EagleEyeBinder.zip

Filesize
2.4MB

MD5
ef762c62b67d47efef8eb0dd73cb6c9a

SHA1
86e6b161cddde14ae40790dba3235524a2754dba

SHA256
e078ba3f0dc1ca4759ce599c3c06c6705526a83deabaeac850f2151478723b7d

SHA512
68b626b3ccb433b566b54ffb9f13f57e0174dd113afade21b8fbfc42bdabbe2b910ccb7d5faa119923f7f017384c7c5745532eeb18e8e87f50e37d19fb57572c

Download Submit
C:\Users\Admin\Downloads\Binder\EasyBinder.zip

Filesize
950KB

MD5
051ad298cc94805baefeb50298d90cb0

SHA1
4f49ef04a2f953b4f09b97f5433da563f64f5aaf

SHA256
2b02a71623d1afee2725c6379d8c4a841206b6bce597a06b57b5fd98516c9376

SHA512
ba312e8a4a465834998ee8793d87a981f89120c53b5c6275d9131532973eb67ee57558f634d964447144716ec76e599001bee7fed0d3df1063898196d706f649

Download Submit
C:\Users\Admin\Downloads\Binder\KBWBinder.zip

Filesize
413KB

MD5
e1d1118e0be3fd3752cb77e332cae07b

SHA1
ee71c96d75548b9fa26b020026728bb347c5e1fa

SHA256
a4510465f3144da32bdc59b61a9227d202c8c4714c2d35cbfbc6838504a067c4

SHA512
9eb7254d7bbf29dd9b769dd3be221c3c8b872153f4c1a38d4d6d8d0a68e1119948bf23c3a7b550d8e7745fb8744d05b46d7b1255736c5aaa6b58ca7af296e4e8

Download Submit
C:\Users\Admin\Downloads\Binder\NanoFileBinder.zip

Filesize
44KB

MD5
b370424d7a08da2fcda826ead481d645

SHA1
b27e07094ae89377e11fe9c066f61c5865ce413e

SHA256
6344dac7996df8c0beeec8aade24177445717da227c1ad99dcb0c21502eec399

SHA512
c896b75a72505a4880ba7044a3669b17d045dbf4bea13df7967fd7ba1a5692eff41ffde669595db59df9e06cde7ab5d38514128f6e9249a441a2760ebc011e26

Download Submit
C:\Users\Admin\Downloads\Binder\Predator1.6.zip

Filesize
322KB

MD5
09804760c7364bb75493f8aa927dfb79

SHA1
c8d5f1e971ea114372e7abe54573b6f674e3a641

SHA256
ea9388cb95614a4e5f7a2c76cda4ea4fa58655ad077603644a0009c4a5afea31

SHA512
52a2ae3de3285609c78d60e95c45333879373f3a7c0a9f9a82b35df054453592de0aaebc417a2662c0dceb64db17c427c4deccdcef6bfa3e820fda123192bf82

Download Submit
C:\Users\Admin\Downloads\Binder\PureBiND3Rbyd3will.zip

Filesize
443KB

MD5
ee70e45eadf01435bb752208b1e5f51a

SHA1
2af3eeb7e51264931cdc63d8ba141e80726beb51

SHA256
0991b5c2abda4ca3acd3962d5b23d5f31057b382ed6e1a7fa4ae38dbe090a3e3

SHA512
a4b5293756636889a32c25e849eeb9e6720d5cb842235fbdbe5a8bfb48ca0fa0d2525a333dd1e2ef2e874457e9ef2bc9708fc285652c4b37a526216fda752367

Download Submit
C:\Users\Admin\Downloads\Binder\RapidBinder.zip

Filesize
402KB

MD5
33b0d5e33fd259549f53796c813f8e63

SHA1
b9562f3bb9c4af56f223475bdba9e08bfd897161

SHA256
3e14ca4fd7d1aff3264c7f0f96d4e414704393e0fbc8b35ac059b6bbd4007ec0

SHA512
5c7f2841c7a3bc423465ad97250356f19bcaa2737606c363581c24b179a619e00c988137e3f0c063a8ee84d6c1e342d59ae63f2ad3ffbce90ca95c6ff2962cf0

Download Submit
C:\Users\Admin\Downloads\Binder\RedLionsBinder.zip

Filesize
12KB

MD5
6363538da4409355693cd9d2e1add4bd

SHA1
80e7b2197d67e9af78b12c314cd06cd6269b2e9c

SHA256
92130a90d65bac2d7f29fe8f40bfec8a9db46d2ad1d9ca07266661a972f998a7

SHA512
5dc7112c54c3e1d9132a463c52e49a63422dd8b8db0066138e57aa3b0add788903bb38ff8233c06fd2dd71f8ef3a21bd5de3061d1d99ec8ef3c2af17bc0902d7

Download Submit
C:\Users\Admin\Downloads\Binder\SFB.zip

Filesize
162KB

MD5
42c3e20b45bb651691e3e6e3cd2d822d

SHA1
ce5d1e2fc983e693431beeaf666b89905ea4ccac

SHA256
5b2031d29ee16ff073bb797957b604b0598b27f758aa8c82d262e8ffb527eccd

SHA512
5e43e71612d5300c886d65463571ee6e6d3e1c3cb04da00520d970173b8194b52c476ead8796d18eaec80ea7c74b3ce25170d0c179d6563d0500fff54691beb4

Download Submit
C:\Users\Admin\Downloads\Binder\SchniedelwutzBinder.zip

Filesize
7.4MB

MD5
d24bc34f5e76dae28dc84b1c27975afc

SHA1
09d9c5689633ce55452b5a6bde3b47d9e44274ea

SHA256
f81433c5f3dcbefde6baabfc03e7556d2ea41e2c56d2971c695239c04c9eea65

SHA512
68d090ba8466d048559819c6e8bce97a213a60623014e707f6a9168b4f1b5bd09a5edda9a3f6d1094f72b1c7161fa816bed036ac50624a4b806e6a731725195e

Download Submit
C:\Users\Admin\Downloads\Binder\ShockLabsFileBinder.zip

Filesize
293KB

MD5
df05da2ac306f63a840f3fa2f257f4ac

SHA1
add15603a3697aaf66119f31a9f6413a5eea7873

SHA256
5029e46ebf52b536de9a0a2dddd0542b247cc7f61b9637c16a98ac3b9800f949

SHA512
e339609c02db5f3c500c200054ad653f098ae00829fffa1cb433d0f6d78acd6a2db28e8bbf058ec2c8471bdb65db667c4284b7154f6b6cc00679ad779645ff8c

Download Submit
C:\Users\Admin\Downloads\Binder\SimpleBinder.zip

Filesize
146KB

MD5
b0e1433180c0f39fb54a03cacbd7ab99

SHA1
06e236cbc05987715e69daf601e867dbe57c91cc

SHA256
1da594e9dcd4534495a18bfe416f0762398ed445020b49556ee3dae7c3dcef4d

SHA512
2e45cf1503b73a9dceddbba5bd1e94cf8938d404a1ef461e8c5ea1d1b63e1bc1982d628015f4fb00bf93ade9e160c500f9b01cab3cefbee90b0a863c243019ca

Download Submit
C:\Users\Admin\Downloads\Binder\SmartBinder.zip

Filesize
1.1MB

MD5
083d4fb200fcfec9c7cb1ee7ffa7a93e

SHA1
c4a05e009bf797b26c864cbaa7e3001e66a71b42

SHA256
e94d8876ccac4df7b416f5bf87fcece08c0d29c605e2c4d7d2b12faa496aa2f2

SHA512
d3ba514f2115ab0260d82285b52b4b5343338eb325e43035cbc6d7608019d8b5759dda66f98f17df6a1ff9b9590d8660e0560ba4c0a68764d097e3250f549ec4

Download Submit
C:\Users\Admin\Downloads\Binder\TelnetSImpleBinder.zip

Filesize
510KB

MD5
f58bd6870a24e77bc859f99a21538e29

SHA1
5692dfdfefa1e8837b13e0eee63fd815983a11f8

SHA256
7349417b603a7e39e67857563b69b79cee8a19ab72017c6fee5e0038b40592b6

SHA512
bac8e8b820f3a37ee48a7e4cdcc76abb475bab7b819a5c4448ecd9d786ab8e16e2836cf77db092e8029960c4e6ce0ab204c4d30b75e79e454315182d9f88d5c8

Download Submit
C:\Users\Admin\Downloads\Binder\TheDarKnessBinDer.zip

Filesize
377KB

MD5
3322e47a6b9858c3f5185dcd7c5d27f8

SHA1
53ec8befce8e4ef057504c32a9bb69dfffb93058

SHA256
b077483d58c87407f84f5be8b5ece8fb672a929e668015671ce5c291480b0911

SHA512
c2c247a3adf5f0663697c24f06fa5d3b6484797c8b451a1facc7f4870b650b6220a79630a0a9b5a751abde83229123c5f7ecdab378b02a0f43edd4172f8e205f

Download Submit
C:\Users\Admin\Downloads\Binder\ToastyBinder.zip

Filesize
141KB

MD5
62686cc01f941857ae680b6c38d5da4d

SHA1
7aa774b15ea028b3f1c94b5e3ecef4138a7eddd0

SHA256
6e15bcb09df8a38d7d26c75609e7362f1f5a293d522f77d8f17e211f921ae669

SHA512
aa95ff519fa80b23d122c9b24cebf12cf56b2f89bc704ec145a440e7fec9bbdbc5f804a145c255259086bb8367b5eeefbe4e7c5a39748a1c5916f221a446031f

Download Submit
C:\Users\Admin\Downloads\Binder\Tool-StoreBinder.zip

Filesize
421KB

MD5
6dd54e68190d1b20c5c953464f2bfdbe

SHA1
62032a50462d0216b67bd775b65f7e7ccd9a6e05

SHA256
f0dcd16585e6dcbf16e0fa836cc9438b0cf40506529f02ca6f9d12414a4ecfa4

SHA512
35d17b9d470dcbaebf9db28be728057ec8d1eb4fc02d760328463e7931f038d46c7dfa542c0fe3c17f4f1415d6499f65a4aac157e434b37ed5eea7c0f53b5efa

Download Submit
C:\Users\Admin\Downloads\Binder\blackholebinder.zip

Filesize
535KB

MD5
9926fcd670e5cfcb53f6ff01823ee537

SHA1
4a5532dc1b76cee1dd6730a594e9e2097f243e11

SHA256
70b4a9c8678e82164d535f8328e2b3775fd7b4d6002ffe9abbf0ea707553e899

SHA512
55b935bab10c4f0920acf9fd7a5564d3ed957541e4109b4df2c682d8a687ee289d1d2fd26d25f32a3dd73c64a7361b4d2ae041e1a7a0d373b0def4063e3f4bc7

Download Submit
C:\Users\Admin\Downloads\Binder\iBinder.zip

Filesize
111KB

MD5
649bf3b147c8f0ce6db1ee0bd35c3384

SHA1
5a1c7e8f2058d556c9c0a27cfa3b4dac9a0108bc

SHA256
a69f05f22646271044f772375cbd87cb5807b3e70171e01c1f11f1eb0de7117a

SHA512
3deaf8bdd150b4e3594d7d55f31b24421205baf5c3a3eef5771791b6d695642975b4ed2b2cbd92ff547842909ebf11d5d959bb749eaad61b8375ba0e59bd494d

Download Submit
C:\Users\Admin\Downloads\Binder\sfx-compiler.zip

Filesize
1.9MB

MD5
f3a17338f23f38f3e34dab8596621c34

SHA1
3b4b2ef09f9c6c5801a9d9e6a4092c9f3b33b3d4

SHA256
270ba03c5868f31c558a4c610fee1bab7bf6a0547d9ebd2a0f997b6b50db95f1

SHA512
b902865316d7561e1595b26dc12645b53ab4bbcfe472a2c98f0169b960530bf968c56e81fb30603550eb80175e2988805f43164c9a57a7eaa9b9e3bacd8c38bb

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 265276.crdownload

Filesize
1.6MB

MD5
6c73cc4c494be8f4e680de1a20262c8a

SHA1
28b53835fe92c3fa6e0c422fc3b17c6bc1cb27e0

SHA256
bdd1a33de78618d16ee4ce148b849932c05d0015491c34887846d431d29f308e

SHA512
2e8b746c51132f933cc526db661c2cb8cee889f390e3ce19dabbad1a2e6e13bed7a60f08809282df8d43c1c528a8ce7ce28e9e39fea8c16fd3fcda5604ae0c85

Download Submit
C:\Users\Admin\Downloads\browserFontperf.exe

Filesize
1.7MB

MD5
b0d1c1b1934a864b6e9e685fe5749ecc

SHA1
42028dd032a8ac0a32631ff41297669fd2e4eb95

SHA256
bc1fcf0391e8cff3a5c86f065a968d02a28499cfaf61312f4b7415de2e055776

SHA512
74b00c0cb5c6ee09043207e4161e1d68d0b25c7f329e770763b05fb4872dd0e2122f64a7e07760ace83fdff8942c7edce539b505ed4ed667ba23ac2824ecd1b2

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.7MB

MD5
3a2f16a044d8f6d2f9443dff6bd1c7d4

SHA1
48c6c0450af803b72a0caa7d5e3863c3f0240ef1

SHA256
31f7ba37180f820313b2d32e76252344598409cb932109dd84a071cd58b64aa6

SHA512
61daee2ce82c3b8e79f7598a79d72e337220ced7607e3ed878a3059ac03257542147dbd377e902cc95f04324e2fb7c5e07d1410f0a1815d5a05c5320e5715ef6

Download Submit
memory/1880-2131-0x000000001C4B0000-0x000000001C4FC000-memory.dmp

Filesize
304KB

Download
memory/1880-2127-0x000000001B6D0000-0x000000001B776000-memory.dmp

Filesize
664KB

Download
memory/1880-2128-0x000000001BC50000-0x000000001C11E000-memory.dmp

Filesize
4.8MB

Download
memory/1880-2129-0x000000001C200000-0x000000001C29C000-memory.dmp

Filesize
624KB

Download
memory/1880-2130-0x0000000000F80000-0x0000000000F88000-memory.dmp

Filesize
32KB

Download
memory/2740-2944-0x000000001DE40000-0x000000001DE7A000-memory.dmp

Filesize
232KB

Download
memory/4812-2660-0x0000000000A10000-0x0000000000A64000-memory.dmp

Filesize
336KB

Download
memory/4956-3196-0x000000001BD00000-0x000000001BD50000-memory.dmp

Filesize
320KB

Download
memory/4956-3194-0x0000000001A30000-0x0000000001A3E000-memory.dmp

Filesize
56KB

Download
memory/4956-3195-0x0000000003390000-0x00000000033AC000-memory.dmp

Filesize
112KB

Download
memory/4956-3193-0x0000000000EE0000-0x000000000105A000-memory.dmp

Filesize
1.5MB

Download
memory/4956-3197-0x00000000033B0000-0x00000000033C6000-memory.dmp

Filesize
88KB

Download
memory/4956-3198-0x00000000033D0000-0x00000000033E2000-memory.dmp

Filesize
72KB

Download
memory/4956-3199-0x000000001BCD0000-0x000000001BCE0000-memory.dmp

Filesize
64KB

Download
memory/4956-3200-0x000000001BCB0000-0x000000001BCBC000-memory.dmp

Filesize
48KB

Download
memory/4956-3201-0x000000001BCC0000-0x000000001BCCC000-memory.dmp

Filesize
48KB

Download
memory/5592-3182-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download