ae56b160203721d6920ba3ab7224fecb24ee6ba0857559a7867e05cdc364ae05

Resubmissions

28/03/2025, 02:18

250328-crhdbssqz4 8

28/03/2025, 01:45

250328-b6dg9az1bx 8

Analysis

max time kernel
57s
max time network
153s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
28/03/2025, 01:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SlenderSetup.exe
Size

76.5MB
MD5

e17c53c83c2d738f6ecefc070394579a
SHA1

e2904c6d02f46126307688c2b7cfc2d5cc99a89a
SHA256

ae56b160203721d6920ba3ab7224fecb24ee6ba0857559a7867e05cdc364ae05
SHA512

ad604762d9e9f0d258de3a18c5bd30afd5fa3d50e7ce65351c7bb359be47189be23a72d0e09a4fc46b9d37b7202f0bea3aebdf5431d5a2ec2c68d0020cf47bd3
SSDEEP

1572864:QQ+e4h7TL9BH7t1GwCXknyYmaBcSrufGanp7GgtcQ3AsERUqm:QBe4N5YwCSpmaBcSruZkUE/m

Score

8^/10

credential_access discovery spyware stealer

Malware Config

Signatures

Uses browser remote debugging 2 TTPs 23 IoCs

Can be used control the browser and steal sensitive information such as credentials and session cookies.

credential_access stealer

Steal Web Session Cookie

T1539

Modify Authentication Process

T1556

pid	Process
3488	msedge.exe
564	chrome.exe
640	msedge.exe
2120	msedge.exe
1944	msedge.exe
3024	chrome.exe
5320	chrome.exe
4120	chrome.exe
1424	chrome.exe
5904	chrome.exe
3196	chrome.exe
4952	msedge.exe
2544	msedge.exe
5064	chrome.exe
4904	msedge.exe
1696	msedge.exe
4280	msedge.exe
764	msedge.exe
4180	chrome.exe
6028	msedge.exe
912	msedge.exe
3272	msedge.exe
5560	chrome.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1702774510-645589634-1201277210-1000\Control Panel\International\Geo\Nation	SaveSetup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1702774510-645589634-1201277210-1000\Control Panel\International\Geo\Nation	SaveSetup.exe

Executes dropped EXE 6 IoCs

pid	Process
4536	SaveSetup.exe
3936	SaveSetup.exe
4848	SaveSetup.exe
5572	SaveSetup.exe
4992	SaveSetup.exe
4836	SaveSetup.exe

Loads dropped DLL 25 IoCs

pid	Process
5508	SlenderSetup.exe
5508	SlenderSetup.exe
5508	SlenderSetup.exe
5508	SlenderSetup.exe
5508	SlenderSetup.exe
5508	SlenderSetup.exe
5508	SlenderSetup.exe
4536	SaveSetup.exe
4536	SaveSetup.exe
4536	SaveSetup.exe
3936	SaveSetup.exe
4848	SaveSetup.exe
3936	SaveSetup.exe
3936	SaveSetup.exe
3936	SaveSetup.exe
3936	SaveSetup.exe
5572	SaveSetup.exe
5572	SaveSetup.exe
5572	SaveSetup.exe
4992	SaveSetup.exe
4836	SaveSetup.exe
4992	SaveSetup.exe
4992	SaveSetup.exe
4992	SaveSetup.exe
4992	SaveSetup.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
261	api.gofile.io
262	api.gofile.io

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
21	api.ipify.org

Enumerates processes with tasklist 1 TTPs 19 IoCs

discovery

Process Discovery

T1057

pid	Process
2512	tasklist.exe
3788	tasklist.exe
3988	tasklist.exe
3272	tasklist.exe
4956	tasklist.exe
3868	tasklist.exe
2460	tasklist.exe
3172	tasklist.exe
1068	tasklist.exe
3616	tasklist.exe
5672	tasklist.exe
2312	tasklist.exe
1736	tasklist.exe
3812	tasklist.exe
4488	tasklist.exe
2640	tasklist.exe
4104	tasklist.exe
4356	tasklist.exe
2952	tasklist.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SlenderSetup.exe

Detects videocard installed 1 TTPs 2 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
1484	WMIC.exe
5228	WMIC.exe

Enumerates system info in registry 2 TTPs 18 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 12 IoCs

defense_evasion

pid	Process
3596	taskkill.exe
3524	taskkill.exe
5028	taskkill.exe
1156	taskkill.exe
5748	taskkill.exe
2564	taskkill.exe
944	taskkill.exe
4996	taskkill.exe
2988	taskkill.exe
5128	taskkill.exe
2184	taskkill.exe
4060	taskkill.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
5508	SlenderSetup.exe
5508	SlenderSetup.exe
4104	tasklist.exe
4104	tasklist.exe
4700	WMIC.exe
4700	WMIC.exe
4700	WMIC.exe
4700	WMIC.exe
1484	WMIC.exe
1484	WMIC.exe
1484	WMIC.exe
1484	WMIC.exe
3112	powershell.exe
3112	powershell.exe
3112	powershell.exe
3024	chrome.exe
3024	chrome.exe
5640	WMIC.exe
5640	WMIC.exe
5640	WMIC.exe
5640	WMIC.exe
5228	WMIC.exe
5228	WMIC.exe
5228	WMIC.exe
5228	WMIC.exe
3000	powershell.exe
3000	powershell.exe
3000	powershell.exe
1424	chrome.exe
1424	chrome.exe
4884	chrome.exe
4884	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
6028	msedge.exe
6028	msedge.exe
6028	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4104	tasklist.exe
Token: SeSecurityPrivilege	5508	SlenderSetup.exe
Token: SeDebugPrivilege	3868	tasklist.exe
Token: SeIncreaseQuotaPrivilege	4700	WMIC.exe
Token: SeSecurityPrivilege	4700	WMIC.exe
Token: SeTakeOwnershipPrivilege	4700	WMIC.exe
Token: SeLoadDriverPrivilege	4700	WMIC.exe
Token: SeSystemProfilePrivilege	4700	WMIC.exe
Token: SeSystemtimePrivilege	4700	WMIC.exe
Token: SeProfSingleProcessPrivilege	4700	WMIC.exe
Token: SeIncBasePriorityPrivilege	4700	WMIC.exe
Token: SeCreatePagefilePrivilege	4700	WMIC.exe
Token: SeBackupPrivilege	4700	WMIC.exe
Token: SeRestorePrivilege	4700	WMIC.exe
Token: SeShutdownPrivilege	4700	WMIC.exe
Token: SeDebugPrivilege	4700	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4700	WMIC.exe
Token: SeRemoteShutdownPrivilege	4700	WMIC.exe
Token: SeUndockPrivilege	4700	WMIC.exe
Token: SeManageVolumePrivilege	4700	WMIC.exe
Token: 33	4700	WMIC.exe
Token: 34	4700	WMIC.exe
Token: 35	4700	WMIC.exe
Token: 36	4700	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4700	WMIC.exe
Token: SeSecurityPrivilege	4700	WMIC.exe
Token: SeTakeOwnershipPrivilege	4700	WMIC.exe
Token: SeLoadDriverPrivilege	4700	WMIC.exe
Token: SeSystemProfilePrivilege	4700	WMIC.exe
Token: SeSystemtimePrivilege	4700	WMIC.exe
Token: SeProfSingleProcessPrivilege	4700	WMIC.exe
Token: SeIncBasePriorityPrivilege	4700	WMIC.exe
Token: SeCreatePagefilePrivilege	4700	WMIC.exe
Token: SeBackupPrivilege	4700	WMIC.exe
Token: SeRestorePrivilege	4700	WMIC.exe
Token: SeShutdownPrivilege	4700	WMIC.exe
Token: SeDebugPrivilege	4700	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4700	WMIC.exe
Token: SeRemoteShutdownPrivilege	4700	WMIC.exe
Token: SeUndockPrivilege	4700	WMIC.exe
Token: SeManageVolumePrivilege	4700	WMIC.exe
Token: 33	4700	WMIC.exe
Token: 34	4700	WMIC.exe
Token: 35	4700	WMIC.exe
Token: 36	4700	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1484	WMIC.exe
Token: SeSecurityPrivilege	1484	WMIC.exe
Token: SeTakeOwnershipPrivilege	1484	WMIC.exe
Token: SeLoadDriverPrivilege	1484	WMIC.exe
Token: SeSystemProfilePrivilege	1484	WMIC.exe
Token: SeSystemtimePrivilege	1484	WMIC.exe
Token: SeProfSingleProcessPrivilege	1484	WMIC.exe
Token: SeIncBasePriorityPrivilege	1484	WMIC.exe
Token: SeCreatePagefilePrivilege	1484	WMIC.exe
Token: SeBackupPrivilege	1484	WMIC.exe
Token: SeRestorePrivilege	1484	WMIC.exe
Token: SeShutdownPrivilege	1484	WMIC.exe
Token: SeDebugPrivilege	1484	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1484	WMIC.exe
Token: SeRemoteShutdownPrivilege	1484	WMIC.exe
Token: SeUndockPrivilege	1484	WMIC.exe
Token: SeManageVolumePrivilege	1484	WMIC.exe
Token: 33	1484	WMIC.exe
Token: 34	1484	WMIC.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
3024	chrome.exe
4952	msedge.exe
1424	chrome.exe
6028	msedge.exe
912	msedge.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5508 wrote to memory of 4732	5508	SlenderSetup.exe	81
PID 5508 wrote to memory of 4732	5508	SlenderSetup.exe	81
PID 5508 wrote to memory of 4732	5508	SlenderSetup.exe	81
PID 4732 wrote to memory of 4104	4732	cmd.exe	83
PID 4732 wrote to memory of 4104	4732	cmd.exe	83
PID 4732 wrote to memory of 4104	4732	cmd.exe	83
PID 4732 wrote to memory of 5460	4732	cmd.exe	84
PID 4732 wrote to memory of 5460	4732	cmd.exe	84
PID 4732 wrote to memory of 5460	4732	cmd.exe	84
PID 4536 wrote to memory of 6140	4536	SaveSetup.exe	94
PID 4536 wrote to memory of 6140	4536	SaveSetup.exe	94
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 3936	4536	SaveSetup.exe	96
PID 4536 wrote to memory of 4848	4536	SaveSetup.exe	97
PID 4536 wrote to memory of 4848	4536	SaveSetup.exe	97
PID 6140 wrote to memory of 3868	6140	cmd.exe	98
PID 6140 wrote to memory of 3868	6140	cmd.exe	98
PID 4536 wrote to memory of 2124	4536	SaveSetup.exe	99
PID 4536 wrote to memory of 2124	4536	SaveSetup.exe	99
PID 2124 wrote to memory of 2964	2124	cmd.exe	101
PID 2124 wrote to memory of 2964	2124	cmd.exe	101
PID 4536 wrote to memory of 2684	4536	SaveSetup.exe	104
PID 4536 wrote to memory of 2684	4536	SaveSetup.exe	104
PID 2684 wrote to memory of 4700	2684	cmd.exe	106
PID 2684 wrote to memory of 4700	2684	cmd.exe	106
PID 4536 wrote to memory of 3692	4536	SaveSetup.exe	107
PID 4536 wrote to memory of 3692	4536	SaveSetup.exe	107
PID 3692 wrote to memory of 1484	3692	cmd.exe	109
PID 3692 wrote to memory of 1484	3692	cmd.exe	109
PID 4536 wrote to memory of 3200	4536	SaveSetup.exe	110
PID 4536 wrote to memory of 3200	4536	SaveSetup.exe	110
PID 3200 wrote to memory of 3112	3200	cmd.exe	112
PID 3200 wrote to memory of 3112	3200	cmd.exe	112
PID 4536 wrote to memory of 2788	4536	SaveSetup.exe	113
PID 4536 wrote to memory of 2788	4536	SaveSetup.exe	113
PID 4536 wrote to memory of 2624	4536	SaveSetup.exe	114

cURL User-Agent 2 IoCs

Uses User-Agent string associated with cURL utility.

description	flow	ioc
HTTP User-Agent header	83	curl/8.7.1
HTTP User-Agent header	22	curl/8.7.1

C:\Users\Admin\AppData\Local\Temp\SlenderSetup.exe
"C:\Users\Admin\AppData\Local\Temp\SlenderSetup.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5508
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq SaveSetup.exe" /FO csv | "C:\Windows\system32\find.exe" "SaveSetup.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4732
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq SaveSetup.exe" /FO csv
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4104
- - C:\Windows\SysWOW64\find.exe
    "C:\Windows\system32\find.exe" "SaveSetup.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5460

C:\Users\Admin\AppData\Local\Programs\unrealgame\SaveSetup.exe
"C:\Users\Admin\AppData\Local\Programs\unrealgame\SaveSetup.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4536
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:6140
- - C:\Windows\system32\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:3868
- C:\Users\Admin\AppData\Local\Programs\unrealgame\SaveSetup.exe
  "C:\Users\Admin\AppData\Local\Programs\unrealgame\SaveSetup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\unrealgame" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1740 --field-trial-handle=1744,i,9822484180845991762,13495042372143144798,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3936
- C:\Users\Admin\AppData\Local\Programs\unrealgame\SaveSetup.exe
  "C:\Users\Admin\AppData\Local\Programs\unrealgame\SaveSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=1932 --field-trial-handle=1744,i,9822484180845991762,13495042372143144798,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2124
- - C:\Windows\system32\curl.exe
    curl http://api.ipify.org/ --ssl-no-revoke
    3⤵
    PID:2964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2684
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic bios get smbiosbiosversion
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4700
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3692
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic path win32_VideoController get name
    3⤵
    - Detects videocard installed
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3200
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
  2⤵
  PID:2788
- - C:\Windows\system32\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:2460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM chrome.exe"
  2⤵
  PID:2624
- - C:\Windows\system32\taskkill.exe
    taskkill /F /IM chrome.exe
    3⤵
    - Kills process with taskkill
    PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:/Program Files/Google/Chrome/Application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com
  2⤵
  - Uses browser remote debugging
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:3024
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x228,0x22c,0x230,0x224,0x1fc,0x7ff976e9dcf8,0x7ff976e9dd04,0x7ff976e9dd10
    3⤵
    PID:4000
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --field-trial-handle=2552,i,13031110508749725101,2248813281528163083,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2548 /prefetch:3
    3⤵
    PID:4412
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2504,i,13031110508749725101,2248813281528163083,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2496 /prefetch:2
    3⤵
    PID:5564
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --field-trial-handle=2776,i,13031110508749725101,2248813281528163083,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2736 /prefetch:8
    3⤵
    PID:5572
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9184 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3616,i,13031110508749725101,2248813281528163083,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3612 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:5560
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9184 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3640,i,13031110508749725101,2248813281528163083,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3636 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:3196
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9184 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3920,i,13031110508749725101,2248813281528163083,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3916 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:4120
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9184 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4252,i,13031110508749725101,2248813281528163083,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4268 /prefetch:2
    3⤵
    - Uses browser remote debugging
    PID:5320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM chrome.exe"
  2⤵
  PID:4420
- - C:\Windows\system32\taskkill.exe
    taskkill /F /IM chrome.exe
    3⤵
    - Kills process with taskkill
    PID:4996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe"
  2⤵
  PID:2400
- - C:\Windows\system32\taskkill.exe
    taskkill /F /IM msedge.exe
    3⤵
    - Kills process with taskkill
    PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com
  2⤵
  - Uses browser remote debugging
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:4952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x260,0x264,0x268,0x25c,0x284,0x7ff97648f208,0x7ff97648f214,0x7ff97648f220
    3⤵
    PID:2156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=2740,i,1814137369999616971,8602000308506893294,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2736 /prefetch:3
    3⤵
    PID:2904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=2800,i,1814137369999616971,8602000308506893294,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2792 /prefetch:8
    3⤵
    PID:5776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2600,i,1814137369999616971,8602000308506893294,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2612 /prefetch:2
    3⤵
    PID:6100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --pdf-upsell-enabled --remote-debugging-port=9184 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3620,i,1814137369999616971,8602000308506893294,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=3616 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:2544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --instant-process --pdf-upsell-enabled --remote-debugging-port=9184 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3640,i,1814137369999616971,8602000308506893294,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=3628 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --pdf-upsell-enabled --remote-debugging-port=9184 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4100,i,1814137369999616971,8602000308506893294,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=3676 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:3488
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe"
  2⤵
  PID:2628
- - C:\Windows\system32\taskkill.exe
    taskkill /F /IM msedge.exe
    3⤵
    - Kills process with taskkill
    PID:5028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
  2⤵
  PID:3844
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:4420
- - C:\Windows\system32\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:2512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
  2⤵
  PID:4908
- - C:\Windows\system32\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:5672
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "where /r . cookies.sqlite"
  2⤵
  PID:392
- - C:\Windows\system32\where.exe
    where /r . cookies.sqlite
    3⤵
    PID:4060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
  2⤵
  PID:5136
- - C:\Windows\system32\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:3172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
  2⤵
  PID:6140
- - C:\Windows\system32\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:1068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
  2⤵
  PID:2992
- - C:\Windows\system32\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:2952
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
  2⤵
  PID:4012
- - C:\Windows\system32\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:3272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "where /r . *.sqlite"
  2⤵
  PID:2312
- - C:\Windows\system32\where.exe
    where /r . *.sqlite
    3⤵
    PID:1692
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
  2⤵
  PID:2860
- - C:\Windows\system32\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:1736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F"
  2⤵
  PID:4200
- - C:\Windows\system32\taskkill.exe
    taskkill /IM Steam.exe /F
    3⤵
    - Kills process with taskkill
    PID:2564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F"
  2⤵
  PID:2108
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:4356
- - C:\Windows\system32\taskkill.exe
    taskkill /IM javaw.exe /F
    3⤵
    - Kills process with taskkill
    PID:944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
  2⤵
  PID:2564
- - C:\Windows\system32\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:3812
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
  2⤵
  PID:3388
- - C:\Windows\system32\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:4488
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
  2⤵
  PID:4908
- - C:\Windows\system32\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:2640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
  2⤵
  PID:6028
- - C:\Windows\system32\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:3616
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
  2⤵
  PID:4584
- - C:\Windows\system32\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:4956
- C:\Users\Admin\AppData\Local\Programs\unrealgame\SaveSetup.exe
  "C:\Users\Admin\AppData\Local\Programs\unrealgame\SaveSetup.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --user-data-dir="C:\Users\Admin\AppData\Roaming\unrealgame" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2452 --field-trial-handle=1744,i,9822484180845991762,13495042372143144798,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  PID:3772

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4480

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5704

C:\Users\Admin\AppData\Local\Programs\unrealgame\SaveSetup.exe
"C:\Users\Admin\AppData\Local\Programs\unrealgame\SaveSetup.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:5572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
  2⤵
  PID:5924
- - C:\Windows\system32\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:3788
- C:\Users\Admin\AppData\Local\Programs\unrealgame\SaveSetup.exe
  "C:\Users\Admin\AppData\Local\Programs\unrealgame\SaveSetup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\unrealgame" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1752 --field-trial-handle=1756,i,8334504113041943271,15039013045336576422,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4992
- C:\Users\Admin\AppData\Local\Programs\unrealgame\SaveSetup.exe
  "C:\Users\Admin\AppData\Local\Programs\unrealgame\SaveSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=1852 --field-trial-handle=1756,i,8334504113041943271,15039013045336576422,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"
  2⤵
  PID:2528
- - C:\Windows\system32\curl.exe
    curl http://api.ipify.org/ --ssl-no-revoke
    3⤵
    PID:5492
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
  2⤵
  PID:4348
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic bios get smbiosbiosversion
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
  2⤵
  PID:1396
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic path win32_VideoController get name
    3⤵
    - Detects videocard installed
    - Suspicious behavior: EnumeratesProcesses
    PID:5228
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
  2⤵
  PID:4092
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
  2⤵
  PID:3404
- - C:\Windows\system32\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:2312
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM chrome.exe"
  2⤵
  PID:3564
- - C:\Windows\system32\taskkill.exe
    taskkill /F /IM chrome.exe
    3⤵
    - Kills process with taskkill
    PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:/Program Files/Google/Chrome/Application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com
  2⤵
  - Uses browser remote debugging
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:1424
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff97969dcf8,0x7ff97969dd04,0x7ff97969dd10
    3⤵
    PID:5636
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --field-trial-handle=2856,i,3592386202404318395,12808154829172753950,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2852 /prefetch:3
    3⤵
    PID:928
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2816,i,3592386202404318395,12808154829172753950,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2808 /prefetch:2
    3⤵
    PID:5512
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --field-trial-handle=2900,i,3592386202404318395,12808154829172753950,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2864 /prefetch:8
    3⤵
    PID:1292
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9184 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3572,i,3592386202404318395,12808154829172753950,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3568 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:5064
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9184 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3596,i,3592386202404318395,12808154829172753950,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3592 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:5904
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9184 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3920,i,3592386202404318395,12808154829172753950,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3916 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:564
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9184 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4252,i,3592386202404318395,12808154829172753950,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3512 /prefetch:2
    3⤵
    - Uses browser remote debugging
    PID:4180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM chrome.exe"
  2⤵
  PID:4472
- - C:\Windows\system32\taskkill.exe
    taskkill /F /IM chrome.exe
    3⤵
    - Kills process with taskkill
    PID:2184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe"
  2⤵
  PID:5540
- - C:\Windows\system32\taskkill.exe
    taskkill /F /IM msedge.exe
    3⤵
    - Kills process with taskkill
    PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com
  2⤵
  - Uses browser remote debugging
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:6028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x260,0x264,0x268,0x25c,0x310,0x7ff974b2f208,0x7ff974b2f214,0x7ff974b2f220
    3⤵
    PID:2556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=2436,i,5462915593787180810,10967724887830751175,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2432 /prefetch:3
    3⤵
    PID:4376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2384,i,5462915593787180810,10967724887830751175,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2372 /prefetch:2
    3⤵
    PID:5492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=2452,i,5462915593787180810,10967724887830751175,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2444 /prefetch:8
    3⤵
    PID:3600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --instant-process --pdf-upsell-enabled --remote-debugging-port=9184 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3592,i,5462915593787180810,10967724887830751175,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=3580 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:4904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --pdf-upsell-enabled --remote-debugging-port=9184 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3572,i,5462915593787180810,10967724887830751175,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=3568 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --pdf-upsell-enabled --remote-debugging-port=9184 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4064,i,5462915593787180810,10967724887830751175,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=4076 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:1696
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe"
  2⤵
  PID:5740
- - C:\Windows\system32\taskkill.exe
    taskkill /F /IM msedge.exe
    3⤵
    - Kills process with taskkill
    PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --restore-last-session --remote-debugging-port=9185 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com
  2⤵
  - Uses browser remote debugging
  PID:4280
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe"
  2⤵
  PID:5388
- - C:\Windows\system32\taskkill.exe
    taskkill /F /IM msedge.exe
    3⤵
    - Kills process with taskkill
    PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --restore-last-session --remote-debugging-port=9186 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com
  2⤵
  - Uses browser remote debugging
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x268,0x26c,0x270,0x264,0x310,0x7ff97731f208,0x7ff97731f214,0x7ff97731f220
    3⤵
    PID:3876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=2620,i,11076760327686199523,3357523658077569500,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2616 /prefetch:3
    3⤵
    PID:3640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2512,i,11076760327686199523,3357523658077569500,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2492 /prefetch:2
    3⤵
    PID:2552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=2636,i,11076760327686199523,3357523658077569500,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2628 /prefetch:8
    3⤵
    PID:4892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --remote-debugging-port=9186 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3700,i,11076760327686199523,3357523658077569500,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=3696 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:3272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --instant-process --remote-debugging-port=9186 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3716,i,11076760327686199523,3357523658077569500,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=3704 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:1944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --remote-debugging-port=9186 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4180,i,11076760327686199523,3357523658077569500,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=4176 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:2120
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe"
  2⤵
  PID:1736
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:1424
- - C:\Windows\system32\taskkill.exe
    taskkill /F /IM msedge.exe
    3⤵
    - Kills process with taskkill
    PID:5748
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
  2⤵
  PID:5260
- - C:\Windows\system32\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:3988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
  2⤵
  PID:4876
- - C:\Windows\system32\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:4356
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "where /r . cookies.sqlite"
  2⤵
  PID:5184
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:1696
- - C:\Windows\system32\where.exe
    where /r . cookies.sqlite
    3⤵
    PID:3784

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2432

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:172

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x220,0x224,0x228,0x84,0x22c,0x7ff97969dcf8,0x7ff97969dd04,0x7ff97969dd10
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1804,i,322861197447849618,17298600615521535895,262144 --variations-seed-version --mojo-platform-channel-handle=3212 /prefetch:3
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2768,i,322861197447849618,17298600615521535895,262144 --variations-seed-version --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2776,i,322861197447849618,17298600615521535895,262144 --variations-seed-version --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4024,i,322861197447849618,17298600615521535895,262144 --variations-seed-version --mojo-platform-channel-handle=4048 /prefetch:2
  2⤵
  PID:5640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2296,i,322861197447849618,17298600615521535895,262144 --variations-seed-version --mojo-platform-channel-handle=3288 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2808,i,322861197447849618,17298600615521535895,262144 --variations-seed-version --mojo-platform-channel-handle=3176 /prefetch:2
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4608,i,322861197447849618,17298600615521535895,262144 --variations-seed-version --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5288,i,322861197447849618,17298600615521535895,262144 --variations-seed-version --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5692,i,322861197447849618,17298600615521535895,262144 --variations-seed-version --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  PID:5212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5752,i,322861197447849618,17298600615521535895,262144 --variations-seed-version --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3408,i,322861197447849618,17298600615521535895,262144 --variations-seed-version --mojo-platform-channel-handle=4636 /prefetch:8
  2⤵
  PID:5332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3736,i,322861197447849618,17298600615521535895,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3704,i,322861197447849618,17298600615521535895,262144 --variations-seed-version --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3396,i,322861197447849618,17298600615521535895,262144 --variations-seed-version --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6368,i,322861197447849618,17298600615521535895,262144 --variations-seed-version --mojo-platform-channel-handle=6380 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6532,i,322861197447849618,17298600615521535895,262144 --variations-seed-version --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6308,i,322861197447849618,17298600615521535895,262144 --variations-seed-version --mojo-platform-channel-handle=4676 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4748,i,322861197447849618,17298600615521535895,262144 --variations-seed-version --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:5336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2992,i,322861197447849618,17298600615521535895,262144 --variations-seed-version --mojo-platform-channel-handle=3012 /prefetch:2
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4304,i,322861197447849618,17298600615521535895,262144 --variations-seed-version --mojo-platform-channel-handle=2856 /prefetch:2
  2⤵
  PID:5632

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1888

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

T1556

Privilege Escalation

Defense Evasion

Modify Authentication Process

T1556

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Modify Authentication Process

T1556

Steal Web Session Cookie

T1539

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
1948a2a91dfef26f020709be72dd660d

SHA1
a42ea16ae9106aa052470bb1687875a5086ddc7f

SHA256
8344e4190a3abbeadca7e3d92a04c73591d6dedaf21e02e8a8de5d7ef2259cb2

SHA512
9277cf768ca1ff35090e18194b480207bac198b7cf2b49816d139605e748920e2fb2d0a35c8001045f7b843469eb34fde65a4a564c35351f028ce5bcc9971d39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\82f81edf-86a8-4959-828b-71be27049d08.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2607ac8159169640e0d7891b7cf92f2a

SHA1
e33bd748fdcd311a58925d594aa58d587d498de7

SHA256
927d6bc9f175f1e07facdb11baed03730e3dfc576f9e02210ff7a182072203da

SHA512
60bd675712b1a57de46b3e2adcb8408629600a498026d04fec6ebcbc38763af5b5d470b3ee5237b96886fdb6f938e56d1c67aaaa465ba86b980067f5be570595

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
d0749242676aa3519f81ee14fbfdf273

SHA1
219f60267f6f9803bbc9cb44b94c39c2c24d7d96

SHA256
c3e8d9d3dc4e2bbb409d549f0e16b4a87820b70588837844c9ad56b108d4f3c9

SHA512
f2ec01dcbcf055e5e22d845d6e5a2fe320bc730029209e52744bb67d1a94b63b91339b35af0a7f7b35effab59372ba1427bd96bc24f4007d498fa38205d9c856

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
e4734d22a29318391f195645d5120a7e

SHA1
d20c508bab6c1708f5ba1b37dcc7e6bfd5349b07

SHA256
a2667e097c70c338eb996170ee5d7e06e4a504bd20b520b663a670e9e062b535

SHA512
cf5016190fa20e4413e7b449e181bc425b0d0c6761b9366e97d3f291f6897edd345981735241865724c114c53413ec84e35548c30123c3f1dc1572d43dfe787c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
51958243693123bd35238e47247242f7

SHA1
d1987e2d590e705a18081abc99c2788c274f399c

SHA256
13b7ae372d0b0a200be392d9ff16a858511e97d1864aec2d88ad37a5060f3877

SHA512
bd42f67705a040019b291cd9dace85114c504057290d3a6e3a70961ab049d89902247444bba9fa019e66672fca207a118d03b80c4e3955eebfa6922c6f191ce4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
aa7fda8c479c9c2a78de66ef303c127e

SHA1
e86728643dc889c30155304593c4c3c6b3e628c7

SHA256
e2bbbf3cf8d23f4deae1478ca5e6ed4cdca75d6a2ccab28d075b14eb67ee63fd

SHA512
2bd0f2a7be17e16b659233f1937cc5b329fbed405ac371f4643ba79d50932b3cfb1fd122b93bb26c4aad98eb754cdbfc6db0834bfda6fbfe1a7fa55727c3b9d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
a2bcba8d082d16996a0d22acbf6a1637

SHA1
004f85df02677de234b2787f793fafb48b57f409

SHA256
a6c94429b131b81b1cb15458ae39d4be31851c2bcf0eae7cfc463c10f33ef925

SHA512
c0e3d6b871c0c7dd10d0e3cbeb3ddce2a316aa56c9de988df904c9b3eec32865f5c3abb04a184e442941a519083711238bd145c8d6d065df377c3b0eb69c9cf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
320B

MD5
3c65a7740f5eb3e418ef4fecbbb7cbc6

SHA1
1d54aa772673840a2c971fb706dddda4fdf42c13

SHA256
81bce76140d0260bad17df15170a42dbd9d31582776b4221452837b3e48ec848

SHA512
cb45e723233732de73417d109ecfe438fceb8e2508a5706f26ccd2a663773dd3e07e18e145fc23db8fc8a31b5d559ef4bfa4173ce4dfe3609191c7298370a54d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
1859601257392f290b5b99d95764f360

SHA1
652f0cc98a72e9787635ec0446b4fc8144d728c5

SHA256
0fa510ab1ffd8dbce51bc822e8e0f7674d81d2ce2a72003b06ea0179eaba3f79

SHA512
bfe637821ac6525a38517317f5e15e2c789a7078d4fc2227836073f3cffa7aeb455424ba69dc7810b922d19822e9727f62287a95950ae57276370e4aa9a1cb90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6ddc51a1b85e4b271e7ad48e91b48352

SHA1
dfd170d9383cda170e840f6120e5b891fdd161c7

SHA256
8cf86731df2bea451a7546e337d8a5cade17e457fd3340ec80c22d1df109a952

SHA512
83ae19936c9d3f1b82a57f2a1bd3b43200ac09048f669c173f2724711221ba8fe1a8d446e992005c755b3867d09c429c81a2369871b4580181739b3b690292d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0d7bdeefcde1814cdf59c33db4bb98cd

SHA1
98c748ea07b1973b21cfd1d81ff9fda9049b3384

SHA256
6852316af183889f21916e9d9d5787b6932993b21d3b86fe71e056b685cd310c

SHA512
62b1afc84a831772ded61d55faa5f3b290d80aa8e3a7b66c1a90dad78774d26ed83acf724c5a92681ee4058ecfdadae5e1d99b041a51ed91e0703ca6724482f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
5844f4ec338d93f215067a3aed068575

SHA1
1e9ec3e14d6dcf5f7ad35631edd56dfe4e40c802

SHA256
ae63de70289d3c243e491aa1c596fc9b51c03ea9ece587ab4836d19437d571cf

SHA512
c2f2758c829b018e9380579577d2df33d23ecfa7d47918dba00c3a5b3d87c28a878fa611b0e9d11975edf983a7575e3f0fc6654c0d5b089f9465514d42989942

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\bef5b133-f7ab-4ffd-99f6-581541c8b91d.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0195d76c28129286b2c2abbadb58bc15

SHA1
0f797ff7dda2cbda114427c042a741e8ece6482e

SHA256
d2547cb5e1ccfb14f0bf2c73736430329c7b0fac1d24f150c8c5d29b5c205643

SHA512
ee8b1fe4ad7e0d414b7b29d1485cf985f370856f63cd2f3118222e8ec0d54f8a90c0b2eb442581b5c81f32453222c6dcb2c7c6969f03f4e33e82aeaddcc3d680

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
62f9cab31dbf4a1919e7cfcc2c538b63

SHA1
63fb09b9d6295f40b53ca462dc33314c79b19bb8

SHA256
f0eefa694744aa08461eaf3f27b486697711c582734f2de599ddc253b21c401e

SHA512
5fa83883a56a67e002f654009f99665ed3ddff284ed16b4648f6a2caff0b5f5e53922eee5563baae911b3c7a9d2d7758537a9a7910d94f6cf8076fb50b6aaf29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8715bb1984065bf1a924202fb6cd53f0

SHA1
99997d6cd717d02dc26de2944c6146aeedec4261

SHA256
b60de1230a9f8de207addff3f8c458df856a01ddf6f2ce2df5c6542efefda7a9

SHA512
4924748a74c6a90924b0fd8a24df6f9924e018333380abbfc9eed62d827052f47193cacfa4e0bbb33c962f426342b7bcdbd4616466ce73e6e505a7e6c89fccf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
eb89c31eaaeb194f8453f3dd6811814a

SHA1
75308ddf5a75cc88e15566fbc712305b8360d27f

SHA256
2d084c7f6fb6a2794d008f9403d42fed3554c858fb41f8ee929343012f7425a0

SHA512
fdef873a188c558a1bea41d87399eae05b196650d7f60cee119bd1dad745160cb5266a146f97c1a418a6de13644c583a48700b61a111fed43b7eb8abdec96ae1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
cd0d1de52f34abddfcffa2ebd3f10247

SHA1
91fd37068db58662c72057797638ed341b44c8de

SHA256
70c45611d62e553803c8176dae01244189abc4e000fe1ca203a5f0cac4d2b591

SHA512
f1a2f972dd47f4fded92be492d10d6a16b4ef352a0e4ba9b9abd0fc56c307a814b3d52101e9bd7df4c1d3d9791d22ee1cc91c68afac6acd6a9d157d77d7afc35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0352f15099866a61cb7abcd15d79822e

SHA1
fa40876565e765905603172885f2bf3a23d34743

SHA256
9de80f080c5cfa0bc35bf0e707988838da48f6cfd0e7e7ce066b85f8ffb4175c

SHA512
85aa7ade55c19f13ea209e199f56121d5137645253d8993723b897fd919fc0915cfcfe4dd68abc69329b53efc096ada173994b94bfb0eb261c2d68e5dfed7795

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
08b06a879f2474e1a1a894b2f713d213

SHA1
fd55ba9e9edd338e8b5bc0dd6fd50cbc31231698

SHA256
756709dfdfc5cf9e0841571781f115eeebf1b07d848a811e53b9092ff14b7ce8

SHA512
f5afbdb19b7c0bc391ec8b989cab9bd2f06b9e2a3233dd1ac70fbb8f38b53726d9e1086bfdbd285b1c1b606616dc3949c19fe1f07463fc9054f95e4ab4acd578

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
d4774e15534d6c2fca3a0fd18b3938c9

SHA1
95b829037612406f3ca5c49bbd5c1f1ba3b9f817

SHA256
6a9a3176df196f5d985ee377ee0e9825a1f92e4600eb96e9a59eb31d3d4c371a

SHA512
7258bb0b04865c1c7ac016c5af794997bb60e0a71a42c7fbef9a98ac606e7168f276e1fd7c7892e56e4746b43b95f08b9d95ffb75d70b2032f2d029dcdcdcac8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log

Filesize
2KB

MD5
3d87bcd7aa9897de13c5f7a26a4da258

SHA1
970d42a8cc91aa2e917a829347639f9e4c43d0c6

SHA256
d853b09bf5803bd8826eb41381a38beb24783bf0e61455d3d776e3025d3535af

SHA512
05c953b17314e6d4d59187e9ba76baa9f3bb9a22ff5b47ef78e0f9e8765dbac2f4595e8d00c494812862d311cfa049a999456d7ce7daa8b8d1c28c75ab42c226

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
8ddcaa7a2b098cf732ea4b0d8913b7b3

SHA1
abf56edb6b068eae0bac7144ec05bc0eb56a230d

SHA256
9e5cd48ca6e143b10234b4146e51040251f3098fc6fc30699da80db1c8c2faad

SHA512
3c4ac102cfd6e92ba218141221b7fbca9959f0e9b14adf5745211bf4ffd243f7aa949008ebb1ea8e8250857f1e056297de643bfe1955c09723eff856ff64c21a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4d3bbbfd25087ee372377171ca8a85ed

SHA1
f151fe346d3cc2107175bcd1bd3b336f81c86cd0

SHA256
34ccf894c60bfa96334c5253a6dcb22b39bb738c714aab710763ef1e3d689280

SHA512
9bf8a179d048064a30f0f460744b1ff6f1e474336314bbb20874c7a40791c949e3409df3f644936c8a37e68575347d467d9886385723d48d7707f45f5a237243

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
fe7cb406378dfdaf7eb502fefc4e4f58

SHA1
c1e5011fe77dc8ea9d4d609532818d727bb639f5

SHA256
17ad5280b3176fcf762d7a9745576de9072d9b78ccdf257f622fbba6da9a851e

SHA512
a8ccb768de47686f036a7a5fc49708112a81ad8af4471d48d830875a77355a39f8c2e71c31599a34648f9cd344611ecfc92684d3a5bd571dff06ca793a161858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
70b3ca2a2c117a66a6e636e3ee93e633

SHA1
57f959b68c8707f6a2945acdfd886015248c7393

SHA256
4bbc1ea82701d971c7392d14aae01495444d5f4f10c00b3027a15a728c3278d0

SHA512
51ccb456e5845fbfba8464bc2efdab4a6dbf612e788f042489482773c1bb619ecad4dc153834f6a059f681500a4b23c39f78af9945cb516b65226cab80841023

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
7122892d7c4b7e2dffc6dee427c83900

SHA1
9d94b8a2201b82127ea52217a9dcc2d8b25f822d

SHA256
cfd5c0c40f4180eb387ec4963c72337a6503f78b79a2a1f34cacb9c845819859

SHA512
2eae51b8efa0cad6da497e5389cc33eaefcdde2c7d59821b1b6c6108161fa60f5e40ddb59e62942796b6d88b262276541b02b2fd193366da04288e1c1089cace

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
e956e6c27cca01beef43d114f509edc0

SHA1
61d3d5b9c692f47826fc63fa1ad321a6e83cd899

SHA256
3cbc39818235d50cd2c4ad9d1661cc1cc7b9cb9d1e4d09a528b57dd6dfdf7665

SHA512
764383de03277e71601206820442ad341195b25f98dec1ef12200236b2948cf2f1e21c479634c5a042d45a6c3a07d3edfbdeb88e5728bd9e96f0889bd9156993

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000001

Filesize
16KB

MD5
d5f28e71b0eccacd021af7e10086a292

SHA1
879638458ebaa8b84f9807d6023b54c14109c4c8

SHA256
468840d0955767e30884a1536e9c62ad626c4a458e1e68eb85fd83f26ac9bd0d

SHA512
298b948352ccc0b7d3405714298e916dc12309cb979e9744c8b7c0666a7d97130edc75afd6153873a249e3f59310bb993a332e24f47fc5dca5d70d7ddf247633

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000002

Filesize
29KB

MD5
66ca024662d18b782c3343e50c8de77e

SHA1
905424ae3c1445f45034ab014494a45829ff7b5b

SHA256
7bc9de80bdb74344e1ccc40c5236f2185729759c869963f7cc98f9d2dd3525ea

SHA512
f0c24358360446122c134ae745cb21c61f25be3bbdab2033466a5d4a1c78baf0fe2c18374c45df06deaa5a1c6ffa9d1f1c5aad8a655a290211831aff2e8ebab1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000003

Filesize
16KB

MD5
9cf8751027fec6b2f22bbd3906f02574

SHA1
829030c8c058e6e61c53bed520051f5c154142c6

SHA256
19972b2cd67154f06af1bd55026beb8b557217bb72b2d1716e55bddb7520e591

SHA512
6631efe4c2a3773002aecedd81492edb22935674630d0cf37b331fa712aa102a0c717885396b4444a3bdc21471423b3eac105c65d1a3720bf2a0935ca262e8e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000004

Filesize
16KB

MD5
13dd3ab8bf13becb94ceae9dfc9fc301

SHA1
4e7c3e9d4406c26e99f11f252510add879e41afb

SHA256
2381248fc40f795b479192440eb07245bd0b4452044423fc64e48a85f1660722

SHA512
86261e29b1578e4f3d08125b1d557af19b7d793de8b1605528010b42ae3e239ade86dd2d6be11fa5329870cde63085d831dd07555f30e61277e36ad57f09ca8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
13B

MD5
a4710a30ca124ef24daf2c2462a1da92

SHA1
96958e2fe60d71e08ea922dfd5e69a50e38cc5db

SHA256
7114eaf0a021d2eb098b1e9f56f3500dc4f74ac68a87f5256922e4a4b9fa66b7

SHA512
43878e3bc6479df9e4ebd11092be61a73ab5a1441cd0bc8755edd401d37032c44a7279bab477c01d563ab4fa5d8078c0ba163a9207383538e894e0a7ff5a3e15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
29f32d3e72bbc697fc02e577010da6f3

SHA1
3cb7cb167ef3be14a0dacead31afbefb3451df31

SHA256
6b239a43c1b3a1a14d8ab5f55ef0ed994436f51c41b7cb57fc80fdfd40919977

SHA512
da0a04248325aba83cb7753161fd97f123d2b82d41c3116a30c7a25217f635f8e8018c73f3fce2409e6717b82c08fe5769eb9251f248bd26715f7b17fc277435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
a3fe549fb11dde7b12618fab5aabd246

SHA1
e72d9916a6e54859f9e7bc86bb6bead673eef4cf

SHA256
f9e188ad97e89e30dfbf5fe18cfcaeee656d76f576f4bee4c9b9bc7c7e5bdc32

SHA512
65e178864c5e2f1d2f782805acbc52d6685357f256c159e785a381d6e603b957357b4dbbd741bc7913aa4006a681212337e1dd5fe32d5287185ac858a678e228

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
be9e29298d2218f3e917636d4e265427

SHA1
a2b84d27a82d00987532c6aff8c557243868c78f

SHA256
0fe0f05ec8d896c2867032f0f9e55a6ff459e5f55c924b0675926f128c370577

SHA512
8411bd3893d9e890d1243764d66916d9e61cf98acd7932ac30f222c21423651bda086f3e97928c25d7f26f0890be39f42a7efd981840b12dd5ca85d0c807f8bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
16b7586b9eba5296ea04b791fc3d675e

SHA1
8890767dd7eb4d1beab829324ba8b9599051f0b0

SHA256
474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680

SHA512
58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
713ad359b75fe6d947468ec1825202b9

SHA1
19dcd19f18a2ad6deb581451aad724bd44a592a4

SHA256
56572269ec031c63d966c6d3b4712600b908d38826c59c0f9a8225d0a783e9f4

SHA512
4df344dec422bed85b186909dc7f9c35126b3bb45e100f18fb95b4a9943ace242479adf5f0194b054d38b67032498f897a5a54b49026efee0c4797cb5a5e54e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
c7889fdae3eaf21db5ab1e62517cf87f

SHA1
e96a0c833db9b281e93b3cdfc016927c856fe1f3

SHA256
55206f800250c228038132035096bce5b9749da440d66608c24bade150651f98

SHA512
25c64cf531f579f257b354935189feed56bb5788c6d6593874226983458607b28eaac183702451a85ca5b341577f9ceb8c1ce4338d0f763801be34009c6d8f25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
004b10499ccdef678495d126747817d4

SHA1
f2613e109771ee8f435d219c0f1d09dc400ec8f5

SHA256
de04bf151a1ded657ac3df0f0b30f214dfc53231f87e45a16004482cddb0bd4e

SHA512
25758072a30783f0664b1ca3cafd6d35613133ab06ac69df8f482aa61a2ad2c3cd850c28334613c274bf42d99a5aa84d89a3e98e234f3a1d22abec325c5cc3b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
2a831215c574028c4a9cbf8f54d2349d

SHA1
47561393afcde11dcee4c8454eea06501e6c4c21

SHA256
d9ab0d2673fd19f27baa0f2a66e86acb81733271e49975720359549d8544fa44

SHA512
7f1337667de80996450ed2c70fcba9290fd38c29af070fb4a491c266bc7a37dcdbb774a2ef58d327faa5fc6846302658f144e33bedcbca0e9b464e3227e1b523

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
76be2deacab3f81bd44cc1d90dfb8945

SHA1
63ea03695c303352b9f10616227fa97cbd33cb93

SHA256
59aa1c97f32d7054c2ad6356da6eec99e7dfe7336481ff6be8f8a11ae8ad465c

SHA512
4389069bb13c5295823352b93d7393e0bdb4f2a4dda8804412ed64cd832981431f96a3ce994e112dbf7a87653208fdb33438089d616fa6f3fa81d8fbd37633d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
b5516f9aef85b85f6e277d90b7a42d28

SHA1
4fe5de294728bd825c2b693a90fe42a45ff9a4aa

SHA256
c6c3175a747cec3d4837fa454ae3e60d110eab71397ea78b0f20385d058d366e

SHA512
6fb8b36bf194033823211089b913b8052f9fa1599844ac6277a47efb113db69c69cc4457df4933cd17d7259c747029ec6074d53a98ee6c547adecb4dc79ff7fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
012faa5a22850d3673a69bce6e188422

SHA1
503896a19551c5dd6ddb63e10fe5df8764c53f92

SHA256
c30ccf30657e8978d502a02fa16bfc4cf393e170d56117ac834da5cfa1581987

SHA512
d559806380824fdc3d4c19693974ace75ee889f308b5a6c6c2b52eea664e21ef4ae048240c19ee755ec2160f1fb000ed90d2899d0ea581c5a9b19004c7671e7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
64B

MD5
7aab3c98dc2004bc56958e86f34cbc06

SHA1
22d2a1eab3c2e63b06161148e46401b6f137b344

SHA256
ce2fd4529dc0edd2e230a10b973623819351c3b89ddc4d56d5e1b8564e8280a7

SHA512
1f21fe61fdad7eaa915727ffe94636969d480f49c24d9484c691cc0a777e3907025a0627b930bd7f4dc0655f37eb58a6c843f84311421972604ad16f4e545e1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rjzyf2a1.30j.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\all-files.zip

Filesize
22B

MD5
76cdb2bad9582d23c1f6f4d868218d6c

SHA1
b04f3ee8f5e43fa3b162981b50bb72fe1acabb33

SHA256
8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85

SHA512
5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\LICENSES.chromium.html

Filesize
8.8MB

MD5
2675b30d524b6c79b6cee41af86fc619

SHA1
407716c1bb83c211bcb51efbbcb6bf2ef1664e5b

SHA256
6a717038f81271f62318212f00b1a2173b9cb0cc435f984710ac8355eb409081

SHA512
3214341da8bf3347a6874535bb0ff8d059ee604e779491780f2b29172f9963e23acbe3c534d888f7a3b99274f46d0628962e1e72a5d3fc6f18ca2b62343df485

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\chrome_100_percent.pak

Filesize
132KB

MD5
a0e681fdd4613e0fff6fb8bf33a00ef1

SHA1
6789bacfe0b244ab6872bd3acc1e92030276011e

SHA256
86f6b8ffa8788603a433d425a4bc3c4031e5d394762fd53257b0d4b1cfb2ffa2

SHA512
6f6a1a8bfe3d33f3fa5f6134dac7cd8c017e38e5e2a75a93a958addbb17a601c5707d99a2af67e52c0a3d5206142209703701cd3fab44e0323a4553caee86196

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\chrome_200_percent.pak

Filesize
190KB

MD5
c37bd7a6b677a37313b7ecc4ff01b6f5

SHA1
79db970c44347bd3566cefb6cabd1995e8e173df

SHA256
8c1ae81d19fd6323a02eb460e075e2f25aba322bc7d46f2e6edb1c4600e6537a

SHA512
a7b07133fa05593b102a0e5e5788b29488cb74656c5ee25de897c2ba2b2a7b05c0663ade74a003f7d6df2134d0b75f0ad25e15e9c9e0969e9453b7fc40b9f8bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.7MB

MD5
2191e768cc2e19009dad20dc999135a3

SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a

SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\ffmpeg.dll

Filesize
2.8MB

MD5
14e00bf1d9d0df65f8b1a31240d474a8

SHA1
f9fe033725b7b1b5c0efce7a14ed7ab223cb32e8

SHA256
9d1eb0c6eb12bfa87e74a65c2fde5d61c4c93e21fb0800bbdccb6559527036a5

SHA512
652724450296a739de802ba8fac482953146f37665718446e448a350295e1e7b09bd460835bcd0ac26b2e54bb9b791624a9eea11e6c96573c7c4aed22450ed14

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\icudtl.dat

Filesize
10.2MB

MD5
e0f1ad85c0933ecce2e003a2c59ae726

SHA1
a8539fc5a233558edfa264a34f7af6187c3f0d4f

SHA256
f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

SHA512
714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\libEGL.dll

Filesize
477KB

MD5
1dcf5ac3cb0dcda9c9679eeb018d01bd

SHA1
bc21697c5665aab5eaaba61f55719d43328f7e7c

SHA256
9cfc3001191e8b3eb9c96ba29e57e5bf9aaab264e83897e47cb968167a8a811b

SHA512
47d8769bf00cc7555479542abf5e0684799e424d9801dad8c6bd199680d9c40cfa2380d969515db7a0753cf6f3a9733b5afb931fe33863fe30a37092d8dc96b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\libGLESv2.dll

Filesize
7.3MB

MD5
51378647d290f3a08affa8454a3d59d5

SHA1
32152a6677c82ea9e2e842baa907d708b46a6779

SHA256
80c2ef6ca6d0ff4877bd0c0bc082ff19c3a5002d53648bcf5f54368560f9a411

SHA512
ca90f5131d95fdb1e4a5cb7cb2bbef08676f70367b255270871754f776937994e34258084bf46437b25e1745728c279594d64e0718643eac0ac00cfc43d2c53b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\af.pak

Filesize
447KB

MD5
917a688d64eccf67fef5a5eb0908b6d4

SHA1
7206b01bbc3fd8cc937db9050dd8ac86cf44d8cc

SHA256
6981249837ad767fc030edc8838878a5e493fb08cc49982cffaed16cfbeb564d

SHA512
195dbec8463cf89990232296c5c927e1501f0c2e01a7be7c6a6acae651853ce1edb23d639af65979b39a3c61979119c3a305acfa3aadf0cb93e241c5e57f4534

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\am.pak

Filesize
727KB

MD5
3cfd7c5bb92ab72c63e003208a9e4529

SHA1
165d2f69ab6a6e237f0fec943b5577123cefea87

SHA256
12e9e1bec1c46e5ea706157726e17a4429acf288a5754fa183bd9b4cf7d3853b

SHA512
cd7c7837d758ea66abc871503cda6fe99ff45990405e60c1133e7c1f4cb29ee69723c9558bb2d3eccb42948da57351f4f095062616686ab2e255acd3c86236f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\ar.pak

Filesize
794KB

MD5
3c2ab7363018db1f20b90acbc305cb4c

SHA1
60b9cf453178ad0e60faf20d137a0c7eabde65c9

SHA256
3ca47b9c436723f837a53b2904b51efdf13ab6cad2f3ef4fe48a1115847eccbf

SHA512
589beb3e95e93f30341933c9b9826210e6bf3e9c1ad8f113d9d8a98fa5a526f81e454ee3357fb55d60d67a4890ce33e964ba2fa810e1771a6b7e82746492313a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\bg.pak

Filesize
828KB

MD5
a69f6075863d47b564a2feb655a2946f

SHA1
062232499ff73d39724c05c0df121ecd252b8a31

SHA256
a5eb7038ed956bad7704a722f05691474ff709dffbad92b8e31dbb869ad58334

SHA512
930ce3938aa02a8bcc609a64bd86b7e6164d63baad157a980fd079859a6bee5db87bd1f7a74a71108f8368bc9c6154bf14a2dba1abf269f572bc262614bcf1db

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\bn.pak

Filesize
1.0MB

MD5
d43ce80ddca3fab513431fa29be2e60a

SHA1
3e82282e4acfec5f0aca4672161d2f976f284a0c

SHA256
87670ff2ceb1ebc38fce2c3b745ac965f3de5de3133d99ed33933a8f3e99d874

SHA512
1d33ca9bacb91ef328f89a14777a704000bf30fe59aa1cbbbff34d8bad266c98d78c9e411e289e834e76eb721dd98934426a565cd5b3436d5a103abe37f7612a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\ca.pak

Filesize
503KB

MD5
2d30c5a004715bc8cd54c2e21c5f7953

SHA1
fed917145a03d037a32abac6edc48c76a4035993

SHA256
d9c45d55a9a5661063b9bbebb0615de8f567f3925d04fd10938da9617c6220e0

SHA512
b3803551f53d290d8839789f829afc9c1e12052c81ba20d5e01fb3d2bacd5d1e97bd4c05074322eed17fdec04c9176c655076faec8a3aef17c39fb999e0c1fcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\cs.pak

Filesize
518KB

MD5
06e3fe72fdc73291e8cf6a44eb68b086

SHA1
0bb3b3cf839575b2794d7d781a763751fe70d126

SHA256
397134d1834f395f1c467a75d84ef2e8545cb0f81e94dbe78b841fbbdaad802d

SHA512
211594c30ad4f5ca8813596b59751168c60dfa0d13f24f2aa608fce82d21c2de3de69fe007c4bde1602da8aa7ea81ec0f15e173abc1224362c36b493b425b425

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\da.pak

Filesize
468KB

MD5
1939faa4f66e903eac58f2564eeb910e

SHA1
bace65ee6c278d01ccf936e227e403c4dff2682d

SHA256
0b9da7bd6531a7ebe7d8188b320c0953adcfbaf654037f8265261a12e63d3c87

SHA512
51588d2fe724e6c407724ea6f46883ded39397af744effaf672f75952a6a734e61e93e59f446080317f2a2b3fa1b45e7405f90fe0b226c44c9f3dd9a4e130a87

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\de.pak

Filesize
500KB

MD5
2163820cd081fdd711b9230dc9284297

SHA1
c76cc7b440156e3a59caa17c704d9d327f9f1886

SHA256
6d787033c94755cc80c187ed8a9de65808bb4d7968354bbb94b7868ac2e8d205

SHA512
920fa2a10f7aa7f1f6d911fe2a77eded0384617d8fd863943afd99a584dab3fb2ea3e5d2e20bca529689a99fdf303912007f2918c62482d8a90194a810f6e535

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\el.pak

Filesize
907KB

MD5
a14d8a4499a8b2f2f5908d93e2065bf7

SHA1
1473a352832d9a71c97a003127e3e78613c72a17

SHA256
eb46d9860835b69d33b2583d1e52b20238b666b967bf00906424e3c8a161ed64

SHA512
427271d12590f8ea3f11b83e4c0ce79c55c289573c5f6e5c70c789b28a5181f295a3c9b1a4bdd1f731f338e6edb1e06318ea6410ceac546128a84ff8f2ec0b40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\en-GB.pak

Filesize
408KB

MD5
9d9121bdc9af59b5899ce3c5927b55d8

SHA1
568626a374cd30237c55b72c74b708da8d065ec1

SHA256
f4d45ccc89834376f35d4d83fe5b2d5112b8cc315fcb03228720749aae31c805

SHA512
149a8acf256dc12f62706f72ad8ec88cbfdf7f8dc874bcd9facf484cdb00e7c5787f5e1bbc12b5bbe1b19b6524e7e8a1c7dba2838abeb9aafa3ce89795fd22ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\en-US.pak

Filesize
411KB

MD5
626f30cfd9ad7b7c628c6a859e4013bd

SHA1
02e9a759c745a984b5f39223fab5be9b5ec3d5a7

SHA256
0fd74bb69ad35b3f9391fa760bf0eb0ee73d2bea0066244577ef2abd269513de

SHA512
9ce902f21fef70c5b5af444b532b36c9a00d896878cb4021c9b1dc07aa3277d956bca65ee0adb68467eec113e535b60a8a5fb5414c7d0ca761ceae5c43b7d9a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\es-419.pak

Filesize
496KB

MD5
6f4613a4a88af6c8bd4ef39edeee3747

SHA1
c8850a276d390df234258d8de8c6df79240c8669

SHA256
8f7b8776e61e3ed5aa33b1a571ac834653b54b12a499d956b95d567b7e1ba987

SHA512
e5933dcb2aaaa2018ba8b13f4af3dc8a950640ac60acb1b56ad6de24541701d0ffc1f4cb28c7932af924bfd673edcee20bf649156ab95ea9499ec43c703ea141

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\es.pak

Filesize
495KB

MD5
a24e01a4947d22ce1a6aca34b6f2a649

SHA1
750c2550465c7d0d7d1d63ad045b811b4a26dc55

SHA256
848d422be1b8fae74786ed6d6dfa7dd2e97b798b4a9ba1d929085e425b2a54e0

SHA512
02fc4ce96aa523ebc204243bbec3347b09cb20bcc0ba66cf9532a6fb26c48f7f2396bbb833f1916f8f081ffc9c6cd2de07315e66c5115042a0b44270fa4468c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\et.pak

Filesize
449KB

MD5
82a07b154cb241a2ebe83b0d919c89e9

SHA1
f7ece3a3da2dfb8886e334419e438681bfce36cf

SHA256
84866ccaf2ec39486f78e22886bef3fe75c1eb36e7a7c071471040e12018db28

SHA512
07319d155bdf9e27762ecb9ef6871430bef88b1af129450eb65aa798ebaa4e02b25b0cf9bde3b12ff1b04a3d14241569b73d6af895d2e85dd7b24d393e7317e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\fa.pak

Filesize
738KB

MD5
c770cfb9fbabda049eb2d87275071b54

SHA1
20e41b1802c82d15d41fadaf3dcd049b57891131

SHA256
dae7e7c87026cd4e8a4cd813cc71def32c86ed47865ce6da5383b66b7021c5bc

SHA512
cda117a60c853f12ade579c34fce22d992b33df1f5001a237767b6e642d5c775c3387bcee05d6557fe5a2f6235f93258954a697d3b9812d2550c4801869f4751

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\fi.pak

Filesize
459KB

MD5
fe011231bbc8b3a74652f6a38f85bc88

SHA1
2b851e46738d466b3a5a470de114d15051b6eb6b

SHA256
7a3249514585491eb47fe4b579edc27ccc48761e7ad6bc11d113b257132c5dd2

SHA512
2a4e5c1409347b4b514556c81ef32c8ae118add28e3469717b13045c8424fed9b817c7988629050ed3e732e0cdca181891b6a8b9e64e4c8d65f004d7c8db9796

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\fil.pak

Filesize
519KB

MD5
7354de570c8132723c8e57c4ccb4e7c4

SHA1
177780faf460e3c8a643a4d71c7a4621345a8715

SHA256
91149190c856195fb330605686acf09c7197e5b7efe37fe2a7c76bb8fb08cc89

SHA512
a8487a6a7fd46d62e78ca4262de49e12c120268561ee61a642c45efa48116edebeb40cf9e8be229db0bbf06bb6b5457cc54399a08ee6a603e5540ef5ca482798

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\fr.pak

Filesize
537KB

MD5
d8b4bc789a0c865fb0981611fb5dcdbc

SHA1
33f9f03117f0bba56a696f2fa089ba893ee951a2

SHA256
52aa0a18ace6347b06a89e3851a1b116812c022dbe41da8942278878b5409cee

SHA512
58d19e5a3c68c901fa2a0c327a45b410ab9b9e6c39298db48eed25345453dce1a4633afe6277cf53ed558e160065b89c0e38a32caeced47e79783dbda4d74f26

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\gu.pak

Filesize
1.0MB

MD5
225167dbdf1d16b3fafc506eb63f6d1d

SHA1
8651b77f41e3c5b019ccb124a7c8f6449a04b96c

SHA256
ff379dd77136b9b85e7e9fcb5b261ace9c6d9184af3ba2dea35b1757b9bab6d9

SHA512
a353d36a87b6608578816056647de45a456f9012d399b2cb5cb7b9de867a370fcaf1a90d293f367b9b678d13991294425abd85cf77e971afa0d3e9c316952115

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\he.pak

Filesize
645KB

MD5
d8320b09c1e138b00655db0802687bca

SHA1
01616bda6b22c70d5c6440b7451ae736eb1336cb

SHA256
e3336668aad9ad661e7f589f1a405b9c95fc771261cdf9328aca88f4be763374

SHA512
5a91596d7e82dc3d692083ae45aff6fdbddd08ca17f49a020e0769f98c4218b6c9cd31e54524473b7cdccbebf4d7a7f0ff23b5075a1e1ada5cc35c3fd0172bed

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\hi.pak

Filesize
1.1MB

MD5
9e1788b0f3e330baf2b9356a6c853b20

SHA1
a2f4b37a418669e2b90159c8f835f840026128d9

SHA256
c640313e10e985a58d16f928d2428ae278421a070d948733ac68fdf7312090fd

SHA512
b9a577e084f8daeb53fad0a9423661c99cab272125899a16b0b052606a2cb88f823137f3a21b5c06b10e0235321b7faca84cd759bf406fb2dd02c2f598e92cb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\hr.pak

Filesize
500KB

MD5
af7aec4b45ead620463b732e16f63e47

SHA1
e6838c56b945c936fdb87389fdc80cdf7bc73872

SHA256
bfeeafe2f8a9f797d20c4209181c4768fbea4a61ff2dc1f57f6cd18bc872fc13

SHA512
784ff8dc6011883e931b4b8371e5ada960120931bfdf24f81648f5092fa31db1d03e5d3cf5cd16d57ea7fb7877bb25a28533085ab42bfe40dc25ca7d9cee7ade

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\hu.pak

Filesize
538KB

MD5
b93beeb1e35a29b310500fa59983f751

SHA1
45c0b2cab4c4a820cfc2aed4b7236ddc79a0db00

SHA256
bab09c3cb80130a4a288642633c2b31ab08b1757466d9a468bc36d276079f002

SHA512
249de5b8bd7c4755caa8b9552254d353b0d885b63bd5f7c6c8e29b3f4e447c9e8d6c0e88d5aaba0b898aa26880592b3904e19ca4797a2ac1dd757aaee782c37c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\id.pak

Filesize
443KB

MD5
bc719b483f20e9a0b4b88969941c869d

SHA1
4d926a9aba7c350e9da8aa570a9f52534c81aa88

SHA256
f175e58be47b228803aa32d2695e2fcfaf4655b65b96fb6b539b3e59593e6799

SHA512
ddf6108888676c1a90865daaa88198b681b685d9047b0e10f5aa08daa39a628a84732a8518606176529297bec51ce8bc39e910eeffc8b88e9585fafb694c35db

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\it.pak

Filesize
489KB

MD5
ab160b6e8bbaba8f8bde7e2d996f4f2e

SHA1
eb7eae28a693337b8504e3e6363087b3b113bc72

SHA256
e86ba661b3f6f7ecd2312fe90b873330c0d6516a5501a0f326875844e8d4b289

SHA512
14e8919e2f5a7ad2b3f310ffec590b221e6e0dc45f37efc57ff9b8ff7a3ca674d6f4b9bd65e49a98af6726fa953f2168e5c8e6101ed977e8c7ff4a51203f8d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\ja.pak

Filesize
598KB

MD5
dee9626a8d7cacc7e29cff65a6f4d9c3

SHA1
5c960312f873ab7002ed1cce4afdb5e36621a3ce

SHA256
63ad3974baa8c160ba30448171f148d008ac19e80010fb13d3a65cf411b67ae0

SHA512
ee80d58886f4ac378d6491e075062c171a715af7c42dd1785952b25a572381acd722764e8be914adbfccf2a5fa4a51968b989b632eefb9d636851f1b8ffb82e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\kn.pak

Filesize
1.2MB

MD5
32e5f528c6cee9de5b76957735ae3563

SHA1
74a86191762739d7184b08d27f716cfa30823a98

SHA256
cd297f7e872b34e63ca2d98dc2fa79085e8a2985ba8757601e4b901a3f30b013

SHA512
92d100b1289e63fd0dc65657fb4b1e16f298735e6cd066e9122d04e3b79e0d286f15fc9f1da2c3a05af528b92bde95fcfbc493c466db2d94a0749adfbf7fb8d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\ko.pak

Filesize
505KB

MD5
38a95d783d627e9a83ad636faa33c518

SHA1
cb57e8e9ef30eb2b0e47453d5ec4f29cea872710

SHA256
0d9b23e2981412d11ecea3ade8d521a073802d9431c39d72b88f62b98e50a96b

SHA512
4119b8f82107473c941c9e10b6bae97d60c9c47570cc2b40f429a95f4f5cca77eecbacd7023af439429026f6e55ad9df19998c8b98be0d04d384b310d025c0dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\lt.pak

Filesize
543KB

MD5
3e9119a712530a825bca226ec54dba45

SHA1
10f1b6bf2fa3a1b5af894d51b4eb47296c0dbc36

SHA256
3da531a9a5870315823e74b23031cb81379d2d94ae9894a7fb1d8a8ad51a2da9

SHA512
765c872cafa1b266575b0cac09dfa796cdb860bd82e1c657397fe2aada11771f306b0a1776e4d66ff41e94b153c812592430f31e7b1ff97abe7d8e6b96d321f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\lv.pak

Filesize
541KB

MD5
e75cdda386dd3131e4cffb13883cda5f

SHA1
20e084cb324e03fd0540fff493b7ecc5624087e9

SHA256
ae782f1e53201079ca555baa5ec04b163188e5161242d185f04a606a49fc8c0d

SHA512
d27bc61028031946ed6708918f921c3d681c8962b8d5507a91ab6576e3b2c462524e550305db87ede886e41fb0e49edec2d84cdbbad675282105627e01d98bf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\ml.pak

Filesize
1.2MB

MD5
6e96eddfe80da6aaa87f677feef4d1d6

SHA1
8a998785d56bc32b15cee97b172cd2dcdc8508d9

SHA256
e2fb73353ab05eb78f9845bdbdf50b64c9fb776b7f08948f976fe64e683397c4

SHA512
feea11dfc6ec153ab903b5828306617eedeee19daa73bd046ae47757795fecb9abce6192bb3a9561aaace7fc85ee442057b93081c6c986855b819fd38815e6f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\mr.pak

Filesize
1.0MB

MD5
fda40999c6a1b435a1490f5edca57ccd

SHA1
41103b2182281df2e7c04a3fff23ec6a416d6aa9

SHA256
0ebb125a0bdfd1e21b79914ca8e279790d41f7bac35bf2d031dd7981f1c1c056

SHA512
666ceb24d2e568a00a77512295e224a6545bf6abcfa19c93aa823db5330117fcb39fde570e7601dbd41976950c3ec03634f89fc5d9203357515e6651ab0b6d32

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\ms.pak

Filesize
465KB

MD5
73096184d7bd6a9a2a27202d30a3cfa1

SHA1
ea711b29787aa8b9e9af6bde5b74103429e5855f

SHA256
d1072514bab63af5dfbf923175d491787139f0c1b6361acb23e67543836c84ba

SHA512
e3fbee4896554e502c222b5ffe38e9d61e9db4d18cdc92ce5118b819dc60789bfd6d6c7f8444ff1763222455ab91e79bfe500e75c0e06b0de70c2c64fb043c6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\nb.pak

Filesize
452KB

MD5
28cc86c7204b14d080f661a388e7f2c0

SHA1
e0927ea3c4fd6875dafd7946affb74ad2db400f5

SHA256
9253122d94ccea904fb9363b8178ca9335b8380b7891f1a7a22afb3113309e72

SHA512
e2524e10d145f95c028d65e47cf06fc82c7a43fcf0ecf01202278c7fb14079c03e9434e8039fd96aaee870872c9896d9f0ed575e50c19a3781cb0c94fe59b3a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\nl.pak

Filesize
466KB

MD5
7fc6ae561fd7c39ff8ba67f3dbaa6481

SHA1
2e3977403a204c6f0ca9a6856bb1734490a57e72

SHA256
844031e1de2b2872d12d5b7d42adf633c9d4b48169b1b33b7492b3b060c73558

SHA512
90294ae24b7db003bc34a48f98d9e1887e87c6f605defe01ddcf9187429e8446c04a7f94bb6aadc8e61c98842163bc3702b414393ab836eb0bee038f09481c2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\pl.pak

Filesize
521KB

MD5
ba7a9aba68211d8639dffae0ef8b88da

SHA1
a9a26b8f0902475cb576967cbe9013028cb21da4

SHA256
60aa08598a81bb46ddc64a5ab0852565554c6e6262e9c5dfee09f4e3fc08d5fe

SHA512
a1b8bfc3e19aa1267e31838e1c1f2b0b1cfcdf56f84e967088d626b58ec64b3305043a14b12fd080498ee1d74a4192453914c393ce8f848ea5616cf88abc4eb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\pt-BR.pak

Filesize
490KB

MD5
53d5fb849c9bab70878b3e01bffad65a

SHA1
e72af1a76539e66cef4a4eef5844b067a4e1a79f

SHA256
40dd24c5e225ed941bbaab3dcfefa993e39fbc75a1798f4f6e06424956698ac5

SHA512
55357643d789d2eed72e009f08f72ba4895ba455ca00c8347a3c3790e43f8d7e4625feda438ecac840bdc52c26d2135d89bea693b61a293922b6056bde6b4516

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\pt-PT.pak

Filesize
492KB

MD5
0237374730fa1a92dec60c206d7df283

SHA1
62dbbd855d83ef982a15c647b5608dafb748745a

SHA256
2fb2fd2e32b952dcbc8914f9d3aaf02bf2750b72abfee2e8b2bb08062ddd9934

SHA512
63ec4ec44002724e22703a3bd952d1ff4062b367c4f5e3f106349bd226ad1317bef2e371fda0e099ea5c0afd32a9d2c1246c93c18d73dccf8fc2c1644a6fb6b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\ro.pak

Filesize
510KB

MD5
4e692489e2ae74a4a11ca0a113048f15

SHA1
cb2b80217d5372242d656ac015c024fe1e5e77b7

SHA256
4a2a305668f1926cfe4bb72e8fbfde747c83ac4dd9cf535c13ae642d0b96fb79

SHA512
8ad9e0a79137a862def24d6963536e75b87bb71ab74dbdd43531c5c95ddd3cd834f22c6a8e3a1e03aad35ade65ecd227d5101b5be3ce3f0b7b471f5136cfd77c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\ru.pak

Filesize
836KB

MD5
1a9b38ec75ccfa3214bef411a1ae0502

SHA1
de81af03fff427dfc5ffe548f27ed02acae3402d

SHA256
533f9e4af2dce2a6e049ac0eb6e2dbf0afe4b6f635236520aee2e4fa3176e995

SHA512
05cf20aea71cdd077b0fa5f835812809ad22c3dbebc69e38ab2c9a26ad694ab50d6985aec61633b99713e7f57408c1c64ce2fb9ccdac26661b7167853bdd6148

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\sk.pak

Filesize
526KB

MD5
f117e58e6eb53da1dbfa4c04a798e96f

SHA1
e98cee0a94a9494c0cfc639bb9e42a4602c23236

SHA256
b46db20eeba11f8365296b54469fdd001579852dc1d49a01fc59d2a8bcf880a3

SHA512
dea792a63e0557d9e868c0310ec2a68b713daf5cf926389e05a0885cdb05433d20f35d087de269f9584795da50600966b8ff5dd95583861443a1e90564a89793

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\sl.pak

Filesize
506KB

MD5
435a2a5214f9b56dfadd5a6267041bd3

SHA1
36bbc7ca3d998bfb1edc2ff8a3635553f96ca570

SHA256
341c33514c627501026c3e5b9620cf0d9f482ab66b10a7e0fb112c7620b15600

SHA512
55271935e18ac27c753431af86a7dcd1f4a768adef1b593ba8e218da34856a5f9faf9819a3ecce3f21f0607ba95100c5cb18cd1a7138ec563090d0391ad5b52d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\sr.pak

Filesize
780KB

MD5
8f58b2463e8240ef62e651685e1f17d8

SHA1
6c9f302aed807a67f6b93bcb79577397a5ad3cf7

SHA256
5a55320d6953efb5b565893e32e01f6dae781a16460df5502c8ba012c893edfd

SHA512
6076d43a73d5fa5192cbe597e018b268cfdc7efb94a6cb45dad5b0da9c3abf68aaf2ea06f3ad650b28a993605917b6d356339d79f8dd6962d2c40dbf4653ef83

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\sv.pak

Filesize
454KB

MD5
e4c9ced1a36ea7b71634e4df9618804f

SHA1
c966c8eb9763a9147854989ea443c6be0634db27

SHA256
e5cccdb241938f4a6b9af5a245abe0e0218c72e08a73db3ed0452c6ddfb9c379

SHA512
d07a4d62f22a1830d3ec44f0c347e4a7d70b35ceba126cbdc246a7b3ee7eda85e2338bab3edc7223f579964868136bb10d42c05e0e0ff9f73447b3606d9b2c4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\sw.pak

Filesize
479KB

MD5
59ff4e16b640ef41100243857efdd009

SHA1
f712b2d39618ffadcf68d1f2ab5a76da5be14d74

SHA256
c18a209f8ec3641c90ea8ced5343f943f034e09c8e75466e24dcabc070d08804

SHA512
0e721a6cbf209ac35272ad292b2e5000d4e690062ddb498dbf6e8e6ee5f6e86d034a7303a46c2b85750245381c78efafc416ead13c1fe0ee5ec6088dd66adca2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\ta.pak

Filesize
1.2MB

MD5
5f80c9da0c09491c70123581a41f6dad

SHA1
3fc9560a954271cf09aaa54eec34963c72c06e85

SHA256
30658d99d753946e9c9c02094c89be25b710db77251df6cd1a8839c29de5f884

SHA512
072c5db7fe1eb9e6c270d0e9b439cf84ebb3dc374d4f01f01f9341030883f2d6d9c6970fb6ef14bf96fccb51eade9ca762f396f89ba1d3df1230dda68557fd4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\te.pak

Filesize
1.1MB

MD5
17b858cf23a206b5822f8b839d7c1ea3

SHA1
115220668f153b36254951e9aa4ef0aa2be1ffc4

SHA256
d6180484b51aacbf59419e3a9b475a4419fb7d195aea7c3d58339f0f072c1457

SHA512
7b919a5b451ec2ba15d377e4a3a6f99d63268e9be2865d674505584eed4fa190eaae589c9592276b996b7ce2fdfae80fda20feff9ea9adbb586308dfd7f12c2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\th.pak

Filesize
964KB

MD5
4917873d8118906bdc08f31afb1ea078

SHA1
49440a3b156d7703533367f8f13f66ec166db6e9

SHA256
d051b400096922089f6daa723fac18c9640ba203b2879aac4ca89b05738dd32d

SHA512
30e6446bad54b86be553fa293c7a92ec221adb54b99624ed69702df75347a98697158041a45f77ece4e7ed0fda41306ef21eb27981f24f0a4e42e8306175a88e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\tr.pak

Filesize
489KB

MD5
55e06cd9356d0fb6f99932c2913afc92

SHA1
aa5c532ddb3f80d2f180ad62ce38351e519a5e45

SHA256
afcbf02420dc724059f70d1dc6ffa51f5dd75136d9e1e8671d92d5d14955edf9

SHA512
813c180cb1aa205034497be5fc8a631ff117e5ed17cdf0ac59b7569d74d849b385852a15bbadd3146f942c58bab80d94bf0980d13ca4b4424d1cb1df0cb1a2cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\uk.pak

Filesize
836KB

MD5
381cb33c2d4fd0225c5c14447e6a84e0

SHA1
686b888228f6dd95ade94fee62eb1d75f3e0fc93

SHA256
c2a6b16abeab6e18276bc1636555e93218763b9c99cacd0b42481b35e3a11820

SHA512
f7a2828aa4cd85f07a5d66832f247f70951abf34f81a282dc41ec51875ba70d940353d010b605c56cc59bee47309aa311099d4e6ebd17f3c1538521d0cddf4b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\ur.pak

Filesize
732KB

MD5
861ffd74ae5b392d578b3f3004c94ce3

SHA1
8a4a05317a0f11d9d216b3e53e58475c301d7ea5

SHA256
b9f22a23368bf1e21f3085583ecb775cce8045176721ff6ae798b06bd2810dbc

SHA512
52ede35b7ed1fb6e51b18e450b95c3245d326f2afda646e3642ee68b714dcf9a726afe32e2759e9ea87a104f4a59e6fc2c60b3275aad8332ae1c626231e6747b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\vi.pak

Filesize
579KB

MD5
4076d3c0c0e5f31cf883198c980d1727

SHA1
db51b746216ea68803c98d7c1a5a2b45944359f3

SHA256
f1458c4ce4ca708e849eb0c68a5157360ef003f3a9c95628d5ca12ada303b379

SHA512
80e4e960218f7d84423124c34352251411baf008e821a344a0b6c2e7f1483694010f28b7de21c7e2c69abb4ec92e0d9cbddeed6279b90c47245f4cbc500cdb77

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\zh-CN.pak

Filesize
418KB

MD5
3210460a24f2e2a2edd15d6f43abbe5f

SHA1
608ff156286708ed94b7ae90c73568d6042e2dbd

SHA256
0f8d42d7f0b0b01aafad6ae79f0bd0ca518b2db94287b09df088bc093f15f605

SHA512
f97427dba4217e01a7ed395c453d03dda4f2258cba589258da0eacfde427bf442cddef541a23e7782914433e70a9623e904a5070deba9f9d50dda20732eb5e86

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\locales\zh-TW.pak

Filesize
414KB

MD5
f466116c7ce4962fe674383d543c87f6

SHA1
f65bf0dc1f1b15c132674fb8ff540f7d2afe1d6e

SHA256
ff3a294fd1afb1fa7aaf53fbc4396643a12ed132633c5c86f14c16b88fa94a7b

SHA512
4851a08069fcac75e4051e53d4526789bfe6c393ab963e8263803bbf6e96cb150e9ba741650efb5ee500e8a757d8512eb17dc268cec1ab6fd3acfac62f7da27d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\resources.pak

Filesize
5.2MB

MD5
e2088909e43552ad3e9cce053740185d

SHA1
24b23dd4cad49340d88b9cb34e54c3ca0eb0d27f

SHA256
bba36d4d18d64d9627f54c54fd645c5ba459d25a59acc5228210bd707aef67fd

SHA512
dcefacddec38d8941c7d2d7b971b6f22dd0acb4116e48891d1d48a4d88968da12b152ccb7591715c88f8e14c315e235d1c4e6852cc38b9246091c50226900de6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\resources\app.asar

Filesize
8.3MB

MD5
a521a4a086d1f75afb8529cb4990ab49

SHA1
c92d0f30c192943a8e07ad982e07b37b896b2804

SHA256
8d823180c602fd196ebef1fce39198580361da6958e5901c7ed1640886321d85

SHA512
a1faeac6753367ba4f4deac0ca86d848233fd51e06830e561a5ae44294a0bacc5615115a30d00150dd1d8d81f2b3be24bfac9402b73f338a038b72bb909d9dd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\resources\app.asar.unpacked\node_modules\ilovingcats\dist\index.js

Filesize
412B

MD5
0b33e83d33b01a51625a0fdcbef42ce3

SHA1
1c29d999ff7da39426b97f2eb31a3d83db8f5fc7

SHA256
a7ff0225cb5ebcbef8499c6c8ac2be924f584eb375dacb1d8bd3dc6540b510f2

SHA512
1d04caf4fc2e876bdf2a089ae938a41fe4d3f2928aa846709bafd2de236fa8c754fcc84d7e8a5f5734bc1cecc04b395ab9d2114945b35e8c85cd3b9ee8f9799c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\resources\app.asar.unpacked\node_modules\ilovingcats\package.json

Filesize
668B

MD5
f368ff4d4a2aae50fd27ff564e3b2faa

SHA1
6bc8d242e609377d971d460562444221e8277ef9

SHA256
47ca08527fca244a13f337bbcf0f3a3ba55b7b92c8fd308f129e3031e0c9552b

SHA512
0d6a3e3a1c89d851adec4e5806ef26305dfe5bbc26f8fd624b8ec440039b6b50f46a72887d2274bb365da929a19cbb1f337661c467714076e124d2144b0ec918

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\resources\app.asar.unpacked\node_modules\ilovingcats\prebuilds\win32-x64\node.napi.node

Filesize
137KB

MD5
04bfbfec8db966420fe4c7b85ebb506a

SHA1
939bb742a354a92e1dcd3661a62d69e48030a335

SHA256
da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd

SHA512
4ea97a9a120ed5bee8638e0a69561c2159fc3769062d7102167b0e92b4f1a5c002a761bd104282425f6cee8d0e39dbe7e12ad4e4a38570c3f90f31b65072dd65

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\resources\app.asar.unpacked\node_modules\ilovingcats\src\dpapi_addon.h

Filesize
206B

MD5
ea1e5899ec0210d7de4ce325d1d94022

SHA1
464da48d40547cb08a67a1ed38cb0ae8369f2f42

SHA256
18280b1135123aff82fbf4188a5aadfc9a5d6fffad9309f72f347f380f2da550

SHA512
6dae672ea822a7dc5e42914def21c019c0fa8aeaf1c27c155b78312d8a33a63ae9a1910dd32b72760578671780b8c37b91ff5e1f6588f08c7fbaaff80d8fb6fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\resources\app.asar.unpacked\node_modules\ilovingcats\src\dpapi_not_supported.cpp

Filesize
327B

MD5
c510e65ebcb2fa7c00712e770ec8c692

SHA1
ca1ea3c8340dcf69f344d5eaa884631eef37472b

SHA256
7c03cec11c438b6d2512239477d9f1b45d6e16763122a3a36458ab339f50d3c4

SHA512
b0b312426b4409c80b45a0f3337069be9870e050dc8b55184fb2bc63532c247089c8d35cbd1f12f0bd2bd38d581566faa74a6469b548a1ad7d837285ad37c178

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\resources\app.asar.unpacked\node_modules\ilovingcats\src\dpapi_win.cpp

Filesize
2KB

MD5
4a55597a2c7466278439452bb708b822

SHA1
eaadcda8f410f2dd1fd9522fd7a2221624dd1713

SHA256
da37b02fb0babb651244479ea019d229fff1c41ecde74bc06335b5e603d9b30e

SHA512
b20efe8026de41dd8c13c6f844455cacc13fa80bc3dd41fef422fb178054a7c8d6f14af8b1d6928e52648ab95a793aee1f996dc2aceead3aa8d317a99aad23bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\resources\app.asar.unpacked\node_modules\ilovingcats\src\main.cpp

Filesize
698B

MD5
88934cc736b505ada3d07afe22083568

SHA1
6d1d112f4e7fc943dc5c9ce5ad2f32154aeb2f3a

SHA256
1ada21451bab629832372d519e366bfb08c80facfefe5a40c76a4f10a697c905

SHA512
9f45386cba32d13a50360916b0c2f240e43cba5983a86ad80f85c75cd8e6ac2c6b931992842a736e84e234b91fc46a7a66824a3a2748f474cf1bbd22ec138a99

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\LICENSE

Filesize
1KB

MD5
79558839a9db3e807e4ae6f8cd100c1c

SHA1
ae3dbcee04c86fbc589fcf2547d4aaaeb41db3c2

SHA256
7686f81e580cd6774f609a2d8a41b2cebdf79bc30e6b46c3efff5a656158981c

SHA512
b42c93f2b097afa6e09d79ed045b4dd293df2c29d91dda5dda04084d3329b721a6aa92a6ad6714564386a7928e9af9195ac310deecd37a93bb04b6a6f744be46

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.node

Filesize
1.8MB

MD5
55c17fc28239b0e8ea873f9c9c4e2c02

SHA1
c1be46fc03e63eae5145018c1ee3e70b3af9338f

SHA256
85ec4e3bcec60ec481cd712b4fcbe83631d5ac1e189a87b08a33e1c85f206a66

SHA512
4d670cf1a2d88452b0d384044f0d0c0f83475e0844711df5420c0cfd0567ac6b655aa75fda81dd2f35bbe7db6c380f0b50e3c6f1d9506096ef17f8d3a8cab7d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\common-sqlite.gypi

Filesize
1KB

MD5
0ad55ae01864df3767d7b61678bd326e

SHA1
ffedcc19095fd54f8619f00f55074f275ceddfd6

SHA256
4d65f2899fb54955218f28ec358a2cad2c2074a7b43f862933c6a35e69ae0632

SHA512
aaee895d110d67e87ed1e8ed6557b060a0575f466a947a4f59cc9d111381e1af6aa54d432233716c78f146168d548a726fed1eab2b3f09bb71e0ae7f4fdc69e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\extract.js

Filesize
224B

MD5
f0a82a6a6043bf87899114337c67df6c

SHA1
a906c146eb0a359742ff85c1d96a095bd0dd95fd

SHA256
5be353d29c0fabea29cfd34448c196da9506009c0b20fde55e01d4191941dd74

SHA512
d26879f890226808d9bd2644c5ca85cc339760e86b330212505706e5749464fafad1cb5f018c59a8f034d68d327cd3fa5234ceac0677de1ac9ae09039f574240

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\sqlite-autoconf-3440200.tar.gz

Filesize
3.1MB

MD5
c02f40fd4f809ced95096250adc5764a

SHA1
8398dd159f3a1fd8f1c5edf02c687512eaab69e4

SHA256
1c6719a148bc41cf0f2bbbe3926d7ce3f5ca09d878f1246fcc20767b175bb407

SHA512
59ad55df15eb84430f5286db2e5ceddd6ca1fc207a6343546a365c0c1baf20258e96c53d2ad48b50385608d03de09a692ae834cb78a39d1a48cb36a05722e402

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\sqlite3.gyp

Filesize
2KB

MD5
0e4d1d898d697ec33a9ad8a27f0483bf

SHA1
1505f707a17f35723cd268744c189d8df47bb3a3

SHA256
8793f62b1133892ba376d18a15f552ef12b1e016f7e5df32ffb7279b760c11bd

SHA512
c530aba70e5555a27d547562d8b826b186540068af9b4ccd01483ec39f083a991ac11d0cc66f40acaa8b03d774080f227ee705a38995f356a14abe6e5f97b545

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3-binding.js

Filesize
59B

MD5
8582b2dcaed9c5a6f3b7cfe150545254

SHA1
14667874e0bfbe4ffc951f3e4bec7c5cf44e5a81

SHA256
762c7a74d7f92860a3873487b68e89f654a21d2aaeae9524eab5de9c65e66a9c

SHA512
22ec4df7697322b23ae2e73c692ed5c925d50fde2b7e72bfc2d5dd873e2da51834b920dea7c67cca5733e8a3f5e603805762e8be238c651aa40290452843411d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3.js

Filesize
6KB

MD5
275019a4199a84cfd18abd0f1ae497aa

SHA1
8601683f9b6206e525e4a087a7cca40d07828fd8

SHA256
8d6b400ae7f69a80d0cdd37a968d7b9a913661fa53475e5b8de49dda21684973

SHA512
6422249ccd710973f15d1242a8156d98fa8bdea820012df669e5363c50c5d8492d21ffefcdfa05b46c3c18033dde30f03349e880a4943feda8d1ee3c00f952b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\trace.js

Filesize
1KB

MD5
e5c2de3c74bc66d4906bb34591859a5f

SHA1
37ec527d9798d43898108080506126b4146334e7

SHA256
d06caec6136120c6fb7ee3681b1ca949e8b634e747ea8d3080c90f35aeb7728f

SHA512
e250e53dae618929cbf3cb2f1084a105d3a78bdfb6bb29e290f63a1fd5fbb5b2fab934ad16bc285e245d749a90c84bdc72fdc1a77af912b7356c18b0b197fbe5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\package.json

Filesize
1KB

MD5
86945dbfc336d6569a0fd76774951b63

SHA1
09d4d570f18a284af5b8ef54e11161f03449632e

SHA256
5550921902d3dfd9f197eff2f01413e33f8d998b463dec0e2655af07e9e4b290

SHA512
1cb4e37612018bf13aedba6b26103a34cddf504eeae3b8f64bfd5d0682838983aaa6310620944ba009cfbc448143449d6808c4122ed377b1ba16e639d0d7bec7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\async.h

Filesize
1KB

MD5
e8c5e5c02d87e6af4455ff2c59c3588b

SHA1
a0de928c621bb9a71ba9cf002e0f0726e4db7c0e

SHA256
cce55c56b41cb493ebd43b232ff8ffc9f5a180f5bab2d10372eca6780eb105f6

SHA512
ed96889e0d1d5263fb8fed7a4966905b9812c007fbb04b733cadbe84edc7179015b9967ff5f48816ff2c97acf4a5b4792a35cee1f8fce23e5fdc797f8ee0c762

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\backup.h

Filesize
6KB

MD5
29dd2fca11a4e0776c49140ecac95ce9

SHA1
837cfbc391c7faad304e745fc48ae9693afaf433

SHA256
556ba9af78010f41bc6b5b806743dc728bc181934bf8a7c6e5d606f9b8c7a2e9

SHA512
5785667b9c49d4f4320022c98e0567a412b48a790c99569261c12b8738bde0b4949d3998e2b375540ede2ff1d861cad859780ade796b71d4d1d692e1ed449021

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\database.h

Filesize
5KB

MD5
de31ab62b7068aea6cffb22b54a435bb

SHA1
7fd98864c970caa9c60cfc4ce1e77d736b5b5231

SHA256
8521f458b206ed8f9bf79e2bd869da0a35054b4be44d6ea8c371db207eccb283

SHA512
598491103564b024012da39ac31f54cf39f10da789cd5b17af44e93042d9526b9ffd4867112c5f9755cb4ada398bf5429f01dda6c1bbc5137bea545c3c88453b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\gcc-preinclude.h

Filesize
861B

MD5
55a9165c6720727b6ec6cb815b026deb

SHA1
e737e117bdefa5838834f342d2c51e8009011008

SHA256
9d4264bb1dcbef8d927bb3a1809a01b0b89d726c217cee99ea9ccfdc7d456b6f

SHA512
79ed80377bfb576f695f271ed5200bb975f2546110267d264f0ab917f56c26abf6d3385878285fe3e378b254af99b59bdb8bbcab7427788c90a0460eb2ee5b77

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\macros.h

Filesize
10KB

MD5
b60768ed9dd86a1116e3bcc95ff9387d

SHA1
c057a7eebba8ce61e27267930a8526ab54920aa3

SHA256
c25be1861bd8e8457300b218f5fa0bba734f9d1f92b47d3b6ab8ee7c1862ccbe

SHA512
84e0670128f1d8712e703b6e4b684b904a8081886c9739c63b71962e5d465ac569b16cb0db74cb41dc015a64dcc1e3a9a20b0cf7f54d4320713cc0f49e0f7363

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\statement.h

Filesize
6KB

MD5
0b81c9be1dc0ff314182399cdc301aea

SHA1
7433b86711d132a4df826bae80e58801a3eb74c9

SHA256
605633ba0fb1922c16aa5fbfffed52a097f29bf31cee7190d810c24c02de515b

SHA512
9cf986538d048a48b9f020fc51f994f25168540db35bdb0314744fdec80a45ba99064bc35fe76b35918753c2886d4466fdd7e36b25838c6039f712e5ac7d81b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\threading.h

Filesize
388B

MD5
f2a075d3101c2bf109d94f8c65b4ecb5

SHA1
d48294aec0b7aeb03cf5d56a9912e704b9e90bf6

SHA256
e0ab4f798bccb877548b0ab0f3d98c051b36cde240fdf424c70ace7daf0ffd36

SHA512
d95b5fda6cb93874fe577439f7bd16b10eae37b70c45ae2bd914790c1e3ba70dfb6bda7be79d196f2c40837d98f1005c3ed209cab9ba346ada9ce2ed62a87f13

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\snapshot_blob.bin

Filesize
261KB

MD5
6fcb8a6c21a7e76a7be2dc237b64916f

SHA1
893ef10567f7705144f407a6493a96ab341c7ccf

SHA256
2bceef4822ca7cc3add4a9dcb67c51efb51c656fce96a3b840250de15379959c

SHA512
3b745740bbbe339542ef03fd15dd631fb775e6bf8ca54d6d2b9cead3aa5aafc4cab49e507bc93641e581412bbeb916a53608d5f5d971ea453779e72d2294dafb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\v8_context_snapshot.bin

Filesize
611KB

MD5
1a37f6614ff8799b1c063bc83c157cc3

SHA1
8238b9295e1dde9de0d6fd20578e82703131a228

SHA256
4fbe07f71b706c2a2948eba9a6b1979e23c83342b190723a6ec5251b2d6dad7c

SHA512
6677f65a0e26fdc2cff6cef0231f5e5f0713ee7c5cf7f488599a3c7ac3e8365afaec10b35d6145ea58d364151d8bcb08308765693a9797ea99b894d6e8224ac7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\vk_swiftshader.dll

Filesize
4.9MB

MD5
0b0658bf4f8cf397e1deddc50d67523f

SHA1
8fcf0726ee1272a3d5c65d50be1626f1b1f49477

SHA256
94adcd97d1cdd459d21f0b5b57e0caf4c5c6e44f7bc6fc6a73f0bd133e8d551e

SHA512
d745424644b66783dc8cf6dd043f27356f25afcda679ed43672fc0caf33c7339006f033e0fb392c865a5eb3e9f0e5edf37154e77121ba5a71893420da26b7cd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\7z-out\vulkan-1.dll

Filesize
931KB

MD5
d421ae53119ed85e1e90b073eb51d7d2

SHA1
014f0f98a2271d385d57152a15f5d8a763d27c14

SHA256
3a433f9cbee4cc89ac58917f1872ee0f38ba451760d4bba6f37712f0c8179b7a

SHA512
8b36d24496ff5253a375ee72de616cbc165f815f8d1ee339955b922846b1e0de015f86ff45b8ab710d0ecf162fe3c6c801774b889cdfc35feb6baf5d12d67bdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp475A.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4884_1102798992\CRX_INSTALL\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\wjnSI5UPzg80pUGCRQ50PqGSZ\Chromium Bypass\Chrome-Default.txt

Filesize
251B

MD5
53caa2d72cdb13b4b2a54996d17ec2c4

SHA1
a5ea1b72b47c3f40600dfb933b44628e51d1c416

SHA256
e1eeb460beb7f4e3f91e634ab531f822b27d9d0bca784b0b8d8a7c5b40dc3896

SHA512
6907b6de30371bd048234ddb01689e50468b80f39fd5cd01a720bf9735467a4c2bedf6cd237275638a62fd17e4f78b7ff191922419cf417c38f52c0e94b90135

Download Submit
C:\Users\Admin\AppData\Local\Temp\wjnSI5UPzg80pUGCRQ50PqGSZ\Chromium Bypass\Edge-Default.txt

Filesize
539B

MD5
74acabc831799cc337f708098ee8585f

SHA1
48359f8e7e16ef0ff0f5baa38679693b7dae7972

SHA256
6009275fad6f4739f6ab97773ed51c5347693f737483491e515ea8703f238423

SHA512
2f66b70d2369266587ba64945d5e3be2c68e99c3b662dea6cb94f64d2ef493665f633974451484b7312bbeac02a4c6b562e69a57239d435eabf211afcaecbad4

Download Submit
C:\Users\Admin\AppData\Roaming\unrealgame\Local State

Filesize
434B

MD5
5cd06dac5757df85571db5e2b13f9837

SHA1
0f9f6b2212f676ff51a97e687821626ad24aa2dd

SHA256
b18c33659c1cb588af26df67a3ab83b8af30e1f832ca45f2cadfa13ee1d375d5

SHA512
a69e64aaf332411f30211049a4aafd4eb14153661d83b9a9cf10437b975901819165fd258a1df3999afacab38c6ea4a7b71334e0506affd6a038b3445a9ab9e1

Download Submit
memory/3112-750-0x0000024B5DA60000-0x0000024B5DA82000-memory.dmp

Filesize
136KB

Download
memory/3772-1768-0x0000015D735C0000-0x0000015D735C1000-memory.dmp

Filesize
4KB

Download
memory/3772-1763-0x0000015D735C0000-0x0000015D735C1000-memory.dmp

Filesize
4KB

Download
memory/3772-1767-0x0000015D735C0000-0x0000015D735C1000-memory.dmp

Filesize
4KB

Download
memory/3772-1772-0x0000015D735C0000-0x0000015D735C1000-memory.dmp

Filesize
4KB

Download
memory/3772-1769-0x0000015D735C0000-0x0000015D735C1000-memory.dmp

Filesize
4KB

Download
memory/3772-1773-0x0000015D735C0000-0x0000015D735C1000-memory.dmp

Filesize
4KB

Download
memory/3772-1761-0x0000015D735C0000-0x0000015D735C1000-memory.dmp

Filesize
4KB

Download
memory/3772-1762-0x0000015D735C0000-0x0000015D735C1000-memory.dmp

Filesize
4KB

Download
memory/3772-1770-0x0000015D735C0000-0x0000015D735C1000-memory.dmp

Filesize
4KB

Download
memory/3772-1771-0x0000015D735C0000-0x0000015D735C1000-memory.dmp

Filesize
4KB

Download
memory/5572-1869-0x00007FF769400000-0x00007FF76A400000-memory.dmp

Filesize
16.0MB

Download