lumma | hxxps://download1587[.]mediafire[.]com/isbdow1q10agmIjzpX7lDS6yJQf_Sk2fSP1Dpq9gj50plgqhfakwzRD-s5LjoYZ5wxZYHEvvaZimUo5_4nqzzC4qEhm3JhLqNEv9TvvfTsOXEUUrW1Xm7mSevW_ESeWcqDas5VC8rrPRNrcc1ulrkseIDyBHBfgWyoNb_AcgBitD/dkjj444qws9swj8/FusionHacks[.]zip

Analysis

max time kernel
1050s
max time network
964s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29/01/2025, 11:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download1587.mediafire.com/isbdow1q10agmIjzpX7lDS6yJQf_Sk2fSP1Dpq9gj50plgqhfakwzRD-s5LjoYZ5wxZYHEvvaZimUo5_4nqzzC4qEhm3JhLqNEv9TvvfTsOXEUUrW1Xm7mSevW_ESeWcqDas5VC8rrPRNrcc1ulrkseIDyBHBfgWyoNb_AcgBitD/dkjj444qws9swj8/FusionHacks.zip

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://toppyneedus.biz/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral1/memory/4460-96-0x00000000009B0000-0x0000000000A32000-memory.dmp	net_reactor

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Suspicious use of SetThreadContext 7 IoCs

description	pid	Process	procid_target
PID 4460 set thread context of 3056	4460	FusionLoader v2.1.exe	106
PID 3480 set thread context of 3060	3480	FusionLoader v2.1.exe	112
PID 316 set thread context of 4608	316	FusionLoader v2.1.exe	116
PID 3532 set thread context of 4604	3532	FusionLoader v2.1.exe	120
PID 4412 set thread context of 2000	4412	FusionLoader v2.1.exe	123
PID 440 set thread context of 1464	440	FusionLoader v2.1.exe	128
PID 3952 set thread context of 1476	3952	FusionLoader v2.1.exe	148

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 7 IoCs

pid	pid_target	Process	procid_target
4796	4460	WerFault.exe	104
4968	3480	WerFault.exe	110
2492	316	WerFault.exe	111
5084	3532	WerFault.exe	115
2792	4412	WerFault.exe	118
4500	440	WerFault.exe	126
2800	3952	WerFault.exe	147

System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FusionLoader v2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FusionLoader v2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FusionLoader v2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FusionLoader v2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FusionLoader v2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FusionLoader v2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FusionLoader v2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FusionLoader v2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FusionLoader v2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FusionLoader v2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FusionLoader v2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FusionLoader v2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FusionLoader v2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FusionLoader v2.1.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133826230207478541"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4089630652-1596403869-279772308-1000\{5D0489EE-1051-4156-B52F-0776B6B0E7DE}	svchost.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
1180	msedge.exe
1180	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe
Token: SeShutdownPrivilege	1112	chrome.exe
Token: SeCreatePagefilePrivilege	1112	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe
1112	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1112 wrote to memory of 4992	1112	chrome.exe	82
PID 1112 wrote to memory of 4992	1112	chrome.exe	82
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1300	1112	chrome.exe	83
PID 1112 wrote to memory of 1396	1112	chrome.exe	84
PID 1112 wrote to memory of 1396	1112	chrome.exe	84
PID 1112 wrote to memory of 1732	1112	chrome.exe	85
PID 1112 wrote to memory of 1732	1112	chrome.exe	85
PID 1112 wrote to memory of 1732	1112	chrome.exe	85
PID 1112 wrote to memory of 1732	1112	chrome.exe	85
PID 1112 wrote to memory of 1732	1112	chrome.exe	85
PID 1112 wrote to memory of 1732	1112	chrome.exe	85
PID 1112 wrote to memory of 1732	1112	chrome.exe	85
PID 1112 wrote to memory of 1732	1112	chrome.exe	85
PID 1112 wrote to memory of 1732	1112	chrome.exe	85
PID 1112 wrote to memory of 1732	1112	chrome.exe	85
PID 1112 wrote to memory of 1732	1112	chrome.exe	85
PID 1112 wrote to memory of 1732	1112	chrome.exe	85
PID 1112 wrote to memory of 1732	1112	chrome.exe	85
PID 1112 wrote to memory of 1732	1112	chrome.exe	85
PID 1112 wrote to memory of 1732	1112	chrome.exe	85
PID 1112 wrote to memory of 1732	1112	chrome.exe	85
PID 1112 wrote to memory of 1732	1112	chrome.exe	85
PID 1112 wrote to memory of 1732	1112	chrome.exe	85
PID 1112 wrote to memory of 1732	1112	chrome.exe	85
PID 1112 wrote to memory of 1732	1112	chrome.exe	85
PID 1112 wrote to memory of 1732	1112	chrome.exe	85
PID 1112 wrote to memory of 1732	1112	chrome.exe	85
PID 1112 wrote to memory of 1732	1112	chrome.exe	85
PID 1112 wrote to memory of 1732	1112	chrome.exe	85
PID 1112 wrote to memory of 1732	1112	chrome.exe	85
PID 1112 wrote to memory of 1732	1112	chrome.exe	85
PID 1112 wrote to memory of 1732	1112	chrome.exe	85
PID 1112 wrote to memory of 1732	1112	chrome.exe	85
PID 1112 wrote to memory of 1732	1112	chrome.exe	85
PID 1112 wrote to memory of 1732	1112	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://download1587.mediafire.com/isbdow1q10agmIjzpX7lDS6yJQf_Sk2fSP1Dpq9gj50plgqhfakwzRD-s5LjoYZ5wxZYHEvvaZimUo5_4nqzzC4qEhm3JhLqNEv9TvvfTsOXEUUrW1Xm7mSevW_ESeWcqDas5VC8rrPRNrcc1ulrkseIDyBHBfgWyoNb_AcgBitD/dkjj444qws9swj8/FusionHacks.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffdcc7cc40,0x7fffdcc7cc4c,0x7fffdcc7cc58
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1996,i,11361368768676116483,9982246981911033019,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1744 /prefetch:2
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1880,i,11361368768676116483,9982246981911033019,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2036 /prefetch:3
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,11361368768676116483,9982246981911033019,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2268 /prefetch:8
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,11361368768676116483,9982246981911033019,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,11361368768676116483,9982246981911033019,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4780,i,11361368768676116483,9982246981911033019,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4444,i,11361368768676116483,9982246981911033019,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4416 /prefetch:8
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4568,i,11361368768676116483,9982246981911033019,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3288,i,11361368768676116483,9982246981911033019,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5268,i,11361368768676116483,9982246981911033019,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3004,i,11361368768676116483,9982246981911033019,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:2568

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4068

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3284

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1204

C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe
"C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4460
- C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe
  "C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3056
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 828
  2⤵
  - Program crash
  PID:4796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4460 -ip 4460
1⤵
PID:4684

C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe
"C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3480
- C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe
  "C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3060
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 796
  2⤵
  - Program crash
  PID:4968

C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe
"C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:316
- C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe
  "C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4608
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 796
  2⤵
  - Program crash
  PID:2492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3480 -ip 3480
1⤵
PID:2980

C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe
"C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3532
- C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe
  "C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4604
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 800
  2⤵
  - Program crash
  PID:5084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 316 -ip 316
1⤵
PID:4828

C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe
"C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4412
- C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe
  "C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2000
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 796
  2⤵
  - Program crash
  PID:2792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3532 -ip 3532
1⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4412 -ip 4412
1⤵
PID:3004

C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe
"C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:440
- C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe
  "C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe"
  2⤵
  PID:2692
- C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe
  "C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1464
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 440 -s 808
  2⤵
  - Program crash
  PID:4500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 440 -ip 440
1⤵
PID:2164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault43347ecch5045h4793ha554h87b2679c53d0
1⤵
PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffcab046f8,0x7fffcab04708,0x7fffcab04718
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,16941327889819073991,4502042397698979649,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,16941327889819073991,4502042397698979649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,16941327889819073991,4502042397698979649,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:4188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4244

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:5000

C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe
"C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3952
- C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe
  "C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1476
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 796
  2⤵
  - Program crash
  PID:2800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3952 -ip 3952
1⤵
PID:756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5f8e22d1-35a2-49c9-9af6-7db9d07e616a.tmp

Filesize
649B

MD5
badea9907145217dc33e9c4be30f43d8

SHA1
5da6358b1b1a94c3898199529749fdc772e5e6b4

SHA256
f3029d6fbd1ffdae93a5a18d3b7e732ccb193ce2529abe03353b1aa932585588

SHA512
eff1d52036e0de4f45413b7a9f40ca305a3a81e181610a9378c5741cc9b41110aaf01bebefe78eaed4a6e7ad4e39929db134c800d229fe501b3e6afb53205dfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
214KB

MD5
ba958dfa97ba4abe328dce19c50cd19c

SHA1
122405a9536dd824adcc446c3f0f3a971c94f1b1

SHA256
3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

SHA512
aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
e37ef9f49ce00d04330e64394e5a3a24

SHA1
27b9c3c787bdd2917c6c6cae7f5423267ebfea96

SHA256
d80c8e57979ac36db9002f0a257497bcf9b3256ed3ea2c683434413404a83eb4

SHA512
b8fb4de737322bd3b8739ff435327b38b564d48c787b6ce8cff57e0eff45bddab9694303de63fce300d2ded9442840e92d405fd3d42c551ab63c84dc05e915fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3fbb9ea99ee1edcbf0f619317fe864e4

SHA1
5e8788c1f7a4b96e5c7fc090a26ff8c0a7be88c7

SHA256
09eb70ef3089b5e61ed3be9ba83fe8091754047308e96a568dce5b85a544d71e

SHA512
00fc30efc2a34d18a6619c97a02bf8d4cf5c2dc046db9312a81ba63761423b4a58375e4e6bb593d56d1748b95bd0281dabce432aa6cde7e57160ea7f2047735c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6c20471225a730140a6d1fe199aed327

SHA1
78491ab209ff4cfe4582e6312b429eb4b5767059

SHA256
e4487507893391f468f4bc1d7a0ce2a454883a23e049ea4d2404920bb1de6978

SHA512
22b69e12ea75482dc6b85a8579e06135f6354abb1648cf9ff2f412818bd23121e18d20dd047042226bc40486d2b9f4b0ee8e8df39f2e5b8a0f9932fe404e843b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
602382430d71d6de27a0a624109902b8

SHA1
b4f4f42bd372acac34670db587eed4ee94dbc073

SHA256
105c9c25f0853d5fa38ebbf71f88b8915cf3737f9b4c07da1e088d648e6b5d9c

SHA512
d3f62b02c31ed27e86ae0b25f9f5da82dae0a61ff1c29a3a4abed221d4dccce3ea982c0d72dfc1774dee3a64c9234da8a9ca7f853f1838fcb97a32afc8b0878a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d6c503914b16b5f9e06f6efe1b70e4ba

SHA1
8db2469280d70a03d3500720b8bc4ebe24394038

SHA256
192ed2b2c771e44738b164a46f487b3189db416cc026d3deacc05e7f42b6515b

SHA512
100f34f95cf78631787f27874e3853d7a89a85b0d531f3d18701816f93445c8121d19991762880aba11b973d95eff2da6d760ed1b3421f29310593a085cc553f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
92510e947abd7c9a568e37bb0fe8782d

SHA1
a95d01716108b05e02e3470098864aaf1bebbacb

SHA256
c496672ec7288e471ef3b37472777262b014d6183a92c4ee9b780980b41d65a1

SHA512
3e14e5d3c0763e72a71c3c121df60372da278cde3de58fae8f17d553397d45e81cdebe72c339aae5001ebb76c15b408093705b72bf80f792cdfcb20b0bfe0008

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f75a554a742e8874c8bdbc3e87c48d3c

SHA1
1a4bb6e4d156b44f7317a31a48af83b09b145486

SHA256
55185fd8025398a9b66be79dcafc8eefffccf13473c4025319fb6d32a5e35fdf

SHA512
2b1bb2330fcaa524bfecdbadfe22333c078fa8fdef00e0096668285a0635fafb3b03b66bd958e52f0a94982a5a0b68f57e0d60145162b3dbf50036bd6dc195b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
df96463d2f8bf4cad5511aaf8794b550

SHA1
c64f6f247c03e92656ae71e8e0488f4cb3eace3c

SHA256
e5879b0f1f349d17eadff106652de1330a9df50c74f7463baa6e339e6066c272

SHA512
5811e380a8ae0d652c605fddb884fb66440e59c06d725b343b325cb2c74434363588e6330d8dd2d48cd5a50ee30fbd848b2075f8f77fd997886d28db92700aff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0fe1ab214e9b1e50180faf4158162eca

SHA1
43de8999ba5244ef1991bc286f8f454ac2ad5d67

SHA256
8bdee9f5d4093611b1e6d310a7e93277016b717dec23da16a88f244bd027c0aa

SHA512
fd9dc87db039fd53f0b00d6f86d35c11abdd2152371befdbdb75b48defc237507b861fe3088537f41aa7b27fdb78072a108ada7e4df70c16111aea026cb8ef3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d3230aed923b0abf330554b74fa4337a

SHA1
e39ae43bcf326fec019f6455fd3d932174bfa4c3

SHA256
fe26c5ee5f5420604469d8ad71caa632c22739e4ad52b1c31038207a33490da1

SHA512
cb465e2ed746600789f535a4e53cd53f27fa8609f434b915210e99e640e76663b476d9f9a26cc50e88190e6b59d461442ae09f3daceac77e920121555eacfa5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
086e509b23eda4caf8f26f95baae8cfc

SHA1
25f075f968d33a69d8fcc56af995a7bb03fab70d

SHA256
40362b07f69b2c0e654be55cb97676a3a6e117247c032ca12ca73a553235d544

SHA512
0b31caa8b7db3faba5403a20eeda97bd895689ad16dc79da6766a8b143d714e5bff7f0b5c3086a3ef43774cf03ffe740d9a571410cd998c057df08f8f7c52f89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
67d9d98183687ccee0696229978dc4ad

SHA1
9ead32123245275b7773c5b88b0b3dd26ad1232b

SHA256
94346158690725bb78f656affe683b9e8577b30ad89ee3fc628dcaf5cd225730

SHA512
a8e5ae3d74e69bab24af2f61948d69929afaacff2982d857600e3bb7dc43e362f1ed7152b93d2871d3fde5c653fd7466ea9eff38540494748e7e0158cb0a1148

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9e3423db874b6020c62e1307d77acdaf

SHA1
61f019e177deb6a024e86b601d6a2b80deee8160

SHA256
85c2520d07494dba1a7462f7f4d7ea22aedf493c6e85afca45f8e0393202bb91

SHA512
bdff18ad87692eca888389d4bc6a34d95c363f766ef7e51b860b7661a143fa994b5f9424d4281725ff255ab9c800f54b7429e15f1b685028b61c31cbe84f7604

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6e4cad2e2c6457b9469461debcf83073

SHA1
571295b0a1936c5eadd588f2fd44d0a4a1dc523e

SHA256
ae0e45ebcd421e06d3c0282375aa05a86a1933fdec160a5d26e59d4eaeb4ef32

SHA512
abfef2362d96f3165992cca3ba118bcb767f9519b111e9a6653e13ded2ae678cbd12694c4f1afd8e54d97d61543efbadd1720f1c8369a2646a649d8a1b8566af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
717b745dd59013a5d1b77aa4e5414fde

SHA1
cd99879fb619c9ff9a1b6244304ba5c6e5437559

SHA256
66af31ca4cb889f4531f84c46941f2d7b1b484723292f1458ce8d3f7347e009d

SHA512
c690404fd1b7ff0d5832822128a34b686544547d2a5cca7fb60b602084d16fb3b4c563739bb8eb3504a79d09067d479fc4ae610169613d08eac0fa0e7ae6346d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ec4b6ffd269840ef134a70ad7431a78c

SHA1
584b71e5e008ae6003e0df6b6126626251f95767

SHA256
231ae8ac8b583708d3494aadfae399f0bc86008cd795dc809ac1576bee7ad06c

SHA512
759536bd133ebf10423b928fe1a95bd42ddb5723e1cd0e869c7cd2f85a9c0fe1730648d5b4fed0fdd928fc0bf72c5bda867fbd815d215ed6dda954f50cc1dd59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1d9067ace874538e8ba124996b330b3a

SHA1
b75fb5a083368ad8576c34de62faaa8a004ddc5f

SHA256
6fbe026dc8fb3b3571903ff8005cc30138bd6f8e7f0fa47e02c9c91d74da9b55

SHA512
3248d67f0e310ccc3b9a9f57eec61f3974001cd2560a34dbb0b3df2af2bfd54342785a1abb14a4e4756863e2da29bbd16752f0c7584abd3962b07c6db8bc4126

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cc8353bef77045c1604176ab7988fb57

SHA1
bbac29a7ff0a73836f234cdc87b68d9e42da42c3

SHA256
3d3a4f9e7556e83778726dc82ef11d93a0a68cfd7259f3d67f09379f635451bb

SHA512
23b97b55a8a8fb6448bc18447546e099ee0709b014d61225067ce4daf4a6fe84bd85fc4c0b0153add66f08f0c9de48037ce5e94369b1ded8502f0a6ad1b531a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
67bbf9b69b55fc35ebbcedfc6e65541d

SHA1
66a483b471e79e4315661ba091ec3571e37f456e

SHA256
ae78e870544cb2f17caba3a3f6791bde6c9a01f4f0a4d0adf9036aa010705b6d

SHA512
61ff9f8afe99561ae99b2d39a8143e8dc1b176fdd014cb093e6300e5084c99d936261aea6590b9bafdde5de87c76784431d1eecdddbc2f942f63cdd8b2fb322e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e52a06e26245ed1f8de9e9c2fc86bdce

SHA1
8498dabeffe6cdcee8efaa9846981619bd2fd894

SHA256
c61775d47dd57c39f5264e38ef5f4721e367a5f1f13362c633497db8dcccdf80

SHA512
db1c264d39fcebeebf57ea5c89cd5691634c138ab735952b1bc9a1b1ced2c55cce8a6863878c7250cac1b6801752ff246035a4f534de0c02aa09d8c75af5acd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4da963f0ad3b5e4c8bdd83d74d0f9763

SHA1
38c78ab939a7aba4c552f3f8c06b3511a68bbe02

SHA256
21c3382f86efe6da76cedd8109a11aaf54582e6c56675802e4f95add8ebbcb19

SHA512
d1418d402556df47dd2aa58c30d3034f258b41b7bbbccb6946eebf12c14898d6dc1009eac6def93d478b79ccd9614e247664c3c2ab244edfcd13587ea7396daa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
33ea20d617c090190613e41dd3c338d8

SHA1
74f5a5d0c68f4cde1a47fe1d78928f7067075905

SHA256
58e8d2cd5a7839ac6226ac5688b0114cc8de3db25ec0e44775147fc089a3f230

SHA512
ee096f92fdb4c56eaaf8261cc094b37d5ce7d1deb88b76b841d4e31c27972bf7f51adf0cca16c917d6708878c2093d80b37f7d0ea5867f4b264c3cad63c77db2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9cee3cd9b4290212b33585ced266513e

SHA1
bff31a202ba330640a4169bdf8e65b5922293dd5

SHA256
c57f74b4a62bf5af6c5fdbcab96177079109a0722566df34a3e1e4fd14ba9a79

SHA512
e3a1184c8d29d8de86167f5fa29247e8aec98e6e9290bb390d740819bd82ebb2062d55b6a46a6a5ca96a0d71c6f44f299e0a271737e69757aa03c90f1b15884b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
95c277ae424963428533cba276055380

SHA1
24ac31cac03907af5e75c8e2aad017b4248ec2f0

SHA256
081947827357a40ad6f23ff02b7801235240dc0def15435652ff4b00d2d16a74

SHA512
c5c67afcad069721752b4ae46047cc4390455f085ce80caf84002a8a7e9498ceecd4c315a7b885eecae65a44cbec1b07e1812522e7d727f7411c1e98184ee476

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c99b7e8560c86b0b282653cce074d799

SHA1
ab8113a64771b38666ad15c5daf26f6a9acf5cfa

SHA256
6329f721c70a467345514006880b92263dbdb520d7d8d7fa2cf8681d6d4b1579

SHA512
2577ed8aadb83e124535f682eb0cb12fe2c87f120a2cd4520965548f465f3e1bceaa75420942f45cf21aa95e4ff5cc7280634c486436499fd546266b7a7bf05b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
05613100362a2c720ee1811fd65d0a2d

SHA1
d38344baeaa359c749e82f2e3b8605d56809fe63

SHA256
094d9455be1b4e2e750ac158a1faa39c093240ac1ec15122db308cd7ebe08721

SHA512
16f8c42f40b6c2a9857ea5152f02e41fe322b7dba125aec606b8d46e275603dbb4bf0eb5fa91f462b33b6037951499fdacd90bb7fdf3155839e567ec90631547

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e0d5c231207774baeaaa06172b2df88c

SHA1
72771c6b137259a4607d711ee579fb3fc5d5ee76

SHA256
19e67ef9dd7c5fff7e647196b851d7d7b29f6524749aafc2a5541180c049d1af

SHA512
09dc2994902acffcf30672bbc93be0cc22d44691351700c5435ed72ef53ce09a66ae2a61b3753cfd59b4f44e221cf2ea1f785e3129c13e94afa42b49e1d45ee0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7f7c5d38326e9c7f08e6c8d103413dcc

SHA1
ddfc667dc0bb846f77e370b0d870764e0b339cf8

SHA256
15a5f6db0c603342472db85f3a3da0ac2310e2205a99b12fa17b8d31b8cec55e

SHA512
ec1b2f4e0c27042ae2aea966cc53df587372711c48148201ef0fffd65ba33e75f22932e5263b8a50d1aa9ef27f3927076d9a9fc893c92d3d172bbcf2580c4e59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
26afbc888dbd93d122b1595d69f5ca8e

SHA1
519bbfd0dbac8ac3134986e93f9e642b835fa417

SHA256
370d16cbf4744432615a8bfc7ee18e10194b6cb9cf4091cf477d72bae6d1c25a

SHA512
99325d9fb6119f30452c6f8c5af554c3bad09749c3a4ae914723e2d62310a185580301de979eb7e5debd59208e6dbaede8c7b8423b7c48e5bbd0a1fd82640311

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ff5b94aaa5ff355f0d6331000f3cbe3b

SHA1
96c1763d08f517f8873315f660290df336a8402c

SHA256
c3d032885fac5f95d7e6ae625dde383fffe5d55e4412aae08880e9962f4ed16c

SHA512
4e4db24979b9271695df945e7e7577994df6f7f00ec35f79825d2c96b2a834ee3bec36c24f7bcf5d39d0fb52dec22d14aa4e666628a2ef0394182731f78b8525

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ca29effa1b8f4b1b5e2190f2e3da2aa0

SHA1
67f7b522e7c8c1902bd880d88ed8ef662c87dc83

SHA256
0bf93bd017957a7eef3344d54fdf37d808ddd64134187228b346561855c991ee

SHA512
96e0bd41177952c037308d394e891a7a63ffefec8c5300a8b73259360d4a41b8a999bb83cf0f7df139ccefc353e2074614aa45bf7546f220b459c3bff118957e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
358b1b36f628b24739cfb9ef169b198b

SHA1
26ee76bdebe5f0bddf7e44536c33ca254b47b309

SHA256
77b91445b04963b8dfbd0051c199479ed32c1c8a070e92bbeead99b0e7bc9d10

SHA512
c182537dfe0058457d8904955cea4140e551a3508790389f6b1e30ddd628cd1e0cc966f9a1d33c5f9bba4aaeb6de121bc595c48bd640160a2866868c031efdc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
66a9e07ab5f3fa2f64c46ee21b1b543d

SHA1
67ef9b23464acca554e064e8badfefe71b776930

SHA256
668db5cbb7329b0624f4b3397aceb344172cbe873e0bc1ee985dad39f4d1c1f1

SHA512
352036fdcde4b32ba6662778b722322d6b778a7ebc281100dd9bc44d8db4f33e76e7950437967a8b2276acda09bed37721a1899fe1f33a871161bdceba53e50b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c33d5fd9ceb639a4523616d8c35d2913

SHA1
87e9f740096ec6048548644d755289b628c79f2b

SHA256
7ed3e6a0d7248084286dc2b48f485b76f228ca7e54c9cedc4ab5690da8a7dddb

SHA512
53105824bd663c7c6c51a76df40842c99f3dfca0945b8664aaf826ce8d994ee31307352b6854d57bfb260ebc8b21ea225d5879a66cc5278e3d17816901f04c6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c8f4b670d1f82b4c709c2dddf667af75

SHA1
6329aca2a122d3337443fdfcd933d38c550b5625

SHA256
154b4bfdf801a5ff14c55271f3c967ea2425470973e7902319af812a3170dcab

SHA512
9437ab8d976228c52472949e67ec8397fd83b25ee8686fa73a5466a2acfb773b81eec873c81cbc655f216535c8216b48db128e2695c7097b584576bd83ec98df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
68f3a31b4cd2adf58856e8c2497dfeea

SHA1
da1698266f1a62b0d14fb817a08155a5fcec1ee0

SHA256
047c78d9b90afbdc64419107a0865227428a52cbef80c8a9e2fae3e85b4d68de

SHA512
591e467051db1730fd90892697438f8e6e37ef39d17c826eff989344cf251e502e592c0955a6a86cc537bf4f87fbdbfe587fccdc79a37fcb29e1b262f89956e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
330a94b371464a994d7bfc4650fd8022

SHA1
4be50fa3cfd2b37b06290d3ea6b73ae5f0c22b17

SHA256
47936486617e912d53ee942e03a4ad56cb1b409dc026456a1cd845a8b4dc5d4e

SHA512
3c5c3f0943c1fc0184042f728f38151cf7a49fffaa6715b63bfe86083cc1ea8bab326085cbffc778d6d579c51c34afeebc67b97d932e72bbbfb3e628a0990f6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
54c8aa2fe6abff7c15f916abc2351c0b

SHA1
aadbd5a61f23e0548075188507f312b034fdb0ad

SHA256
3a516e73bc8d31d6faa303821e0ecb53b2ef3857168d3b6dce32f23218780786

SHA512
22f106e311385133d02408c87c004ea5a5465880478ecbd69b661ab8a967cd2147af7085ecc784bf57df550a991d5f039949274001372d4e8ce2b924cb6bbc4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1116480a213e4be952efb689cca84f41

SHA1
130c82a1035d1cb16c5b415bcac4e9f0f018f9c3

SHA256
446b7230fd631e31e35d11b9f622e8d3953d607f85afc3398a8273c4fda8f6e1

SHA512
f76f453df3a4e5a07c50a7cd260ef97a63fd66ef100777ff3d4d956f7c6576420cc92f358ecc7823657f371d15caeec8d00e86cd09865bec0b6d544c1e5ed058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9e93552ba9be767c0c25ff9626fa87ac

SHA1
8ce03c569ddc34ed2240f5d8455c56907767582b

SHA256
8dafff745d8ca65819b49335de4e41945ef9926961c5d197053cfe8e981f228e

SHA512
b0b62fbf37194de74631333af378a612e13d8d1ef852f5929f3388375aadbcb273de4e9cf9d9b3374185bdb79ae334e0888590f13c678bc07c99b5e180ba7f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ac96f8284f56dec56bea6248e281ca7f

SHA1
cb57d6e63a82988129bbcd7900e8bf076c269e70

SHA256
8c7b24910e0b7071320cdf57a2202ed9610cd1b537b09f3870ffa4e22ba4f9b9

SHA512
09b0e9bcc1c723f5b61bd62757400ca6080a570328b53f27680a99a4b5fe82fcd68d001491c4d1bc8c26ec1bef7f6198b7aac90088772270a9514eb87cbeed8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2d40bc27a82c7f62f1f1855a892aa11f

SHA1
8a9d91483470dbed98af62e42cec88c5df80ba2d

SHA256
1f691cb7ba3601f164007bc811bfe29f5a779dbcc0e9cf5258e1d67500e8ae64

SHA512
ddd38f466bc439198d79613bbd45ae09611c1e6edcabd6c04b630f9e586b764193fad54346c25812cd3ce3a82763ac5143848388f50d2a8451a3be0404b44b9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
96774ed582d74227ebaba72febeb6be9

SHA1
48d7a5641781b03509d0f16ec3704564b39fb35b

SHA256
c21dab97095f9498f1f77371218d21a2e534adf8360b46cf0924d2e9a171d53b

SHA512
0349d08aa833223cf087ebb06a0f59ad30f7457646964d5022efbd9f52dea8637326fd5bdf29e716ade9e64c29da467c2555e124c6ea36513bf2fb1a326c9e48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
178be0ef86ec52b2cf8b025de53bd3af

SHA1
92027cadadb74c74c7dade5dc24adec814a62534

SHA256
c99597be0cdc6f69f39b27e7b3a3bbd7056eab736b8852b7ef65c18b7e279f86

SHA512
728da6c993d1b4e5127ef2fddd2e7858e5a1b872b88cfd32e5592b09b5d40c5c6d1f158f42208d3a15f22d533150f629082740079fc72e6160b8699ac8250131

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
488085f9926ffef2b7fa6db7feef19b8

SHA1
13be0a3af0e8f503ab8810db4723400afce0b5f3

SHA256
3cc3e2d84c295f79179eaea182f4518e56ce23f7fbcd772b67607d526992921f

SHA512
25d5eff7bccc7045e3318df9800d3343ad7267797535e4ad7947eb5af437381e8bc504e531d1a82eaf9d85a9de3b99224f15ea17369a7ca430fbbba90115641e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
73b900708f5e69d00e0966cb881cc226

SHA1
11c2dcd964cf9e89a56c822a8c0fb152ecadd49b

SHA256
c2d260235cb77d093cc060dd383d92c41948efa55712bee2e9f221ca426a21ce

SHA512
90ddead2640b2a5d539d751c16cb9dd89e31785d4f97f89c48b9a929734db05bd6c41e5dd0506819b8e2738b2d759b2602f12d9f074c209a7240a5f40984ec5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e8d8b6a7b4380b3a250b88214e6b4e66

SHA1
96eae45e4436be78f78241f40e8b608cf2d7e0a0

SHA256
48ed0c6b11f042497c47c61a34d25568a23c87cf375a037b2ec6eb20bb82ac75

SHA512
c9938307b27e7d9063fceef738792ff4cc3e5b7d491ff1e3f291e5b837bb54460092070d446183450afed345d15f0bb6fb24b4c2d964854c675658c2602ba5ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f4bdfb8f777a177517bc320dd3d631e1

SHA1
e45b2e1857b6bf4985a5ef07350e8b008dbca12a

SHA256
dd65ba3f3f4c4a2fb87664622d9e0c1ab722a94eebf2e0819ba9d57b8d2a5c23

SHA512
42ebd923a5d75562e10daaa944685885f4404fb050016918bc262e8019db0cf72d0d0510eafdc99d6f3d25f8fe045452af611063019e656c809f1ab431f391f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ef235138312594bca217465bc870e0db

SHA1
1a1aee4424b218c33f9307c3b34558995cb9f369

SHA256
a4ad8e29569f3c76912fd8c72f189005a26bd611a1acf28469deeeaa865f160e

SHA512
e2e7cde30196c6351efe28b8e5d25f897eba27891092d3199b11934c145148225bf1580108688f7d61a7327d87e5d4a4287d76d420d97977064614882290fa49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f6bf78577bec634b1c785c1cc3dcbab0

SHA1
36c91b21ebbb8594f28c7d20b23c84f4b29e9547

SHA256
a268fe3df8e1ac3976e5f13c897b7008bc7556964c9d71e328337e625705d17f

SHA512
637565306284162eb1c6227cc99c1fd30a918d7ecc41bb3e852b73cd524c9fa78795835d29f8186b42b1d49fe3bd373e0f79ddead1482670aa0e44da7b626067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6693f2cea7cbe8ee1a6e48305db44aca

SHA1
c9ad53dafd1881a982c7c0cb8141463ad5487ccc

SHA256
3abde851544a9fa096967651c28cbc007a3c03ec47bc9a01679b40a0891ae5ab

SHA512
52691393c672f967bdc03b110aea34749d028583016e12290022e175e345b056e5b22ef488774d84258648a90deb3cadb5f4c382b53a34a6cab6e3d662ea68f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
afb418e87b780c1ad5249ba104abc4a6

SHA1
1c73a22adb25cf7dcc21597e34b104a7f5b70283

SHA256
1e1dd62db9ae6a836ab0f43b283b3b16aeb987169013813d290c38f3c383bbea

SHA512
b10f4c68149c63bc8c510fa756ca7e015e76d8cba310b4e5925e1703a34397624a3eb4e99e52554c818a2da896365a464980da78603ae72a63c0cb50529a7f54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
605bd0d2af420dae5ad2fbb318d3c3b2

SHA1
de804b63793c904bd644ef577d4ebcacee310ea7

SHA256
1d8d8bdbf5eeefc48fa32b7e0763885486b9db6e4bf4d429bdb6eca9980b74f5

SHA512
25d5eb1a1647d0d1a5c2a6498a9348737821a82e5c2f82a00585f4d2cdd6a81951ec03bfc7aa8594fb2151affdb52388cddb004f7f60444a144782b0b69499b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b56e17d10c699dbe5baf29912f637c7c

SHA1
d17f784e242ab5c310b02440f17c525b9fbe594a

SHA256
53f8cade4fa5df1c52f6f7a971ccf23847b913551ca41f2e65e627181422f3ed

SHA512
916715ae355d46eda5739339e1fb91b4a5fe401e63e6491e91625baa4f5ae93b5e9810e030c2afc378737fcda83aaba4943fd5bf0720bff4a125cf18b9bdc169

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f649b07ab0521224764d8bbabca587b6

SHA1
5fbcfdc968efba2956e8ea85f1316cb3b3206b22

SHA256
271221fdf26bd88b4bbe293be1ea928e46ae7a384c89151c9de04c288fbd05f8

SHA512
a5403be42bbc0555eed11659d35528a7b69c068a569ff7e5628667328d6ccda627bd251a3c165238a307ddf87814e80483b77ffe5636f0bd82f2936518544872

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
601f452a2f90ec4aeb585d9c8a34ac0f

SHA1
c30492ad8004a7b99574a2ab78849e2c59db5e2f

SHA256
d1534ffcc235da9a940941440c1451e91e2dc0da30ce580dc476b1b23711b965

SHA512
05f38921e00191479d4b75dc45653500c3665d6262a1a01900d9d69d4515039c6fd4d5c9917e0cbdc288b35f8b10ddb5a043e3d552cd8582f3f2819a2f5629e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c0e46de0-ab5b-40f7-8d9f-8430df9bc8c9.tmp

Filesize
9KB

MD5
10aff022f40e73923cbfed93b68a032a

SHA1
be352f479634f33b6c89a55a455a7e22f786c52d

SHA256
60b5cc39e2248ab185884155c3fe03d265138ffb857fa8e80de9e473d740a0bb

SHA512
e36f0f33800a24a9ca728847eadf7593a3cbec386934b2a21dbb6ef5e222623f6109c0559d9978a8d6f0d7b4b540b22337cda15c7f52924af8fc82ce92566fa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fb7dc63d-49de-4599-88a9-e151cb136153.tmp

Filesize
9KB

MD5
22a5b19fc549d3110f4c42b6f6006756

SHA1
365ab168a0eb77ede811da59d6e278048a8dcd32

SHA256
db76b8d56c16c41bed83c2842d45bed1c7c9e27e1c302c78276dcabea8cd8fb5

SHA512
9b60902ebdd8905841507e31a567ac30b3c084ca673ac79d70dbe6640aa6cbfeabbccec59183d4d83cb754b156f8dee759b512c864b4f513740f81764f9a6d95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
9d9a075016a04fbb5c93a7008e6a5344

SHA1
7f68e194ada10f01c257c6578ace9ddf75e6809c

SHA256
748d5b422bef6e85891e00c16cc5545cabe074aece33baf7e3aefd50828d04e7

SHA512
52dc3a5f9f63ad63cfd039d9e8cf9dfbe08f4c1073ccd43578f83ce027635ba0fdc4265cb6de4b37c4bfb2590cd92fb6af2ed2390eb07c7c979cc5db8edb0799

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
0dcfdd2768b4f1c3be13f59495acf2bf

SHA1
483bb7dd8475035147827c2e51d8b4d930c9046b

SHA256
1cc3fca254f5741d7ea5e272a21295809c23b71f89512d37f73ec72fbbb4f61d

SHA512
65d1009d779012f60506fc5f3f420b513f359a171ab98df1cb34bfedc37ee321376258a3303cfd164e8773eab1b4dee28c8db5be48eea1de364b0775c962191d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
b9d1fbbb35b515054a904e8c8a27194f

SHA1
53eda76fc3c6ebfe93316ff0f3e83ee4d172c459

SHA256
932ee5cc2a9bdec245fce5f9f05589e2acff406fc5c742b08e321ee0b44c6790

SHA512
d828c2978df85be78cb3990597af045a1c713eb67dd4d9033b11afdfc83541e4a5f56659840d6e3295b01ac6c146a6ddd53e486f1c030bb5d9d5587ef0e8254f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3d5f9c53728cfb823d2ece438df2008a

SHA1
454686880f36ee68a701a85353a6183f569a0921

SHA256
892b517eabe4df5dce5803cb6eb684508ce88c2142ffb25364c58a716498d4eb

SHA512
fe3ca43d30a5ad285efbc43b8456cfa094e30b217e46300f5540cc4c676046cd16b5fe2d5cbfc95f09a4df07b64ca496b54cd783c32a3c1043f853074fe8be66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
85883e9115ab51979a3b59e358dd2e93

SHA1
5eb6a370bc0dc7c6b5a0bf26706ea3e4676128d9

SHA256
aea931fdf0bb428773d6e5c7408a34b9f19520a03e32bf3b03d1cbc5e5c9f3ab

SHA512
dec101e77f59e8e85ca70a782939b2ccb373b2e2fa5a3c31a7d3345c1b4e83f4d7962553bbd7ef34ff739ce83e6098bf7eea554372159f5e65c84af7e565a8fe

Download Submit
memory/3056-99-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/3056-101-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/3056-103-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/4460-95-0x000000007449E000-0x000000007449F000-memory.dmp

Filesize
4KB

Download
memory/4460-96-0x00000000009B0000-0x0000000000A32000-memory.dmp

Filesize
520KB

Download
memory/4460-97-0x0000000005920000-0x0000000005EC4000-memory.dmp

Filesize
5.6MB

Download
memory/4460-102-0x0000000074490000-0x0000000074C40000-memory.dmp

Filesize
7.7MB

Download