hxxps://drive[.]google[.]com/drive/folders/1TO2QY9y__rFI9LrxZo0KbY8SbfwwxQph

Analysis

max time kernel
600s
max time network
602s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
22-01-2025 10:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1TO2QY9y__rFI9LrxZo0KbY8SbfwwxQph

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
6	drive.google.com

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\ResourcePolicyClient.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\msasn1.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\dxgi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\fwpuclnt.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\version.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\devobj.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\CoreMessaging.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\dnsapi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\winmm.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\DLL\cryptbase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\wintrust.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\ucrtbase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\dxgi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\shlwapi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\cryptbase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\baselib_Win64_Master_il2cpp_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\exe\WindowsPlayer_player_Master_il2cpp_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\shcore.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\nsi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\pnrpnsp.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\exe\WindowsPlayer_player_Master_il2cpp_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\user32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dcomp.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\DLL\dhcpcsvc.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\pnrpnsp.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\UnityPlayer_Win64_player_il2cpp_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\ole32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\wshbth.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\DLL\iphlpapi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\dxgi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\ntdll.pdb	Event Horizon.exe
File opened for modification	C:\Windows\system32\symbols\DLL\kernel32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\gdi32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\combase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\winmm.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\d3d11.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dxgi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\oleaut32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\winhttp.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\DLL\iphlpapi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\dbghelp.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\dwmapi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\wintrust.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\rpcrt4.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\msvcrt.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\msasn1.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\gdi32full.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\kernelbase.pdb	Event Horizon.exe
File opened for modification	C:\Windows\system32\msctf.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\nlansp_c.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\win32u.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\TextInputFramework.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\mswsock.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\shell32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dbghelp.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\advapi32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\DLL\cryptbase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\ntdll.pdb	Event Horizon.exe
File opened for modification	C:\Windows\system32\dll\crypt32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\fastprox.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\ucrtbase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\ucrtbase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\WinTypes.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\nlansp_c.pdb	UnityCrashHandler64.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\dll\CLBCatQ.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\wbemsvc.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\opengl32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\ntdll.pdb	Event Horizon.exe
File opened for modification	C:\Windows\uxtheme.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\wintrust.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\oleaut32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\winmm.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dwmapi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\wbemsvc.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\DLL\audioses.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\WinTypes.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\rasadhlp.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\shlwapi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\winhttp.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\shlwapi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\DXCore.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\UnityPlayer_Win64_player_il2cpp_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\wbemcomn.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\mswsock.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\dcomp.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\shlwapi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\gdi32full.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\XInput1_4.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\dcomp.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\GameAssembly.pdb	Event Horizon.exe
File opened for modification	C:\Windows\dll\MMDevAPI.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\devobj.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\TextInputFramework.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\GameAssembly.pdb	Event Horizon.exe
File opened for modification	C:\Windows\dll\dxgi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\wbemprox.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\oleaut32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\dxgi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\bcryptprimitives.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\DLL\cryptbase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\fwpuclnt.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\sspicli.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\kernel32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\crypt32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\ntmarta.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\rasadhlp.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\d3d10warp.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\DLL\kernel32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\rasadhlp.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\UnityPlayer_Win64_player_il2cpp_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\GameAssembly.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\user32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\opengl32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\ntmarta.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\d3d10warp.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\TextInputFramework.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\wshbth.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\cfgmgr32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\wintrust.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\winrnr.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dwmapi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\DLL\cryptbase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\glu32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\bcrypt.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\Windows.Storage.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\mswsock.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\Kernel.Appcore.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\WinTypes.pdb	UnityCrashHandler64.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Event Horizon.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Event Horizon.exe
Key opened	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Event Horizon.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Event Horizon.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Event Horizon.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Event Horizon.exe
Key opened	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Event Horizon.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Event Horizon.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133820140475887699"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\eventhorizon_win.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Alien Infection v2.9.1:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
4124	msedge.exe
4124	msedge.exe
4684	msedge.exe
4684	msedge.exe
1660	msedge.exe
1660	msedge.exe
2196	identity_helper.exe
2196	identity_helper.exe
848	chrome.exe
848	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
836	Event Horizon.exe
836	Event Horizon.exe
3832	UnityCrashHandler64.exe
3832	UnityCrashHandler64.exe
3832	UnityCrashHandler64.exe
3832	UnityCrashHandler64.exe
2996	Event Horizon.exe
2996	Event Horizon.exe
2460	UnityCrashHandler64.exe
2460	UnityCrashHandler64.exe
2460	UnityCrashHandler64.exe
2460	UnityCrashHandler64.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
836	Event Horizon.exe
2996	Event Horizon.exe
1592	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4684 wrote to memory of 4484	4684	msedge.exe	78
PID 4684 wrote to memory of 4484	4684	msedge.exe	78
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4408	4684	msedge.exe	79
PID 4684 wrote to memory of 4124	4684	msedge.exe	80
PID 4684 wrote to memory of 4124	4684	msedge.exe	80
PID 4684 wrote to memory of 1776	4684	msedge.exe	81
PID 4684 wrote to memory of 1776	4684	msedge.exe	81
PID 4684 wrote to memory of 1776	4684	msedge.exe	81
PID 4684 wrote to memory of 1776	4684	msedge.exe	81
PID 4684 wrote to memory of 1776	4684	msedge.exe	81
PID 4684 wrote to memory of 1776	4684	msedge.exe	81
PID 4684 wrote to memory of 1776	4684	msedge.exe	81
PID 4684 wrote to memory of 1776	4684	msedge.exe	81
PID 4684 wrote to memory of 1776	4684	msedge.exe	81
PID 4684 wrote to memory of 1776	4684	msedge.exe	81
PID 4684 wrote to memory of 1776	4684	msedge.exe	81
PID 4684 wrote to memory of 1776	4684	msedge.exe	81
PID 4684 wrote to memory of 1776	4684	msedge.exe	81
PID 4684 wrote to memory of 1776	4684	msedge.exe	81
PID 4684 wrote to memory of 1776	4684	msedge.exe	81
PID 4684 wrote to memory of 1776	4684	msedge.exe	81
PID 4684 wrote to memory of 1776	4684	msedge.exe	81
PID 4684 wrote to memory of 1776	4684	msedge.exe	81
PID 4684 wrote to memory of 1776	4684	msedge.exe	81
PID 4684 wrote to memory of 1776	4684	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1TO2QY9y__rFI9LrxZo0KbY8SbfwwxQph
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffd3533cb8,0x7fffd3533cc8,0x7fffd3533cd8
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,15442158965030811864,10635595205118104998,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,15442158965030811864,10635595205118104998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,15442158965030811864,10635595205118104998,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15442158965030811864,10635595205118104998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15442158965030811864,10635595205118104998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15442158965030811864,10635595205118104998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,15442158965030811864,10635595205118104998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15442158965030811864,10635595205118104998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,15442158965030811864,10635595205118104998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15442158965030811864,10635595205118104998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15442158965030811864,10635595205118104998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15442158965030811864,10635595205118104998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15442158965030811864,10635595205118104998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15442158965030811864,10635595205118104998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15442158965030811864,10635595205118104998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15442158965030811864,10635595205118104998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15442158965030811864,10635595205118104998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15442158965030811864,10635595205118104998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15442158965030811864,10635595205118104998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15442158965030811864,10635595205118104998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:3676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fffd2aecc40,0x7fffd2aecc4c,0x7fffd2aecc58
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,12616067724191315545,1994761835728583128,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1964,i,12616067724191315545,1994761835728583128,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1956 /prefetch:3
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,12616067724191315545,1994761835728583128,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2416 /prefetch:8
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,12616067724191315545,1994761835728583128,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3340,i,12616067724191315545,1994761835728583128,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3520,i,12616067724191315545,1994761835728583128,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4776,i,12616067724191315545,1994761835728583128,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4576,i,12616067724191315545,1994761835728583128,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,12616067724191315545,1994761835728583128,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4932 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4784,i,12616067724191315545,1994761835728583128,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4616 /prefetch:8
  2⤵
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5020,i,12616067724191315545,1994761835728583128,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5136,i,12616067724191315545,1994761835728583128,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4976,i,12616067724191315545,1994761835728583128,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5132 /prefetch:2
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4928,i,12616067724191315545,1994761835728583128,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5324,i,12616067724191315545,1994761835728583128,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4720,i,12616067724191315545,1994761835728583128,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5780,i,12616067724191315545,1994761835728583128,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5804,i,12616067724191315545,1994761835728583128,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3420 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5952,i,12616067724191315545,1994761835728583128,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5948,i,12616067724191315545,1994761835728583128,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6028,i,12616067724191315545,1994761835728583128,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4412,i,12616067724191315545,1994761835728583128,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5144,i,12616067724191315545,1994761835728583128,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5336,i,12616067724191315545,1994761835728583128,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  - NTFS ADS
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5732,i,12616067724191315545,1994761835728583128,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6152,i,12616067724191315545,1994761835728583128,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:1296

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3508

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1072

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3760

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:4680

C:\Users\Admin\Downloads\duxz\Event Horizon.exe
"C:\Users\Admin\Downloads\duxz\Event Horizon.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:836
- C:\Users\Admin\Downloads\duxz\UnityCrashHandler64.exe
  "C:\Users\Admin\Downloads\duxz\UnityCrashHandler64.exe" --attach 836 1506776780800
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3832
- - C:\Users\Admin\Downloads\duxz\UnityCrashHandler64.exe
    "C:\Users\Admin\Downloads\duxz\UnityCrashHandler64.exe" "836" "1506776780800"
    3⤵
    PID:904

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004B8
1⤵
PID:876

C:\Users\Admin\Downloads\duxz\Event Horizon.exe
"C:\Users\Admin\Downloads\duxz\Event Horizon.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2996
- C:\Users\Admin\Downloads\duxz\UnityCrashHandler64.exe
  "C:\Users\Admin\Downloads\duxz\UnityCrashHandler64.exe" --attach 2996 1913431330816
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2460
- - C:\Users\Admin\Downloads\duxz\UnityCrashHandler64.exe
    "C:\Users\Admin\Downloads\duxz\UnityCrashHandler64.exe" "2996" "1913431330816"
    3⤵
    PID:2592

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
412B

MD5
dbc5e06a7d0d0553de1a52ea61a908f2

SHA1
77b40167f8b5d3aed8c35209ae85525d014f06e2

SHA256
410793f5655b97ae183097727b5a93cb96712f281445aa199524127a411e8c29

SHA512
69f4e1735f261642065c06cd8c46603d376a080783d7944fdc4cf8ab68c8d881e99a49cfbd8aa55c8782938d83c311d51952a77fcc555ab6add45a25f8aa2bdc

Download Submit
C:\Users\Admin\AppData\LocalLow\Unity\CrashReports\CrashReport2025-01-22_101333771.json.gz

Filesize
3KB

MD5
b56c5869245737f8e98bf66883640abf

SHA1
3f7a5b35f8a61cac4ff8db119da1a3712fd7a627

SHA256
46969ebb54950615f0750e68b56a0def30e7454001fd41b249f8ba6c64290644

SHA512
0cfccb44db66b31bac4420dbe293057773ac845ba2c4595f09139f1fa70a56f989908868f746f6cd033753fc4384287de14a011958bcf2e1f09fdb0b20ea145a

Download Submit
C:\Users\Admin\AppData\LocalLow\Unity\CrashReports\CrashReport2025-01-22_101333771.json.meta

Filesize
65B

MD5
99d3cbdfd3fcac0e190fe5c4e89af6d0

SHA1
efe231aafeb033e82bcabc097ff16d6ad9a97cf9

SHA256
896ed9859963ed95d01eeb3dfedc59974a917838b7ba8ff22ade6ddd1e6b198a

SHA512
d0cf7040503da15b09c59585c2f8f938a16b7974139e9e3612c931adbcc10138bb2d3c931ec9c8ff34c8621b7422c55d2fadde5dcdbbf150d0683974c9672329

Download Submit
C:\Users\Admin\AppData\LocalLow\Unity\CrashReports\CrashReport2025-01-22_101617851.json.gz

Filesize
3KB

MD5
5315f7c7179e34d338eb99c961a6e954

SHA1
b0a02368babb768b4f5900ae1bc40dfe83c14d90

SHA256
6c281e7fa6e65a63d13eee744897eccb9bafc94fdaf9f030c1e025c469d6f447

SHA512
89993a48dde1a8f339fb2d71780f9148edfa87a95126dd1acc2a5a4b742eae52e2d4a736ec0b3a927ff9e09affafc3c3a69916b90471cc7cda31ce0e168a0aad

Download Submit
C:\Users\Admin\AppData\LocalLow\Unity\CrashReports\CrashReport2025-01-22_101617851.json.meta

Filesize
65B

MD5
c345e56ded333377be1086ae95b34b49

SHA1
742e496c466cd1b50f2ffe6382b760a6c2e7d45c

SHA256
8ba9b7e9e5be368785b3b7467b17bae6e37236067c63798e5f8e703d063dddef

SHA512
74a6717dda3ad106e390e6cfad38c2a4fbe0ad245f12d30343942d8dc4c091057f9b9c04c965c0747fd19e4924245c4dae95b64a5f9d391dfea332e4748d7883

Download Submit
C:\Users\Admin\AppData\LocalLow\ZipasGames\Event Horizon\Player.log

Filesize
29KB

MD5
99c952a096aeb1013d8654b60c58ac14

SHA1
dfec6414badce42ce27a5b15ff94a92818cb66b9

SHA256
acdfec8c1a03857820e5acc5ab798083752ea6e07435fbf976480e7871cf7c3b

SHA512
1ffe42d3f44c6abe48bae3011bc3cd22fffd5ac376b33ac4613dace89a88933a0c98bb37c8f0bd4ab6c1ae433cd2d48f72292de8d7394db41816d12ca37dee70

Download Submit
C:\Users\Admin\AppData\LocalLow\ZipasGames\Event Horizon\Player.log

Filesize
39KB

MD5
3d39d286ff74439bd50640ac943bd66f

SHA1
fc64f57633089f3d2ed4c81702f7e178a05b970b

SHA256
656c8345a960ef854e6d6db44fc2a9f14d11ce54b256d02c3d815c6e7f857eea

SHA512
540612888a03359656b09b763273d909fadb6988cff215f8e8b1ae70fd11c5a958e09ddbf88181e047605cf7edd44d94fbc9b63f5ac973555f8598ed7f3e4c8a

Download Submit
C:\Users\Admin\AppData\LocalLow\ZipasGames\Event Horizon\Player.log

Filesize
32KB

MD5
5129227e67b57d5ffc7a34dfcad00ecb

SHA1
2236e7a3859c2c4cee1018f382f210ab6c1154c9

SHA256
ec96653ab4e06a651ab639aa8aaebd8400ba520331c7a9cdf88312acac593732

SHA512
0f0cef71f055148c1fac2eec9c9d3e25b741b946d38b05f649a8b6fb86c16951423e45c7781d98ffb3abca5df74a0149cfad23e4081d3cdbaaa51e7704194f1b

Download Submit
C:\Users\Admin\AppData\LocalLow\ZipasGames\Event Horizon\Unity\87a9efb6-23d4-439c-8aea-841715919cd6\Analytics\ArchivedEvents\173754066800002.46507fc9\c

Filesize
1B

MD5
eccbc87e4b5ce2fe28308fd9f2a7baf3

SHA1
77de68daecd823babbb58edb1c8e14d7106e83bb

SHA256
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce

SHA512
3bafbf08882a2d10133093a1b8433f50563b93c14acd05b79028eb1d12799027241450980651994501423a66c276ae26c43b739bc65c4e16b10c3af6c202aebb

Download Submit
C:\Users\Admin\AppData\LocalLow\ZipasGames\Event Horizon\Unity\87a9efb6-23d4-439c-8aea-841715919cd6\Analytics\ArchivedEvents\173754066800002.46507fc9\e

Filesize
4KB

MD5
cdb74613ba360954a9e4dcf0e7b12d5b

SHA1
ea9462b4a02d6400c7b6f85ae6bfa9c4c2ab189a

SHA256
8e3dd2086653a804eb781a54dec085bc2b009ec0eaf4f1c1e481139f545a6d29

SHA512
43bea2c828cc4cbff7af4f37d9e61104fb555e69daedac6815b25e4b3d34561055af01358ff9c7272fbc1ec6843babfb842a8047d27b83e7fc49f1162db42c60

Download Submit
C:\Users\Admin\AppData\LocalLow\ZipasGames\Event Horizon\Unity\87a9efb6-23d4-439c-8aea-841715919cd6\Analytics\ArchivedEvents\173754066800002.46507fc9\s

Filesize
440B

MD5
b3f9d658c3ff5c7aa89267b3ec706fa3

SHA1
8e0210d7ae531d05af5a793a35a01ae49c7f1481

SHA256
0bcecb4d6ce75698fc9cdb34bbfe52df5cacbcf2c02ac5ce182f32877ded7dfd

SHA512
26afc9d3c572d64f69ec92256c431c42722bf481833420ca5f41b4e873650c4b5e3ebe3658117eb94790f758fcbfb6f239598562cbddaff0c8109014903914f5

Download Submit
C:\Users\Admin\AppData\LocalLow\ZipasGames\Event Horizon\Unity\87a9efb6-23d4-439c-8aea-841715919cd6\Analytics\ArchivedEvents\173754086500000.9fca9da0\g

Filesize
1B

MD5
c81e728d9d4c2f636f067f89cc14862c

SHA1
da4b9237bacccdf19c0760cab7aec4a8359010b0

SHA256
d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35

SHA512
40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

Download Submit
C:\Users\Admin\AppData\LocalLow\ZipasGames\Event Horizon\Unity\87a9efb6-23d4-439c-8aea-841715919cd6\Analytics\config

Filesize
293B

MD5
8673a8ac0b06a9d056d08d62f857ba4b

SHA1
a351bea1932270bafbe468584058fef20dcfc31e

SHA256
83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96

SHA512
edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f

Download Submit
C:\Users\Admin\AppData\LocalLow\ZipasGames\Event Horizon\Unity\87a9efb6-23d4-439c-8aea-841715919cd6\Analytics\values

Filesize
133B

MD5
b723c8f7d9df0323600210d6fa27ffc1

SHA1
0557cd4c4b2f09056e471ff86abe24392e360888

SHA256
173fcda90ef0a15b104d7627abaf72811dc7cf830b9e2725832f85141e142eb5

SHA512
1ea9bace2103b435262810e51b23937e86f257bc051468942c7797dc825f9a56cf7eeb6ae884a66595e703e82595604eb19e6a779313c7cd718c267b9b08bd84

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e0657dd9aea8e848ab7146c767b51118

SHA1
07586a2f0d5a7c15a26cc0dfa28f65346e49d4d6

SHA256
e402e99dc41d1097be6ee637734232fed9b463e5f86315650ab83b4d0dbd6ab5

SHA512
ea98df74b1d940210ea2998adc9e60a74f84125b88f8ee922fdd3ee7e05f68338f41b01b1ed3f1520ebcdf366d56d4c1f715014b96df968ff73aefb8db48eda1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
3bc2b6052ff1b9feff010ae9d919c002

SHA1
dd7da7b896641e71dca655640357522f8112c078

SHA256
483a3494759a05772019e091d3d8e5dc429d098c30007d430639926c3ffa16e5

SHA512
0b1632b73fd87e8e634922b730f83b7950e9a39697a46a3429f0bebb3f1ebd14c815a4651ee8f663a437d00ecbeb6ddaa47b2fcad719777edf1b1de8a7cad0f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
72KB

MD5
db36ed4adbb35e8efb6002d8089d4ba3

SHA1
6dae18dca2d5ac496b56d22fbfead706bcb61846

SHA256
c4e0649557bb1bfd56490af82b3aedff62dc0fea7b043acacda150bf615a5b8f

SHA512
09d5eaa50811dec0c8ccfe8c60815c49c5d313c65fab682c77f018c33a2de4aa243d1435d48e420ff27991efd1a4acc3066e9b6d105dfc754876003969805ad8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
261KB

MD5
7e6c6422387810f9c6fd8254cbf4fdf1

SHA1
95fd2fe57a592332bd298ae8f9b1b56e4e28c7f6

SHA256
7bff728f440d0108b58205341898a6192202ad3f19821679e63fc09c6a440829

SHA512
ac2dc97c8edc2f4f83aa5c288316e89e3e38fade7b521957683c74be338679bdbb13bc8593ec280e7c34a0501e74604dffd5554dd3dfd218f226c96004211d63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
170KB

MD5
8884dc77f265949fa0cb4c546c950139

SHA1
121c54bfd1a47374819153337005103afc973638

SHA256
2585d84a2b096cc3627de48f997de1b177242d0a20931c1e82ea55372a52cbc4

SHA512
1eedec46d121d73404fd630261eddbbc250c3d241a47f7852b54d980c8e5586f6386391fe4e8d31a752d00f483a38e227befddc7100e728ed1e0244189750cc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
323KB

MD5
f55b203e63d88f6c6e4be47aa9f349e4

SHA1
91f2357a0363565ff43243be7468e52d5b0a99b7

SHA256
6d28cb1a3aae4282ad9d877483486cc7ded79398a396ba36f5dc136d333b4ac2

SHA512
f0c1ac1114dce65bd00585d2dbbc33b102e55b0f76d143d21c925a99beb329c3119a8f8f91d90bacfa5f5ce2e2625e59986af4013275a66655af4323c734dffb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
0cefa15a9ba3986efad7903966891a90

SHA1
4d16319320d4d1ca5937febc05d60a67d4ba7bcd

SHA256
18137e77989bfe308792dc5c1d685b62b81035c62b022d97e262898681b1fe72

SHA512
7229ad05411f25c419b01ccd08cb4aaa85e17133280df65b47d9a007ae4b9aec1fd93d5da155d0c4a53e39efea5a9c23fbb9b159ca760ee86830336d79638d18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
6dc6dd16b35539721093d57bbebcfb94

SHA1
920abfd839152f4ba19593c3d779b56290ea5523

SHA256
ebbe410328f60affde28be3150822b4c2c93f5950205782ba9247574ff0509c8

SHA512
a27568139ac47bda6e44c067400656c0b3b72da9d34f4810298a818fcbb02299de3402997f065246ece80f2ac773cb76824600738e4faac3762c9e7a55d68521

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1c9334f5dfe80dc6045918df31b69201

SHA1
0ca3ba56436d1284ffe85e519305d7460a97a38f

SHA256
525e7032806d31d53144cfa089c44065b58342f4f5510c4d83fbc8c6523156d8

SHA512
90da33b299d4c90ac4506e5b865c790666748b762157a94a5eeba9be59f995c379f8fd51c17cd515d3c5484a76a5c1b66968a09783375b4643c5381756bd0c02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b04a3f15d96ebda321151ed3a42cd31e

SHA1
d273ec52d19adb214552fb410bc5acb2fd8066b7

SHA256
1d2563e7e86cfaa2ecf1111d635a886a33788f316bf73f9beb85ec7c6fd73e98

SHA512
38b4aad60e25e324df1b5a33786ca4a86a90f624ce4bd6c3f378d8e538c626148bd38c632e40b645c8459ab9024293c43c4591584765d0a893c1c62dda7011e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
17db079063a8eb3f1bda13b9744c8fa5

SHA1
020c063167368bbd724a56c8a0c7aad043de1e7e

SHA256
fe9f86ef92a62bff6035a6e828b5aa6e096d214c6e77cd80a354c137e1b0a91b

SHA512
7200056bba9906a765bd33f5b5f9cded24859eaee7f8c57a4118f9d86decd32d00bc72007b578d9da954b922a1a3507a6325cb1c27907977b51beb3bca37e49b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e38280a8de8b68c77d05584912a4d32d

SHA1
4d6bd0e037b7c1fe11490efac8133de5c7bfcbf8

SHA256
21650882de0684c74bf18abc7e27ca71f7c973ef13f03518b0c586224deb16de

SHA512
077df9a80413ad2a5b2ce6574bd168c79fec6c56b59d699af7998abdadda10203b10eb03494d56bcf9f6d499bfb85e18fa6551a02d671c382b551da0e45af448

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6326934d28a2dc91acb59ba803f60eb9

SHA1
33cdd0f5cc66faf484339997f7fd8e712c28ce99

SHA256
e6fff76d09f2ab3cc9c0556a61f85debc40f4d51e294ed6c6f5ce53d82f692c0

SHA512
caa401991889b43f70f3b59ea13e33ca1b9a0fce232f1e67f03cbb961ccae557523ca711cff9518b485dd04fc6fda97cbb4f6e518c56de4cd38632910e59a403

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3dceba5db6020184d46dea146f10e365

SHA1
a36dce2f1b5667fa8b6a13123cd6a9ea77e50c9d

SHA256
bc3ed36a78f7cb05f2758c47b00af8cc9acb4e21acc1a838fd02038bfdf1dafd

SHA512
404445d5e53f1127fba8a8d9bb92d122ab40872354511cdf8e2f947b94740c214bc72f75df3794720eb6497a909c109c8dd94f7308d0cf962a19aa9d838c5dec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
64b44c9d4597cdb78388b4d10db93d43

SHA1
c773fc27a733043294b04c36330caa12c8257da0

SHA256
7accb4554b831b75bdd76efdf92b32914a73c2401392a9549fc0a3761e9fb6ad

SHA512
95b34c0350f27f04944f810e1bc64b12e1cfdf6b681b1592d81c0003e3220a083f40e7724609e01b65bf2b4aeb990d882901d62a82b9071d3b5859dca06efbba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f3813732a1c3ea97c96d5e700ec0ca78

SHA1
dcad1190e5fdee0740fa6d260ac951b57dba9e7a

SHA256
28b40501e74f38a774195faba5fe92a0218f8c1c7737b19701d0641a98feb9c2

SHA512
68219baf9492480de6caafd1ddb67e9e248fa5b57fbe3ef1ba64166dc1f072e14ce83fbac8f32c168c7f91d9e91a8526249a0cec9268ecd2d2f24c8919066964

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1d753ff95c7374754c13f382498092da

SHA1
dfa81e84f567494991ba555307ce019f7db9e6fa

SHA256
c02c0f14256ede8f8e3c2bd548d30f60fba92f265c6548c39622eb578a83dfc8

SHA512
3276bf2c0c7aeabc44801903865751ea6d6f455426cf8b665373a44b66154566fa23d2e4135b648441d093453485117929c670be751c8b1047b4b846fa6cedcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d6f97fc66355bc620edabc46b3458714

SHA1
126c721c3845664b0924743cc3e971fa912e09d7

SHA256
07c058f9bcb931a9b86edc3f62076cd7179681ec32cf4b2c616af83e7ee71176

SHA512
3c5fdea1e658b3e45a124aebbdb10355d9f07c2103d65ce1a98dad05a3267e2ffc209eaec50dfe952f9ad2cc52adaa56d7c958ab81522ce9f3acd4b01df8720d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
535820652a1493c9f844b769425c2d0a

SHA1
18ebbd186c7a189ce3a1c56d291c7929c0688688

SHA256
24cdbac1f3a0fa2d01b525088ffe18670579009768356c3c1563b912bf8e0aea

SHA512
09b55981d7b96625e8ae9bc635dde6b7594a39a09db791b56203f973ef373bbc76ab8d19550074f8f69aaff58075de6434b4a31205d4b0e20c27a5cb4eed22fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a61893285dd0af46e4a4b5f82f4a001c

SHA1
73c44b0b2da25bb5266472955443d3a31a0ee2b2

SHA256
028f1f9b69b675b7a76d448c83564f8eeb1596fd455e85f9c106ac49cf5a2c7d

SHA512
78bedd0fc606f33c8054969398615b3b26ad23261a00306a07690288edea02d1bac3bad9081b6eaf0fc5b4b9eff142d3997baf4467e00d6268da477eb53ddbe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
407aeb2b5df2016e701c7bd7a11ffa74

SHA1
5851e426ab5193bfa89737699b847b3b2a110d7e

SHA256
937544ff72fd9e19147e57a32bdfb2040fbeabfb1b5117c169ef039f7fde797b

SHA512
5f0249b76df589b1814043860ba9b9b2041b1d8b842ad6c6376f18281f20e25f2706e7f01b415891aa437c9234642df5085d4d8692c86dd6caf37a62f165889f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a758da427d1eca1456b62a8c925e44d8

SHA1
b55cc27167f2bbea5d86a6c34f0af702d3b2a5d4

SHA256
65014ea3160de4fb1e39132ba5762d138936df439ab0f958267908d957b86d72

SHA512
941d55095069a2675584addb771c10961f5a17cf17a70a8abbabd2181b1e2060b9275db6f99c4f6d69d7e895d19777976b3ba9ba8222663f9c78731c2f7b5456

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1510e1fb7395dc180116805ad029f1bb

SHA1
8101440f3cff516ce97c994b36eb3f044f733a2b

SHA256
abd4aaa978a18d73dff831ee856d7625aed2d38bd4b344761fe0422f56bd8f1a

SHA512
fb48b47f3847daf30c5d8b2ea8b82e334a32d98aa98ff2707d662af6b7f503eaef208931acfacce7ca23333a79815ed73d9f0ee6796611d4ba4a641ab3ab0f6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ed2687c11d99b6a9992cb15f2f02961c

SHA1
30c6d803a09e103d6271c3fc9c038b1c11100348

SHA256
72110b7472c63582bd8f7c1393d44f8b5a94f4f770067c111303fb0fe08f4d2a

SHA512
fa81a9befd8c3ee3d9586c070f134cc5d0e11bbddd27559f66a7040fb5ad9ba80c53b1dbb2f70dd8af59b601b18ab4dbd843ca7266566064f42ca9e7879ea4e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
60d23d3f19d4f01de2c846ad3552ec34

SHA1
290507f2e8a5e19115e30c480abb2e18a1ba13e0

SHA256
d18a518c45439b8d47bba0149093c53e0357619dfa9c9c964151323fa349f3e6

SHA512
e711ec12a573bb3fc0485ba0737b5fe8773d4eadf3257825e116d68a5f1492e919d364b6601f63f7d9aee9bbd4b024be9a3b5e874674c008494ad479e719b2d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e2ee9927744ad4aa35dcea9907a565ad

SHA1
e677f352ef62fbf766ff211c1bee4d13c27bb07f

SHA256
e22f227bc8bcd48f1ae309b0a5baa92f86bf3028059f49a2a60d75b44326059c

SHA512
f8938f12c744de246d9f550247eaa4497c6394c7c3b2112c1d6efaf3f31de25719489a82c3a0dc9667292e72f9d819c7b06acfa11f619d5f842dd5f4b4cf165b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c9822ca529c2b890b520bdd7f9c54380

SHA1
0df84d24d179495cf9f403b7224d14a8fa791fd3

SHA256
447113cfc7cc67b8ddf09c3ad6c1524d1bbeacdeb8610f63ae4189b3421d1790

SHA512
ce9eaaf69e9be3d36d65a8760480b2991f53ee39200ad02f0e3a04ddcb3204704a56db06f42589443806f12ba9e99eb1b3342f2d7c7dec0e2a2a1c74eaf4b54f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5b5ba7c25d6f58d9482f568ea9e05810

SHA1
e9e2696ca3a9b5bcf25290de65dd7a8020639aa0

SHA256
9b4d28f3b5833a1ff2d7190d4a6f0189be66e59c3cee6ab222c7a194f3c6fc78

SHA512
1024d60a389f570eacd4e715d0c6d6674adf4a3bf07ff2cec21e46910f9be92c348b0727f1a0f98c79ea19395583b15d85fcb1cfe5fdc4d6ae5e80e71a806e30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
29395b5a57f347ce875733d7f2d4c449

SHA1
73378ea7a07aa2013770c252ac117435ad641e53

SHA256
858e8fa667e5af52df3e3a8bfbfdea751d1ef510f06bbeb9d88b57fe498f6989

SHA512
d2bf8fe70a0cf5a136f512a22362d28b17874f4acebb1403be6f229fd64f9fc16a345ea52f73cd7ef40b8ce77ced91391f7424fe0b5749b064d744aeac92454d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7465b5ca4e109fd9ab9fc3c1cc661e65

SHA1
8551b35a66dd325f80d9fd7477a2b50b407ea710

SHA256
d19fdf6520fb030c5132b05948d89ae7438ee5985460341a942b0a3582e07784

SHA512
bfded58d6705e8e9039d8c342b5d564b6f2056b8447b5b79037cc8fb9e250eac518f58da84a6945a69f3fbc6681de5a94073d8fccfdbfee1176d63c532c1f5bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
63d81270cc64bf348ef97590056c3ebb

SHA1
46b8c71c23c1f1b74bda63382bcf6339fe0c1f96

SHA256
8d7d7c5f82607db7bf43f64e886735115101a226b47875a583ae1018dbbb0041

SHA512
0ec4170c7b254117551aee203d0bc59986f795148f6f4b300d8ca7b57e35a9f44ca77efdca0039e7d6f6a7ef350d161f527baf8866683cb0dbdb43626267b2fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
be1549dc8d34fcdacc924401215c2e4b

SHA1
55249f53298e05d7b88feeb295c140cdb87f2c65

SHA256
ea413273137ec44b82e911cd1384a9eae8d7709998dad93305b396a8c7134525

SHA512
aa17143efb0f500dce61e139827218be007cbba1b3fe97a9aa8dba32fb83a03f6637e3b928f57a8c4b072950eba2a07a134279ac0890076255538d166a0f4bd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
32603b57b106c6da987ed97f3f927a22

SHA1
42f2964b65695c78a2a8961657f60ad07c2c5132

SHA256
03c3d8c05689bb2912c8bfa2a84891d85b929ad577e82b4804294021e445db90

SHA512
178f7bb8e8b01d98d109f9f0f7ec6cee400ea76e26c9cc87d4f1381f01d1a419d8f045c2a244a711a223194d9ffa0a138c93e29ce12dd02f4f7ed1d0ae9c8ac0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0b1e52ffd366671ad404e8668c74af2b

SHA1
05d715c84343d8568556833206514082a013e0c2

SHA256
1eb6f10e4192440c038aabe9622476c89c5724ac1be69305d7eecbc59474e16b

SHA512
82de4f2a299d87a671be09955f15350c51c1578ffb1d0ac3742c458b6d3d955791f52132d5c6c4b71ee22016b0124654b82261e72ca616acbf02a5de7c63899c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
eb3208f06fc58d185774516d74c0a274

SHA1
b270d242b1d703305c4675c72aaacb34b66d627f

SHA256
bd52551f2c72770ac61be58798136df83d636652743f5b977bd2420f51c9618a

SHA512
e382f3e61b66fd031fcdbbcad48808009dd639563deb07a238c52f409f87cd73fa3e7b632473f6de30c070041c1fd1b768eb0b288501599298ef97e18c8b7017

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
052ddcf5d97d87276abbb8dd07a0f558

SHA1
3f4710bc2fb7945264d4d8edda587e9ce4e9c33e

SHA256
8517e0f23808b741b66e950e0ec4ba7c1038c3114f101fb28438738e888295d7

SHA512
239d1e82e6b2017575fcd189e066cdff2cd90ca2c2b8450a38e06b88d6fc0a2746ddf65e763d949b0d8b368aae39b4c5be0cac55de2e62a031819f69d00ca33b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
39877e15db8eac914d0eabf6cbd1b0d3

SHA1
81426c6389bdef1a24edfc2d3304e574e7ac3982

SHA256
87d3c5bb924fbaf71e7548222c5b5e0408bce6e0d6d873043c768952a854e74f

SHA512
9a05a9e907e4403c837d9056e2c315289d57dbca4d0c3fdea683d9f73972f94dd5efa11bfc88780ace9ddd367568c9c836ed22bf3ca9d0fd191428ab91c4dba2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
eeb6845b11dd50b22c9b073d2ac7bf1f

SHA1
6888165d85d387cc8f5c9fc0e1e092ac0a40b1fd

SHA256
84c03cecf70bef4b11e1a1a0d0d529511001b0312f559769bf83df15ab5c0af1

SHA512
870a005d9f275063c5fe838dfc3c9bf54cca0d8ccb523618ed3ac6a7dbeeef95186c12922b215c5a41f3c7b9ee2c60c3ce7a24dbb4f5fb159a0957ebad75a72a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
534e618c56b80c437280500eebffa358

SHA1
5cc12b765e6c6453206dbfc797d49b9f0b5838ce

SHA256
02fa926962aeb572371d2c027a5ad7f6165f5c18d93ccff87f0ad2e14a8c0a16

SHA512
4df8d361c409efcb603e4290c5275e22c2c126d8883e8916b7bb839e01ddd81a0315063206bf5116acef7e8658ae83cfb045876ca5459ab99a0d428cd676bf87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f25516d89e692f3cfd6deed8df1e45d0

SHA1
1fee23a844390fda2b3a7c5ae50ed48c05809955

SHA256
8d18d3a3578c920cf014443519cf35f783c35e84ec637aaf5c82dcfad55e65de

SHA512
553c1b62c95b9b34da7a077b431e740731d32c2865b10ed583e1574ecd07ed24a0e7178352c46ae41b6adee51d4173532ba304fd4f7d1ade1907a8d1a8674dfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c0f1053a1b01d93cfb4609d245a59af4

SHA1
b90fb97bd512fc7241fb758648f3139a5ccb2b41

SHA256
f2312881635454dfd230dd76da16fb5483b3b5937e31d23228a734064897f20b

SHA512
71dde49f506bddc4e49b867672a2d2ade7512e95d53b8a32131058d0cc7593c8e8ba7214d5c3f23ef50ee6800a0003bba60305052b4157566d810c0cd912eae5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7211ff1397165214c637cd15d617a7d9

SHA1
847f719f3d44475c956580f8c8930084286286a6

SHA256
7a24a24df769efc8719245ff5b01214172f10f1544a14283d21890fc5fc46a0e

SHA512
de3776d331d088e663bc0c0048669d454e7c402090154111b6c3890b9bfaa44d2c8b3d070db56c3ab41f37343b417bf7a3370925da2b182c18ed35d2116a0186

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b260ffae1c8ae646324316de267d0f5c

SHA1
6e668a6ec457e001debc930053567b93d18b84b6

SHA256
d75623e3f892d041a23725f9fa6e49d5cc5ad09b4978f71c9a6a63043625c9e6

SHA512
777169efe5f859bd4f684e085e68573b5d555cbcc2b204eeda572fe60ae5301b43ea75a76c8bfd270965646b815a97b18bd3ccdc3ee2521e204cb8dc241eba6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ef9d03474e9c4f18b9a690dde1df7e20

SHA1
4ab187f070caa27ce596837dc359e38b9fcb73c7

SHA256
7abe0ad71bae30bf41f39515bcc5b084884a07082af72dc6c42c38a246b9411f

SHA512
aa5ff570c71d0489e2235b5b4cfb089c152c22106cd827562e138643de23848d53b5596b9f5b43b17c63a062b5572204e620b3dec15b0434382f1fc066854337

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6140bc111f409ad46926f83cb4ff30a2

SHA1
01115dab9db1fc3673e99b9975bde7f7ec7e7014

SHA256
822caddf3b84ebdacb722791a11c29c01cc3cfe4a20a2745adb40ee39175819e

SHA512
e01654e5fc46378224d78926d73744ece964d1b5192949a9d71d9a61c36a35a8f746511b176588810c6e1ac8639d32bea71758af79b9417ae4ef524f6f0058eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6e707f8e631cd860d83006a268f2eed4

SHA1
7ce64fb37331f8b943b6b704caede0b0366d030f

SHA256
3d403d73bddcc618771a9cc9b14481938ecc22d36f190fe6b1f009d069f4a6f6

SHA512
7bc8ce91c68181e3f7bc491c9e6c3b2896c5fb422d48121fd8330dc59321475dcacb67d994875065161954501daef4c9a790c2b4db9ed3e9d3e56a9f9f95f768

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5e34755fe55430ad64ed6ca365963a46

SHA1
36f86b97c645e05781339d2a868df5bfd73c755d

SHA256
250a33081ccdd6f6fe0e1375b28ef8c13f73ee6aa8e09aa109a379ec4925ff27

SHA512
37d28f77387930666218a748d825657e7e1a88dcbc485921c04439555ae06429e23bc5f4f50460b5238921af19a202bb42f380e560250b0dffdc3111d1cfb866

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8d1aed28c739a95d7cf6cf6787919931

SHA1
01aadb613287f2df24d8a8046f5fd8a12d663ea3

SHA256
6849d9f99ec2a19bf0149017d569656dd6698ad135678523634522310cd3149d

SHA512
47f551d47ff873fae9ec7a8d448de6698756acee6e06a2a6196aa857cd9366f9230d11401950ed3ec050a8615d71ca872a09caf6a9a7d89f1753585832a63bdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
77d30896137d6a21dcb92092b6c3f53e

SHA1
80a3d8a76b18bb539eb13e504f7cb844923f8f75

SHA256
4cb37527346409a8499754218497475c266e1a12979d73d21de71aa73bcfd68a

SHA512
cc61ee92782787ae51a2761403a63d7379ad2f77831895ae1e92b6dd4de53abe30232c286714292e267c0c24bc752188ca190d608ddc88111c004126ef001b31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
634ae1da2cb086e57f4b782d484aa127

SHA1
16e91f1834d8eab70bdcf1df3e799991fffa9572

SHA256
057890ae943e93708f2267d44bd79ed7865fcc160bb09dbb9e8d3c0ea4a9077e

SHA512
da96620ffc76cf093c5439c4d7d741bee183976de70328729dce9ba391f8b7c85c488945ea37da59deebe973f31f69a228850d61537db53500cf7c9a5f2cbff3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5c696667d3fa2b1ed65dc78c954ac49c

SHA1
abe90f163a522c4e77709b16c3ec6ff2d0b21563

SHA256
e742560be261f104f9886262506eae47aa972c7560929cc09981ffccd76e5e32

SHA512
7fe09988a72d04a0a513d9bc9bc46303baf97f158ff45515f93fd9e6a7e5c01f9613f869be09a4976ca9c99edf7bc36d6862851225f6fad3c476b9246429eadf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
480e6c42ffc56cf1db03a9da77e36330

SHA1
186c79b583d41136826e3b511046fd4d0aa6f1a4

SHA256
458afa11ed426122f033e29f16f3bb0a506ce2f9e86d7ccddf8d8a905767f8da

SHA512
a1799abd9a47db8348c4903f9aef7fb073df44e43cb2a27d070d667dd02992fb152b6346f5a07b5ca38eaa2d65373a05071ad67a0c8cdc283b4758173370efab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2f09af97ccac9c0df36782943bc27772

SHA1
8cc74191b25d059e6f091edc43ff548393e479e2

SHA256
eb29279895e5ad80bf8098b488afcd29a10782bcb9e9b42fa16d9ec40c539830

SHA512
cee106946b53a1ba693ffa9d54c432ebd738fa0957706a565750654e745cd83340bf08e89342b4cc5006376d8bb48c39e1b6a13ba47dcc8f5458267c456b089f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b7f3837d7e10e36b14d2fec5345c5966

SHA1
8856365c69798eaedd342f926a79db8efbeb78bc

SHA256
73758ce178b42fd1f40112f94d7ed3f245abf82fcb77f1791b9272e04c36d571

SHA512
cd2e38525a9139c7c5c856b9fd3e897d55245e502fc294830e2c72be62d20071c2597f8774d94897303b8475a8982cf7acf22bcc81124d7da7cc51e0fa7a5f3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ee2b68bad8fa1c8c2dc5158a216553ba

SHA1
dd80eea7005e88c854353e9a8a924ca88c6afb3f

SHA256
55b242674a81908940338e2cb2e4d26df2573e4bebf7c1d329aa1c2182302f01

SHA512
e691c7f1d07991170c6405ad8d7e060e5b98063337d06a27d5b3695722d4f9e590c7820106b87b9e6c090a5c55848db5ca3bb61f1fa835f3fb875ea901eec13e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c7ae9dde3a32e491fd08d7f73c69d668

SHA1
364df707e5cffdd7c5ec48de46ff7c537b8567eb

SHA256
4823269bc6f57b642a5e9bc25486b46e34f750f11b87a046f20d02ba4100aeb5

SHA512
0e8aebfb2eab01c85d05c86a29f3544eea14e68f9be81bb1d24d0e17e0ab131af1fbf6abf07f6b082b16bf0511769c746a3930afdc7fef626db89f3412ba08cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4fdd88a6bfb3ff5d2ae8edb87cfbabe8

SHA1
22b07d0772e0126a4b2eef05dee12c0030f7c320

SHA256
e71f927bc3918eab2eb7cfc3a22879a3cff92996b742903b64497f081d575203

SHA512
0c7cc298312cde10c43d7aa6cd84869fe3acbfef26fa4e33d0e32d7d826152e9bd6272a53432eea505d2d44ff2e69ac093ecf63a83315b20bd7bbd8c6c7d08cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
51cea9db559fff85094f1f6d8243746a

SHA1
0eef1cc926223274dc4cc65bd29f0cef1d29d008

SHA256
ddf386d725be3a159f43551b4c28d34a8e5870f6228b5d94c450bed21c27659d

SHA512
5a3b0830c17a3becdd53741fc298f709620170e9b31e08d562a197b61940b90e5e580602c66f70f86bc3103b4155f7c75668e7bce17783bf177e3b0cf63fa164

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4d2ca73d56aa73a37463d5260329c91d

SHA1
ab55897dc8250a801b8ab3cbc348fca16d0b3669

SHA256
596dfdfcf3c0a6ebbcdb20b9a44159171aa4707f20871647926537326619b66d

SHA512
a157842ce363b4c3ee473a6dca2c3139fdcb4948aa0c10628567596767cadaebc1ba4aa48c7aa27dca9f77587db37a8f2df0a86e07dbff7e2b3f6c7fcd4182be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7b323742eb81712fb94d5c7932fca12f

SHA1
f682c0a7fde179d66227211716b3a26062d84287

SHA256
e11aca49aeb6da7ca338edb3da7e97fa99efcd48e2c6a5cee37f26bae1ead326

SHA512
a8a71b9727be3f5eeed6be3b958b1ab6779f373ac7f5a4e9d95dd22a61fa372545c59ca2102064d5bdb28778741e40bf6384a03834f4b9d8ac78361f71c2b970

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
554314a6d2355cf5873b960ad24702c9

SHA1
d33318910b857a198f7a3b076b10e3a866f68eff

SHA256
37fb5b6cd18d72bf6d6a31bbee64b5e7b4f5b0f3645d258807967fa38feff525

SHA512
5bf4366768cccaa2ca3d997c53266734013b8f1eaab0c38152328f0cd1b37b8593cf34117eba89c6bdf53f8ac6e25d64bce38f00aad9493dad5588dd7a724e6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe59cecf.TMP

Filesize
140B

MD5
3c47c512974068a38d81c96dcfadd30b

SHA1
63bf3332c6651f89e7a0ad4079ae6af60a840141

SHA256
7377a6899f0aac7f52898ba0c4b7af5a4c8ae278dc16f13a3134f761d475b65e

SHA512
e805100bf8e12642b13538c65aba35b843dd02404fd290ef62503a65777836c827a703b043de51fd0a7074ac87fe78ad4ec6b6675986c0dc2091a1c065acfefc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
77f4ee27f321e77c6e5c52268df0cacf

SHA1
dfb5e60b50e6331c9946bbe8e86fadc7d7479856

SHA256
f1a0d80deef694699edd0e1bd0e327495164b29ebabf1c5b403cdc5ce7fc8113

SHA512
ca0fc7b0049ff0148a83667b00795da97b1101b8df81f63340705c8b866639c41b53e6f816986e1882c95527186ae7615b0135871e7076f35194cb71def74bd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
f8cac459b707179ea526753d1632adac

SHA1
394787da78308907edf3bb07a9c5bcac08f6c29d

SHA256
e3ccbc673cdffe08b04b55da15fc1b716f7277c6c94d9e90a88ec876989ceeed

SHA512
5f4e81d47b339ae1066a5620421543b0262da92594378bb26d6cfd4c9316ffc5fae59fb656cf95ca730a602d2acd8c58c6a3006803cd350c43ae2c9a82479acc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
5826d565d08da1de55587d86c8baddd8

SHA1
99b6141c988e8d8f09f38b837738ed67b129eb67

SHA256
427d5730aa77012f683f193bf60ef601ded62066bff14a0df14648d60fd633e3

SHA512
3f8181aa624720d096eee05fd8df97de50b2ae3e1efba4643e77f91ca0936e159b8c8c547513081b2793c7bd3f6d35eb3663c402d71199ba5111e8fe569e6309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5431d6602455a6db6e087223dd47f600

SHA1
27255756dfecd4e0afe4f1185e7708a3d07dea6e

SHA256
7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763

SHA512
868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7bed1eca5620a49f52232fd55246d09a

SHA1
e429d9d401099a1917a6fb31ab2cf65fcee22030

SHA256
49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e

SHA512
afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
533094ec30413eb56d3e7db85f83e821

SHA1
afb86f4367ea986baf174e232576592e56c8383e

SHA256
70f7bf103cb3f507dbe94f6d7de10adadf0f8924631830f846e55750adee01ae

SHA512
81f572527ed5d11b523079dd9b66d8f7d69d01ae1cedf1f46118d4f61cfca82cc0d4f70402d8cb1f30560eee087976902d3a093ce3a4e5fefc9e68bfaccc31ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fe0f92704455c5533383d13819434c0f

SHA1
bc1a6602189b9c919e64831b41f213ffde342af8

SHA256
271cde0227cfa55c2ee62eadc3d0983c6e9de5179ab4a96fc0074df06c9cb4ba

SHA512
1bc3c663a9dd3be2f70b600a8097c4997753a4a9393bc6087078fcf4b03f2d56b6f5ce1150be8a0dc88fcd88e092cf5d770bcad47bfac838e54b1176f2a2367f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
45bfdd7c8c870380c5f3331f01998336

SHA1
217f78bcb8920415ebb103153653a2ccde5e10d1

SHA256
837425458a96e6262f414bb9ab76d29f6fd1ee04da9ba785f49f3ebfb869591b

SHA512
603509f8bb5b9a3d93f7c5e835f6abb26d4c2b56abb277e8c650c7ce8aff2465bb3ded328c270afffe5115d6d9398e0f40dfa641a61dc8cb0bdd660be3716755

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e0c425b29238c951614de04cc7791d00

SHA1
bbc1fedc1135833ace1313aa8729129ae82751cc

SHA256
907ebadb56a1d2da141b4f388a0636760baf4f163aca78be956fb352e04b500f

SHA512
49f3b0b5a12273695e00af359145fbfdf47de37e5ce46fc1d06ab1297c7d7279dadf16b597ef2679ba9adfb004c464ffc4d2b76abdbc9e57a0c50d598b29c9dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c2fcb2df3f700cbc54bd617dbc16a55e

SHA1
921f7554051652d282000bf71330b15d0ff53f18

SHA256
f077d0b4dfa4da403daf07f8c6cb20cd5c93c5418043d578600bf13b0a9be042

SHA512
b911163ee32e77e224d86035df855138bffd98de499acde2e8ba5b647f2e17f106e47106b7463cb33d6f8d2b7ea4a5e4cf82c61a32863b15e655108731c18438

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ee554d16b3d04dbeccaff1efe65869fc

SHA1
93f494f1bd0b30c74463c6c24fb72a25ada18d74

SHA256
29376bdf818dde1817099889458e01d07eacc6b7e37eff288a46b2d0d2cdc05e

SHA512
4b44274bb2c6be20ffe677de61e3eb0cff0b4796a7799b494bbfebe0936728d89d3c691a8c6bb5a62360da08042fa95c2b3bafe9b84293541acdcce9ecad1c43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
02a75a00a30acd294955cc41a86cc90e

SHA1
581c442838ddf09ef6f963fa9b394822554ef8e7

SHA256
5f6d6d2b618aa2ee6a95150e899fbaf65791e8d9d465cfbb236199b85218d7b5

SHA512
e1270848f0763b0e29e956a48b2fe7dea5be483b598dc41302da3d299e0c8610299314678322419d34865b02a336f48ba057043fe49eb78b39e8661cd2547eea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d3bbf3bb7ce601a778871ac4c10473f0

SHA1
b4dbb261eaedb836e8a510479027d589edb4a087

SHA256
7483f6e211d2ccc427a76008563d74b373516d4c71c3058f0736472da2399beb

SHA512
e74050086d6b7ee2f6a49895d77d0ff1287a1546ccf811c1153cd314acfcfce3b3ad1f354827b1fbf04eb4cbc36a452176830afa63f9786339a4cdfa3e8646a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0b87c176f797d4cf0f50792f9088a659

SHA1
1e0cf75b5b2b047711c8970292d62a806f78c461

SHA256
091b8a8d477b07044d0721e183ff826d38c2ba9a8476aa421cf3130a1fd7cf24

SHA512
e1f3a619cc0e4c072bf8fa6a36669e181adfdbc9ba625a376774ebd5c8f04676f66e7f13cc0aed6f07339e11621a14263d8122904f291bf68836f544ba81a05b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5801c0.TMP

Filesize
1KB

MD5
2797426013e9bb568eb957aab4cd94fc

SHA1
e12088c2e7fc034b582d19f09a375d12d4af7321

SHA256
97fe24a11cdb297954f4b61563b5bc0adf47a8029af14ec482bf7b6c89bf786f

SHA512
37c40ed8aed2468bf50ba6e8aa28be0b673cf2685b9e0bd448de686f78a10bda68fd4bb52d46fb789753cfeade7cab568d67b215c1f6abff6e6e1511fd52f347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0903e4a419c900efb5b22046206bcac3

SHA1
948f3020f6b84b4dfba3a2cbd3a13697b600828d

SHA256
311862132a870df89fcf6a83f14bdecfd4f6e3d0c3b310a26f0b1ae3fd4fe8e3

SHA512
905fa0aa167da10938e90c6ec301d8f5366bff642b823f8d2e237f0b8f8d6949cffb6ba723592aafde2c7a337d505870627008ed943f017caff9454fc49d44ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2425fd5da53d6f681a00557dd517464c

SHA1
c5c31feb7c645f1fc6066e31431521ede7c46ccd

SHA256
df9b01116a19a6304199e32bc78ad0945e6360a4dc3ffa69ab778c3fb1193afa

SHA512
c5d2f5bf1d4200fde2e855842d0cbd90b7c072e61ba471ce2c696a907678cd8d7bf2f5e89e4d8ef978be4c47a5955b936e07f576424acc8e0d420eb25352c273

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9ce5879c327a522abfe0f9321498c9cd

SHA1
ebc1bbad1bb4c3b339f365963b166d961b548f42

SHA256
36f3594a79392812b1c0d6fbd95d8500fc2e74c53f1bf00331a6c7fbe4c856af

SHA512
7711efbd16fd6f1446cf9e33933a803d00f1e4214d8b64e53b094f93f156397bb3349c1314bf2a852d7b2816433c6e8f5213f3dde1474a3847f365550ba7c135

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
1301a13a0b62ba61652cdbf2d61f80fa

SHA1
1911d1f0d097e8f5275a29e17b0bcef305df1d9e

SHA256
7e75ad955706d05f5934810aebbd3b5a7742d5e5766efd9c4fc17ee492b2f716

SHA512
66aa4261628bb31ee416af70f4159c02e5bbfbe2f7645e87d70bb35b1f20fa915d62b25d99cd72c59580d1f64e6c6b5ad36ace6600d3bcdb67f45036d768ed8b

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
964219fcbf4c1e0008bc5e05686367a9

SHA1
685a0b860afbfd43305bc67763e41b296a22ba8b

SHA256
4f4388ce8c3055db4827ad4b6d7d6ffc7bead99955a3fbe44ab3a5454651ae25

SHA512
2745f64b2bd54740a5c1f754785c39eeda9b6b5112707cc8630ba188638442de7c636446f750aeb340905d9da26f96ee4e7f7c96e2b690058ce29d7b6efe8c16

Download Submit
C:\Users\Admin\AppData\Local\Temp\4a126367-8fbc-4949-9b12-9e1458d0e1e0.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir848_179012603\8d80ee1e-3d3d-4700-a031-14768e0b06d3.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir848_179012603\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\Downloads\duxz\Mods\Alien Infection v2.9.1

Filesize
23.4MB

MD5
94d33f641aef96f5e13d68389f7b70d6

SHA1
fff8b24362ee2e55d5ecacab6a55ba0d88dda26f

SHA256
41b22d615f700fae300a5aa7e07a53a5b40e0bf77ce8fcfca2816167e860096d

SHA512
0eaf4a43de5552f6e991de8567e34f5b92c2e75d6b6456e0a8211d7913908025302eae9d4b8d6d2aa80af6e52404a8bc508c961b581e190358a145f8f751d2f4

Download Submit
C:\Users\Admin\Downloads\duxz\SavesDir\savegame

Filesize
395B

MD5
074eadfb8bc3b43649f0c4caa7e21b18

SHA1
43ba244d56e93cba70c742e2ec242658763fc186

SHA256
b883f5d84c158fb8452f7ef61b55dcf9de84c0d69ac1a77a4e1a9233f8cf3356

SHA512
e5301e770dd13c2f640eb02d72e0eb6906362bfeedbbbd5fbb8536af23085de924ddf5db2f7f332dc908f82d15149135524ee029a8b689c1525755e0fc4d370b

Download Submit
C:\Users\Admin\Downloads\eventhorizon_win.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit