Analysis

  • max time kernel
    1500s
  • max time network
    1502s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    26/12/2024, 06:31

General

  • Target

    Nihon.exe

  • Size

    40.8MB

  • MD5

    9e01ac23fff3eca3263ed72049e1c57d

  • SHA1

    a1b2f23d5d1ceaa5e4658baf852fffc938fdea12

  • SHA256

    255813551f03695ed2cbec4064656444fdfa41ab46c6876659b48170b5c3b4a6

  • SHA512

    7424f5815ca9eef7d24fa40d5343ab7fe59d7c9d4f2c3ae915df2e23f1ecaca148d5085878c6386649246bc5610d9363cfbd8078bad6026b6db0412fc9bd5360

  • SSDEEP

    393216:qQgHDlanaGBXvDKtz+bhPWES4tiNQPNrIKc4gaPbUAgrO4mgj96l+ZArYsFRlLIV:q3on1HvSzxAMNjFZArYsQjVA/Wy0

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

  • Downloads MZ/PE file
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs
  • Uses browser remote debugging 2 TTPs 1 IoCs

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

  • Executes dropped EXE 46 IoCs
  • Loads dropped DLL 45 IoCs
  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Checks system information in the registry 2 TTPs 24 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory 1 IoCs
  • Suspicious use of NtCreateThreadExHideFromDebugger 3 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 63 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 48 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 22 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 7 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 17 IoCs
  • Kills process with taskkill 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 4 IoCs
  • Runs net.exe
  • Suspicious behavior: AddClipboardFormatListener 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 61 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of UnmapMainImage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 4 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\Nihon.exe
    "C:\Users\Admin\AppData\Local\Temp\Nihon.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "net session"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1220
      • C:\Windows\system32\net.exe
        net session
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1800
        • C:\Windows\system32\net1.exe
          C:\Windows\system32\net1 session
          4⤵
            PID:1660
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /d /s /c ""C:\Program Files\Google\Chrome\Application\appb.exe" default 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000002f532f79299314daf8adae990e9daf7100000001c00000047006f006f0067006c00650020004300680072006f006d006500000010660000000100002000000059d1fbe7f2e361c2084f99c7161933ba0948f9f33d85a9e9768a0645499d7a07000000000e80000000020000200000008ca238355085d681a78dceb29c4969f74974b9e1c0c509e04b3c051da686da3b30000000b95fc883a330eeee1a7acf5eaa6ce8cee8e800574b24b7820f6de4f4da1f5f9b240c108f94b07d53c5d56a461c880bcb40000000df003417089b79105600568c601b879c818117c6172ef53181de142315c4fdc7af2bbb48eba957ccdc494baa56852badb2147adb98c423c5cfd094c308c78b3b"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:5052
        • C:\Program Files\Google\Chrome\Application\appb.exe
          "C:\Program Files\Google\Chrome\Application\appb.exe" default 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000002f532f79299314daf8adae990e9daf7100000001c00000047006f006f0067006c00650020004300680072006f006d006500000010660000000100002000000059d1fbe7f2e361c2084f99c7161933ba0948f9f33d85a9e9768a0645499d7a07000000000e80000000020000200000008ca238355085d681a78dceb29c4969f74974b9e1c0c509e04b3c051da686da3b30000000b95fc883a330eeee1a7acf5eaa6ce8cee8e800574b24b7820f6de4f4da1f5f9b240c108f94b07d53c5d56a461c880bcb40000000df003417089b79105600568c601b879c818117c6172ef53181de142315c4fdc7af2bbb48eba957ccdc494baa56852badb2147adb98c423c5cfd094c308c78b3b
          3⤵
          • Executes dropped EXE
          PID:4500
      • C:\Windows\system32\cmd.exe
        cmd /d /s /c "taskkill /F /IM chrome.exe"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2744
        • C:\Windows\system32\taskkill.exe
          taskkill /F /IM chrome.exe
          3⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:3820
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --remote-allow-origins=* --headless "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --profile-directory=Default
        2⤵
        • Uses browser remote debugging
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3320
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff82f42cc40,0x7ff82f42cc4c,0x7ff82f42cc58
          3⤵
            PID:2120
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1440,i,10503956633778268960,3489457954044831703,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1432 /prefetch:2
            3⤵
              PID:1416
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1724,i,10503956633778268960,3489457954044831703,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1720 /prefetch:3
              3⤵
                PID:2100
          • C:\Windows\System32\rundll32.exe
            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
            1⤵
              PID:4464
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe"
              1⤵
              • Drops file in Windows directory
              • Enumerates system info in registry
              • Modifies data under HKEY_USERS
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              • Suspicious use of WriteProcessMemory
              PID:4104
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff82f42cc40,0x7ff82f42cc4c,0x7ff82f42cc58
                2⤵
                  PID:5004
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1904 /prefetch:2
                  2⤵
                    PID:2956
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1804,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1920 /prefetch:3
                    2⤵
                      PID:3732
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2216 /prefetch:8
                      2⤵
                        PID:1056
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3116 /prefetch:1
                        2⤵
                          PID:3800
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3288 /prefetch:1
                          2⤵
                            PID:2552
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4252,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4232 /prefetch:2
                            2⤵
                              PID:3412
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4496,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4648 /prefetch:1
                              2⤵
                                PID:4444
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4408,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4948 /prefetch:8
                                2⤵
                                  PID:384
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4952,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4968 /prefetch:8
                                  2⤵
                                    PID:1028
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4976,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5208 /prefetch:8
                                    2⤵
                                      PID:2344
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5224,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5216 /prefetch:8
                                      2⤵
                                        PID:2128
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4964,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4972 /prefetch:8
                                        2⤵
                                          PID:3332
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5188,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5244 /prefetch:8
                                          2⤵
                                            PID:128
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5124,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1692 /prefetch:1
                                            2⤵
                                              PID:3096
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3508,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4268 /prefetch:2
                                              2⤵
                                                PID:3468
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3484,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3496 /prefetch:1
                                                2⤵
                                                  PID:3420
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5332,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3364 /prefetch:1
                                                  2⤵
                                                    PID:3368
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5228,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4972 /prefetch:1
                                                    2⤵
                                                      PID:4492
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5312,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:1
                                                      2⤵
                                                        PID:752
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3112,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5400 /prefetch:8
                                                        2⤵
                                                        • NTFS ADS
                                                        PID:2972
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5568,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5488 /prefetch:8
                                                        2⤵
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:424
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5696,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5052 /prefetch:1
                                                        2⤵
                                                          PID:5224
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=3312,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1692 /prefetch:1
                                                          2⤵
                                                            PID:4604
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5328,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5040 /prefetch:1
                                                            2⤵
                                                              PID:424
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5532,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5428 /prefetch:8
                                                              2⤵
                                                              • NTFS ADS
                                                              PID:5756
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=3116,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5860 /prefetch:1
                                                              2⤵
                                                                PID:5600
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=3348,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6000 /prefetch:1
                                                                2⤵
                                                                  PID:5592
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5156,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5420 /prefetch:1
                                                                  2⤵
                                                                    PID:3552
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5880,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5884 /prefetch:8
                                                                    2⤵
                                                                      PID:2596
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5248,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6176 /prefetch:8
                                                                      2⤵
                                                                        PID:3176
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5456,i,4312908714604865440,12201460103062896860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6360 /prefetch:8
                                                                        2⤵
                                                                        • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                        • NTFS ADS
                                                                        PID:3712
                                                                    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                      1⤵
                                                                        PID:228
                                                                      • C:\Windows\system32\svchost.exe
                                                                        C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                        1⤵
                                                                          PID:644
                                                                        • C:\Users\Admin\Downloads\Nihon\Nihon.exe
                                                                          "C:\Users\Admin\Downloads\Nihon\Nihon.exe"
                                                                          1⤵
                                                                          • Loads dropped DLL
                                                                          PID:948
                                                                          • C:\Windows\system32\cmd.exe
                                                                            C:\Windows\system32\cmd.exe /d /s /c "net session"
                                                                            2⤵
                                                                              PID:424
                                                                              • C:\Windows\system32\net.exe
                                                                                net session
                                                                                3⤵
                                                                                  PID:3372
                                                                                  • C:\Windows\system32\net1.exe
                                                                                    C:\Windows\system32\net1 session
                                                                                    4⤵
                                                                                      PID:1936
                                                                              • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                                                                                "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                                                                                1⤵
                                                                                • Suspicious use of SetWindowsHookEx
                                                                                PID:3088
                                                                              • C:\Users\Admin\Downloads\Nihon\Nihon.exe
                                                                                "C:\Users\Admin\Downloads\Nihon\Nihon.exe"
                                                                                1⤵
                                                                                • Loads dropped DLL
                                                                                PID:2932
                                                                                • C:\Windows\system32\cmd.exe
                                                                                  C:\Windows\system32\cmd.exe /d /s /c "net session"
                                                                                  2⤵
                                                                                    PID:1844
                                                                                    • C:\Windows\system32\net.exe
                                                                                      net session
                                                                                      3⤵
                                                                                        PID:428
                                                                                        • C:\Windows\system32\net1.exe
                                                                                          C:\Windows\system32\net1 session
                                                                                          4⤵
                                                                                            PID:1736
                                                                                    • C:\Windows\system32\BackgroundTransferHost.exe
                                                                                      "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
                                                                                      1⤵
                                                                                        PID:5512
                                                                                      • C:\Users\Admin\Downloads\Nihon\Nihon.exe
                                                                                        "C:\Users\Admin\Downloads\Nihon\Nihon.exe"
                                                                                        1⤵
                                                                                        • Loads dropped DLL
                                                                                        PID:5936
                                                                                        • C:\Windows\system32\cmd.exe
                                                                                          C:\Windows\system32\cmd.exe /d /s /c "net session"
                                                                                          2⤵
                                                                                            PID:5984
                                                                                            • C:\Windows\system32\net.exe
                                                                                              net session
                                                                                              3⤵
                                                                                                PID:6040
                                                                                                • C:\Windows\system32\net1.exe
                                                                                                  C:\Windows\system32\net1 session
                                                                                                  4⤵
                                                                                                    PID:6064
                                                                                            • C:\Users\Admin\Downloads\Felk\Felk\Felk.exe
                                                                                              "C:\Users\Admin\Downloads\Felk\Felk\Felk.exe"
                                                                                              1⤵
                                                                                              • Loads dropped DLL
                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                              PID:644
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                              1⤵
                                                                                              • Drops file in Windows directory
                                                                                              • Enumerates system info in registry
                                                                                              • Modifies data under HKEY_USERS
                                                                                              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                              • Suspicious use of SendNotifyMessage
                                                                                              PID:2572
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff82f42cc40,0x7ff82f42cc4c,0x7ff82f42cc58
                                                                                                2⤵
                                                                                                  PID:1524
                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1792,i,8478030636179170388,6050476091869628241,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=1784 /prefetch:2
                                                                                                  2⤵
                                                                                                    PID:5752
                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,8478030636179170388,6050476091869628241,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=2124 /prefetch:3
                                                                                                    2⤵
                                                                                                      PID:5980
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,8478030636179170388,6050476091869628241,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=2200 /prefetch:8
                                                                                                      2⤵
                                                                                                        PID:5756
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,8478030636179170388,6050476091869628241,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=3244 /prefetch:1
                                                                                                        2⤵
                                                                                                          PID:2344
                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,8478030636179170388,6050476091869628241,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=3300 /prefetch:1
                                                                                                          2⤵
                                                                                                            PID:3808
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4404,i,8478030636179170388,6050476091869628241,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=3096 /prefetch:1
                                                                                                            2⤵
                                                                                                              PID:1420
                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4720,i,8478030636179170388,6050476091869628241,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=4732 /prefetch:8
                                                                                                              2⤵
                                                                                                                PID:5944
                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4748,i,8478030636179170388,6050476091869628241,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=4752 /prefetch:8
                                                                                                                2⤵
                                                                                                                  PID:2796
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4732,i,8478030636179170388,6050476091869628241,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=4740 /prefetch:1
                                                                                                                  2⤵
                                                                                                                    PID:240
                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3300,i,8478030636179170388,6050476091869628241,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=3296 /prefetch:8
                                                                                                                    2⤵
                                                                                                                      PID:5440
                                                                                                                  • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                                                                    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                                                                    1⤵
                                                                                                                      PID:2268
                                                                                                                    • C:\Windows\system32\svchost.exe
                                                                                                                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                                                                      1⤵
                                                                                                                        PID:3896
                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                                                        1⤵
                                                                                                                        • Drops file in Windows directory
                                                                                                                        • Enumerates system info in registry
                                                                                                                        • Modifies data under HKEY_USERS
                                                                                                                        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                                        • Suspicious use of SendNotifyMessage
                                                                                                                        PID:4860
                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff82f42cc40,0x7ff82f42cc4c,0x7ff82f42cc58
                                                                                                                          2⤵
                                                                                                                            PID:3252
                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,15232661013461817149,12389537819160957697,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=1944 /prefetch:2
                                                                                                                            2⤵
                                                                                                                              PID:2728
                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1728,i,15232661013461817149,12389537819160957697,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=2072 /prefetch:3
                                                                                                                              2⤵
                                                                                                                                PID:2744
                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1632,i,15232661013461817149,12389537819160957697,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=2380 /prefetch:8
                                                                                                                                2⤵
                                                                                                                                  PID:3272
                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,15232661013461817149,12389537819160957697,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=3224 /prefetch:1
                                                                                                                                  2⤵
                                                                                                                                    PID:4284
                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,15232661013461817149,12389537819160957697,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=3252 /prefetch:1
                                                                                                                                    2⤵
                                                                                                                                      PID:5592
                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4388,i,15232661013461817149,12389537819160957697,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=4316 /prefetch:1
                                                                                                                                      2⤵
                                                                                                                                        PID:404
                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4500,i,15232661013461817149,12389537819160957697,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=4508 /prefetch:1
                                                                                                                                        2⤵
                                                                                                                                          PID:2344
                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3836,i,15232661013461817149,12389537819160957697,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=3360 /prefetch:1
                                                                                                                                          2⤵
                                                                                                                                            PID:4456
                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4904,i,15232661013461817149,12389537819160957697,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=4952 /prefetch:8
                                                                                                                                            2⤵
                                                                                                                                              PID:5472
                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4228,i,15232661013461817149,12389537819160957697,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=3052 /prefetch:8
                                                                                                                                              2⤵
                                                                                                                                                PID:5540
                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5216,i,15232661013461817149,12389537819160957697,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=5196 /prefetch:8
                                                                                                                                                2⤵
                                                                                                                                                  PID:5244
                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5224,i,15232661013461817149,12389537819160957697,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=5376 /prefetch:8
                                                                                                                                                  2⤵
                                                                                                                                                    PID:3104
                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5412,i,15232661013461817149,12389537819160957697,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=5380 /prefetch:8
                                                                                                                                                    2⤵
                                                                                                                                                    • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                                                                    • NTFS ADS
                                                                                                                                                    PID:2104
                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5536,i,15232661013461817149,12389537819160957697,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=5556 /prefetch:8
                                                                                                                                                    2⤵
                                                                                                                                                      PID:5688
                                                                                                                                                    • C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe
                                                                                                                                                      "C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe"
                                                                                                                                                      2⤵
                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                      • Checks whether UAC is enabled
                                                                                                                                                      • Drops file in Program Files directory
                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                      • Enumerates system info in registry
                                                                                                                                                      • Modifies Internet Explorer settings
                                                                                                                                                      • Modifies registry class
                                                                                                                                                      PID:6004
                                                                                                                                                      • C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                                                                                                                                        MicrosoftEdgeWebview2Setup.exe /silent /install
                                                                                                                                                        3⤵
                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                        PID:3968
                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Temp\EUC3EA.tmp\MicrosoftEdgeUpdate.exe
                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Temp\EUC3EA.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
                                                                                                                                                          4⤵
                                                                                                                                                          • Event Triggered Execution: Image File Execution Options Injection
                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                          • Loads dropped DLL
                                                                                                                                                          • Checks system information in the registry
                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                          PID:4692
                                                                                                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                                                                                                                            5⤵
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            • Loads dropped DLL
                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                            • Modifies registry class
                                                                                                                                                            PID:3452
                                                                                                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                                                                                                                            5⤵
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            • Loads dropped DLL
                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                            • Modifies registry class
                                                                                                                                                            PID:1948
                                                                                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                                                                              6⤵
                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                              • Loads dropped DLL
                                                                                                                                                              • Modifies registry class
                                                                                                                                                              PID:5352
                                                                                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                                                                              6⤵
                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                              • Loads dropped DLL
                                                                                                                                                              • Modifies registry class
                                                                                                                                                              PID:3916
                                                                                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                                                                              6⤵
                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                              • Loads dropped DLL
                                                                                                                                                              • Modifies registry class
                                                                                                                                                              PID:2916
                                                                                                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QURCODgwNDItNzIyNC00MzI5LTk5NkEtQzdCRDRDRDU1Nzg1fSIgdXNlcmlkPSJ7RTYxM0U0MDgtQUE5QS00NjBDLUFEMkYtRkJBMzRBNUQ3NTJBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBNjQ1QzE0Mi1CNDg5LTRFMEItODExQy0zMEZGMzE3OEVCMjN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk0NTg0NTYzODUiIGluc3RhbGxfdGltZV9tcz0iNTg5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                                                                                            5⤵
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            • Loads dropped DLL
                                                                                                                                                            • Checks system information in the registry
                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                            • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                                                            PID:6140
                                                                                                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{ADB88042-7224-4329-996A-C7BD4CD55785}" /silent
                                                                                                                                                            5⤵
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            • Loads dropped DLL
                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                            PID:2328
                                                                                                                                                      • C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe
                                                                                                                                                        "C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 6004
                                                                                                                                                        3⤵
                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                        • Loads dropped DLL
                                                                                                                                                        • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                                                                                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                        • Suspicious use of UnmapMainImage
                                                                                                                                                        PID:128
                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                                                                                                    1⤵
                                                                                                                                                      PID:3176
                                                                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                                                                                                      1⤵
                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                      • Loads dropped DLL
                                                                                                                                                      • Checks system information in the registry
                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                      • Modifies data under HKEY_USERS
                                                                                                                                                      PID:4916
                                                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QURCODgwNDItNzIyNC00MzI5LTk5NkEtQzdCRDRDRDU1Nzg1fSIgdXNlcmlkPSJ7RTYxM0U0MDgtQUE5QS00NjBDLUFEMkYtRkJBMzRBNUQ3NTJBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyNkRFODhDMi1COTE5LTRDNzEtODNEQS0yNzI2MDMwQ0M1NDd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iNSIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTQ2MjY5NjUxNyIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                                                                                                        2⤵
                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                        • Loads dropped DLL
                                                                                                                                                        • Checks system information in the registry
                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                        • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                                                        PID:5484
                                                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6116F90E-3D60-4EA7-BB45-45CEE78332CC}\MicrosoftEdge_X64_131.0.2903.112.exe
                                                                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6116F90E-3D60-4EA7-BB45-45CEE78332CC}\MicrosoftEdge_X64_131.0.2903.112.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                                                                                        2⤵
                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                        PID:4716
                                                                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6116F90E-3D60-4EA7-BB45-45CEE78332CC}\EDGEMITMP_728C3.tmp\setup.exe
                                                                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6116F90E-3D60-4EA7-BB45-45CEE78332CC}\EDGEMITMP_728C3.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6116F90E-3D60-4EA7-BB45-45CEE78332CC}\MicrosoftEdge_X64_131.0.2903.112.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                                                                                          3⤵
                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                          • Drops file in Program Files directory
                                                                                                                                                          • Drops file in Windows directory
                                                                                                                                                          PID:1544
                                                                                                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6116F90E-3D60-4EA7-BB45-45CEE78332CC}\EDGEMITMP_728C3.tmp\setup.exe
                                                                                                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6116F90E-3D60-4EA7-BB45-45CEE78332CC}\EDGEMITMP_728C3.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.205 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6116F90E-3D60-4EA7-BB45-45CEE78332CC}\EDGEMITMP_728C3.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.112 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff7edfb2918,0x7ff7edfb2924,0x7ff7edfb2930
                                                                                                                                                            4⤵
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            • Drops file in Windows directory
                                                                                                                                                            PID:6060
                                                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QURCODgwNDItNzIyNC00MzI5LTk5NkEtQzdCRDRDRDU1Nzg1fSIgdXNlcmlkPSJ7RTYxM0U0MDgtQUE5QS00NjBDLUFEMkYtRkJBMzRBNUQ3NTJBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1QzBBNkExRS1ERkE0LTRERDYtQjc3Qi05MEIwMEEyNTFCNjl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzEuMC4yOTAzLjExMiIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTQ3NjYxNjQ3MSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk0NzY3NTY1MzIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5ODA3OTAwNzY5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy83ZDljZDkzYy0xZDVlLTQ0OWItOWFkNy1mMWU4ZDZiOTA1MDk_UDE9MTczNTc5OTk4MCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1sN3BRMG9ONHl0cmxmY0FTMDNmSWhTMkxQd2hGUVgzbHRHbFl2b3FMVDN0NERzVlo4c0RSOXhEQWU2Q2V0VnZoczlLN2s0TzluNlVRJTJmem9zOG1FWXhBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTc2ODcwOTc2IiB0b3RhbD0iMTc2ODcwOTc2IiBkb3dubG9hZF90aW1lX21zPSIyNjU0MyIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk4MDgyNzY0MzAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5ODIyMTM2NDQxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDQyMTM4MDE4OSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjgxOCIgZG93bmxvYWRfdGltZV9tcz0iMzMxMzIiIGRvd25sb2FkZWQ9IjE3Njg3MDk3NiIgdG90YWw9IjE3Njg3MDk3NiIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNTk5MjIiLz48L2FwcD48L3JlcXVlc3Q-
                                                                                                                                                        2⤵
                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                        • Loads dropped DLL
                                                                                                                                                        • Checks system information in the registry
                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                        • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                                                        PID:1968
                                                                                                                                                    • C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
                                                                                                                                                      "C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\Desktop\SuspendUndo.ppt" /ou ""
                                                                                                                                                      1⤵
                                                                                                                                                      • Checks processor information in registry
                                                                                                                                                      • Enumerates system info in registry
                                                                                                                                                      • Suspicious behavior: AddClipboardFormatListener
                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                      PID:404
                                                                                                                                                    • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                                                                                                                      "C:\Program Files\VideoLAN\VLC\vlc.exe"
                                                                                                                                                      1⤵
                                                                                                                                                      • Suspicious behavior: AddClipboardFormatListener
                                                                                                                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                      • Suspicious use of SendNotifyMessage
                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                      PID:5584
                                                                                                                                                    • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                                                                                                                      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\CheckpointEdit.WTV"
                                                                                                                                                      1⤵
                                                                                                                                                      • Suspicious behavior: AddClipboardFormatListener
                                                                                                                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                      • Suspicious use of SendNotifyMessage
                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                      PID:5856
                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
                                                                                                                                                      1⤵
                                                                                                                                                      • Modifies Internet Explorer settings
                                                                                                                                                      PID:2744
                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\ResetPush.mht
                                                                                                                                                      1⤵
                                                                                                                                                      • Modifies Internet Explorer settings
                                                                                                                                                      PID:1580
                                                                                                                                                    • C:\Windows\system32\OpenWith.exe
                                                                                                                                                      C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                      1⤵
                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                      PID:5912
                                                                                                                                                    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
                                                                                                                                                      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\ExitStep.docx" /o ""
                                                                                                                                                      1⤵
                                                                                                                                                      • Checks processor information in registry
                                                                                                                                                      • Enumerates system info in registry
                                                                                                                                                      • Suspicious behavior: AddClipboardFormatListener
                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                      PID:5480
                                                                                                                                                    • C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe
                                                                                                                                                      "C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe"
                                                                                                                                                      1⤵
                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                      • Loads dropped DLL
                                                                                                                                                      • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                                                                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                      • Suspicious use of UnmapMainImage
                                                                                                                                                      PID:2468
                                                                                                                                                    • C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe
                                                                                                                                                      "C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe"
                                                                                                                                                      1⤵
                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                      • Loads dropped DLL
                                                                                                                                                      • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                                                                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                      • Suspicious use of UnmapMainImage
                                                                                                                                                      PID:4800
                                                                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                                                                                                                                      1⤵
                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                      • Loads dropped DLL
                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                      PID:4884
                                                                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                                                                                                      1⤵
                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                      • Loads dropped DLL
                                                                                                                                                      • Checks system information in the registry
                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                      • Modifies data under HKEY_USERS
                                                                                                                                                      PID:5332
                                                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{31889E45-A5DA-4EA4-AA2B-E20946629158}\MicrosoftEdgeUpdateSetup_X86_1.3.195.43.exe
                                                                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{31889E45-A5DA-4EA4-AA2B-E20946629158}\MicrosoftEdgeUpdateSetup_X86_1.3.195.43.exe" /update /sessionid "{B8224C0C-8328-4F96-AE7F-ACEF3A791A94}"
                                                                                                                                                        2⤵
                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                        • Drops file in Program Files directory
                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                        PID:5336
                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Temp\EU97AD.tmp\MicrosoftEdgeUpdate.exe
                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Temp\EU97AD.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{B8224C0C-8328-4F96-AE7F-ACEF3A791A94}"
                                                                                                                                                          3⤵
                                                                                                                                                          • Event Triggered Execution: Image File Execution Options Injection
                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                          • Loads dropped DLL
                                                                                                                                                          • Checks system information in the registry
                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                          PID:3356
                                                                                                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                                                                                                                            4⤵
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            • Loads dropped DLL
                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                            • Modifies registry class
                                                                                                                                                            PID:4220
                                                                                                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                                                                                                                            4⤵
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            • Loads dropped DLL
                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                            • Modifies registry class
                                                                                                                                                            PID:3488
                                                                                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                                                                              5⤵
                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                              • Loads dropped DLL
                                                                                                                                                              • Modifies registry class
                                                                                                                                                              PID:1396
                                                                                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                                                                              5⤵
                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                              • Loads dropped DLL
                                                                                                                                                              • Modifies registry class
                                                                                                                                                              PID:3256
                                                                                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                                                                              5⤵
                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                              • Loads dropped DLL
                                                                                                                                                              • Modifies registry class
                                                                                                                                                              PID:1220
                                                                                                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjgyMjRDMEMtODMyOC00Rjk2LUFFN0YtQUNFRjNBNzkxQTk0fSIgdXNlcmlkPSJ7RTYxM0U0MDgtQUE5QS00NjBDLUFEMkYtRkJBMzRBNUQ3NTJBfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7Rjc0MjIzNkItNkIxOC00QUM1LUFDNTctQjFCMUU0MDVBNjJGfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuNDMiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzUxOTUxNzYiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzMjc0NTUzNzM0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                                                                                            4⤵
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            • Loads dropped DLL
                                                                                                                                                            • Checks system information in the registry
                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                            • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                                                            PID:5288
                                                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjgyMjRDMEMtODMyOC00Rjk2LUFFN0YtQUNFRjNBNzkxQTk0fSIgdXNlcmlkPSJ7RTYxM0U0MDgtQUE5QS00NjBDLUFEMkYtRkJBMzRBNUQ3NTJBfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntCMzQ2ODEwRS0xRDkwLTRGNjYtODVCRi1BOTU2QjdFQ0I1RUZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS40MyIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyNzE4MzAzNjQ1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyNzE4NjE2MTI1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzI2MDk1OTkwOCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzIwN2U4MDM1LTk5YmUtNDVkMi1iMmFhLTE4NWY2NzA5YzQwMz9QMT0xNzM1ODAwMzA0JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWNqMjI0ZVNCbU15dThMYTdGcEQlMmIydTNoRCUyZjRBTWRhYTkzYjdFV3cyJTJiT1ZjVjJ6UXp2TmtZd0FrWVN1czNaRzVqT05YM0cxZFhZcDBPNlA5QnZ5aFFBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTMyNjA5NTk5MDgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzIwN2U4MDM1LTk5YmUtNDVkMi1iMmFhLTE4NWY2NzA5YzQwMz9QMT0xNzM1ODAwMzA0JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWNqMjI0ZVNCbU15dThMYTdGcEQlMmIydTNoRCUyZjRBTWRhYTkzYjdFV3cyJTJiT1ZjVjJ6UXp2TmtZd0FrWVN1czNaRzVqT05YM0cxZFhZcDBPNlA5QnZ5aFFBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTY1NDM0NCIgdG90YWw9IjE2NTQzNDQiIGRvd25sb2FkX3RpbWVfbXM9IjUwMDE2Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzMjYwOTU5OTA4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzMjY2MTE2NjY5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5MC4wLjgxOC42NiIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM3Mjc3Nzk3ODI5ODEzNTAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEzMS4wLjI5MDMuMTEyIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgdXBkYXRlX2NvdW50PSIxIj48dXBkYXRlY2hlY2svPjxwaW5nIHI9Ii0xIiByZD0iLTEiIHBpbmdfZnJlc2huZXNzPSJ7MTMzNjA3RDUtMkMwNC00NTM4LTk0NDAtNDkzODg3QzM5OEZCfSIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                                                                                                        2⤵
                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                        • Loads dropped DLL
                                                                                                                                                        • Checks system information in the registry
                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                        • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                                                        PID:3068
                                                                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                                                                                                                                      1⤵
                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                      • Loads dropped DLL
                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                      PID:1968
                                                                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                                                                                                      1⤵
                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                      • Loads dropped DLL
                                                                                                                                                      • Checks system information in the registry
                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                      • Modifies data under HKEY_USERS
                                                                                                                                                      PID:4856
                                                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjUyRkFGOTQtQjk4RC00QjlFLUE5MUEtQUZBRDdGMjE3MzdFfSIgdXNlcmlkPSJ7RTYxM0U0MDgtQUE5QS00NjBDLUFEMkYtRkJBMzRBNUQ3NTJBfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MkVDNDVENEQtRkIzMy00MTVFLUFDQUUtRkZFQkYwQkM4RjEwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7Y0JZRVlYODcxdHNHdUtKYW82M1hqVXQ1dkpFOVh4Q1RuRTdIMFBnVWpLRT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9Ijc5IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MjgzMDMwMzMiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM3Mjc3NTc0NjM2ODAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNjM2NzIwOTk3OCIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                                                                                                        2⤵
                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                        • Loads dropped DLL
                                                                                                                                                        • Checks system information in the registry
                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                        • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                                                        PID:1048
                                                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4499A5CC-4D88-4BC4-A173-BD4B33EEBD65}\MicrosoftEdge_X64_131.0.2903.112.exe
                                                                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4499A5CC-4D88-4BC4-A173-BD4B33EEBD65}\MicrosoftEdge_X64_131.0.2903.112.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                                                                                                                                        2⤵
                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                        • Drops file in Program Files directory
                                                                                                                                                        PID:5916
                                                                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4499A5CC-4D88-4BC4-A173-BD4B33EEBD65}\EDGEMITMP_F2D70.tmp\setup.exe
                                                                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4499A5CC-4D88-4BC4-A173-BD4B33EEBD65}\EDGEMITMP_F2D70.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4499A5CC-4D88-4BC4-A173-BD4B33EEBD65}\MicrosoftEdge_X64_131.0.2903.112.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                                                                                                                                          3⤵
                                                                                                                                                          • Boot or Logon Autostart Execution: Active Setup
                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                          • Installs/modifies Browser Helper Object
                                                                                                                                                          • Drops file in Program Files directory
                                                                                                                                                          • Drops file in Windows directory
                                                                                                                                                          • Modifies Internet Explorer settings
                                                                                                                                                          • Modifies registry class
                                                                                                                                                          • System policy modification
                                                                                                                                                          PID:2232
                                                                                                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4499A5CC-4D88-4BC4-A173-BD4B33EEBD65}\EDGEMITMP_F2D70.tmp\setup.exe
                                                                                                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4499A5CC-4D88-4BC4-A173-BD4B33EEBD65}\EDGEMITMP_F2D70.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.205 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4499A5CC-4D88-4BC4-A173-BD4B33EEBD65}\EDGEMITMP_F2D70.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.112 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff7c66e2918,0x7ff7c66e2924,0x7ff7c66e2930
                                                                                                                                                            4⤵
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            • Drops file in Windows directory
                                                                                                                                                            PID:1116
                                                                                                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4499A5CC-4D88-4BC4-A173-BD4B33EEBD65}\EDGEMITMP_F2D70.tmp\setup.exe
                                                                                                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4499A5CC-4D88-4BC4-A173-BD4B33EEBD65}\EDGEMITMP_F2D70.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
                                                                                                                                                            4⤵
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            • Drops file in System32 directory
                                                                                                                                                            • Drops file in Windows directory
                                                                                                                                                            • Modifies data under HKEY_USERS
                                                                                                                                                            PID:5512
                                                                                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4499A5CC-4D88-4BC4-A173-BD4B33EEBD65}\EDGEMITMP_F2D70.tmp\setup.exe
                                                                                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4499A5CC-4D88-4BC4-A173-BD4B33EEBD65}\EDGEMITMP_F2D70.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.205 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4499A5CC-4D88-4BC4-A173-BD4B33EEBD65}\EDGEMITMP_F2D70.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.112 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff7c66e2918,0x7ff7c66e2924,0x7ff7c66e2930
                                                                                                                                                              5⤵
                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                              • Drops file in Windows directory
                                                                                                                                                              PID:2512
                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe
                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level
                                                                                                                                                            4⤵
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            • Drops file in Program Files directory
                                                                                                                                                            • Drops file in Windows directory
                                                                                                                                                            PID:5472
                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe
                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.205 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.112 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff77a882918,0x7ff77a882924,0x7ff77a882930
                                                                                                                                                              5⤵
                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                              • Drops file in Windows directory
                                                                                                                                                              PID:752
                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe
                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
                                                                                                                                                            4⤵
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            • Drops file in Windows directory
                                                                                                                                                            PID:5544
                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe
                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.205 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.112 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff77a882918,0x7ff77a882924,0x7ff77a882930
                                                                                                                                                              5⤵
                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                              • Drops file in Windows directory
                                                                                                                                                              PID:2660
                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe
                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level
                                                                                                                                                            4⤵
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            • Drops file in Windows directory
                                                                                                                                                            PID:6040
                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe
                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.205 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.112 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff77a882918,0x7ff77a882924,0x7ff77a882930
                                                                                                                                                              5⤵
                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                              • Drops file in Windows directory
                                                                                                                                                              PID:3148
                                                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjUyRkFGOTQtQjk4RC00QjlFLUE5MUEtQUZBRDdGMjE3MzdFfSIgdXNlcmlkPSJ7RTYxM0U0MDgtQUE5QS00NjBDLUFEMkYtRkJBMzRBNUQ3NTJBfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins0NzhFNDA5Ny1CQ0QxLTQxRDEtQjcxNS01ODhGQkUwMENGOUR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjQzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9IklzT25JbnRlcnZhbENvbW1hbmRzQWxsb3dlZD0lNUIlMjItdGFyZ2V0X2RldiUyMC1taW5fYnJvd3Nlcl92ZXJzaW9uX2NhbmFyeV9kZXYlMjAxMzMuMC4yOTcwLjAlMjIlNUQiIGluc3RhbGxhZ2U9IjAiIGNvaG9ydD0icnJmQDAuMTkiPjx1cGRhdGVjaGVjay8-PHBpbmcgcmQ9IjY1NjkiIHBpbmdfZnJlc2huZXNzPSJ7QTQ3MjA3NzEtMERGRS00NTMxLUEzRjctQ0E4M0I3NTBCMEI1fSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5MC4wLjgxOC42NiIgbmV4dHZlcnNpb249IjEzMS4wLjI5MDMuMTEyIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGlzX3Bpbm5lZF9zeXN0ZW09InRydWUiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM3Mjc3Nzk3ODI5ODEzNTAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE2Mzc5NTUzNjQzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE2Mzc5NzEwMjMzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE2NDA1MzM0OTIzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE2NDE4NzcyNzA5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNjkzNzA1NDI5MSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjgyOCIgZG93bmxvYWRlZD0iMTc2ODcwOTc2IiB0b3RhbD0iMTc2ODcwOTc2IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMiIgaW5zdGFsbF90aW1lX21zPSI1MTgyOCIvPjxwaW5nIGFjdGl2ZT0iMCIgcmQ9IjY1NjkiIHBpbmdfZnJlc2huZXNzPSJ7QjlDMjkwOTUtOEU2RC00RkE2LUJENzAtRTg0NTE5ODA1MDYyfSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMzEuMC4yOTAzLjExMiIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGNvaG9ydD0icnJmQDAuNTEiIHVwZGF0ZV9jb3VudD0iMSI-PHVwZGF0ZWNoZWNrLz48cGluZyByZD0iNjU2OSIgcGluZ19mcmVzaG5lc3M9IntEODQ5MjA2Mi00RTcxLTQyRTYtQTdFOC00NTVFRUM1Nzc3Njh9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                                                                                        2⤵
                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                        • Loads dropped DLL
                                                                                                                                                        • Checks system information in the registry
                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                        • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                                                        PID:2588
                                                                                                                                                    • C:\Windows\System32\svchost.exe
                                                                                                                                                      C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness
                                                                                                                                                      1⤵
                                                                                                                                                        PID:5148

                                                                                                                                                      Network

                                                                                                                                                      MITRE ATT&CK Enterprise v15

                                                                                                                                                      Replay Monitor

                                                                                                                                                      Loading Replay Monitor...

                                                                                                                                                      Downloads

                                                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Installer\setup.exe

                                                                                                                                                        Filesize

                                                                                                                                                        6.6MB

                                                                                                                                                        MD5

                                                                                                                                                        f0dc48bc6e1b1a2b0b15c769d4c01835

                                                                                                                                                        SHA1

                                                                                                                                                        66c1ba4912ae18b18e2ae33830a6ba0939bb9ef1

                                                                                                                                                        SHA256

                                                                                                                                                        7ada85f31a3b501eaecd2aa37b8df1f74b470b355279b5db2d1fbc0bb7de4889

                                                                                                                                                        SHA512

                                                                                                                                                        d2ceeaf987446f7463e84a6286dc1c8f50a80466af641f77d174826189ff5a56b048e616ad8d97ddb12a2f68e182af80309be717367224605c06dcf74a84cc0f

                                                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.43\MicrosoftEdgeUpdateSetup_X86_1.3.195.43.exe

                                                                                                                                                        Filesize

                                                                                                                                                        1.6MB

                                                                                                                                                        MD5

                                                                                                                                                        83f7907f5d4dc316bd1f0f659bb73d52

                                                                                                                                                        SHA1

                                                                                                                                                        6fc1ac577f127d231b2a6bf5630e852be5192cf2

                                                                                                                                                        SHA256

                                                                                                                                                        dac76ce6445baeae894875c114c76f95507539cb32a581f152b6f4ed4ff43819

                                                                                                                                                        SHA512

                                                                                                                                                        a57059ef5d66d3c5260c725cae02012cf763268bd060fa6bc3064aedff9275d5d1628ff8138261f474136ab11724e9f951a5fdd3759f91476336903eb3b53224

                                                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4499A5CC-4D88-4BC4-A173-BD4B33EEBD65}\EDGEMITMP_F2D70.tmp\SETUP.EX_

                                                                                                                                                        Filesize

                                                                                                                                                        2.6MB

                                                                                                                                                        MD5

                                                                                                                                                        2ddec22bd2a90587544f7b60d07a87ab

                                                                                                                                                        SHA1

                                                                                                                                                        e98d492b63b876009298c7e90e2460d8ee59c4bf

                                                                                                                                                        SHA256

                                                                                                                                                        71f93ac62911d1e1671cf7f15e0851d4c9b98e4783ec9b0fa0ed5ee12a4d483b

                                                                                                                                                        SHA512

                                                                                                                                                        a11a37c73d54e818fc38b263123351b4418ee3674e1398cab11b79e4d7b895b411dfa02dd26f22a8781786e7e0d6ef44a0f6ba099a2ee3dc9dc224a5d968e678

                                                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

                                                                                                                                                        Filesize

                                                                                                                                                        201KB

                                                                                                                                                        MD5

                                                                                                                                                        4dc57ab56e37cd05e81f0d8aaafc5179

                                                                                                                                                        SHA1

                                                                                                                                                        494a90728d7680f979b0ad87f09b5b58f16d1cd5

                                                                                                                                                        SHA256

                                                                                                                                                        87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

                                                                                                                                                        SHA512

                                                                                                                                                        320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

                                                                                                                                                        Filesize

                                                                                                                                                        3.7MB

                                                                                                                                                        MD5

                                                                                                                                                        36b7362f96427168eb66c692c65a1582

                                                                                                                                                        SHA1

                                                                                                                                                        0a9e517d93a94245c765be2205ee71f079dfff76

                                                                                                                                                        SHA256

                                                                                                                                                        05deac8d5c4add3c6aff545944965abac2ce1e4fc3dcd1cd2528c101eed1b0f5

                                                                                                                                                        SHA512

                                                                                                                                                        c5ba4a18198236089bd13e66eca9f80a449abe29829b7d1c6c646e76c3c24e17d1bc3ffffe55973652470ac06385166ec794f9759827555d79138dea20923eea

                                                                                                                                                      • C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

                                                                                                                                                        Filesize

                                                                                                                                                        7.1MB

                                                                                                                                                        MD5

                                                                                                                                                        dc0a0de94ad86e22785e385a4fbbfe2f

                                                                                                                                                        SHA1

                                                                                                                                                        8dcd6f06fba142018f9e5083d79eac31ed2353d7

                                                                                                                                                        SHA256

                                                                                                                                                        a4e80eba29eec1e534950f605de2bba0a174e9eaf56c82fd6f4d221e93667f92

                                                                                                                                                        SHA512

                                                                                                                                                        39582cda82f479e5e25fc2021878d071261b71efbb68f827599d4020de61698273a2cde3d1dc323d14205615a509687ad1e04f1e25626c0826c6f297f5a75dce

                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\appb.exe

                                                                                                                                                        Filesize

                                                                                                                                                        33KB

                                                                                                                                                        MD5

                                                                                                                                                        a75626d5042f9b8fdecb168bb7005bc0

                                                                                                                                                        SHA1

                                                                                                                                                        51d56b7568367dbd2875a35781ba3225b7b775a6

                                                                                                                                                        SHA256

                                                                                                                                                        ecd7f59ef10e8d0380be3a2e0c1a8a6ed9b76a762b2363faca56a174e2bd2b5a

                                                                                                                                                        SHA512

                                                                                                                                                        f7f833b178e050e3361c9b8fa80ef484b10403aeba28a324c0479ac77efcf4abd0edcb98ac92aa86defaa7eff67d442b6c9fe905ce8cd386bf7537598f7343f2

                                                                                                                                                      • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

                                                                                                                                                        Filesize

                                                                                                                                                        14KB

                                                                                                                                                        MD5

                                                                                                                                                        215fa5f0f374f20507f197319ef408ee

                                                                                                                                                        SHA1

                                                                                                                                                        f717defb55152586db69a602fab76fc15c1f594a

                                                                                                                                                        SHA256

                                                                                                                                                        1adbecdbb3b68e6d8f359990a6f288ee2e6b597de7fbc236a3644bd3b281dada

                                                                                                                                                        SHA512

                                                                                                                                                        2d09accee7933def6fbd2a07d1d721a3d38c2ef261f9d3cb4f33e9457a1509a9ba1444cb70c3f3fbc0ba8582792da0719baf90ee0be3ff96fd49a741ced19fdc

                                                                                                                                                      • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

                                                                                                                                                        Filesize

                                                                                                                                                        64KB

                                                                                                                                                        MD5

                                                                                                                                                        b5ad5caaaee00cb8cf445427975ae66c

                                                                                                                                                        SHA1

                                                                                                                                                        dcde6527290a326e048f9c3a85280d3fa71e1e22

                                                                                                                                                        SHA256

                                                                                                                                                        b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

                                                                                                                                                        SHA512

                                                                                                                                                        92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

                                                                                                                                                      • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

                                                                                                                                                        Filesize

                                                                                                                                                        4B

                                                                                                                                                        MD5

                                                                                                                                                        f49655f856acb8884cc0ace29216f511

                                                                                                                                                        SHA1

                                                                                                                                                        cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                                                                                                                                                        SHA256

                                                                                                                                                        7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                                                                                                                                                        SHA512

                                                                                                                                                        599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                                                                                                                                                      • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

                                                                                                                                                        Filesize

                                                                                                                                                        1008B

                                                                                                                                                        MD5

                                                                                                                                                        d222b77a61527f2c177b0869e7babc24

                                                                                                                                                        SHA1

                                                                                                                                                        3f23acb984307a4aeba41ebbb70439c97ad1f268

                                                                                                                                                        SHA256

                                                                                                                                                        80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

                                                                                                                                                        SHA512

                                                                                                                                                        d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                                                                                        Filesize

                                                                                                                                                        40B

                                                                                                                                                        MD5

                                                                                                                                                        76025b9fb7201faad57e95ac873e37eb

                                                                                                                                                        SHA1

                                                                                                                                                        25c01eb7d9a63723eac365d764e96e45e953a5c1

                                                                                                                                                        SHA256

                                                                                                                                                        03bb8cf70d96e562ff19d80ef9a01f8255aaa1a6ffa2005dbc004bb718e05269

                                                                                                                                                        SHA512

                                                                                                                                                        6f5c8680823f3fc01c4668585518a1a535959ec456bca88f81eebe0484dc6cf6bbc40044db4ac7d18798529a20feca039bd986f243db817f27df220a7917a28f

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                                                                                                                                        Filesize

                                                                                                                                                        649B

                                                                                                                                                        MD5

                                                                                                                                                        39dfaf25b806a437c8947e377086631a

                                                                                                                                                        SHA1

                                                                                                                                                        3a0b8732623656ecc44efeeab974cae1c4348e36

                                                                                                                                                        SHA256

                                                                                                                                                        cbf97964cac465bac60d5212e24ecf3f0e2b4a572c5f4348e37c71f79a2fbcdd

                                                                                                                                                        SHA512

                                                                                                                                                        3fafa3de5b32e553703934c2933802ae140b15c374ec9e0c08323e737b6b4023bb7c695a1e9dac705a515a64b7f988bead1b8cd14e27e9941732cf39f8d3ca87

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

                                                                                                                                                        Filesize

                                                                                                                                                        215KB

                                                                                                                                                        MD5

                                                                                                                                                        d79b35ccf8e6af6714eb612714349097

                                                                                                                                                        SHA1

                                                                                                                                                        eb3ccc9ed29830df42f3fd129951cb8b791aaf98

                                                                                                                                                        SHA256

                                                                                                                                                        c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

                                                                                                                                                        SHA512

                                                                                                                                                        f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                        MD5

                                                                                                                                                        db269b93aaf62472d416d780e12a6c31

                                                                                                                                                        SHA1

                                                                                                                                                        28dd754419ffb7f7e9fa3fe7a8ed990826482f38

                                                                                                                                                        SHA256

                                                                                                                                                        615e419fdc7ad2ed820da5ac0003fb5673384e2ac62e0f66a03ac8b4adec96a8

                                                                                                                                                        SHA512

                                                                                                                                                        299be7bf905f2216cbae4ccbb923790dfc9174bf5d197dbdd01589dff92b35aa85704a3d6596a7e17f502bfdad32f1617b07e29477cdebc779bb0f0ec2555d09

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                        Filesize

                                                                                                                                                        816B

                                                                                                                                                        MD5

                                                                                                                                                        373a8b1ef546837bdef9fc047d6997ba

                                                                                                                                                        SHA1

                                                                                                                                                        8efa0de704b9c460c0023956094893d65f1301b6

                                                                                                                                                        SHA256

                                                                                                                                                        f1d2db629d37b4c95eae247befe3538e2b15c6d8771dc4ce83384a13fe1a81fe

                                                                                                                                                        SHA512

                                                                                                                                                        23a2724abc92b6338ddf3b5792c7aa5dd25cd5894573904fce34235980cdd0159aa61e438da6d38c0071360570eb8d54b845f3ebdf32978fa2f377f397e77af7

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                        Filesize

                                                                                                                                                        744B

                                                                                                                                                        MD5

                                                                                                                                                        f675e5f8ca4d18b6b25cd11e4e28f87d

                                                                                                                                                        SHA1

                                                                                                                                                        34ba32d611d4d60083eb02309a0b0e92c01f41af

                                                                                                                                                        SHA256

                                                                                                                                                        935f79d0fcf7524a9362df946c4c31c8945008d3f5e176b8bc4985992dabdba3

                                                                                                                                                        SHA512

                                                                                                                                                        5955a1c4ff450946b03fd541650bc616580c9f088b2818c3334394408753840bc08d5a510389e5fd0d5550e497620d7fca164fd50ecaf2ebc8df2cd6c14a7995

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                        Filesize

                                                                                                                                                        3KB

                                                                                                                                                        MD5

                                                                                                                                                        2d8819076925b655b41dfb305ed2e866

                                                                                                                                                        SHA1

                                                                                                                                                        be316b018afa825589652604eddb9378f77358ed

                                                                                                                                                        SHA256

                                                                                                                                                        bbd0aec55b796f08aeac504cbbe369b0f8677ef08f1f74ecaef2d914504a08ef

                                                                                                                                                        SHA512

                                                                                                                                                        dc21dad98aeedb9fbc6c067f0aa1fe6ec73a8ded6cc9eb19ce182c7770c03ec7cb27483c59158bd96f8de44fe1456cf36a046447909b8435c94abff28e5c76e0

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

                                                                                                                                                        Filesize

                                                                                                                                                        264KB

                                                                                                                                                        MD5

                                                                                                                                                        77a286091d7dc9b3e8941b7c38bf60b6

                                                                                                                                                        SHA1

                                                                                                                                                        607664bb434efced0531dd285e947aff94dc2324

                                                                                                                                                        SHA256

                                                                                                                                                        ddb66aeb40d2a20d8b09330daa09d8b608237dcd51f19baf698a0b64da679594

                                                                                                                                                        SHA512

                                                                                                                                                        7dba1076f3288d8c5c98b5071af8ad0be8ff34ea4aec19974d235ed7f452d5b4662915fb0ed90ce1839f429a2402faa1b5f5a50610db92b00a88383a3a12ed07

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

                                                                                                                                                        Filesize

                                                                                                                                                        851B

                                                                                                                                                        MD5

                                                                                                                                                        07ffbe5f24ca348723ff8c6c488abfb8

                                                                                                                                                        SHA1

                                                                                                                                                        6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                                                                                                                                        SHA256

                                                                                                                                                        6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                                                                                                                                        SHA512

                                                                                                                                                        7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

                                                                                                                                                        Filesize

                                                                                                                                                        854B

                                                                                                                                                        MD5

                                                                                                                                                        4ec1df2da46182103d2ffc3b92d20ca5

                                                                                                                                                        SHA1

                                                                                                                                                        fb9d1ba3710cf31a87165317c6edc110e98994ce

                                                                                                                                                        SHA256

                                                                                                                                                        6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                                                                                                                                        SHA512

                                                                                                                                                        939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

                                                                                                                                                        Filesize

                                                                                                                                                        44KB

                                                                                                                                                        MD5

                                                                                                                                                        076a42196c631daff4dbd0f29ae5679b

                                                                                                                                                        SHA1

                                                                                                                                                        98514e6313400ac6fc36847ec8825bd07df8361e

                                                                                                                                                        SHA256

                                                                                                                                                        64b152dd08317d0312d2f40022ea7736affa5df80410c1b0d18f573d74ba1122

                                                                                                                                                        SHA512

                                                                                                                                                        e105b59dc595cd7e353e1323b416fd8f0b102274aa08019370354306f50f5b75984ddfc1653aa4eccb256786ac9d1fa397762518b50dfcbfdfe8e586bf3d0389

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                                                                                                                                        Filesize

                                                                                                                                                        264KB

                                                                                                                                                        MD5

                                                                                                                                                        6380ba491c5786d8c8031a0fb0a769c2

                                                                                                                                                        SHA1

                                                                                                                                                        6ab05335dfef50db106928109bf2311cf8c4b4a0

                                                                                                                                                        SHA256

                                                                                                                                                        5f614ce4cf475524d6f8e65aef66559e24a3566b8cc15b9b6375d6d33aa157e0

                                                                                                                                                        SHA512

                                                                                                                                                        edb3880ba7449cdbe063d9a6824c606901024a9b8917b160071ca5cc14ad0aadbefbc8114b969a2fdf94ecdafd2e7afbb641842c66e7a745325636b2129fd2fa

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                        MD5

                                                                                                                                                        c2e4f6634073997b025d90734fe9a7cb

                                                                                                                                                        SHA1

                                                                                                                                                        75bc27358fd15bee50a10a45c705a27b98cd96f4

                                                                                                                                                        SHA256

                                                                                                                                                        1df3c718fbdae66e81ec380828dbfb0281b881c35666616eccabb77ce41e7f3b

                                                                                                                                                        SHA512

                                                                                                                                                        04658197331515b085c0110e574ddd625a2c2ca557695d8efac51ac24d161ca3e5a0352eef377a1dbab393d0dbc552c2af4b15003f13564b8d068171549576f1

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                        Filesize

                                                                                                                                                        7KB

                                                                                                                                                        MD5

                                                                                                                                                        3aa7ff3dfca28f1dd285bc4227057d5b

                                                                                                                                                        SHA1

                                                                                                                                                        e05740125613662ec1cb3dab149c2765c68ac87e

                                                                                                                                                        SHA256

                                                                                                                                                        c695f66c1d62762712f45fa7bde0890eacdda6154464ce9a7438075223f23555

                                                                                                                                                        SHA512

                                                                                                                                                        0743e3afd2868efcc3d926a35110ae26ffd37d340c11b361f8c32ad1e62f693ac23369c82748459e48ef43a04d5798b301b72ffee5cf00358e7ef2091050cdce

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                        MD5

                                                                                                                                                        7a51d4cf83cb387b441e616b10a43f92

                                                                                                                                                        SHA1

                                                                                                                                                        bf08cb9e805741b5c2372d828122383d116384e7

                                                                                                                                                        SHA256

                                                                                                                                                        2360ada9d4409406f11a2237e1aae166611fe2bf5900935b55480b39e76463aa

                                                                                                                                                        SHA512

                                                                                                                                                        1cd8f55c71fca65cb93e842f1eaf9443d20ec0b245b3af37d05bcaae5529a7c1163072d27accca552cfc93b2a3cebff6389a86ae2029eb25fd1c4bac649e8324

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                        Filesize

                                                                                                                                                        5KB

                                                                                                                                                        MD5

                                                                                                                                                        c04a0cdcbf9801fe9145e45c77b21596

                                                                                                                                                        SHA1

                                                                                                                                                        2af9bd12e460f7a49856eb4e70e5e4bd7d3ae91b

                                                                                                                                                        SHA256

                                                                                                                                                        343e8f633d6da14b93f9921dac4e44762532fd05ebeb3b65bde523fedbc45597

                                                                                                                                                        SHA512

                                                                                                                                                        674c3c756fb537444042beb51f04dc29dcb84fab63c2f1009c1122fb36f8a2e32dc7b68877bc93229be2ea7880e8dfd1906c5ff3845f2fac525fb408ce51ec8f

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                        Filesize

                                                                                                                                                        7KB

                                                                                                                                                        MD5

                                                                                                                                                        91b59d8e9398e11dc8291b37072f4cef

                                                                                                                                                        SHA1

                                                                                                                                                        69e3e23d4eae1e5db8c1d3acc1d0af3761b960f2

                                                                                                                                                        SHA256

                                                                                                                                                        0032d76225dc75217e180a8efbd10cae7d8a04729c0b312db7886df54fc396a1

                                                                                                                                                        SHA512

                                                                                                                                                        12e53f1352ba83a011ff5f9226a593cc41411e97d7c8f54c02073f2f3ee6ec18fb2ee48dc65498cb8b91f73e4590d65a483ac15e0ab0743d1492fd0c1780ed0a

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                        Filesize

                                                                                                                                                        7KB

                                                                                                                                                        MD5

                                                                                                                                                        f8de7b1a124ca3aa440a5fc995a46537

                                                                                                                                                        SHA1

                                                                                                                                                        1c9cd18e73e7dd99dcad27f8d01ab9fca745a053

                                                                                                                                                        SHA256

                                                                                                                                                        c483e2f988c570afa1d347625cac90fa0d3e42e39045c514a34f76afe6bf044f

                                                                                                                                                        SHA512

                                                                                                                                                        834db37c3bc79d7b77ab80758e147442f0d17ef1bdbfc559a1f5df6b205851837a6e502dc18920aee038e50580ef70332ff8210f5a2ab12400eafe8a9a802089

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                                                                                        Filesize

                                                                                                                                                        2B

                                                                                                                                                        MD5

                                                                                                                                                        d751713988987e9331980363e24189ce

                                                                                                                                                        SHA1

                                                                                                                                                        97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                                                        SHA256

                                                                                                                                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                                                        SHA512

                                                                                                                                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                        Filesize

                                                                                                                                                        356B

                                                                                                                                                        MD5

                                                                                                                                                        da7651c1f704031f1ee8c7ec75647dcd

                                                                                                                                                        SHA1

                                                                                                                                                        f803669329adaa35f01b0684023a9c5373c70479

                                                                                                                                                        SHA256

                                                                                                                                                        af0501c23c632ff71b3f6053e7eb0400efade722defbbeb4d6dd0693b29a6ba8

                                                                                                                                                        SHA512

                                                                                                                                                        d1490c61026250abcb6cfa845ca5aca6bdf438debadc6c24bf28c3b420e3d92dcced2b00d6930df3d2b3fa11f61c87583fd959bf2f396601f23c4633f1687a84

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                        Filesize

                                                                                                                                                        858B

                                                                                                                                                        MD5

                                                                                                                                                        001053c8548f9f33f736b329d8f9596a

                                                                                                                                                        SHA1

                                                                                                                                                        76b251bfea67e5e80f65ba26fb34dc004ca2f95e

                                                                                                                                                        SHA256

                                                                                                                                                        8753b966113ff94159233501fa88554cfb04242ab60155212287a4364b67911f

                                                                                                                                                        SHA512

                                                                                                                                                        ab67a443ec8c3d3a56f0c16270bdfbe4269316b00bb26793303944a91b6ae14af95f60a5f8bbbc700af36d98d97d1821d79af745a6d0535a013851ec205a0a9b

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                        Filesize

                                                                                                                                                        690B

                                                                                                                                                        MD5

                                                                                                                                                        1379b3a2343fcd8480b74d8eb4947feb

                                                                                                                                                        SHA1

                                                                                                                                                        5908d11b2fd37fea8b139b00cf9555969989a005

                                                                                                                                                        SHA256

                                                                                                                                                        ed6cf3449539ccaf7f89bd3f3a026f17a6d420d985aee6137d4fa73e73499c8f

                                                                                                                                                        SHA512

                                                                                                                                                        9337b587e107e3d31e45cfb3c18e79bc076f2b5823d52a4e2348e73c826cbc3ac362e6dbc6f7c442efce6aaf195057ef099a13d30afc42681eb4b8098a846b02

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                        Filesize

                                                                                                                                                        690B

                                                                                                                                                        MD5

                                                                                                                                                        15e36400f987be961d9d3e946d7d222a

                                                                                                                                                        SHA1

                                                                                                                                                        42ad9a2f41f3b19034b6371d5b96747e2067fdf1

                                                                                                                                                        SHA256

                                                                                                                                                        1807d21807d8433358f72875a507a42c72eac5ca3659be61f4e709f2ccfae360

                                                                                                                                                        SHA512

                                                                                                                                                        0680fa77bc9b9a669b0ea6d7ff52d585e25d9b839a10e027b3c41e6d582c4542f01c4ae0cd30d03037c85270487feb9dca63b224c50e3f8af1f79b0834f61ac6

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                        Filesize

                                                                                                                                                        2KB

                                                                                                                                                        MD5

                                                                                                                                                        7a7ae4c790621aaa68621a61fe8d2e16

                                                                                                                                                        SHA1

                                                                                                                                                        ed5a9215cfa8ff7922245af22248f0f461df4b85

                                                                                                                                                        SHA256

                                                                                                                                                        ee6abae391f05ee82a4c3fa61cc428e0ac8912d495a28a1bc048c9898d5044eb

                                                                                                                                                        SHA512

                                                                                                                                                        bb61535333a4869e589bf0b84d3d3801b2c505673348c8822e905190bab7dbcdcec627c86006ca310c8f219cf86eeeb240156edbfac18bf6cc1b39628913d821

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                        Filesize

                                                                                                                                                        2KB

                                                                                                                                                        MD5

                                                                                                                                                        ae46210e2f678bca99e68c8dc6ce2266

                                                                                                                                                        SHA1

                                                                                                                                                        b1149511b3c10fb1c3359b70352f402815a02294

                                                                                                                                                        SHA256

                                                                                                                                                        d6fc45d7e75900a60bf742a2426659fada4fcabb174efa05ca117353f1bab6df

                                                                                                                                                        SHA512

                                                                                                                                                        a94ac4650d7e6c585426f897c95477af7228a8de19dc3506396f54a7c45b0a0ab24d6a4076639767732a79a340880f41640889586dc4036a138435f3d4ae3b91

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                        Filesize

                                                                                                                                                        690B

                                                                                                                                                        MD5

                                                                                                                                                        3cf7ba678510ae70730fbeea95ccf32c

                                                                                                                                                        SHA1

                                                                                                                                                        c885c28ff4e3f35207465588a818fe633369ffe4

                                                                                                                                                        SHA256

                                                                                                                                                        d79123e0eafc4e228f7c9206eb871b13f80649f3e50db9c727e505eb11883155

                                                                                                                                                        SHA512

                                                                                                                                                        bc3e6f30265624afb1802ba217c51164af816d45c22db6de5466a3bab8bba503eb83c7dee9010893f2f966a494d4f60e3fe5825e8bf36c618cb7090e7ff4e5ba

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                        Filesize

                                                                                                                                                        2KB

                                                                                                                                                        MD5

                                                                                                                                                        1af4220bf5f516200cfaf85f6a21925b

                                                                                                                                                        SHA1

                                                                                                                                                        3900747a04e2715b713710dca2be2719c31c436d

                                                                                                                                                        SHA256

                                                                                                                                                        53582d03acaab0b47774828cabfba41071bd58cb64ef981cb4adb443714165f7

                                                                                                                                                        SHA512

                                                                                                                                                        58b96b7e4eeb178cbb28a5f8feca35884e414123676cd71dd91ac1034334d10ee70e35ed6d11bfdc8a284ae49d1a9f59d232af3fba082df4cbe175b89f541119

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                        Filesize

                                                                                                                                                        356B

                                                                                                                                                        MD5

                                                                                                                                                        07726d3ae4bae9dd35eb1690882ed281

                                                                                                                                                        SHA1

                                                                                                                                                        5e0b299b155568c872f43eeb31d4378ee726eca0

                                                                                                                                                        SHA256

                                                                                                                                                        a5ffaa7d5b7d75ce0adf6d2f3d637ddb63644a8f28d413aff4b29088150438d6

                                                                                                                                                        SHA512

                                                                                                                                                        bdc46fce9f037bbd8dc7c5a21d247d66d295014379769fcc08f27b1c81a83ed5de91165b34eaf2f7e2eb3eb7b6fb013baaf590cc9444f0264941f48190e23fbd

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                        Filesize

                                                                                                                                                        2KB

                                                                                                                                                        MD5

                                                                                                                                                        d061c0b6039aebe832dd51f6d91f4d84

                                                                                                                                                        SHA1

                                                                                                                                                        dd2e1c1eb3f304b5d03a9dedfba87696c1e5fe6e

                                                                                                                                                        SHA256

                                                                                                                                                        fd0877e7c0fe9da31c962c6b77aae56902b1936c1e5a26b584f74ec41d90906f

                                                                                                                                                        SHA512

                                                                                                                                                        c39bd2a36ffed4582971caeaff0c03add5dc3ded0ec6050c1bff88277fc23c75fde75aca6bfbb9e31f6141a76fa2df25370b9ab12001c3540411de8ded336938

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                        Filesize

                                                                                                                                                        2KB

                                                                                                                                                        MD5

                                                                                                                                                        25022f3e89aac2b05a5195c34f6052d9

                                                                                                                                                        SHA1

                                                                                                                                                        8601b87c3008d404328dcc12be0aee79354e4d34

                                                                                                                                                        SHA256

                                                                                                                                                        0d0c90fbffb9018330db24a914cd565f43b756225df1684d66323c7ea6202696

                                                                                                                                                        SHA512

                                                                                                                                                        f3e0a1e7b6f7dc8d4d538a22d35adf47ab43b9e4c5114951ed69a954cd2d1d4d9342105685fe0a00b90dfc46ef27aa5aed5516dbb1eba2cf80996842f68463ff

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        9KB

                                                                                                                                                        MD5

                                                                                                                                                        31657a61b0f269a1083db777c30001b0

                                                                                                                                                        SHA1

                                                                                                                                                        9a8c362183e91421802906485b6486859f83ba20

                                                                                                                                                        SHA256

                                                                                                                                                        91738a4394dc96049eac88a14fc3bc91dfbe746921e24e65c28c6105d39b83a5

                                                                                                                                                        SHA512

                                                                                                                                                        646b414b8ee33d47afdfd4cc18257b754eae2014e6541f0cb4a0a19e5edc4b7d2ce5f6bc422e331eb8d486fc19841913e901037067b66f17bb32d2d63182bbc7

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        9KB

                                                                                                                                                        MD5

                                                                                                                                                        be88654a5cc1cf0b6fcc398fc93453b3

                                                                                                                                                        SHA1

                                                                                                                                                        8f2b43201eb3a8275f79304d8ea07f90aea2a888

                                                                                                                                                        SHA256

                                                                                                                                                        0f4157299867d8e0e879e8c205c4e96e001415f902f5fd93d8423cea508a445a

                                                                                                                                                        SHA512

                                                                                                                                                        018052e10cd897799eaf6a62751c81ab8f1c2f7586232714ae81d7f9397f6036d1ab40e832d04f3aeafb75bb5e1228d8fac8c247395ea2ca750e67afe08d7459

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        9KB

                                                                                                                                                        MD5

                                                                                                                                                        9c3655e08778ed3f90d78c745a976071

                                                                                                                                                        SHA1

                                                                                                                                                        cf85ba0f44c5f8930c8a8c642650c29e7df383a6

                                                                                                                                                        SHA256

                                                                                                                                                        21ff607ab5b049b6cc9a1a743e910583299a8c84b2c85558ed878c09f0ee1843

                                                                                                                                                        SHA512

                                                                                                                                                        8929b90ddeb411a3668bb18ce153e3ef79983bb19f65490bbaa2bf6dcca0c445490048df82c5e78714d5f26503c7df8cb305e544bb0447b4112c62e6e7476ae4

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        9KB

                                                                                                                                                        MD5

                                                                                                                                                        59ca7f9990e49819c5b8ab3f072cf67e

                                                                                                                                                        SHA1

                                                                                                                                                        ab38ff34c92db5216ca5c1d1af58aa791d163503

                                                                                                                                                        SHA256

                                                                                                                                                        0f5ba07de886a4afaec57eb70ef64640f8e2ec23a67255cdb5e671d7343dcae6

                                                                                                                                                        SHA512

                                                                                                                                                        69cb16a6426baab010fccac792313a1d55a2c2a60dd34bd8ac588bae006a4a4c406ced666c66d4cd80b464e589ce0cddbae87220a11d1508a3d5093888a02d21

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        9KB

                                                                                                                                                        MD5

                                                                                                                                                        31283b72dfcd766b4624405b6d81ef8f

                                                                                                                                                        SHA1

                                                                                                                                                        3ec4760e9422328b41032b09aa11ad44ad14a25b

                                                                                                                                                        SHA256

                                                                                                                                                        e1fa04cf4c858fbe493ac8d4f3c22a0b73f1667c526d087cee57ffdfcb15338d

                                                                                                                                                        SHA512

                                                                                                                                                        3ee832abc5ba47c8922b7412ad76aa4af6f8b9bf63c320004a52b86e6d7ce6d0ba6a7fb51130c7689d8be0ec553ace5bcaa92c4fc8cd5cb88173620d4dc17eb1

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        9KB

                                                                                                                                                        MD5

                                                                                                                                                        e286b6f2ae677c4b72782143eda54c7a

                                                                                                                                                        SHA1

                                                                                                                                                        a825b97a8e51f74065dc6553e0b7c35cd9204be9

                                                                                                                                                        SHA256

                                                                                                                                                        f1237db34b8dcedc8204e2f5f74be52e3c300dfe3aa16d2d70fdfdd763f1c547

                                                                                                                                                        SHA512

                                                                                                                                                        b929e1d737a490fca557b587c75046ddee0b2b03f997d358545fdf34dda74b8f2d1d0d55b7ea420f70f679c7f3f4e85f59f925417493b4e4f262cc8e169dd9ef

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        9KB

                                                                                                                                                        MD5

                                                                                                                                                        8a25de872215891b8653f8529e131b24

                                                                                                                                                        SHA1

                                                                                                                                                        f39271268b64ef2e3e0df5c65ad2e800cc2018e2

                                                                                                                                                        SHA256

                                                                                                                                                        52f09ca9218a36d041446a85d9bdc3f2da7879496591de842cffa23521b05823

                                                                                                                                                        SHA512

                                                                                                                                                        339366cdb647fc268e78df3fbed4998f9775d78626babd1dbfd2fe72ff458d5267ce12ad26bd298aecd74ff6796a3ddf051a6965a6b80c72817ffb8c2c227992

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        7KB

                                                                                                                                                        MD5

                                                                                                                                                        f3ec199e148695204ccfbc61979f859a

                                                                                                                                                        SHA1

                                                                                                                                                        5684fb6c4a636d27d152150bb68cc0bed0d113cc

                                                                                                                                                        SHA256

                                                                                                                                                        b66e6d61f6372ec8cff0110dcf8d01bf8b05f2df5d18e03250db05e51e207647

                                                                                                                                                        SHA512

                                                                                                                                                        c387e3dc0e702a1c10cf1b761939c2042826cb85095b1d8be9ef9d625b3ac5404a5bf4d96177f449ec05dc2d44403052f1ca06576aa18283bcefd0d5f587882c

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        9KB

                                                                                                                                                        MD5

                                                                                                                                                        870dd8f7bbba29442da09c37d63b7c50

                                                                                                                                                        SHA1

                                                                                                                                                        9740ca493888139cc7e0e24c3f4b92089df5f9fd

                                                                                                                                                        SHA256

                                                                                                                                                        e5bc94fdb570bb2acd5975ea551e22126bc9de61c6588ddcf2add944e771a515

                                                                                                                                                        SHA512

                                                                                                                                                        ac8b0a9e3088b6451759ac8db89ac665002e70e9bad3d320cf7aec9d9044d2320c7d9491384cbc70a9f6333687b1b8d7536f8c551ac4b931bda58ba4829b6274

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        9KB

                                                                                                                                                        MD5

                                                                                                                                                        755a03969cb61e9ae6d012ba1cb5b94b

                                                                                                                                                        SHA1

                                                                                                                                                        e7035e95b7ce11c910c500e49c31f0a950ac829b

                                                                                                                                                        SHA256

                                                                                                                                                        a2d51e9234d0852edc704d1c3f1fcd835efb2539680a822266c5ffbbc38d2745

                                                                                                                                                        SHA512

                                                                                                                                                        575caf593e1d315294aa0cbf106395690602fa98aab88006dd975e7a74e819c78ea03a698257af10c92136c4a67374704b561bd7e10446615cf08e4c0b7b65d0

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        8KB

                                                                                                                                                        MD5

                                                                                                                                                        8b7daf547e43c2ddbcf1457609a37785

                                                                                                                                                        SHA1

                                                                                                                                                        9ef5b0aa870720d85ce769972fd83789fd3d49a5

                                                                                                                                                        SHA256

                                                                                                                                                        8c47c17aefe520c0085516ed08d1bbc0313499a1d7c6657980b581ea0b54534b

                                                                                                                                                        SHA512

                                                                                                                                                        c680a73e32e9780998b15ae839446ed1d94592c845b798af01787053cea5089812846c50fd77398ed373cbc106974e5c7be25daafb4c884b053d9c5d856dda69

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        8KB

                                                                                                                                                        MD5

                                                                                                                                                        d0d6aa102efd300716b9dae8a3e7ce21

                                                                                                                                                        SHA1

                                                                                                                                                        b39eeb11901bb876864ff5918246121666defec7

                                                                                                                                                        SHA256

                                                                                                                                                        f35ddc2817e94f17690df72900103968d80523533b087ec1f7130e79bf1f6c50

                                                                                                                                                        SHA512

                                                                                                                                                        d848904a70c57400e7390aa75a83950cb49de3a29d4341ed3475d22f1f18846997c073839392cc3d86afad46380da281ae1c3b6e91556d9a2a72fe0e521ccf1f

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        7KB

                                                                                                                                                        MD5

                                                                                                                                                        e7d5edb75ae20429a692d7d0d8734931

                                                                                                                                                        SHA1

                                                                                                                                                        717336939ea326af60b3260ed45b39bc28eee31a

                                                                                                                                                        SHA256

                                                                                                                                                        55f8bb71cb753d1153028cee0481c6fc4288d3eeda48d8117a625cba3e27bce9

                                                                                                                                                        SHA512

                                                                                                                                                        7387e5c3e106969aa3ab4cf7d8c9e0407424ce9db7363924e4d9ad0555137343c65360c56caed23593f7e10f25b6b17340508c27cac507a7ad55b6ca80512e74

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        9KB

                                                                                                                                                        MD5

                                                                                                                                                        c32155a4c737da1d9b8a4e2dd7653c7e

                                                                                                                                                        SHA1

                                                                                                                                                        9284db8f7633f472c5729d1736b953bdfb01cc8c

                                                                                                                                                        SHA256

                                                                                                                                                        f3cbccf50d7c3f9c3aa3532125bb55beffed96d62bf81d36d57a7f78855425d0

                                                                                                                                                        SHA512

                                                                                                                                                        411c03c1dd10202bcef5bd208e644eae65bd9159d92c689f4852d273f7559a1d33c5e2f1d860157a6e1f3b78112b5e81a02057049cc392cb44a07a48eefff2e2

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        8KB

                                                                                                                                                        MD5

                                                                                                                                                        c93037c72b4afc70fc754fe8f767faf9

                                                                                                                                                        SHA1

                                                                                                                                                        8393a4424128cddfeb7d509a609134455eef8686

                                                                                                                                                        SHA256

                                                                                                                                                        df994a5997d62ea319fd82cee004e1b248b6979e34c1fbf620162281340baa91

                                                                                                                                                        SHA512

                                                                                                                                                        f1f8b8fdd3b6c714ee64a99420e67a2fc794d8a1c2a3da1e75d43d3707741fce1eba8b17e57f7d8db85b69662fe932c6439db8535251aa9f3cb230a61ab7f62a

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        9KB

                                                                                                                                                        MD5

                                                                                                                                                        416471d486dcd557300f745e58b1f204

                                                                                                                                                        SHA1

                                                                                                                                                        7ab8fdab25a0b4a36597c878443f109746c76516

                                                                                                                                                        SHA256

                                                                                                                                                        9d2ef4e7b533c18f3e07e22f3cad15b9b740d6a758957558b3c0346a10a20cfd

                                                                                                                                                        SHA512

                                                                                                                                                        1d734848f3bec861de5e1d839b072d783f8bbfefabb41183fad730df398001ec0242e6361a6b159c47eabab09961e4c52cc65e3e2e07f10a840d1dc5afefe8fa

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        9KB

                                                                                                                                                        MD5

                                                                                                                                                        a1830c25943c8495989a8c7b44626941

                                                                                                                                                        SHA1

                                                                                                                                                        590fd68081c3bf8b7581a7c3346157fa76d31e59

                                                                                                                                                        SHA256

                                                                                                                                                        b50486dc0cc7dee5bcf7d5131660709af0452b2a5a18a6ee583d346dd701140e

                                                                                                                                                        SHA512

                                                                                                                                                        70870f5a411f2f8647f656e9d7956e32f651e168425bad2934eb89e0ececc478ab5ef7c0b3904e8aa2481fc58855a3b1aa355249db02b05688cb3635b5ea5178

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        9KB

                                                                                                                                                        MD5

                                                                                                                                                        9bdc9b4de39069372513fd1217fb7ced

                                                                                                                                                        SHA1

                                                                                                                                                        16f70eec0c3d02f68d3ed8de29a7ae6a506abf69

                                                                                                                                                        SHA256

                                                                                                                                                        3ef6f3bab558469bd7f5202608823da3311b90a01757988eef9e86dc28c7f4da

                                                                                                                                                        SHA512

                                                                                                                                                        a3e3d3075494060cd27b04c2b5217c9b927a22d7d92976a7f22cb48cd1cd609f1ae70235b813e08cce3106b932fe1d22aef316bb949121fd01979f8168115182

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        10KB

                                                                                                                                                        MD5

                                                                                                                                                        da1d5d68f5df6134be80afb8c341eaf3

                                                                                                                                                        SHA1

                                                                                                                                                        3b4d54e2a999149d69649fa6dbf18bf590ef94aa

                                                                                                                                                        SHA256

                                                                                                                                                        b8a2aecf30d26c7d185eeb6c238a32a08236662cc48df04d2c164569b49ed608

                                                                                                                                                        SHA512

                                                                                                                                                        6f53b6d6faae2b6b118249fa164826d78530d00b85311cb5b0d426b12470e8d56d84b341232b2aafeeccf45681188b74778fe2caffbb70e9e080fba7ef124e9d

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        9KB

                                                                                                                                                        MD5

                                                                                                                                                        07c0dd2aa463103b76085dbbb476823c

                                                                                                                                                        SHA1

                                                                                                                                                        183aaad8821987f8ee21c11f1cdadf3c90b7d336

                                                                                                                                                        SHA256

                                                                                                                                                        6d907b1a67caad7aa2709200a2fe6b4d673c287eb587ae81a36f8529b6ab92e1

                                                                                                                                                        SHA512

                                                                                                                                                        5fe5620265122dbf9a22014964f201e42ff1e7ac300f57a3f056216370ab8be8fc92a5f6414d3192a377237c212dac20474a7d5b9d2e1c61692f8d761b5c2feb

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        9KB

                                                                                                                                                        MD5

                                                                                                                                                        3680801a1872a1bfff50f61cda3156fb

                                                                                                                                                        SHA1

                                                                                                                                                        c51406d84125522e1f2b1d7bf8db7c2c87a68e68

                                                                                                                                                        SHA256

                                                                                                                                                        5c8625333bdaa89a6e1f25ba772e88c11f36f1df582cc34cbafaea18024aa043

                                                                                                                                                        SHA512

                                                                                                                                                        a41ccc815ea7d67b9490dcd1e7e04b867828565fbaf125033200a8228883e5a74ffc87de5c6cdc01283f851d2feb425be48f078fdd9b3f3e39486c16969e3119

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        9KB

                                                                                                                                                        MD5

                                                                                                                                                        a97f31ceaea646df98984737987088ee

                                                                                                                                                        SHA1

                                                                                                                                                        7f0a568a0452f2acb141b6edfaf742d8aa4692d8

                                                                                                                                                        SHA256

                                                                                                                                                        13a8b979f9bc4630d60b48e3064048c7bbf2e2c6d916a641a576289890416a7d

                                                                                                                                                        SHA512

                                                                                                                                                        a388fa12a5a3a6b66dffbbc6cafc6bebb2d5a5cd973ea23d9bed94049fd1a3dbb724a9e7e74f098cf41f7db5d84a85a041f32be232e4064abf3bf74a85dc3cd2

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        9KB

                                                                                                                                                        MD5

                                                                                                                                                        bfa620ccc4a01b8825a86bb81f76758f

                                                                                                                                                        SHA1

                                                                                                                                                        1a604bbe1bb6117b1ac2209a0f1015163547b894

                                                                                                                                                        SHA256

                                                                                                                                                        e1805a9ef3bfb3eda373c54ddcbe5b88ab6e6f33039389360d9530c73fc7fab8

                                                                                                                                                        SHA512

                                                                                                                                                        76d4e4839ae6e3e7fd3a535d0971c13877a0319d0c416a9e90c8a97cc41a8782ac806d7c656f3b8dfdc71b9c60528b5de35db9bea1e51a1f33af8f49f63b0580

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        10KB

                                                                                                                                                        MD5

                                                                                                                                                        6f7fe91ebc86bfca13de2b50a220924e

                                                                                                                                                        SHA1

                                                                                                                                                        327efc8682959ba6f3ac7b6fb3250af7e990e4b9

                                                                                                                                                        SHA256

                                                                                                                                                        340a0bf8c3013a0f8fcb4e99b353c4d26205ad0fc813eab9c6d0acd63ae334f6

                                                                                                                                                        SHA512

                                                                                                                                                        da99a337816c58152e49b43b8a90b59937f8b89f875e7233de82ea5e5de18f4911329b78bbe3ad6eec457f6ddffe25615d6687aca73aef3f4d4a3b4263829029

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        9KB

                                                                                                                                                        MD5

                                                                                                                                                        d50fafb67aa8ca9bd5fcb7e766ba87de

                                                                                                                                                        SHA1

                                                                                                                                                        8514380e4dd5f93889df206f4760c8247dcca22d

                                                                                                                                                        SHA256

                                                                                                                                                        a6ac8e03150f95027119718603f91bdf98ddeb0ad7bae8ad5c2ea916e25e3a83

                                                                                                                                                        SHA512

                                                                                                                                                        7ad3f53f292386a64d111e493d70780fe26acaa7901d17e857247c7afefae3aff8e3a5b84fdd111bc04b7b78f39d5ad468ada99f9513793acfa171309c0b7a97

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        9KB

                                                                                                                                                        MD5

                                                                                                                                                        462ec498ee75e4a490da8dad05f83160

                                                                                                                                                        SHA1

                                                                                                                                                        4f95505f7d741a158408fc1d06e7cee85ea3cd3a

                                                                                                                                                        SHA256

                                                                                                                                                        f5c043480d8ca775a7e275bd84f8c824e044848852bcf121f6e6e6d8a75a7c0c

                                                                                                                                                        SHA512

                                                                                                                                                        acade47dbeafaa18123c3e6e6722a144816b42a162dcb5692ffc13181970da33510a77760a3761967a911dd409ac5287cdd5379bfde31bd729654b37a1ce5ca6

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        9KB

                                                                                                                                                        MD5

                                                                                                                                                        e0464296d9b61ec8cdc045eafdb8024c

                                                                                                                                                        SHA1

                                                                                                                                                        de195873aef24fb8afaac21e13fd780b1af280bb

                                                                                                                                                        SHA256

                                                                                                                                                        fd5653083c9fc5f75b38d2dcd338427ee9dfbd727da70038f168c941d5ac7153

                                                                                                                                                        SHA512

                                                                                                                                                        559f9edb22b84ef6c766991048a1ba9426782b5c4cc26f85792b26b4e30b4ec11f9090f2f57eec866c2829c61be21b605522f11ed148fd7254582b4c266af523

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        9KB

                                                                                                                                                        MD5

                                                                                                                                                        591d8643675f0f361f74082ad57ae6de

                                                                                                                                                        SHA1

                                                                                                                                                        200741dfc0c91e91b298e4610d74edc34b163c8d

                                                                                                                                                        SHA256

                                                                                                                                                        18e23964cc875cb570559a08ef4cf46cc9554b5239ddf6e24b4855058919a66c

                                                                                                                                                        SHA512

                                                                                                                                                        7c54947fc4b1e04b334258972d19e64b872e15f9a82f6e252d04b0ba5c99eee8ef6c3ea08adc0380721757d546a59300f374250d5970cbba8368a568f06792b4

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        18KB

                                                                                                                                                        MD5

                                                                                                                                                        b3d5a2e87f1a1315bc0bd1d026a9d946

                                                                                                                                                        SHA1

                                                                                                                                                        27cd7ce89c56915588d7bb1cc5db3aed217370a3

                                                                                                                                                        SHA256

                                                                                                                                                        0346194f1460d78815f1e9fdc7a2f2c508c5bdc9268a8ce9fe830304ecd9b042

                                                                                                                                                        SHA512

                                                                                                                                                        c97f3c8c869e6547e7ad7919be1b760b900898dfa7a3c9ee063aaf5712ac5fe36c44ffe3be6214162c966ffc8dbc65cb0c237a8afb4c97dcef54f87c679f0939

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                                                                                                        Filesize

                                                                                                                                                        15KB

                                                                                                                                                        MD5

                                                                                                                                                        21b7619ba0418ab0843c8092c2ce589d

                                                                                                                                                        SHA1

                                                                                                                                                        6a9ab55e695e1211c01400062c03e5f3ecfb0025

                                                                                                                                                        SHA256

                                                                                                                                                        fa5ec370cf9133edba4cf46a827b166555d97b8e3bfed25a3307fa97bc2cc377

                                                                                                                                                        SHA512

                                                                                                                                                        51c96d90105000eda5884f5c349fa70ad8bcb89abbec4a229aa6707e28073213fffc1c8bd0f838e1d169b8d5a0f45f3cb709c04ec8fc776d60ab733b4fde567e

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

                                                                                                                                                        Filesize

                                                                                                                                                        16B

                                                                                                                                                        MD5

                                                                                                                                                        46295cac801e5d4857d09837238a6394

                                                                                                                                                        SHA1

                                                                                                                                                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                                                        SHA256

                                                                                                                                                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                                                        SHA512

                                                                                                                                                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                                                                                                                        Filesize

                                                                                                                                                        41B

                                                                                                                                                        MD5

                                                                                                                                                        5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                                                                                        SHA1

                                                                                                                                                        d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                                                                                        SHA256

                                                                                                                                                        f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                                                                                        SHA512

                                                                                                                                                        de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                                                                                        Filesize

                                                                                                                                                        72B

                                                                                                                                                        MD5

                                                                                                                                                        d337d31821f092e3994a4a4cb30debcc

                                                                                                                                                        SHA1

                                                                                                                                                        b24f7f412c1ae1f1445de4b0115ff101de5eba22

                                                                                                                                                        SHA256

                                                                                                                                                        947c8c3a8ed8653008881f64c8971c2b060ead55883c71bb809c4f2525350e3a

                                                                                                                                                        SHA512

                                                                                                                                                        62d090e378ac0e490df691632c53295bde84d8ede4548ed8e58b003cb7ece41235e08b59190755013e012dfa378629040637f518d73633f3690929175065658e

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                                                                                        Filesize

                                                                                                                                                        72B

                                                                                                                                                        MD5

                                                                                                                                                        f8714b0d06fa4be6700cad2523aa76ba

                                                                                                                                                        SHA1

                                                                                                                                                        93b8f00c7661a0f5995fda782e35d702ed291380

                                                                                                                                                        SHA256

                                                                                                                                                        3d47acbb89999325219d8e3248fa160d6efff09ca0e141e6635ac2a67afb4e39

                                                                                                                                                        SHA512

                                                                                                                                                        90ddd01cc1b7195e062a34155cc5529d6c791b99c389337c6be3bc737aeae2f485165322d85b7a1a5bd1023f442f478bbdbbad3938c8c97db76871d2c04acb00

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582edb.TMP

                                                                                                                                                        Filesize

                                                                                                                                                        72B

                                                                                                                                                        MD5

                                                                                                                                                        db5b079c79b420eb2f294db562919464

                                                                                                                                                        SHA1

                                                                                                                                                        5f5506ad5358360a7b6ff81b75d09612062155ee

                                                                                                                                                        SHA256

                                                                                                                                                        cdb24973ccb336a72a3b89c523c771ce504dd496d1f4cfc19c7f8daae2abd1bb

                                                                                                                                                        SHA512

                                                                                                                                                        a858853739adc8b2df30e1f32d8e394c31e087ec984f9d53d814592828eeed575f5bae9fcac31cc51fdc8773f413e666de4883168c11ef7205abb4ef7e988c3f

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d9d0584d-a058-4f14-a117-9460d565d365.tmp

                                                                                                                                                        Filesize

                                                                                                                                                        1B

                                                                                                                                                        MD5

                                                                                                                                                        5058f1af8388633f609cadb75a75dc9d

                                                                                                                                                        SHA1

                                                                                                                                                        3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                                                                        SHA256

                                                                                                                                                        cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                                                                        SHA512

                                                                                                                                                        0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                        Filesize

                                                                                                                                                        231KB

                                                                                                                                                        MD5

                                                                                                                                                        0c1cedbbf80c195e8e891b21142519bd

                                                                                                                                                        SHA1

                                                                                                                                                        83a90629fcbf9a979d1b21d6d338cbb70bbac558

                                                                                                                                                        SHA256

                                                                                                                                                        be4c4005dcb5ee1c5341b03009697c4fcf400f5e53d389e9b7448b6ff091634f

                                                                                                                                                        SHA512

                                                                                                                                                        3df786764228511bf353228819111f20238c682bc0ba3530b4ab21170377c799ffb9a56f6a3ae45d78fdbc14611febef32881668db4e2ccea7e9a572cc581a5b

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                        Filesize

                                                                                                                                                        119KB

                                                                                                                                                        MD5

                                                                                                                                                        d1c42c3ca593542bf015c49bc8babccc

                                                                                                                                                        SHA1

                                                                                                                                                        9aadc9072840d6a46e3c07ed4a242a1b5ca29895

                                                                                                                                                        SHA256

                                                                                                                                                        032fb9422c1dcb5d055d9ac3284178b56f9ea3d79b869f83731980f7b4437e99

                                                                                                                                                        SHA512

                                                                                                                                                        59e7ef108b8d672c138dce596d125925fff604982e201b260fc51d14aeaa93ff3f190ca8b8ee04287bc9ca8972ca901280c877c21926b383d90d13576bc02ef5

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                        Filesize

                                                                                                                                                        231KB

                                                                                                                                                        MD5

                                                                                                                                                        a6e12cba6b80ad72578073f255f6976a

                                                                                                                                                        SHA1

                                                                                                                                                        1921aebba77076da3a6c7fcbccac13d9a39d155c

                                                                                                                                                        SHA256

                                                                                                                                                        f7c0dff2e3ec71206d1b8cd1a7231cfd543540ea05fb43571217e51bed7e9779

                                                                                                                                                        SHA512

                                                                                                                                                        313c6e7b94864258e122e21596cca5058e0c8cb03417059da2c86a3a83e334e70321514e1381c840387d28435fd2c6a5fafcdacf90b581c736a4a92d69a60f40

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                        Filesize

                                                                                                                                                        231KB

                                                                                                                                                        MD5

                                                                                                                                                        7783856658872e89db5dc2783b9b3197

                                                                                                                                                        SHA1

                                                                                                                                                        13ad9f100ff90143a340818b39f027abd8afe535

                                                                                                                                                        SHA256

                                                                                                                                                        8de3533599e6e0dfb2815d76f2b7cdd26d013343bdddff5465716218cca214e3

                                                                                                                                                        SHA512

                                                                                                                                                        68af69d21b0d9e4d0e05503e9c5811513ce80d0d668dd5a44f538c333c9d9478c4d663c532ba255d36d97d9660484e6d2f59d7a3255cf2e41d431182b44379ba

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                        Filesize

                                                                                                                                                        119KB

                                                                                                                                                        MD5

                                                                                                                                                        41c6547af62385eeee07c5547c7a603c

                                                                                                                                                        SHA1

                                                                                                                                                        132a3ac10d998a0418554a6b6c8e407ccbda08dd

                                                                                                                                                        SHA256

                                                                                                                                                        5d6bca4a3979333a424ffb7c1ba7ecb147de3210363065cec40f6be4e6d9abf0

                                                                                                                                                        SHA512

                                                                                                                                                        93d20392ed466b3af7d2f320dd5ebd1c9a091eaea6a7d03745233891754278939a4b287f4193f78ada2ce04e2ca0f0d0970103d39d6ef70a8dca269eed36aec5

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                        Filesize

                                                                                                                                                        119KB

                                                                                                                                                        MD5

                                                                                                                                                        40d0230ab06d7e29bf748db70651e81a

                                                                                                                                                        SHA1

                                                                                                                                                        4f351f0da7a7efe64b7f1d509eac2146e019b616

                                                                                                                                                        SHA256

                                                                                                                                                        eca1ddb05d064301349a86538b1429b2405f72f831dda4b9175418d34d6851f2

                                                                                                                                                        SHA512

                                                                                                                                                        aa69016d579d8eba408bc027fa606628ca0256f3f38af35cf2b735828b384b575a243de1530f05cff24f02a321d3b9301879e7543d8960e3ff091efd6f7922f5

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                        Filesize

                                                                                                                                                        119KB

                                                                                                                                                        MD5

                                                                                                                                                        1fc3507a966d75e40ae6fdb13d869f49

                                                                                                                                                        SHA1

                                                                                                                                                        cb4a86a5ff7f28e20d458f88db82c239015cd8b6

                                                                                                                                                        SHA256

                                                                                                                                                        ae33a7d666bb40707c71886738dfb65f9b1fbcf46214d60a76ce059e77654e2e

                                                                                                                                                        SHA512

                                                                                                                                                        9aaa3433be58b9eb104f96d406117d30032f7cc2122b2b2e6dc61b1635366b3d6a9bea30fabe77ace1be281c0cf31b5f938a644827e97cf0f8647bd6c5daeb2e

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\7a1a4acb-4b0a-4066-a62e-cca3f206db74.down_data

                                                                                                                                                        Filesize

                                                                                                                                                        555KB

                                                                                                                                                        MD5

                                                                                                                                                        5683c0028832cae4ef93ca39c8ac5029

                                                                                                                                                        SHA1

                                                                                                                                                        248755e4e1db552e0b6f8651b04ca6d1b31a86fb

                                                                                                                                                        SHA256

                                                                                                                                                        855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

                                                                                                                                                        SHA512

                                                                                                                                                        aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

                                                                                                                                                        Filesize

                                                                                                                                                        10KB

                                                                                                                                                        MD5

                                                                                                                                                        ad7a569bafd3a938fe348f531b8ef332

                                                                                                                                                        SHA1

                                                                                                                                                        7fdd2f52d07640047bb62e0f3d3c946ddd85c227

                                                                                                                                                        SHA256

                                                                                                                                                        f0e06109256d5577e9f62db2c398974c5002bd6d08892f20517760601b705309

                                                                                                                                                        SHA512

                                                                                                                                                        b762bae338690082d817b3008144926498a1bd2d6d99be33e513c43515808f9a3184bd10254e5c6a1ff90a9211653f066050249030ad9fe0460ec88335b3d423

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\0589302f91aa343fbe0005be96fccbe2

                                                                                                                                                        Filesize

                                                                                                                                                        7.4MB

                                                                                                                                                        MD5

                                                                                                                                                        0589302f91aa343fbe0005be96fccbe2

                                                                                                                                                        SHA1

                                                                                                                                                        e522005b2f17a5e1686ec12c78c59f9ea97bf3a2

                                                                                                                                                        SHA256

                                                                                                                                                        24a86d06e182f61060442200d2e197a3bf1ae0757ccb60ba65137b66e63fe236

                                                                                                                                                        SHA512

                                                                                                                                                        63e5f206365b59426f9bd66bbed78ad0e74018f5d9485f69793fa1fbb78beb8baf3f182814c4938a123a6ea993b91f39a3d070e676bf146e622e99a4e2874279

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\41a9119e-2bb1-41eb-a7e2-13c2a2bee220\GunaDotNetRT64.dll

                                                                                                                                                        Filesize

                                                                                                                                                        142KB

                                                                                                                                                        MD5

                                                                                                                                                        9c43f77cb7cff27cb47ed67babe3eda5

                                                                                                                                                        SHA1

                                                                                                                                                        b0400cf68249369d21de86bd26bb84ccffd47c43

                                                                                                                                                        SHA256

                                                                                                                                                        f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e

                                                                                                                                                        SHA512

                                                                                                                                                        cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\pkg\f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c\sqlite3\binding.gyp

                                                                                                                                                        Filesize

                                                                                                                                                        1KB

                                                                                                                                                        MD5

                                                                                                                                                        b18910876afa5be79dc709e0b314108e

                                                                                                                                                        SHA1

                                                                                                                                                        fbd12aa3a25eaa0ea9883c49282029bbb9a9b1ad

                                                                                                                                                        SHA256

                                                                                                                                                        82c0fffccc54ef10231be8c7e190feb8feea44efc01b4ecfe12e4d8a0ecfb20d

                                                                                                                                                        SHA512

                                                                                                                                                        20a8ef66ec345d0f90416acf2a288d22c3f7b44b1e1a747c5ad4c9196cbbd6ca51683650d90afea97f33f847c8fd5d8fd9221ce7e0a7f4494e58288f8d80bab7

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\pkg\f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c\sqlite3\build\Release\node_sqlite3.node

                                                                                                                                                        Filesize

                                                                                                                                                        1.8MB

                                                                                                                                                        MD5

                                                                                                                                                        66a65322c9d362a23cf3d3f7735d5430

                                                                                                                                                        SHA1

                                                                                                                                                        ed59f3e4b0b16b759b866ef7293d26a1512b952e

                                                                                                                                                        SHA256

                                                                                                                                                        f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c

                                                                                                                                                        SHA512

                                                                                                                                                        0a44d12852fc4c74658a49f886c4bc7c715c48a7cb5a3dcf40c9f1d305ca991dd2c2cb3d0b5fd070b307a8f331938c5213188cbb2d27d47737cc1c4f34a1ea21

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\pkg\f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c\sqlite3\deps\common-sqlite.gypi

                                                                                                                                                        Filesize

                                                                                                                                                        1KB

                                                                                                                                                        MD5

                                                                                                                                                        0ad55ae01864df3767d7b61678bd326e

                                                                                                                                                        SHA1

                                                                                                                                                        ffedcc19095fd54f8619f00f55074f275ceddfd6

                                                                                                                                                        SHA256

                                                                                                                                                        4d65f2899fb54955218f28ec358a2cad2c2074a7b43f862933c6a35e69ae0632

                                                                                                                                                        SHA512

                                                                                                                                                        aaee895d110d67e87ed1e8ed6557b060a0575f466a947a4f59cc9d111381e1af6aa54d432233716c78f146168d548a726fed1eab2b3f09bb71e0ae7f4fdc69e3

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\pkg\f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c\sqlite3\deps\extract.js

                                                                                                                                                        Filesize

                                                                                                                                                        224B

                                                                                                                                                        MD5

                                                                                                                                                        f0a82a6a6043bf87899114337c67df6c

                                                                                                                                                        SHA1

                                                                                                                                                        a906c146eb0a359742ff85c1d96a095bd0dd95fd

                                                                                                                                                        SHA256

                                                                                                                                                        5be353d29c0fabea29cfd34448c196da9506009c0b20fde55e01d4191941dd74

                                                                                                                                                        SHA512

                                                                                                                                                        d26879f890226808d9bd2644c5ca85cc339760e86b330212505706e5749464fafad1cb5f018c59a8f034d68d327cd3fa5234ceac0677de1ac9ae09039f574240

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\pkg\f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c\sqlite3\deps\sqlite-autoconf-3440200.tar.gz

                                                                                                                                                        Filesize

                                                                                                                                                        3.1MB

                                                                                                                                                        MD5

                                                                                                                                                        c02f40fd4f809ced95096250adc5764a

                                                                                                                                                        SHA1

                                                                                                                                                        8398dd159f3a1fd8f1c5edf02c687512eaab69e4

                                                                                                                                                        SHA256

                                                                                                                                                        1c6719a148bc41cf0f2bbbe3926d7ce3f5ca09d878f1246fcc20767b175bb407

                                                                                                                                                        SHA512

                                                                                                                                                        59ad55df15eb84430f5286db2e5ceddd6ca1fc207a6343546a365c0c1baf20258e96c53d2ad48b50385608d03de09a692ae834cb78a39d1a48cb36a05722e402

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\pkg\f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c\sqlite3\deps\sqlite3.gyp

                                                                                                                                                        Filesize

                                                                                                                                                        2KB

                                                                                                                                                        MD5

                                                                                                                                                        0e4d1d898d697ec33a9ad8a27f0483bf

                                                                                                                                                        SHA1

                                                                                                                                                        1505f707a17f35723cd268744c189d8df47bb3a3

                                                                                                                                                        SHA256

                                                                                                                                                        8793f62b1133892ba376d18a15f552ef12b1e016f7e5df32ffb7279b760c11bd

                                                                                                                                                        SHA512

                                                                                                                                                        c530aba70e5555a27d547562d8b826b186540068af9b4ccd01483ec39f083a991ac11d0cc66f40acaa8b03d774080f227ee705a38995f356a14abe6e5f97b545

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\pkg\f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c\sqlite3\lib\sqlite3-binding.js

                                                                                                                                                        Filesize

                                                                                                                                                        59B

                                                                                                                                                        MD5

                                                                                                                                                        8582b2dcaed9c5a6f3b7cfe150545254

                                                                                                                                                        SHA1

                                                                                                                                                        14667874e0bfbe4ffc951f3e4bec7c5cf44e5a81

                                                                                                                                                        SHA256

                                                                                                                                                        762c7a74d7f92860a3873487b68e89f654a21d2aaeae9524eab5de9c65e66a9c

                                                                                                                                                        SHA512

                                                                                                                                                        22ec4df7697322b23ae2e73c692ed5c925d50fde2b7e72bfc2d5dd873e2da51834b920dea7c67cca5733e8a3f5e603805762e8be238c651aa40290452843411d

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\pkg\f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c\sqlite3\lib\sqlite3.d.ts

                                                                                                                                                        Filesize

                                                                                                                                                        6KB

                                                                                                                                                        MD5

                                                                                                                                                        ef8ef3bd8e4332d3fc264f0adf877b8d

                                                                                                                                                        SHA1

                                                                                                                                                        7e4d52f5e397ed1d51dcced24ace9a5e00f91500

                                                                                                                                                        SHA256

                                                                                                                                                        a39db87a3a3aa954ac3f6553b9fbfc642eb22bef7586cc1f0559e676aa073fa8

                                                                                                                                                        SHA512

                                                                                                                                                        5e456ee839f988fed95f816278a3da6998c8757403b98351c4bc26ca197146747b7a20e0c1a702818053547c4d9f9bcf9607bb778c88ca7cf22f21d9c9b4b091

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\pkg\f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c\sqlite3\lib\sqlite3.js

                                                                                                                                                        Filesize

                                                                                                                                                        6KB

                                                                                                                                                        MD5

                                                                                                                                                        275019a4199a84cfd18abd0f1ae497aa

                                                                                                                                                        SHA1

                                                                                                                                                        8601683f9b6206e525e4a087a7cca40d07828fd8

                                                                                                                                                        SHA256

                                                                                                                                                        8d6b400ae7f69a80d0cdd37a968d7b9a913661fa53475e5b8de49dda21684973

                                                                                                                                                        SHA512

                                                                                                                                                        6422249ccd710973f15d1242a8156d98fa8bdea820012df669e5363c50c5d8492d21ffefcdfa05b46c3c18033dde30f03349e880a4943feda8d1ee3c00f952b0

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\pkg\f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c\sqlite3\lib\trace.js

                                                                                                                                                        Filesize

                                                                                                                                                        1KB

                                                                                                                                                        MD5

                                                                                                                                                        e5c2de3c74bc66d4906bb34591859a5f

                                                                                                                                                        SHA1

                                                                                                                                                        37ec527d9798d43898108080506126b4146334e7

                                                                                                                                                        SHA256

                                                                                                                                                        d06caec6136120c6fb7ee3681b1ca949e8b634e747ea8d3080c90f35aeb7728f

                                                                                                                                                        SHA512

                                                                                                                                                        e250e53dae618929cbf3cb2f1084a105d3a78bdfb6bb29e290f63a1fd5fbb5b2fab934ad16bc285e245d749a90c84bdc72fdc1a77af912b7356c18b0b197fbe5

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\pkg\f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c\sqlite3\package.json

                                                                                                                                                        Filesize

                                                                                                                                                        2KB

                                                                                                                                                        MD5

                                                                                                                                                        d0d759c39758174eca4580e6a04a2c15

                                                                                                                                                        SHA1

                                                                                                                                                        97366bb2fa9d63bb9660b3d130efb6d37a6b80ef

                                                                                                                                                        SHA256

                                                                                                                                                        c782c19485b0026e209076a236484a62885cb3a0828322a2936043230ed1ec41

                                                                                                                                                        SHA512

                                                                                                                                                        b1f728883023d93ea46e72278a4dff96bf6489e37471f8804bd7d6c52f21b7ee284803cec589c941701a590458671f7c53d63f0f75500843ee25d8d4e60629d0

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\pkg\f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c\sqlite3\src\async.h

                                                                                                                                                        Filesize

                                                                                                                                                        1KB

                                                                                                                                                        MD5

                                                                                                                                                        e8c5e5c02d87e6af4455ff2c59c3588b

                                                                                                                                                        SHA1

                                                                                                                                                        a0de928c621bb9a71ba9cf002e0f0726e4db7c0e

                                                                                                                                                        SHA256

                                                                                                                                                        cce55c56b41cb493ebd43b232ff8ffc9f5a180f5bab2d10372eca6780eb105f6

                                                                                                                                                        SHA512

                                                                                                                                                        ed96889e0d1d5263fb8fed7a4966905b9812c007fbb04b733cadbe84edc7179015b9967ff5f48816ff2c97acf4a5b4792a35cee1f8fce23e5fdc797f8ee0c762

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\pkg\f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c\sqlite3\src\backup.cc

                                                                                                                                                        Filesize

                                                                                                                                                        13KB

                                                                                                                                                        MD5

                                                                                                                                                        3e21d304afe1783bdb88122c5563e36c

                                                                                                                                                        SHA1

                                                                                                                                                        10f57a35b7d217226019dbe2278524bf3e447778

                                                                                                                                                        SHA256

                                                                                                                                                        960e50580d2f2e668ee79b0c2ef99eaf006bc9178f438c4bb4e278f80f3d8960

                                                                                                                                                        SHA512

                                                                                                                                                        a96ab73f424abaf806cbd4c0537dc23772709753050ffab58996435df33e5ff1bcfea24193b0abbdec1ba2e22e91d8a74ce82cb034cb6035ade760b7d7730c33

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\pkg\f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c\sqlite3\src\backup.h

                                                                                                                                                        Filesize

                                                                                                                                                        6KB

                                                                                                                                                        MD5

                                                                                                                                                        29dd2fca11a4e0776c49140ecac95ce9

                                                                                                                                                        SHA1

                                                                                                                                                        837cfbc391c7faad304e745fc48ae9693afaf433

                                                                                                                                                        SHA256

                                                                                                                                                        556ba9af78010f41bc6b5b806743dc728bc181934bf8a7c6e5d606f9b8c7a2e9

                                                                                                                                                        SHA512

                                                                                                                                                        5785667b9c49d4f4320022c98e0567a412b48a790c99569261c12b8738bde0b4949d3998e2b375540ede2ff1d861cad859780ade796b71d4d1d692e1ed449021

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\pkg\f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c\sqlite3\src\database.cc

                                                                                                                                                        Filesize

                                                                                                                                                        21KB

                                                                                                                                                        MD5

                                                                                                                                                        d6f67f29966b29034fa0058d59a51794

                                                                                                                                                        SHA1

                                                                                                                                                        e1f9f8c20b654568e65036d2928ea5dd6e3bba6b

                                                                                                                                                        SHA256

                                                                                                                                                        40ea909433a35a95a8463c49231ddca040717681fc96ee3ba6f10840429b4ad6

                                                                                                                                                        SHA512

                                                                                                                                                        7bef1762cd869375b589dac5e780406baf7b477f14713540940ca177247943642f61c4b2084a08c808ea4f007ede4bbc1bcf2f19425cb826efb8b101be445ed9

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\pkg\f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c\sqlite3\src\database.h

                                                                                                                                                        Filesize

                                                                                                                                                        5KB

                                                                                                                                                        MD5

                                                                                                                                                        de31ab62b7068aea6cffb22b54a435bb

                                                                                                                                                        SHA1

                                                                                                                                                        7fd98864c970caa9c60cfc4ce1e77d736b5b5231

                                                                                                                                                        SHA256

                                                                                                                                                        8521f458b206ed8f9bf79e2bd869da0a35054b4be44d6ea8c371db207eccb283

                                                                                                                                                        SHA512

                                                                                                                                                        598491103564b024012da39ac31f54cf39f10da789cd5b17af44e93042d9526b9ffd4867112c5f9755cb4ada398bf5429f01dda6c1bbc5137bea545c3c88453b

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\pkg\f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c\sqlite3\src\gcc-preinclude.h

                                                                                                                                                        Filesize

                                                                                                                                                        861B

                                                                                                                                                        MD5

                                                                                                                                                        55a9165c6720727b6ec6cb815b026deb

                                                                                                                                                        SHA1

                                                                                                                                                        e737e117bdefa5838834f342d2c51e8009011008

                                                                                                                                                        SHA256

                                                                                                                                                        9d4264bb1dcbef8d927bb3a1809a01b0b89d726c217cee99ea9ccfdc7d456b6f

                                                                                                                                                        SHA512

                                                                                                                                                        79ed80377bfb576f695f271ed5200bb975f2546110267d264f0ab917f56c26abf6d3385878285fe3e378b254af99b59bdb8bbcab7427788c90a0460eb2ee5b77

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\pkg\f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c\sqlite3\src\macros.h

                                                                                                                                                        Filesize

                                                                                                                                                        10KB

                                                                                                                                                        MD5

                                                                                                                                                        b60768ed9dd86a1116e3bcc95ff9387d

                                                                                                                                                        SHA1

                                                                                                                                                        c057a7eebba8ce61e27267930a8526ab54920aa3

                                                                                                                                                        SHA256

                                                                                                                                                        c25be1861bd8e8457300b218f5fa0bba734f9d1f92b47d3b6ab8ee7c1862ccbe

                                                                                                                                                        SHA512

                                                                                                                                                        84e0670128f1d8712e703b6e4b684b904a8081886c9739c63b71962e5d465ac569b16cb0db74cb41dc015a64dcc1e3a9a20b0cf7f54d4320713cc0f49e0f7363

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\pkg\f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c\sqlite3\src\node_sqlite3.cc

                                                                                                                                                        Filesize

                                                                                                                                                        5KB

                                                                                                                                                        MD5

                                                                                                                                                        7d033e9b15e4f2230d8ef59cde708c69

                                                                                                                                                        SHA1

                                                                                                                                                        9b05c5cf3f4fc9b2c20ba46420002bb48edceb21

                                                                                                                                                        SHA256

                                                                                                                                                        e80fae190ace1a5153a397ae9fe55d6d28651471fb7bebf9bbb5528095d70f44

                                                                                                                                                        SHA512

                                                                                                                                                        0e709a8c58b73cf6d90f99ce2e0d9f2dbd8defe8dc8bc8919f82ab8ce66e7b4435dacb25b919e3a75030777e6a91beb2132653424b129f12d1169e6a28ab163c

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\pkg\f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c\sqlite3\src\statement.cc

                                                                                                                                                        Filesize

                                                                                                                                                        28KB

                                                                                                                                                        MD5

                                                                                                                                                        f4e74d3038becb8b3093eed0192b7a27

                                                                                                                                                        SHA1

                                                                                                                                                        66a845cba7c2c478879238cc79f21df40dd4575e

                                                                                                                                                        SHA256

                                                                                                                                                        2fe8c826256cb1b96e26c74aeab465a329a307e7e1107ba296d059a07cc0f948

                                                                                                                                                        SHA512

                                                                                                                                                        0b3dbec5d4a098fc551f8516ce87eb4da292063a2f0c61d7279bc207e33d0d83a2df9db04edcf58b6a0cf0914ba5b51c0e4ca38a17553dde464b2c37bf7e38de

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\pkg\f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c\sqlite3\src\statement.h

                                                                                                                                                        Filesize

                                                                                                                                                        6KB

                                                                                                                                                        MD5

                                                                                                                                                        0b81c9be1dc0ff314182399cdc301aea

                                                                                                                                                        SHA1

                                                                                                                                                        7433b86711d132a4df826bae80e58801a3eb74c9

                                                                                                                                                        SHA256

                                                                                                                                                        605633ba0fb1922c16aa5fbfffed52a097f29bf31cee7190d810c24c02de515b

                                                                                                                                                        SHA512

                                                                                                                                                        9cf986538d048a48b9f020fc51f994f25168540db35bdb0314744fdec80a45ba99064bc35fe76b35918753c2886d4466fdd7e36b25838c6039f712e5ac7d81b3

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\pkg\f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c\sqlite3\src\threading.h

                                                                                                                                                        Filesize

                                                                                                                                                        388B

                                                                                                                                                        MD5

                                                                                                                                                        f2a075d3101c2bf109d94f8c65b4ecb5

                                                                                                                                                        SHA1

                                                                                                                                                        d48294aec0b7aeb03cf5d56a9912e704b9e90bf6

                                                                                                                                                        SHA256

                                                                                                                                                        e0ab4f798bccb877548b0ab0f3d98c051b36cde240fdf424c70ace7daf0ffd36

                                                                                                                                                        SHA512

                                                                                                                                                        d95b5fda6cb93874fe577439f7bd16b10eae37b70c45ae2bd914790c1e3ba70dfb6bda7be79d196f2c40837d98f1005c3ed209cab9ba346ada9ce2ed62a87f13

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\scoped_dir4104_1136982861\404d225f-a7da-44fb-af18-1aaef2a9d4be.tmp

                                                                                                                                                        Filesize

                                                                                                                                                        150KB

                                                                                                                                                        MD5

                                                                                                                                                        14937b985303ecce4196154a24fc369a

                                                                                                                                                        SHA1

                                                                                                                                                        ecfe89e11a8d08ce0c8745ff5735d5edad683730

                                                                                                                                                        SHA256

                                                                                                                                                        71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

                                                                                                                                                        SHA512

                                                                                                                                                        1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\scoped_dir4104_1136982861\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                        Filesize

                                                                                                                                                        711B

                                                                                                                                                        MD5

                                                                                                                                                        558659936250e03cc14b60ebf648aa09

                                                                                                                                                        SHA1

                                                                                                                                                        32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                                                                                                                                        SHA256

                                                                                                                                                        2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                                                                                                                                        SHA512

                                                                                                                                                        1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

                                                                                                                                                        Filesize

                                                                                                                                                        336B

                                                                                                                                                        MD5

                                                                                                                                                        12f7d41f45a59a55df4eeadd592d7fa2

                                                                                                                                                        SHA1

                                                                                                                                                        8c21e476f90858d6235f241c7e4031b6706fa42a

                                                                                                                                                        SHA256

                                                                                                                                                        b1dfd1dbe8e1846492de230ec9d2af09fc43ffe94ee7dd1a8a2fdd2163fd36e4

                                                                                                                                                        SHA512

                                                                                                                                                        9f9f3606a29500cdb8e7f8c26241e57acab24edbd61bcb18456ce0dec5493041e7bc52bed5aee5daaea0ff9961233abe5c9bd184d5cf9d933984ce8a3380f39a

                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\services.txt

                                                                                                                                                        Filesize

                                                                                                                                                        10B

                                                                                                                                                        MD5

                                                                                                                                                        4b62de32582f8582b2df55c221906afe

                                                                                                                                                        SHA1

                                                                                                                                                        35e2c5292fca6a316c7f88e2e9a837f9f75f73f3

                                                                                                                                                        SHA256

                                                                                                                                                        9b85224ee5e795d297b9125f7cf0f3185d18cd3fe75cf183b473dd6120a7c890

                                                                                                                                                        SHA512

                                                                                                                                                        bfae546db15f098298925cee6bbe294bbe2e717435209ce6ddf18ff0d0f45243952ecab619753fd61b7a473dc645f3368452289a7e6024a174962733ae0b2357

                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\vlc\ml.xspf.tmp5856

                                                                                                                                                        Filesize

                                                                                                                                                        304B

                                                                                                                                                        MD5

                                                                                                                                                        781602441469750c3219c8c38b515ed4

                                                                                                                                                        SHA1

                                                                                                                                                        e885acd1cbd0b897ebcedbb145bef1c330f80595

                                                                                                                                                        SHA256

                                                                                                                                                        81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

                                                                                                                                                        SHA512

                                                                                                                                                        2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

                                                                                                                                                      • C:\Users\Admin\Downloads\Nihon.zip.crdownload

                                                                                                                                                        Filesize

                                                                                                                                                        17.9MB

                                                                                                                                                        MD5

                                                                                                                                                        eadf838ca01287ed60c25357286f948a

                                                                                                                                                        SHA1

                                                                                                                                                        4a76e9e221508792fa431b7705c324aa6cf9bd5d

                                                                                                                                                        SHA256

                                                                                                                                                        d32615e3a3462791c4dd521f686cd616d70868e12c0081f2f0ea8934d19ea351

                                                                                                                                                        SHA512

                                                                                                                                                        c7c0abf5f998eee0997e7f69a580906eec7e3660ebb00af11f6f4fec986dbee47f4c132b9b203e6face90b7d6d4761413d1d00f5d9098131027c75d0720d0b51

                                                                                                                                                      • C:\Users\Admin\Downloads\Nihon.zip:Zone.Identifier

                                                                                                                                                        Filesize

                                                                                                                                                        26B

                                                                                                                                                        MD5

                                                                                                                                                        fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                                                                                        SHA1

                                                                                                                                                        d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                                                                                        SHA256

                                                                                                                                                        eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                                                                                        SHA512

                                                                                                                                                        aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                                                                                      • C:\Users\Admin\Downloads\Unconfirmed 255876.crdownload

                                                                                                                                                        Filesize

                                                                                                                                                        7.2MB

                                                                                                                                                        MD5

                                                                                                                                                        a1c0810b143c7d1197657b43f600ba6b

                                                                                                                                                        SHA1

                                                                                                                                                        b4aa66f5cdd4efc83d0478022d4454084d4bab1d

                                                                                                                                                        SHA256

                                                                                                                                                        30f233f41ec825806609fb60d87c8cb92a512b10f7e91cdbb4bf32cee18217ae

                                                                                                                                                        SHA512

                                                                                                                                                        8f45702da43526c04b957f571450a2b53f122b840fa6118a446972bc824c8ee7acd6e197177b54236ce7f428fb73a7cbe4ed18d643c625c9f156463d51ee038a

                                                                                                                                                      • C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

                                                                                                                                                        Filesize

                                                                                                                                                        280B

                                                                                                                                                        MD5

                                                                                                                                                        823c874249190676fa1f140360ccf983

                                                                                                                                                        SHA1

                                                                                                                                                        4249a5cb2c498c179b9322dbd6b3c5bf2b54be2b

                                                                                                                                                        SHA256

                                                                                                                                                        395768b9b6ca0bd7f162978b6b2b0f3c2d0581c2f99e5595049142ef8d26f535

                                                                                                                                                        SHA512

                                                                                                                                                        56a1f22a4b2fe318ca3060fb53d0c482450d77d73113d6fb6cbecd4ee3ac9dd139705a1b7878a9bbb420e7c53d18b598dc9766b9ac6e216ba0f0dca1c9465e95

                                                                                                                                                      • memory/128-2361-0x00007FF83C040000-0x00007FF83C050000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        64KB

                                                                                                                                                      • memory/128-2356-0x00007FF83CEC0000-0x00007FF83CEE0000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        128KB

                                                                                                                                                      • memory/128-2358-0x00007FF83BED0000-0x00007FF83BEE0000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        64KB

                                                                                                                                                      • memory/128-2350-0x00007FF83CEA0000-0x00007FF83CEB0000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        64KB

                                                                                                                                                      • memory/128-2359-0x00007FF83BED0000-0x00007FF83BEE0000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        64KB

                                                                                                                                                      • memory/128-2349-0x00007FF83CE10000-0x00007FF83CE20000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        64KB

                                                                                                                                                      • memory/128-2360-0x00007FF83C040000-0x00007FF83C050000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        64KB

                                                                                                                                                      • memory/128-2354-0x00007FF83CEC0000-0x00007FF83CEE0000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        128KB

                                                                                                                                                      • memory/128-2352-0x00007FF83CEC0000-0x00007FF83CEE0000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        128KB

                                                                                                                                                      • memory/128-2348-0x00007FF83CE10000-0x00007FF83CE20000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        64KB

                                                                                                                                                      • memory/128-2355-0x00007FF83CEC0000-0x00007FF83CEE0000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        128KB

                                                                                                                                                      • memory/128-2351-0x00007FF83CEA0000-0x00007FF83CEB0000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        64KB

                                                                                                                                                      • memory/128-2357-0x00007FF83CFB0000-0x00007FF83CFBC000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        48KB

                                                                                                                                                      • memory/128-2353-0x00007FF83CEC0000-0x00007FF83CEE0000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        128KB

                                                                                                                                                      • memory/128-2338-0x00007FF83E800000-0x00007FF83E810000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        64KB

                                                                                                                                                      • memory/128-2339-0x00007FF83E800000-0x00007FF83E810000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        64KB

                                                                                                                                                      • memory/128-2340-0x00007FF83E920000-0x00007FF83E930000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        64KB

                                                                                                                                                      • memory/128-2341-0x00007FF83E920000-0x00007FF83E930000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        64KB

                                                                                                                                                      • memory/128-2342-0x00007FF83E970000-0x00007FF83E9A0000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        192KB

                                                                                                                                                      • memory/128-2343-0x00007FF83E970000-0x00007FF83E9A0000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        192KB

                                                                                                                                                      • memory/128-2347-0x00007FF83EA00000-0x00007FF83EA09000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        36KB

                                                                                                                                                      • memory/128-2344-0x00007FF83E970000-0x00007FF83E9A0000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        192KB

                                                                                                                                                      • memory/128-2346-0x00007FF83E970000-0x00007FF83E9A0000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        192KB

                                                                                                                                                      • memory/128-2345-0x00007FF83E970000-0x00007FF83E9A0000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        192KB

                                                                                                                                                      • memory/404-2265-0x00007FF7FE890000-0x00007FF7FE8A0000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        64KB

                                                                                                                                                      • memory/404-2289-0x00007FF7FE890000-0x00007FF7FE8A0000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        64KB

                                                                                                                                                      • memory/404-2264-0x00007FF7FE890000-0x00007FF7FE8A0000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        64KB

                                                                                                                                                      • memory/404-2263-0x00007FF7FE890000-0x00007FF7FE8A0000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        64KB

                                                                                                                                                      • memory/404-2266-0x00007FF7FE890000-0x00007FF7FE8A0000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        64KB

                                                                                                                                                      • memory/404-2262-0x00007FF7FE890000-0x00007FF7FE8A0000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        64KB

                                                                                                                                                      • memory/404-2267-0x00007FF7FBEA0000-0x00007FF7FBEB0000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        64KB

                                                                                                                                                      • memory/404-2268-0x00007FF7FBEA0000-0x00007FF7FBEB0000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        64KB

                                                                                                                                                      • memory/404-2286-0x00007FF7FE890000-0x00007FF7FE8A0000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        64KB

                                                                                                                                                      • memory/404-2287-0x00007FF7FE890000-0x00007FF7FE8A0000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        64KB

                                                                                                                                                      • memory/404-2288-0x00007FF7FE890000-0x00007FF7FE8A0000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        64KB

                                                                                                                                                      • memory/644-1007-0x00007FF82E9F0000-0x00007FF82EA17000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        156KB

                                                                                                                                                      • memory/644-1010-0x00007FF82E9F0000-0x00007FF82EA17000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        156KB

                                                                                                                                                      • memory/644-1009-0x000002959B240000-0x000002959B248000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        32KB

                                                                                                                                                      • memory/644-1008-0x00000295FFED0000-0x00000295FFF28000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        352KB

                                                                                                                                                      • memory/644-1005-0x00007FF817C50000-0x00007FF817D9F000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        1.3MB

                                                                                                                                                      • memory/644-1006-0x00000295FC580000-0x00000295FC5DC000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        368KB

                                                                                                                                                      • memory/644-997-0x00000295FC330000-0x00000295FC57C000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        2.3MB

                                                                                                                                                      • memory/644-996-0x00000295F98C0000-0x00000295F9A1C000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        1.4MB

                                                                                                                                                      • memory/4692-2212-0x00000000002D0000-0x0000000000305000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        212KB

                                                                                                                                                      • memory/4692-2241-0x0000000073780000-0x0000000073990000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        2.1MB

                                                                                                                                                      • memory/4692-2213-0x0000000073780000-0x0000000073990000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        2.1MB

                                                                                                                                                      • memory/4692-2333-0x00000000002D0000-0x0000000000305000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        212KB

                                                                                                                                                      • memory/5584-2302-0x00007FF81E5A0000-0x00007FF81E5D4000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        208KB

                                                                                                                                                      • memory/5584-2301-0x00007FF7B0C80000-0x00007FF7B0D78000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        992KB

                                                                                                                                                      • memory/5584-2303-0x00007FF81A060000-0x00007FF81A316000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        2.7MB

                                                                                                                                                      • memory/5584-2304-0x00007FF810880000-0x00007FF811930000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        16.7MB

                                                                                                                                                      • memory/5856-2328-0x00007FF81A060000-0x00007FF81A316000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        2.7MB

                                                                                                                                                      • memory/5856-2326-0x00007FF7B0C80000-0x00007FF7B0D78000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        992KB

                                                                                                                                                      • memory/5856-2327-0x00007FF81E5A0000-0x00007FF81E5D4000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        208KB

                                                                                                                                                      • memory/5856-2329-0x00007FF81ABD0000-0x00007FF81ACDE000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        1.1MB