hxxp://virus[.]exe

Analysis

max time kernel
364s
max time network
2036s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2023, 14:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://virus.exe

Score

8^/10

discovery persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 12 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	quicklaunchbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	quicklaunchbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	WebCompanionInstaller.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	desktop.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	quicklaunchbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	quicklaunchbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	quicklaunchbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	quicklaunchbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	quicklaunchbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	QuickLaunchInstaller.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	quicklaunchbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	quicklaunchbrowser.exe

Executes dropped EXE 42 IoCs

pid	Process
2080	SuperLaunch-C85F8A5F8DA7BF59.exe
5816	QuickLaunchInstaller.exe
936	SuperLaunch-C85F8A5F8DA7BF59.exe
5544	QuickLaunchInstaller.exe
2844	adawareinstaller.exe
5768	setup.exe
2612	setup.exe
5456	wci.exe
4224	desktop.exe
3372	WebCompanionInstaller.exe
2104	WebCompanion.exe
2904	tray.exe
5996	quicklaunchbrowser.exe
5388	quicklaunchbrowser.exe
5548	quicklaunchbrowser.exe
3684	quicklaunchbrowser.exe
4832	quicklaunchbrowser.exe
1272	quicklaunchbrowser.exe
4840	quicklaunchbrowser.exe
3168	quicklaunchbrowser.exe
5012	quicklaunchbrowser.exe
5996	quicklaunchbrowser.exe
4464	quicklaunchbrowser.exe
6024	quicklaunchbrowser.exe
5976	quicklaunchbrowser.exe
4528	quicklaunchbrowser.exe
2088	quicklaunchbrowser.exe
5808	quicklaunchbrowser.exe
4432	quicklaunchbrowser.exe
3548	quicklaunchbrowser.exe
3096	quicklaunchbrowser.exe
6288	quicklaunchbrowser.exe
6476	quicklaunchbrowser.exe
6264	quicklaunchbrowser.exe
7112	quicklaunchbrowser.exe
7124	quicklaunchbrowser.exe
7160	quicklaunchbrowser.exe
5888	quicklaunchbrowser.exe
5912	quicklaunchbrowser.exe
4244	quicklaunchbrowser.exe
6532	quicklaunchbrowser.exe
6580	quicklaunchbrowser.exe

Loads dropped DLL 64 IoCs

pid	Process
5816	QuickLaunchInstaller.exe
5816	QuickLaunchInstaller.exe
5816	QuickLaunchInstaller.exe
5816	QuickLaunchInstaller.exe
5544	QuickLaunchInstaller.exe
5544	QuickLaunchInstaller.exe
5544	QuickLaunchInstaller.exe
5544	QuickLaunchInstaller.exe
5816	QuickLaunchInstaller.exe
5816	QuickLaunchInstaller.exe
5816	QuickLaunchInstaller.exe
5816	QuickLaunchInstaller.exe
5816	QuickLaunchInstaller.exe
5816	QuickLaunchInstaller.exe
5816	QuickLaunchInstaller.exe
5816	QuickLaunchInstaller.exe
4224	desktop.exe
4224	desktop.exe
4224	desktop.exe
4224	desktop.exe
4224	desktop.exe
4224	desktop.exe
4224	desktop.exe
4224	desktop.exe
3372	WebCompanionInstaller.exe
3372	WebCompanionInstaller.exe
3372	WebCompanionInstaller.exe
3372	WebCompanionInstaller.exe
3372	WebCompanionInstaller.exe
3372	WebCompanionInstaller.exe
3372	WebCompanionInstaller.exe
3372	WebCompanionInstaller.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe
2104	WebCompanion.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Quick Launch\\QuickLaunch Browser\\Application\\100.0.4896.75\\notification_helper.exe\""	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Quick Launch\\QuickLaunch Browser\\Application\\100.0.4896.75\\notification_helper.exe"	setup.exe

Requests dangerous framework permissions 6 IoCs

description	ioc
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to record audio.	android.permission.RECORD_AUDIO
Required to be able to access the camera device.	android.permission.CAMERA

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	tray.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SuperLaunch Tray = "C:\\Users\\Admin\\AppData\\Roaming\\Velocity\\SuperLaunch\\Application\\tray.exe"	tray.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Web Companion = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Web Companion\\Application\\WebCompanion.exe --minimize "	WebCompanion.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly\Desktop.ini	QuickLaunchInstaller.exe
File created	C:\Windows\assembly\Desktop.ini	QuickLaunchInstaller.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly	QuickLaunchInstaller.exe
File created	C:\Windows\assembly\Desktop.ini	QuickLaunchInstaller.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	QuickLaunchInstaller.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	quicklaunchbrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	quicklaunchbrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	quicklaunchbrowser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133228504884192496"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\.svg	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\quicklaunchbrowserHTM.D7MQJHKOZKYN333GL\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Quick Launch\\QuickLaunch Browser\\Application\\quicklaunchbrowser.exe\" --single-argument %1"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\CLSID	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\quicklaunchbrowserHTM.D7MQJHKOZKYN333GL	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\.htm	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\.apk	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\quicklaunchbrowserHTM.D7MQJHKOZKYN333GL\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Quick Launch\\QuickLaunch Browser\\Application\\quicklaunchbrowser.exe,0"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\.xhtml	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\.webp	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\apk_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\.html	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\.pdf	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\.webp\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\quicklaunchbrowserHTM.D7MQJHKOZKYN333GL\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\quicklaunchbrowserHTM.D7MQJHKOZKYN333GL\Application\AppUserModelId = "quicklaunchbrowser.D7MQJHKOZKYN333GLWK3GEZRTA"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\.xht\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Quick Launch\\QuickLaunch Browser\\Application\\100.0.4896.75\\notification_helper.exe"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\apk_auto_file\shell	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\.apk\ = "apk_auto_file"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\.shtml\OpenWithProgids\quicklaunchbrowserHTM.D7MQJHKOZKYN333GL	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\.xhtml\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Quick Launch\\QuickLaunch Browser\\Application\\100.0.4896.75\\notification_helper.exe\""	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\apk_auto_file	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\apk_auto_file\shell\open\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\quicklaunchbrowserHTM.D7MQJHKOZKYN333GL\ = "quicklaunchbrowser HTML Document"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\quicklaunchbrowserHTM.D7MQJHKOZKYN333GL\Application\ApplicationDescription = "Access the Internet"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\.svg\OpenWithProgids\quicklaunchbrowserHTM.D7MQJHKOZKYN333GL	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\.xhtml\OpenWithProgids\quicklaunchbrowserHTM.D7MQJHKOZKYN333GL	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\quicklaunchbrowserHTM.D7MQJHKOZKYN333GL\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\quicklaunchbrowserHTM.D7MQJHKOZKYN333GL\AppUserModelId = "quicklaunchbrowser.D7MQJHKOZKYN333GLWK3GEZRTA"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\quicklaunchbrowserHTM.D7MQJHKOZKYN333GL\Application	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\quicklaunchbrowserHTM.D7MQJHKOZKYN333GL\Application\ApplicationName = "QuickLaunch Browser"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\.html\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\apk_auto_file\shell\edit	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\\ = "apk_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\apk_auto_file\shell\edit\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\quicklaunchbrowserHTM.D7MQJHKOZKYN333GL\shell\open\command	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\.pdf\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\.svg\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\.xht\OpenWithProgids\quicklaunchbrowserHTM.D7MQJHKOZKYN333GL	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\䋱পㆺ쬜⛂\ = "apk_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\.htm\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\.pdf\OpenWithProgids\quicklaunchbrowserHTM.D7MQJHKOZKYN333GL	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\.xht	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Ȋ	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\䋱পㆺ쬜⛂	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\榯趏㮐蠀ƈ\ = "apk_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\quicklaunchbrowserHTM.D7MQJHKOZKYN333GL\shell	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\.html\OpenWithProgids\quicklaunchbrowserHTM.D7MQJHKOZKYN333GL	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\.shtml	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\.shtml\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\quicklaunchbrowserHTM.D7MQJHKOZKYN333GL\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Quick Launch\\QuickLaunch Browser\\Application\\quicklaunchbrowser.exe,0"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\quicklaunchbrowserHTM.D7MQJHKOZKYN333GL\Application\ApplicationCompany = "The QuickLaunch Browser Authors"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\.htm\OpenWithProgids\quicklaunchbrowserHTM.D7MQJHKOZKYN333GL	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\榯趏㮐蠀ƈ	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\.webp\OpenWithProgids\quicklaunchbrowserHTM.D7MQJHKOZKYN333GL	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\apk_auto_file\shell\open	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\apk_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Ȋ\ = "apk_auto_file"	OpenWith.exe

Modifies system certificate store 2 TTPs 10 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	QuickLaunchInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	QuickLaunchInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	QuickLaunchInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd942000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	QuickLaunchInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	QuickLaunchInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d4304000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	QuickLaunchInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	QuickLaunchInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	QuickLaunchInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4	QuickLaunchInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d42000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	QuickLaunchInstaller.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
2720	chrome.exe
2720	chrome.exe
5816	QuickLaunchInstaller.exe
5816	QuickLaunchInstaller.exe
5816	QuickLaunchInstaller.exe
5816	QuickLaunchInstaller.exe
5816	QuickLaunchInstaller.exe
5816	QuickLaunchInstaller.exe
5544	QuickLaunchInstaller.exe
5544	QuickLaunchInstaller.exe
5544	QuickLaunchInstaller.exe
5544	QuickLaunchInstaller.exe
5544	QuickLaunchInstaller.exe
5544	QuickLaunchInstaller.exe
5544	QuickLaunchInstaller.exe
5544	QuickLaunchInstaller.exe
3372	WebCompanionInstaller.exe
3372	WebCompanionInstaller.exe
3372	WebCompanionInstaller.exe
3372	WebCompanionInstaller.exe
3372	WebCompanionInstaller.exe
3372	WebCompanionInstaller.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
5388	quicklaunchbrowser.exe
5388	quicklaunchbrowser.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe
2904	tray.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
980	OpenWith.exe
4224	desktop.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 47 IoCs

pid	Process
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
5388	quicklaunchbrowser.exe
5388	quicklaunchbrowser.exe
5388	quicklaunchbrowser.exe
5388	quicklaunchbrowser.exe
5388	quicklaunchbrowser.exe
5388	quicklaunchbrowser.exe
5388	quicklaunchbrowser.exe
5388	quicklaunchbrowser.exe
5388	quicklaunchbrowser.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
4224	desktop.exe
4224	desktop.exe
4224	desktop.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
980	OpenWith.exe
980	OpenWith.exe
980	OpenWith.exe
980	OpenWith.exe
980	OpenWith.exe
980	OpenWith.exe
980	OpenWith.exe
980	OpenWith.exe
980	OpenWith.exe
980	OpenWith.exe
980	OpenWith.exe
980	OpenWith.exe
980	OpenWith.exe
980	OpenWith.exe
980	OpenWith.exe
4224	desktop.exe
2904	tray.exe
4224	desktop.exe
4224	desktop.exe
4224	desktop.exe
4224	desktop.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3524 wrote to memory of 2780	3524	chrome.exe	87
PID 3524 wrote to memory of 2780	3524	chrome.exe	87
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 560	3524	chrome.exe	88
PID 3524 wrote to memory of 3964	3524	chrome.exe	89
PID 3524 wrote to memory of 3964	3524	chrome.exe	89
PID 3524 wrote to memory of 2948	3524	chrome.exe	92
PID 3524 wrote to memory of 2948	3524	chrome.exe	92
PID 3524 wrote to memory of 2948	3524	chrome.exe	92
PID 3524 wrote to memory of 2948	3524	chrome.exe	92
PID 3524 wrote to memory of 2948	3524	chrome.exe	92
PID 3524 wrote to memory of 2948	3524	chrome.exe	92
PID 3524 wrote to memory of 2948	3524	chrome.exe	92
PID 3524 wrote to memory of 2948	3524	chrome.exe	92
PID 3524 wrote to memory of 2948	3524	chrome.exe	92
PID 3524 wrote to memory of 2948	3524	chrome.exe	92
PID 3524 wrote to memory of 2948	3524	chrome.exe	92
PID 3524 wrote to memory of 2948	3524	chrome.exe	92
PID 3524 wrote to memory of 2948	3524	chrome.exe	92
PID 3524 wrote to memory of 2948	3524	chrome.exe	92
PID 3524 wrote to memory of 2948	3524	chrome.exe	92
PID 3524 wrote to memory of 2948	3524	chrome.exe	92
PID 3524 wrote to memory of 2948	3524	chrome.exe	92
PID 3524 wrote to memory of 2948	3524	chrome.exe	92
PID 3524 wrote to memory of 2948	3524	chrome.exe	92
PID 3524 wrote to memory of 2948	3524	chrome.exe	92
PID 3524 wrote to memory of 2948	3524	chrome.exe	92
PID 3524 wrote to memory of 2948	3524	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://virus.exe
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffcec559758,0x7ffcec559768,0x7ffcec559778
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:2
  2⤵
  PID:560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3800 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4132 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3828 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5012 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5148 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5304 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:8
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5172 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:8
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:8
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:8
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4860 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5668 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3948 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5592 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5096 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5392 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5076 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5896 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6304 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6308 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6592 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6612 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:8
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6604 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:8
  2⤵
  PID:5372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:8
  2⤵
  PID:5764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5788 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5792 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6060 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=752 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=848 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:8
  2⤵
  PID:6096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2788 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:8
  2⤵
  PID:5236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=3884 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3796 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:8
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3968 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4936 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=5716 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=1820 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=5568 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5664 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7184 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7120 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4976 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=5692 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=7460 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=3948 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=2824 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6480 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:8
  2⤵
  PID:5968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6684 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:8
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=5936 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=7092 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=6180 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=6420 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3904 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6480 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:8
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:8
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6532 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7004 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:8
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7296 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:8
  2⤵
  PID:5712
- C:\Users\Admin\Downloads\SuperLaunch-C85F8A5F8DA7BF59.exe
  "C:\Users\Admin\Downloads\SuperLaunch-C85F8A5F8DA7BF59.exe"
  2⤵
  - Executes dropped EXE
  PID:2080
- - C:\Users\Admin\AppData\Local\Temp\7zS02878C99\QuickLaunchInstaller.exe
    .\QuickLaunchInstaller.exe --install --prod --mid=true
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops desktop.ini file(s)
    - Drops file in Windows directory
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    PID:5816
  - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
      "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\-zxldeta.cmdline"
      4⤵
      PID:3512
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB405.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCB404.tmp"
        5⤵
        
        PID:4352
  - - C:\Users\Admin\AppData\Local\Temp\adawareinstaller.exe
      "C:\Users\Admin\AppData\Local\Temp\adawareinstaller.exe" --installerdata=C:\Users\Admin\AppData\Local\Temp\7zS02878C99\Resources\master_preferences.txt
      4⤵
      Executes dropped EXE
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\CR_E88CB.tmp\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\CR_E88CB.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\CR_E88CB.tmp\CHROME.PACKED.7Z" --installerdata=C:\Users\Admin\AppData\Local\Temp\7zS02878C99\Resources\master_preferences.txt
        5⤵
        Executes dropped EXE
        Registers COM server for autorun
        Modifies registry class
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\CR_E88CB.tmp\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\CR_E88CB.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Crashpad" --annotation=plat=Win64 "--annotation=prod=quicklaunch browser" --annotation=ver=100.0.4896.75 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff683dceb50,0x7ff683dceb60,0x7ff683dceb70
        6⤵
        Executes dropped EXE
        
        PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\wci.exe
      "C:\Users\Admin\AppData\Local\Temp\wci.exe" --silent --install --nonadmin
      4⤵
      Executes dropped EXE
      PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\7zS055AE76B\WebCompanionInstaller.exe
        
        .\WebCompanionInstaller.exe --partner=QU220601 --version=9.902.0.415 --silent --install --nonadmin
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:3372
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=Everyone
        6⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh http add urlacl url=http://+:9007/ user=Everyone
        7⤵
        
        PID:4960
      - C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --silent --install --geo=
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        
        PID:2104
  - - C:\Users\Admin\AppData\Roaming\Velocity\SuperLaunch\Application\desktop.exe
      "C:\Users\Admin\AppData\Roaming\Velocity\SuperLaunch\Application\desktop.exe" --afterinstall --thankyou=https://superlaunchgames.com/thankyou --browser=chrome --deltams=97356
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:4224
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" https://superlaunchgames.com/thankyou
        5⤵
        
        PID:5824
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffcec559758,0x7ffcec559768,0x7ffcec559778
        6⤵
        
        PID:5500
    - - C:\Users\Admin\AppData\Roaming\Velocity\SuperLaunch\Application\tray.exe
        
        "C:\Users\Admin\AppData\Roaming\Velocity\SuperLaunch\Application\tray.exe"
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:2904
      - C:\Users\Admin\AppData\Roaming\Velocity\SuperLaunch\Application\desktop.exe
        
        "C:\Users\Admin\AppData\Roaming\Velocity\SuperLaunch\Application\desktop.exe"
        6⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe"
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        
        PID:5388
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Crashpad" --annotation=plat=Win64 "--annotation=prod=quicklaunch browser" --annotation=ver=100.0.4896.75 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffcfbda02c0,0x7ffcfbda02d0,0x7ffcfbda02e0
        7⤵
        Executes dropped EXE
        
        PID:5548
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Crashpad" --annotation=plat=Win64 "--annotation=prod=quicklaunch browser" --annotation=ver=100.0.4896.75 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff71afbd048,0x7ff71afbd058,0x7ff71afbd068
        8⤵
        Executes dropped EXE
        
        PID:3684
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1812,i,17807788586888481082,10387237536257754699,131072 /prefetch:2
        7⤵
        Executes dropped EXE
        
        PID:4832
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --start-stack-profiler --mojo-platform-channel-handle=1860 --field-trial-handle=1812,i,17807788586888481082,10387237536257754699,131072 /prefetch:8
        7⤵
        Executes dropped EXE
        
        PID:1272
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=2084 --field-trial-handle=1812,i,17807788586888481082,10387237536257754699,131072 /prefetch:8
        7⤵
        Executes dropped EXE
        
        PID:4840
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=renderer --display-capture-permissions-policy-allowed --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2520 --field-trial-handle=1812,i,17807788586888481082,10387237536257754699,131072 /prefetch:1
        7⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:3168
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2536 --field-trial-handle=1812,i,17807788586888481082,10387237536257754699,131072 /prefetch:1
        7⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:5012
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=3640 --field-trial-handle=1812,i,17807788586888481082,10387237536257754699,131072 /prefetch:8
        7⤵
        Executes dropped EXE
        
        PID:5996
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=renderer --display-capture-permissions-policy-allowed --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3720 --field-trial-handle=1812,i,17807788586888481082,10387237536257754699,131072 /prefetch:1
        7⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4464
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=3956 --field-trial-handle=1812,i,17807788586888481082,10387237536257754699,131072 /prefetch:8
        7⤵
        Executes dropped EXE
        
        PID:6024
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4524 --field-trial-handle=1812,i,17807788586888481082,10387237536257754699,131072 /prefetch:8
        7⤵
        Executes dropped EXE
        
        PID:5976
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4552 --field-trial-handle=1812,i,17807788586888481082,10387237536257754699,131072 /prefetch:8
        7⤵
        Executes dropped EXE
        
        PID:4528
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 --field-trial-handle=1812,i,17807788586888481082,10387237536257754699,131072 /prefetch:8
        7⤵
        Executes dropped EXE
        
        PID:2088
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5032 --field-trial-handle=1812,i,17807788586888481082,10387237536257754699,131072 /prefetch:8
        7⤵
        Executes dropped EXE
        
        PID:5808
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4544 --field-trial-handle=1812,i,17807788586888481082,10387237536257754699,131072 /prefetch:8
        7⤵
        Executes dropped EXE
        
        PID:4432
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5300 --field-trial-handle=1812,i,17807788586888481082,10387237536257754699,131072 /prefetch:8
        7⤵
        Executes dropped EXE
        
        PID:3548
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5428 --field-trial-handle=1812,i,17807788586888481082,10387237536257754699,131072 /prefetch:8
        7⤵
        Executes dropped EXE
        
        PID:3096
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5600 --field-trial-handle=1812,i,17807788586888481082,10387237536257754699,131072 /prefetch:1
        7⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:6288
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5152 --field-trial-handle=1812,i,17807788586888481082,10387237536257754699,131072 /prefetch:8
        7⤵
        Executes dropped EXE
        
        PID:6476
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5816 --field-trial-handle=1812,i,17807788586888481082,10387237536257754699,131072 /prefetch:1
        7⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:6264
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=renderer --display-capture-permissions-policy-allowed --start-stack-profiler --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3968 --field-trial-handle=1812,i,17807788586888481082,10387237536257754699,131072 /prefetch:1
        7⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:5888
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1852 --field-trial-handle=1812,i,17807788586888481082,10387237536257754699,131072 /prefetch:8
        7⤵
        Executes dropped EXE
        
        PID:5912
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5292 --field-trial-handle=1812,i,17807788586888481082,10387237536257754699,131072 /prefetch:1
        7⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4244
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5408 --field-trial-handle=1812,i,17807788586888481082,10387237536257754699,131072 /prefetch:1
        7⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:6532
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5228 --field-trial-handle=1812,i,17807788586888481082,10387237536257754699,131072 /prefetch:1
        7⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5928 --field-trial-handle=1812,i,17807788586888481082,10387237536257754699,131072 /prefetch:8
        7⤵
        Executes dropped EXE
        
        PID:6580
    - - C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" https://gamesnapp.com/game/minecraft-world-adventure
        5⤵
        Executes dropped EXE
        
        PID:7112
      - C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Crashpad" --annotation=plat=Win64 "--annotation=prod=quicklaunch browser" --annotation=ver=100.0.4896.75 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfbda02c0,0x7ffcfbda02d0,0x7ffcfbda02e0
        6⤵
        Executes dropped EXE
        
        PID:7124
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Crashpad" --annotation=plat=Win64 "--annotation=prod=quicklaunch browser" --annotation=ver=100.0.4896.75 --initial-client-data=0x158,0x15c,0x160,0x104,0x164,0x7ff71afbd048,0x7ff71afbd058,0x7ff71afbd068
        7⤵
        Executes dropped EXE
        
        PID:7160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:8
  2⤵
  PID:5632
- C:\Users\Admin\Downloads\SuperLaunch-C85F8A5F8DA7BF59.exe
  "C:\Users\Admin\Downloads\SuperLaunch-C85F8A5F8DA7BF59.exe"
  2⤵
  - Executes dropped EXE
  PID:936
- - C:\Users\Admin\AppData\Local\Temp\7zS8A332899\QuickLaunchInstaller.exe
    .\QuickLaunchInstaller.exe --install --prod --mid=true
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:5544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6812 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:8
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6280 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=6640 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=5872 --field-trial-handle=1840,i,11175847715981750703,14635733869671141548,131072 /prefetch:1
  2⤵
  PID:5868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x110,0x114,0x118,0xe0,0x11c,0x7ffcec559758,0x7ffcec559768,0x7ffcec559778
  2⤵
  PID:4404

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4456

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:980
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\robux-1-0.apk
  2⤵
  PID:4224

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
1⤵
PID:3584

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3dc 0x33c
1⤵
PID:6916

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
6f259fee9dcb5166bbbae1a4b54fc3de

SHA1
bdfcb9284954a254a495a09a775230d2d6cd31d7

SHA256
42bd416cb1a9e2c2ac29fe805329613f850ec1379d9ff6fe4e85ef3621dea91c

SHA512
e142bb374daf810bce17a0eecd5341cab26db5d1f80dfaf74c22d26ed197da5f28a6b622af15cb8c9696e7bc06b6a2c942696b1fb35f19cf22d516d895aeaa9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
d5aa436f438bef1f8801fe7aea488da4

SHA1
fe3fccaeaee75c2addcb31ddb74a609fa9e47873

SHA256
53e51ffd114b6690845f9206d0584783c37637db83a91286d25703a725d25200

SHA512
f4d08c551c6ff43c7136199806da7d6db8d3aed894d81f60123ac9021cad165d03052ac5f5b6b1feb92f67f590d06e40ba9871daabeacc80c3be392992c4f1ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
d5aa436f438bef1f8801fe7aea488da4

SHA1
fe3fccaeaee75c2addcb31ddb74a609fa9e47873

SHA256
53e51ffd114b6690845f9206d0584783c37637db83a91286d25703a725d25200

SHA512
f4d08c551c6ff43c7136199806da7d6db8d3aed894d81f60123ac9021cad165d03052ac5f5b6b1feb92f67f590d06e40ba9871daabeacc80c3be392992c4f1ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
d5aa436f438bef1f8801fe7aea488da4

SHA1
fe3fccaeaee75c2addcb31ddb74a609fa9e47873

SHA256
53e51ffd114b6690845f9206d0584783c37637db83a91286d25703a725d25200

SHA512
f4d08c551c6ff43c7136199806da7d6db8d3aed894d81f60123ac9021cad165d03052ac5f5b6b1feb92f67f590d06e40ba9871daabeacc80c3be392992c4f1ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
106KB

MD5
90d7bdbf4466d1714a3b74c1aefad28b

SHA1
880d1ccabff0241b7b1d38e381c1f3891269a7d7

SHA256
c4e67b0c71919bbac653772732655b8c616e0623a7d61feae6ba857793e22b81

SHA512
3d9585387b7f7784ffd5f1f12ddc5c48ccc1647832e1daf003ce7761d41d721f7e7a21352d6cfa78fd532f7b45160da17f06c23b0be45153d833f2d8c0dcc9c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
280KB

MD5
9baacffc5e1ec83ce1616ea4145275a9

SHA1
7178a21a3824fbaa9a28c1b920264f81209eb240

SHA256
a83a85bcbbc069930b252df55dca2bd2a3de5aa4479b70ce720260b5496fdb85

SHA512
a66ac845ff8a2622a1bbf11d790041d2101437aec08abebbceafabdb5c0a0240b4f28891307b29640a36536908b68b9d8dfce4f395d1493fa053110d45a47df7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
63KB

MD5
8033fed1f312bbb913b8cf605b68a0b8

SHA1
bd19063c08b669a51b8a3b2c9601cdad9545d911

SHA256
9802c3206b624d67ebc8e6cc7ead579588fae49f9366453d5358c0903dd7589a

SHA512
629fbfce802cc13faceb5b1703142f072c6162137f32e02d514a4270589f6f74b23eb014790229c15dadbf4f7796da1ac8cc04eeea12eac203c3d10848e99984

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
37KB

MD5
d90cb261f4a509d886611473296e188e

SHA1
23551f9039c8b855b496f017c8f75b32f6e56671

SHA256
ca6c7cdd1e68e9f251fbf58e0b0ad9e883b38979e264c3cf4125f603b21c8bb4

SHA512
1cca6c9490c8f7adca7441ffea3e7445309d0c52fbaf7252e4c3c73525e00233a8173536c031747a55343bb86e96618d9c96afc6e4f8d25b0106729cca5c8031

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
74KB

MD5
2ef42ac7ca3d65c4bba8bd6c1505bedc

SHA1
11efc3f57f31f737ade262298a0281e6e60a5023

SHA256
dd1dc0d53b214019ef7199b8b42b8c7f77d825bd094381e66806438132b8e55d

SHA512
8039961b0c86f03d7b7534e1846bce8f40f7b4eb55a79662d4c562d6fdcde1c9f612aa2e0a34dc29cd8bffd9ba7e43b52e6f26444c4e9bee9c4f94b61b760c0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
146KB

MD5
eeeda243dfe4b174d47b9bc584c9c130

SHA1
4f75b52b5f2535141745edef75e52203b8872667

SHA256
feb8a49fd6e729f62f80ce32b675687e1305eb757df2adeac0c2da6e44fc0e1a

SHA512
bf66a49b97d54d6ed294adc3f045853fe099052f2570acce0558cd5af801f9a8472115488ebf31a775e763ebc691a8287de2a5f7f02d6d9641af12972a6b854a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
67KB

MD5
825f70ea33c19f0bd83de4655a448ada

SHA1
75cb5873e2ce6084adcae27b854d90a918293098

SHA256
abd8d921269305b0ffe8a48b6c6ea18589ef34478ae702adde6c7cfbff29ba8d

SHA512
f8ecf64b39bbdf80866b5924cfbd87808769f62f772c3038d974bc3a51231fb2d321c1bed80d06048817b08aeb8113d55a3b92fd87b5fb86f1c392428baf152f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
200KB

MD5
130e7502d1f76e8d1e79201f306d27d3

SHA1
906a8becd3315049f8824d10845e5232cbe94e43

SHA256
cc528f4c9144019ee48ea828119c633391ae591a96ad62f3b5ba35dd00d10cfb

SHA512
88f383fac87ca4f3a729734505033a71bf83e9793f6f15257e73035b8f6ffcd3cbac53d402bfe608c0a4ce86965a90cd4e201a6331259627cedb6bd2d841cebc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
19KB

MD5
dfa8b5877a1959a1b63121b92d0df248

SHA1
ca0c5b008d194e99c344b0448e332daa25604d86

SHA256
4c948ee29edd39f1f68b045c3fa2dfd19dba79f7e2bae020da11a48032f1fa5d

SHA512
fbae7274e27af45ef715a6077be0290abecace6fc3a9645eb7a796967eaeb34caec42f6e512126bacb6cf58f1f748ddb619e69fd3ef3c01a33d4cf229d7a6d76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
61KB

MD5
d715a1fbdc52b9bc57b9baa095752eec

SHA1
dab6c49f966379b2caf73feb5e2cfe6d272e7cf7

SHA256
0ef72909d991ad4c7c54b6c65c58363a444ce301eaeec0c10a9d5ac6829f00c3

SHA512
a74116f0972697c8b9e9f3755aa3971292894451113dbb8cbe217cea998cbd5cb78fcba1622469e3ffb5838a9d10fce55f7b75568ff4c59f1af9c4c4fc98c0e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
51KB

MD5
17c34b6704e677f6397913d0083f7ec9

SHA1
8bcff109248015c91e0d24aa9504f6be2e8aad4c

SHA256
787c465de39564767de8b1fc1c304376d80fe5b5efe2ee49244c2d648d1f65d2

SHA512
2a337c0c6c8ed028c4b06686dca6586734175d2105b148929f935b12555539cff216ca57a6fba7dde04fcb3b84505e2404ade1b1d89d407f728ca9b37aeed7f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
107KB

MD5
12daede73dbe5160df585b647d8becbf

SHA1
a9e0cfbd153cee8d9a0690871ad9cbaadc3367a0

SHA256
3dbce01674c2185b1a63bac0a9d0bb20fe68ecaf864fe19a76bb4c130c59f1ea

SHA512
109a7e9b427492f379e379f2cfa45fccf61afa879a02d481ad8f6cf374eefba1abce5009f6710a138938a85135d8afbbfd94905bce3ec78551f2ed409d1abb1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
607KB

MD5
5740803e82c43fb79a5ab81b161d9964

SHA1
88e9aa05f0b8e16c905b1c54b416f9cffafa52af

SHA256
47adcbbde66cecfee3bc88b5ec25cd1cb45a3b35ef84a6b86a5824783234ddde

SHA512
beb27f100689fbd59edd4f5cbda14fc8b2b2e281336a67872f4b6e8232b747298aace580000bf9f45a8e0b0909ae28c290f7abfb69b521b6235c45bf2663bf41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
35KB

MD5
e61990a1765f288ccedeff877782381d

SHA1
570e65523583a567e681fbb190067a1a6eecb52e

SHA256
eaf48a6a29227118d7b80c4e806602c8c9488f691242fea96af0bc0ab956e3cc

SHA512
cb3a006884408f16361a6816e90f54a7704c129633ef8657885ddfe9869903abdb95b2da640b41a313fbaa9a138811adc2dee1e9ef6c95db897c52641b216627

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
19KB

MD5
ca7fbbfd120e3e329633044190bbf134

SHA1
d17f81e03dd827554ddd207ea081fb46b3415445

SHA256
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

SHA512
ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
118KB

MD5
3e2943a8285ee12d4a28955d9eee2e08

SHA1
272426205fc7dbd5b7098aa35475079963a90ef4

SHA256
41bbdc07ffad9cc82809351864695c047d4d2baca2bea5f2fb4aee12fb61bccc

SHA512
237fb0c0e0a60f2e9cb618785b48fea6087f17cabe6b80f209f5d7b22b962d8215e2df4c9410ced120b6423cd2f8cd14a7cfd882b17d84c28ec524bd9a9fca08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
48KB

MD5
5ecc588841c2c383708a808479ff7a3b

SHA1
4a13cc57fbd546287e1b6c3c3ac52c3e5b8b5713

SHA256
8efd95f2edea27f18aad10e16dd77dab6b927a14809c6874c3f8d9979fc4756a

SHA512
fd637fb2d48797aad08728fba180cd172cc1f6e6f257c62c9e3995ae258c5ef99a5db08f784f2e2ad83146417a8cc2f6f87373791dd890d75d69d77130201b97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
80KB

MD5
7686c58d560a72b4a8260cb77cc244ea

SHA1
9fc24b849d6f112f1c3ed77355ce4bd366c06680

SHA256
33830a3795aaa0ab948d55d6447185e64b355195392524cefb74d629ffa3042d

SHA512
caa8c9267fe8ddb40f18e2686934b662a061464fd7a565d2c80d6c847a8285f6d5179b51e44f7034713f86033339e92ecf1e831e3061746f7f167ed6bc69095a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
23.2MB

MD5
24bc32eec1268714d4eab9a962a8c11b

SHA1
150989185cac2235f19cca9be5eb46906f65f867

SHA256
a0215c772218e4b1aef085a6e8a066400c85be0a439fbe0180bc1c1958156000

SHA512
92af65a7106c863a50fa7accbd1b9449f76a817c9ce6605d49c44c9b4dae99ccbdc612628684eef2befc3a25ca24191225c104941cc5e651ed5e01dd876703cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046

Filesize
39KB

MD5
454841addd1bb53b86ac5e00875e647b

SHA1
92168f41f9034cb4ba79cdd6d89dda1946ec0c95

SHA256
ff91606d25ac0f9a1092b2a5d8ae9303b8b5a22226a72417017f93e08ff09d15

SHA512
d1c41bd878e5b88f398058a440b55d701a5af316f3e8423665f81ed0c804f059d931883734fc64533c08c15b0904d8711250e14c5d6b0b87c0dc78ac3b1fd232

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047

Filesize
43KB

MD5
b38dc4caa97b6de15fd057c2d3e05f05

SHA1
6ebf122f7f161038610f055498c22d123401fa15

SHA256
942e8acdb5ee7988bba8f989bb56e88865d56216f3ea0e9f3d576164574f48c3

SHA512
e190b0c113ae54e27dfc967ce342d2053e667f096fd43334ea2f0eb86ef3b19c438bd9ed419fca2b70835cf163fc88bfd62d41d13fe3f16fd0e306e708d92bf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e

Filesize
85KB

MD5
c838ed4de9b741492a428050b12c7817

SHA1
165320ce847ac7b4bf086be30a77032b21562237

SHA256
162b5b147c931fcc28bf4d2938b0da2647c3d227664a8559658477ed52467334

SHA512
4171ce62a0295c2fb0d49c5fccb9fae8554be171dbd16ebdab77a74e8eb926f809aa95433381e10cc414e68b0f08f22a524ec0ba187539088933758169ef3631

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063

Filesize
27KB

MD5
53b5e785dfdca21fa7adf7119fa1f8cc

SHA1
a3a86dfd216ad29183ba5493ae39d45b62f9d8b8

SHA256
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

SHA512
615020bbdcaec3b8e7fb0fd2b8c5cdaf3c4013c9323b6884fdaed5151788e213260c01c7ccd766898ee91612ab6163150167f9cc7109700b571b546e39f7cb41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000097

Filesize
2.1MB

MD5
144bae805f886e8f8df2810d7a2192e0

SHA1
3b0169bab7ffce851d586f0d1912574c91f2a364

SHA256
f1f3b7f948a586d7bd3978c36295b6f50be9d65e707b94b86fde5adf6337239e

SHA512
3e571e24a70dd309089e174f6ceadb4a875be94bde4a2eb37f019688042747b96eb8f363275d4a67c6e7e4b8bb4f9128ddc2f5a922c70cb953fd439955888410

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\15bcef483005b009_0

Filesize
37KB

MD5
4fcc0ae7747ffa6d066728728e63f1a8

SHA1
6310b42147c0a41590a58f018827e2217b2db3e0

SHA256
65f9accd2436386b3f70339eb84735419be5240032bc9eb2402ac73f99ec7453

SHA512
43b4106e3201ac47f0ea34b4d0df0392f4e4417d41e6111222b63248efcdcbb420d1453c7f072a834fe3a8650454239d73db11ad239c588ac999d341a52e5809

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d09905636c05fd7a_0

Filesize
297B

MD5
79b26d62dde27b6fee69d21be9808df4

SHA1
dce538add36ec6d87680dbafc36cdb227e9fbf96

SHA256
462198cbe597b357e25d13ec56c0f9bcb0f47e6f05d36816a56192d6d6f0160a

SHA512
31ce0938f41c996617220a9115854ec00228149e5b5d6d5e092d83c38e752f29a1963bd115cd5dc097fd115a05ce689a8a98883e6832585ed30849406285697d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d6958924975f9124_0

Filesize
293B

MD5
cbbea8b82218cf0e9ff3a891a4800187

SHA1
24ce8bd293d6ea68e52d7623c144c4aa60cf1e21

SHA256
342d3906595853b18ecde79db5116cc646491578994aff6bae6f6a0c69929ab0

SHA512
3a954e231da21e9ae178ad776946b9a4c9ebd0f620f36791e8e0d80472280586d0f2ad45b45cc8301979a45dde88720aef5c117785465d51e7853a71d0982dd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fe4836a0f71145b1_0

Filesize
291KB

MD5
56ecfa4ccc529d727d029635737dabcf

SHA1
c4ab75e628fb3411c7871f43eb8e667548c0294b

SHA256
32cc1355a3c8c20453a9a63ea8cb81f0c9fc8bbad492319fec61e9f891a420da

SHA512
40471b9d4a001366d41860c8d5d33edaaa647d7d008da8888f4f75c35463dcadc6da258dac00b006f85b48886f9262cba6888a7c19affda5a2380b28b16e1863

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
038ef3fbffc27ef00f0b27c4063329c4

SHA1
5ee7f67d5209dfcced0bdd82abab9f393207936c

SHA256
3eadaae3fceda38d95cfe8a3cb40211642bd8a0ef9f5247abb2017f1bd27249e

SHA512
d562e7e00a70d35bd6c57d99083fbfa0ecc673a7a4c26f707b82ca6eb8d4bb796d15132e177790ad5ee370e7c669bba1443ebe1bc6fe10755ef29ebd66234f55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
683798f887ba1829ea590aa9cd3d6b41

SHA1
fdc02d4e3be36d30d9cd861d5d5ec00bf470b247

SHA256
5a04f53eb391a8538e2eab227bac117550fd18989308ff56857ab2a8ec8f0491

SHA512
d1f2767ae0f6c573ff18bef1a7181472fab7744a9cf872841a30ef371f7eaa5f34479f4ad320bfdfada5d94a30baf4e81e4c7421d4bf018ef3c17e5cadf5466f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
4dd49ef49a80f2e2d435375c6a371074

SHA1
6aef7e25ee109703e816bf0f7493dcea2f8c4531

SHA256
b28a3cd721b02ba8b476f6386bfee6c3e47c18b88a90fdc9215feb5c893b3037

SHA512
a0f790549b586638b278567fa5e107d90cf4eedcfc85ca329032642d03f2e8679bb88c5dc7a5f1c44e76111f4cdd1227c012ab40c82f68b32a402c9496535daf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
296e4016087e4907fe753d3645703d95

SHA1
527a790be54feb08b10b75f4b53c25b4f40cd6cc

SHA256
ccffc12144acaeea4de4af76902decd7ba0542fcf818d9da962d174d6f883731

SHA512
3022f2f001ac27c1ea07de22a9e9fb721b72ccc0dba94a9c2b48380d1ca4901b2a3c6d229ae603ef2d9c742852319f7add181728762ec8d963f7d37cca06675c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

Filesize
389B

MD5
46466841e9931f89356bac5cae184eaf

SHA1
39a46fedc84f51a629561936bdb987387bd8f118

SHA256
577d21f5f6c589f1f234c15b048bd69e7acc8e6d54621b65758c9b03fc76416d

SHA512
7d81a1a875a463d815ea430af06c71c3e0654567573f947810b7157537a1731b5f4143bb0eb4e8086bb7bd8f66135c222d6a6dab7eba1a65b961495f025ca563

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe57fb09.TMP

Filesize
349B

MD5
b65b4130fcfec139c2584c331e17f193

SHA1
3a696f9a4f11674d437034acd8eb3cb5895303e0

SHA256
bd2e9d7b5e290ef79e896e6711d014c00c9495e849e1023925f61e98dee6e578

SHA512
12bf75bd6e16a619b7fee570a96e6e3ad1cf802268bf6bdb2cb1dc3c340885c81ea530b5968aa28e6468c0aee4b2a9225a73de1561842197c3dc3e084ea65694

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\7eda1dd6-11df-4f52-93dc-b5686c282ae3.tmp

Filesize
5KB

MD5
a1bed237b961e7cabc2aa9661a664c33

SHA1
76ea7e67b539abde026d9b49aa18dd202627a252

SHA256
c4a576abce24329116c489b6931db4d2cfc6186f7ff8b73f5ee8b8af7b5211a3

SHA512
2b9fdf1ee0ea92eda99cf9d4d2c0e3174dc129ea418907d97adf0536b93635076992fedf232b14973e6bc1c02594079773b1bfbfcb98257adc7fe6a8e5975da1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
4d82034a2657b7732f6682c40dbe6b81

SHA1
b17a62ff42db5c326b19a66392a0341ea69d53ba

SHA256
04e0e4a8c326a7ab29e3c2dc03b963581715d317e793152d75928dc8cfd8a1ef

SHA512
f5e6e200f16e8da07b2404a6485ad43962ed8aeb5499f018116bb501ce2ac1f1f8b78579bdc9e2c6147f4cf8244761f9e1dcff904a4a4c9f7d1c2eb41c0aac11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
ae8904810eb4c7aa05e6895f93fba187

SHA1
805a36cc91edd18fcb1e7fb91790eedd4d2092f6

SHA256
31f947729697cac33a13b19ab2f0750e31017c48d1b035dd842e9234e7c6d049

SHA512
f6595aa2eefcc7bdeaed63197314fa4bcc6e76ce491c4899500d57e23cdc9b88b37f9a20d16558e2dd297ebf4b08974a642dff406b0a28221e5120c469993262

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
0f4a3540374e02f9e35c436d615aa9fb

SHA1
1ed734cc3a2f654190b785c4c5b5b16671241dad

SHA256
569f3c7d6df76e53a5b37a3100e83617864f8a1fa6726f4b29d6237969aece60

SHA512
c384a9a9465f642cece4ab1d6746f2d5ff68573efb5ed6ed9bb6c0375672a59c5be39d67b841e515c18ea7fe19718343a34d3622e33ab20f6a354250f30ea42b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d855b052a16db9c98a6366d231374cc1

SHA1
8ba38e9f794db13d7fd72c2c82fd4f7b86c82a98

SHA256
4d67aabc4d68437f84af64238cf963bf4fe170ead589a72ddfd30a87e067ebf6

SHA512
f02a611ac386f5b00bf752021eb7f8bc47dab91db34e9bb3ef52d00e7ae1ea9805b6bf75cac558434a8752a802b6d559be68d35db08865e278a439f118b04b71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
fd4a59a0c0fcbd363f5bea3967ccd347

SHA1
36c08b676a76bec1adcd38ef50792500a781a899

SHA256
5b02896228f7f3b515f641e772cb13a4ead2746d33194bae739ebd8439d938af

SHA512
13ec3dd326835a562e2d8c5b1827b08020db9d26e739c891506d7c05b2711f8f1455a64788a247278f4fd4a0a314ab99e84a7170a8d53ac59cbf9daec50c93e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
b2e5fdaab668565e6e21b1983dd3565e

SHA1
0b49641add51d9c283b32dce6094ccc2100e1e86

SHA256
496f3c3ff39012c95e5b446277d7ff27a02d7f781f82b85fcfd2a95b470ce660

SHA512
68559b66f851e057eb1769e87684cce6977172c4b7cb64d53d783007e12a6da7fe2ee6cca0d23895f0bea3df187f33b7b3735c2b79167315272f2911125cc537

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
d2a517929001e626e14bfb7cf77b182d

SHA1
80d5be638a5503b93c3ab09956fe1805d3b74995

SHA256
f3ae914799478c3330321b2cb1b292a72daabc02a0526a7501b2c9b46e978707

SHA512
ef9670255d318350aeb7eef183cb2def922dbf5a26865c7301f5a748fcdcff2e79afcbfaa670db62abc7e5a84c3d2fba9125c15af2879bef20338100868bb58f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
7108e5a8e0c7daa57711dcf02210b33e

SHA1
6fb7ed9c11885e09688633090168d4a61d255ad4

SHA256
7452fd74e880d2aee41cea98fb3da4e90d64903477dc636f360e82d9ab71c036

SHA512
36d1d634797c207a835dc33f1f371d5d9f0c4d5c4d0018a3d4f8707bcf090130272e61d685e44aa69d42d210114935aae9322ffc27b820cd463913e3d4a9fb25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
64bbb1f22e486ee47d467d8e5a100c18

SHA1
da940b31a813bfd396ff9c93b37dd08af01907b5

SHA256
378bade906e016275129583a1cfaa6df802f69df01eaf897f3cf00806c195f8a

SHA512
e54846a98056bb486fc202cc31156cd5ae2d1c29865ad5a9fee15cc738606a6439c780adaa36a352d10893d43de065764d06bf8bb8208cf874787fb268929df9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
23a194ed68bfa6803d0b2be9a8d528a8

SHA1
5c33c3cc3951f7e559761b82ee9aeed085499364

SHA256
f154622f6a988a49a8b42eb46b5b6f48532672c5e82fe3ae2654c63b27933b3f

SHA512
32231baada727332824c8dc5ecdbb43c2fb99c53b0bd9121cb10d9f3a8124caf6025faf920eff7acd6d0f42e79baa0ad2decdab00a24198ec0c2003167e08b0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
9770c21d151f049988ec51ccb28caa26

SHA1
206cfc5fdf1008c2ca8dad769c3324c6d4269f25

SHA256
66b0f04ef626af7923825e9e70b8fa556ea7131c0b755896cd38fd29c0f1ceb0

SHA512
e2845075022ba5afc0803d855c2a7156ce08ad8e4ce1ced4ab87ee7711abe71201303d4813ed3239a6efec34e9179fab07c64322e7209e5b5630ffc605d06a56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
b9674aac965a6ab2ed8a4d4c65d5376b

SHA1
0c336583adf4394a9be23db739cb320f8c8ffa07

SHA256
3635b9e5cb4db30b78469f71407d14b05aa289c4b5943591a3cfdbcaabe7d217

SHA512
69ea93d3b8468fb81942aa8a64f88a16618cd5d9b20187e38baa1d2f28e651072eddaaffd3599811dda2e9cc943dce7e3d90fdfe2b184b75c5ae0efefed1a15d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
429ad88ae5317546a9cf8b51672e365c

SHA1
f2fd79ba297216356668ddb2ed1a49d63911e347

SHA256
cbbec953caef3910408710399744be3e1d7afc427ccde753c71a9c4be0824104

SHA512
f493d72be10ed5a991e1a8a0d5d07d08353ef84b068dcbf4fe0ed247f1538fe9bbf315c0be7cbcdbee2ee8526fe5c0d2e8afd24c8c9f7749002624a82b14220c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
4d47e31328707ed7832d7d6cb950346a

SHA1
c694011a5ce48253813a2c520b52271fb5f8043e

SHA256
d55c315cce19dc8a872cd7e49bf0d75f00bac6a992cfbc4a5ba55ed39f702b48

SHA512
4ea200f6a93410479c359eccf12f4f65d81d0e5e83f9ea075adb0f5b04fb32bb09462e9ff151053b6a36912ee53ea33c2ecf55aec7f840294cdaecb16811ce1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
25ee4ad43c5e7a04e59ca82c3490fbaa

SHA1
aa04e2635274f1d56739b9c8ed08f4657fe5c6fa

SHA256
a8054de36d627badf666779bf65234d67869775e42a0a41a023e5496342ec4bd

SHA512
121647852985b25c4674f919fafd3678db870e9401f875ec165bccbdb04e51f8c3e63098e52f177013dbc88d9e722ae9de8cb6922ca8c4fa2f16455f126780d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9e952cadf012e41b42196fca86fc121b

SHA1
56ac9a0ae5d66b1271e5f094f86fe6ae2bcd8442

SHA256
4fb0c0afb3a652f4d55c9e210b34c816bc6c455c509a7b01ba47de8bf75e8ead

SHA512
9d0a01ba9a5d2f372792c76c3c11082b9375187d5e5dab2621e4329119f97e4bdeaee98a3183318e113606fc614a5497abb462b2226d0f09f1ef9a16cf3506a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
932a26990bf25cb6378cfaf07def6c5b

SHA1
a3fa5c1583f0da2459c27790f5153359a120be8a

SHA256
b385b119c0d193602fb643be4663d8a9769debd764ee1fd022a534e7b576cfd1

SHA512
88458a1b925d151c7e77f03ca20f122f26fbf191086a0217e3641d5be1488bf24760ffec70fd6598178314c0d77425b953cbafcc385fc31f265ff36a4f57a220

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e01d7f132daf0400a83e1c188ff3862d

SHA1
d0d1b26b1590225bc8fb525ac466368b76b4ecc1

SHA256
ca14e6de5847cb6718f528cc611764c15eb2817160d7184fad3a3cfc768ecf36

SHA512
42ebd6f71def3e52115e19e35644dc8aec0b9d71b2295bc9c709bb054ff9b57b57e927543f3f0846bdff3bb06acdb45e0f60443775743f3bccd14255897b59e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8c0435949e340cadf522b5fb9ca766e6

SHA1
6a3f379d421b11ad5625a3255db3fb4589739192

SHA256
e3f67c5a3fea094633d1b6069601a7e108428ab4b4862afb977534b0ba230c55

SHA512
af560f95f17babe04fdf7902a011fc83e4ca58b2133a98c08d6f748e90dcb899aae0bf3a5b2140c1d834331b239aa7bcff891d410fc3ff5949eeef95c4804cf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
64a2b4bb2b855fc22cc312100b9a4117

SHA1
4394f08287215c879d9f80e1fbd8be8c67f8f882

SHA256
bc2f753e02ed3310521afc279016cb44a350433fdd831c8cf4d9592fa0aa71f8

SHA512
15532edaee056b6875a38184a61cd743990c3b2c75233a41fc7dd8ce7e1f243fe41702b90602a31783f2d55fec0c434422b7f7e8e88d48c98532a952f32f56a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4470dcb8961db12a730e7c3aa7a6b452

SHA1
a78b6628e32e9c337c4176bf82cefe23f955bdef

SHA256
6ac6078619a62741e2d004a43a3940e3ead0e5361172278e8b543855e2374159

SHA512
46a3d5afe05785dd1c6547514ec891e15c7e164e45250accac81968ce6bb2aa936dc4ce2afd85d7bd2eed50dc7d36089a7b11da470c7b52e1b32323f51cc5720

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1332a079440388c20a90fd408f8b5e42

SHA1
2924c7b78aa5f67bddb22512046f9afd0d982ff5

SHA256
dabb751b4326566ce52a094547f8aacdca8bffc5b8ebf4dc1eb1d44d92d1a3f0

SHA512
8dffb06294dc268e3f5a181d0983f81d25f0fbcf683512e203a45a573c61b28536f3484d57af88046e1372b6a0d1be90acf1682410db1566e3a947f221ab789b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ac4f5f6b8aa01655f52ac71d98a4a219

SHA1
a841a33543ceeadc9c02ef6e3cef1d2dcf2bb2af

SHA256
5a25450c9d32f39b4e05442f9a314c961bad84c2d69417a052578399aa8eecd7

SHA512
de71216048fc40200233c215b0948a25f8793c565c1e89125b7ec0286fdb73fb82d6497dd9f9dc99c9ba0c1c65ac2013ee8de58538f8703036bda6f00c6264fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
deeabdab28e29d347c1b971f8825be0e

SHA1
6666b6ed486af739646865c3d6cca8e272d7297b

SHA256
afb2630cdb7cba520bf45cb0eb1aec4285b088cd793a4afaad5f5020a1ac2829

SHA512
0c826050ad1a832604695da17fc15f2160df958e0164373373702f84ba17e554475a7a80c977307d314de33c2499c2ea4081746e9da6e7d91cbda0ca921c21f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
effbd2a8445c2ae0d7960149e95b7369

SHA1
9b5de545194b7bb971341fb6009ac213779f9e8c

SHA256
a2a48725489b18d4bc966f1adf633ce2ef882a07f8172a9dd0d3ee526da7d808

SHA512
447dc80308c5c4bc74bfc183229c232045c34344ab7ee84b4153c60c80af40ed4558d2d3764aa0aad563c444f105e5989e3cd4b65837f0fa0c75d714717e48a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
47ce1fd671c72d48b03cb55c8c29e7d6

SHA1
cc18991be3b63a2d740686d2491d70a1951ea6c1

SHA256
e4a2cd21d0a668a7c47e836efabb83ae541b16357cb6c507b5900c836b94e099

SHA512
9cc5643bbd8c37936a96a54df853d06350a5f9970a1f488285e0059236dc3a13ee91c7bd1d59ba317337ace9898e4e115b54c379e944286606397475d9de9f5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
9322e4233c8eae675220e4b17ed261b1

SHA1
2f39ec9e6053354d70d82fe340015c8ce927d712

SHA256
39b058294653c980cd6e898546faadf85f59a235234eaa07d2485f0d444cd1b7

SHA512
c1f652dd9eaed3231c58a72b4e6492980d0ab42ee4b8b1e6cae8301f81c87d3265e120d19d98351ef78ccc2df586e56aca5b184d70cfc4fbbd964eb92d215b00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
c64b52f45b7b58344d043083f8427c90

SHA1
cb2477ddabf1511ccf637742bfd2f4ecc849d971

SHA256
1966c5de1bb6e457b4f87ea3161336f7d8e35b6a2a3ec9a2f3e650d323eedbe6

SHA512
7bcc108e00342cb93581970e1204a302b3ee55a2bfa388807730c713c7e70c6e5217a1f689b0d0049c885a7bf50feaffe6211d794b5a73652318caa5f50f6de2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe56da86.TMP

Filesize
120B

MD5
df209a6f573cf425427e9d37b98c3aad

SHA1
a4573213200d229fadab410097651dffd6d7a471

SHA256
6bea44e6a53afa32fd41872b3205e57f8d237026e22bf953fdf26ca543e79684

SHA512
50dc13d09188f09c84bc9ccb372edf454b16453426265ad2a166d9e1a2453ec0daa2d83c8c51f9f7486645e279c96525f65e35ee5829602c02cb0b2e377f5741

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\70d11909b44738bb9eeb5e9986636c65ec6f2e3e\8cb94583-42da-4a21-9abf-16cf91fb7251\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\70d11909b44738bb9eeb5e9986636c65ec6f2e3e\8cb94583-42da-4a21-9abf-16cf91fb7251\index-dir\the-real-index

Filesize
432B

MD5
a2f5b92bbbd8bfa46d5de88ac303a36c

SHA1
4d662995f1f3391e2a7224e175ce5167cbfea670

SHA256
5f1614d479017f39e07f4d7f9c2ce080b0ce10f468de73ebba95fbfd694bfdc3

SHA512
35ce2220fa6ef47634830b5be05c8adfe2039cce1bc18960483e27f28578e809c18476c04a1fb1631bcf1a15d9978b81d20dff5584bbf098180877dcc5b278c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\70d11909b44738bb9eeb5e9986636c65ec6f2e3e\8cb94583-42da-4a21-9abf-16cf91fb7251\index-dir\the-real-index~RFe5898e0.TMP

Filesize
48B

MD5
0e9c745395b032a1f711c49b91278a7f

SHA1
c42c3be823196304bad6f051ab893b80a096f476

SHA256
cc5cd22f0b73178f85252a1774c21354e59aaf2bffa13a92d01565b5b73b2978

SHA512
d7db3577378d06e8265e2070f5aaf65fdebb6c8c8bac1195b79b63fcfb5f7270354a2d38c4bb416844961aaade00d6668f8d00619ee574b9e3d96e0e10211e07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\70d11909b44738bb9eeb5e9986636c65ec6f2e3e\index.txt

Filesize
116B

MD5
23234922c4e1e34893306d51f9fd6c93

SHA1
d28d21a5a7931c57ddc0c2f4826ed46780f0d3f4

SHA256
946b2f9569e80cb5ffa5ce4b5b2da3ded48b2936761ad8ace9bb8252c2c0c432

SHA512
349be54cb9534e53b71f70b5f670815a9b869a2c27a31eb9c7c14531a3f1d8a3deda0b2f5616d2802375268101a4612cbd2e2812de3a9c801097146adade4e85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\70d11909b44738bb9eeb5e9986636c65ec6f2e3e\index.txt~RFe58990f.TMP

Filesize
121B

MD5
30cb8452cd7817d57c16aa518d5fdbaa

SHA1
2adde66a1d59beaa9ec7a81d40c1fb90c12c7cd3

SHA256
ba0a4a6b434e1e8129beb535ecd7f839cafc661c59487b0187044a99ecca29ff

SHA512
e7862b6832e33c5ee599326a643a44cad4272f6c0f709849f79603effa717a66399b3613e010f9ca32cfb4a7240c8135e88864f48741690d467222a1b4cfd3c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
e47b8358f128827d69e8df5fa8bcfa61

SHA1
c48ac3ee109da040dd9c51378bca5349cf21c9b2

SHA256
c01d2af3dec86487d743cad19ee60feeff4d45d353eb961029b9e95aa063c6a9

SHA512
e889569bf4894008b8eeb86ca88991de16890a6ab0269afa92aaf8fb9f0f4c8bc52624ff7f636c829a3632191ee903fee43b76146854cde2366f3c9e1f6cbfaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
b60e84737515887fb087494c11f94b7c

SHA1
6f44301d147a36f5bcc6581e4a1f3630e13b30d8

SHA256
55b1a37477cd41d8998d4710857e8d7eeba945517e1ab8972676493ab8cb9bbb

SHA512
bf3cf60a61a00644076af50fb9b170c4e67c4162179b4e45ce2d4d907955226b8decfb565af5c6396b6dd58e4c439049c3f3e127ce1fd58066223d56287e73ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe573112.TMP

Filesize
48B

MD5
dc43bc214b0f8b0b5a1a8016d6075581

SHA1
aa5cdeef299a9ed5e802ec97045698499f30f1e5

SHA256
da6c43a041d31da0979a63b38b3e817409fea82e01e2ac40602c88c3cff78427

SHA512
3d749f3e6481f78d616d69351b7d7ff06547b8978eef9ae95c0aec310856b04cfcc4239a142c2194963b33f9b83b253a9567443fd4caf0c47b7b517bfd6b0959

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
164KB

MD5
a80077ba0b632fe0ecfcaf000c53cdfd

SHA1
4fb6edc147f5e489b437fee142b1d39aa680117f

SHA256
a4697d2a0fda692eef9ec2b81bfb8c1ccdb27701b0f3e3b9881f8e8d14b74a2d

SHA512
878552faca63695068929d4800e34516a7e4e7935c009c5028b4be0ca5de813780ace6af225c4b667bdd399ea14bac9dc7581568871f1bc400b941a13898434b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
f320cd46fd30a5ef215da4a2d5b5a7ac

SHA1
936f22bdac2983c750013d5632a76f99334ddaab

SHA256
147ce955f5f431b5a0fb05f7f11918bb090458972437db3e1b3f2797707f296c

SHA512
b811452692a6c1df09e0c7ba4f4fd03af6fc1191743306d6973488e6047ef94580a666cf245deaa088299c8147ba0fa04563f3e916bf50a4b556b78a297c5001

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
9d3954810e5472d39947cdc8b3e89c6a

SHA1
0e8ea86360d20d826d11d3301177c415613bc890

SHA256
65695a61edc02ae6be0810b3204848196ec3ecc919d579c619174ccf770037d0

SHA512
b74994345ea2b529c981dc4494461f9b2aee7bcace172fc32642e9548bb364fc8bf46a55532d0e3720fea393214f3f488c978288f46421af3de920110fb01bff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
93535e0666de1bb608a468e8e7faa329

SHA1
133c14ddd2dab8b350d61dc999193abe74224e7a

SHA256
3afd64d37664115ea074e20533015353dff8b0709c23968aa1dcd692f340fde7

SHA512
7bd3082522777dc250085922214eb5e4ede68011a97313507d99698e963f6304a6c3f20d901bf72e4bbb687e777772d4de6fa3ccf3f7b4c761cb863b81ab0132

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
bab0784793e655752626acd11bca94e5

SHA1
6d8ff34e1ade6099c9b5dc103627f03361013099

SHA256
8a41c77744e429a18b60e8c7a2ef7f174f472f1c769c6326a4497183fd79f29d

SHA512
64330ba702c7154439c83534b85d9ded39d81d59b984b61e02a48f82c28fbc91e26a3fbd836cf6e22f99e24fbd093ceacc1095a4f41b3f6d587f2d1438b32a46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
cfc3727e636eecc05ddf560a4aab9ffe

SHA1
850472e16655e3e28e693d853e5e899bc2d0f11a

SHA256
9e1ff878b0347d7e294c534319f0ffa7211766e0b1b2ac5b4ad49815b81b0f1f

SHA512
472f768a2b0887fe3dc6193a147220f16c3d241dcf5f23bef0e9119afe2a500bf2911665e94651ce08268baa087e273a7e60b7434ec497fff909f09cbf42c6bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
9f12fe4e46c495460548088e8e1985bc

SHA1
a522767844340130742870f90c66439a4b0d23a9

SHA256
4fe9065c69273ad68309d326865571085beb6c7c0226c64aa770bf74cd4a0b9d

SHA512
21e94610793afe6efc7320a7c364a4e1ad32908d81536a667cb9bb19f46626f120312d4244adc50ce43a234f04e7b1fa6e68549a916c1769e4f0efc55b729f0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
d8a3fa4053254bb6f0bb8d0ee7f8d051

SHA1
e69e925063e5822229998a19ee50bdb2efe59a62

SHA256
5a8c2692bbec4b831d34876d6d0f78a5d242338d62493bd0bc492bc1e2e52e45

SHA512
cb817fc6610b9e1da178f54f7a019ea12111677cc6f46bd022c457cc06507aaf0c30ad6d9df8f17fa0794dd86aff1e2a676d57e99e35bb3c2d6a5e08a0ed519d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
af059040bc518e0d77ff462f1e12d8ad

SHA1
65c0462b92b99bb424046f1cde07ec359e3fea45

SHA256
be30b2bc7efc6b94e177a69f34066d94e7096a2fa7eb9e5ae0deb3fa60148ef8

SHA512
33f8aa32983a0ee8625c738d1ede9b8fbe30ded4c7fee52635cc29ab2e191e027d5c5cc45d1e743c9bfc5385a93ee56e7504fc3a8cc2c5d6ca6b2373126bc3de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
81bfb0100840e1395e06bc056c498b68

SHA1
4888e8fdae0351519b989176519524938d72dc3c

SHA256
1f57b7c01948af7f9c15ea3df7dfc9c206451952bad9163f2276bbfc197efcc2

SHA512
d1f8525db1c6c512a13f200113f79373d35c2d38f9ae5fd59119dd7c932f60254cdcbe8669d720adec0bdae85846ff45e51309192bada25dd7a49bc8fdff61a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
120KB

MD5
da5d967229a26a149ffe0a761d8e4b4c

SHA1
1ea3b3dabe835c778d46cbc95c668a26171909bd

SHA256
0f7034a84ad02219b6ee4679fb7198939d98e150c1336f722962dc702ee0ae94

SHA512
35ef469b36eb632669b78bbd1dfa0e97026d216eab3f3f6863622fd923e191ae2c1f0cd9a82934a8dc51e354376a4ff0fd81f482f9974ff4bd18e9ad464a56b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
112KB

MD5
f61d87c9916f571d45f3e756072c24f2

SHA1
b3156ea555da3de7779b1afe034c01264b88bfac

SHA256
698a1caddfde6e44d55e16c09345084303a664468c240fd855be500cb3c5e7b5

SHA512
f0fc6416057ba838c2773549047083295bda8b99b76fe8c97e20c679ef289ad15d4cc78b7641afdf690523734f001156c11a18e716e0692508581d14e555101d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe574853.TMP

Filesize
96KB

MD5
572b7a5ad31dbfba4af7a041cfc2a0a0

SHA1
fd2b423b0c93e910b524af297e7d7e6e905c4557

SHA256
2d72da2c2b89ca9a6faf71dbd03bf82628b29c2329719d7a17d3577e7fed7d69

SHA512
aebee7d3e0bc4bf2e148988f5f1c43bb2e0a0c7799e66e7b26098913adcdfb7f2c990cd7b60e48b81bbceedcae620b201bad16e62c26485ede6cbdff94ba00cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f0f4fec6-7fe7-4a30-bcd2-5e93ae0a2dec.tmp

Filesize
145KB

MD5
2ebec67ce6eb681b11e644ce705deae8

SHA1
87f1b5b533dc5bb352fca5fb4c242ca892d38efa

SHA256
ab04354e47c7809b76c356801b922b1a2958da151c734b274e0d51d4f3600783

SHA512
43c5071824c3928b8831b4e1d309224dc72e8f15995e83d8eaa332de6c82d753b74d7f87af9236c877485781ef4d0f9e78bc544e7d6b111c572a479619e157a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log

Filesize
5KB

MD5
5a8943a147ed74c46d3acd1cac592d22

SHA1
cab73d249c6a3e1a435361eea5adaedf03905efa

SHA256
fc03c5061319d963024a36bc3e65e2ed619fbbb20e1e5333023a0ecd1a0bc663

SHA512
68a80803cde4a28dfebd58ca74beaae4677bac04f05a690cccec5fbcf620052fe07ed727364a4b99f46668e64404695f83c5321c4fbdf5de12e3d75d483324ef

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\9.902.0.415\1wdndosh.newcfg

Filesize
1KB

MD5
3589061668e83d2e320e6772f72060e4

SHA1
5e6a7d90eb9dff98ed88772f1f6813b3a0937bdb

SHA256
078987da39fa63c02c13ac4935ab9bf76d8248af3f1625b947098a614a2a7ade

SHA512
90414e0f9d31a9406baed7ea197b72f1b347d8a8e7cd1b7a169e1ce4ce75f44707509242ecd92460eadac4647a522b7c1da86f7c5e9948d5137e85e5567a3401

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\9.902.0.415\i5c1l5vg.newcfg

Filesize
480B

MD5
e5842e68e01a61b15603df392c77d3b9

SHA1
e8dfdd9ef58dc7e155149ad7aeb4b86da88d9b2d

SHA256
a80104003be8199a4fd4e8ecf55039bd89c611debc7d7ff21c563a596eb67af5

SHA512
0258c6c602620e556833ada35f6ff37145d4700fec275b64a783aa004615e905d4ebe29c2a11709776f59f1641edbdaee2ae303cae87b37147c31ec7f49dcf1f

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\9.902.0.415\llscy0is.newcfg

Filesize
600B

MD5
f45fbf2840b83157a163c07002870999

SHA1
7d99a5ac807b4405ea93fcbac01b7681ad1b8186

SHA256
06d4c8f2f79d3293da27d3cc69cd59c14f3ec02c3ea622608b6e6ffd0316ef70

SHA512
b8ffb396648642bfc2d1ba374adb74cefd54ea449fb95bfb19e46becf828fac028716050436766ac19d61ce553395cf4aa4361adb2d7bee482e03e1efe870244

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\9.902.0.415\user.config

Filesize
338B

MD5
0a35fbae99f45bc0dccdb777ecfd0436

SHA1
65e295fde91f90d55b107680e060895654fe66e4

SHA256
19af84c48a15820c94367390d58588ddad8164b0ac4056c258a766c726329550

SHA512
db3a0973a373c039603c750f0f196cbf65553cddb83739f1942402eaacbe178a775be87c4b034feb706830ae69d20158c3e3ecad8d5d3febc45146b487c3c42c

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\9.902.0.415\xvpiolpm.newcfg

Filesize
1KB

MD5
e4308a22084be6f951aa99648cdbe1c2

SHA1
dbef8d6b73e101397816c3ade09d4f156987a53b

SHA256
f96bacba602816427d078505dea2b0423bd391313950e8b60258471d7372b446

SHA512
8d1aa1380a5623d247fea0d8e0178cc1dbb61141c7dc45c095930a420a904efbf7f80f3febb5411cb8a152ee12e5e667f6466cf33de58dcdf89e0199fd959867

Download Submit
C:\Users\Admin\AppData\Local\Temp\4661e421-699c-42b7-be45-63a9c9b629a1.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A332899\ICSharpCode.SharpZipLib.dll

Filesize
208KB

MD5
b486425283ebc113fd16f66c3f434a12

SHA1
36c9f03f2654919fe8ec34f04050112e1ab6a346

SHA256
df3cc9e55fa915609c7e4db84da1f076c436a277ae2d9c621f41a2e9aa79988b

SHA512
e77f11fd5b84c5bc93313aa63aadbf4e4f3cd023b9f04cf63f2b6ccecd9697c1d6ac10cc8b40e26a9439bbf08d7b6965b616cdb3f3443a00b5b9bcf570aa8cf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A332899\Interop.IWshRuntimeLibrary.dll

Filesize
60KB

MD5
3141aaece6213435230256adc43cbb59

SHA1
e9f525ee9b67c833d571bf9a1b2bda4092de9dde

SHA256
0329e578c12511dfaa4a97ce0002d7dc863f9d46a0b3371f8704a6243a20cbac

SHA512
158240ed0a1563889c3832c1f2e12aaa5673238b3d982352edfeab554ddccb17f5a30227d00080fd73f3641381d3a8f3ab641f9d508f3b33b1b22f57fce9d5d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A332899\QuickLaunchInstaller.exe

Filesize
3.4MB

MD5
14a86dc28ab5860d8aedd0907bfd2efb

SHA1
c2be0da175265f43b5cb5b9e10f068f7f9152a9b

SHA256
9935262f7b95ddb6bc4e77e499461409bc0f6f00cf6c5c20c1b5b283e15291fe

SHA512
70ff04b53ecacc33ef2bd45bb58e6852ae2b3dace1e5c9f9659bf1423b9da73f893ae8220a72a02f3a98b36fda3d7da3033d9c38703aa696e5d45e7b2a26f944

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A332899\QuickLaunchInstaller.pdb

Filesize
1.4MB

MD5
b533be2c2f200149ffea9129a687efc8

SHA1
d2aa80c3112f4ec460cd9eab1c24b2c14669fe2c

SHA256
4fa4df750fe7dd40b2b2990231a3dece21a69f17974b2d8c5489cdd6cf4cde21

SHA512
b650d4d487009c941eb0de3faefb8fdd15cfd14e4072b871da7ae2a4d1f7e7201f8cd74b1409d6c58706ba8b7f9ed7be7468b3932eadbb9ab12c93fefd6483ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A332899\Resources\AirfindSearch.json

Filesize
434B

MD5
e03c4f0bed8f90ea41cabf99b56764cd

SHA1
cd726a806dcf0d5bd9086d7f189223ccb8cb5837

SHA256
bc7d956b51de482b14c96062b5558f432a6810ef6b5f518f1c3133307f126223

SHA512
b57ff6d63c0544bec40c8c3bb32fea626d22679a9e918bc83481689f8fe87f10fb839e7bf2fa0520399faf117871d2b84349e47820670eef4701e347ff4618c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A332899\Resources\BingSearch.json

Filesize
355B

MD5
c66015311fe62bb123017cac51e5479f

SHA1
183b75544e7529da0c23945c2fd780fc7c52fc0b

SHA256
36e4a1d5db811e1d446e51e6a61ef7776228bd20c3404e7e04cfa9f65e2ac7e2

SHA512
52a0a329b20f80a1218253d49871923c3a4f51bc3bc98c6a5b0872e8d1619ed65313457f2bee67b39df7053822247ba1689a3728e4728e65f382fe21b420c23c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A332899\Resources\DefaultSearchEngine.xml

Filesize
412B

MD5
43d4f6795ec06a19ddf246ec5d4acab4

SHA1
cc40a728bc8f5722f76348c937189a244f339279

SHA256
d50266364edcd9e65d2d93f4c20d0a3d8391445a295703388ed867b8375c1c35

SHA512
4bfe46b0a52ae76366c704b432b4d28d63e5e856275393492792e8f1c240afcc945ba99cb328255180d2cac918d7d5b92434d1ed612eb61875b30bd3679e8fca

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A332899\Resources\GoogleSearch.json

Filesize
375B

MD5
23086bc1b44c760d68fe509c74462287

SHA1
11e1ce261f02f3bad768ea9378c132bbc79961a9

SHA256
94a848d9af40b394cf25268a946bf9b6058c87525a2831786b6fb7c9eef4dbf6

SHA512
e32ee98f6716d2f4de578d987834d688acb76c34fe01d87674c5cbece02f9b15643cf0e7cd63d1f1502df8b4f365ffb494b63cda0a7cbb6f0bdd3526aefd719c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A332899\Resources\PdfUiConfig.txt

Filesize
7KB

MD5
5657e7b56bb1d7bef584ad375548824d

SHA1
3dd8c66d18c12ec9dde87c487d1f938b08b4f856

SHA256
8460ad0ec110570453e657572f8f1f5e95c6d7e6cb6560622b3c504fceabf5d8

SHA512
266c22afeab829c293abe4067f8494d5a5d1a5cc9bbf3920cd50cee9b28ec14c7b03c3a69c957d29ad211e60a4630626d410c82be090eb1670ce44eabd4edca9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A332899\Resources\SecureSearch.json

Filesize
343B

MD5
081d0122b6430e54347a8700143558a7

SHA1
c757014ee01d1d297f1bb50e48510314640cb8c0

SHA256
e70ebc2d3a965b7a89a35275122d332dd4d8925785eb21dc027574db8f7ba252

SHA512
ac6f0737293dba85759cd1b6c1138d248327cd0f3dabdf4acae659163f88d03804d2a5a83843677627f076710b554638d1067093702815be6ec10943697295a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A332899\Resources\UiConfig.txt

Filesize
62KB

MD5
5854c81bdbcd495baadf1ff325e54b1c

SHA1
172dc361764636efff80ba86bd8512b79f9797b5

SHA256
12477891a1c47b9558a0690be7e40f4095e5af1441d161aefbf8c4c72b19746f

SHA512
38d34fd9e4bd39d79fef0014632b316253b54b2ecd3fdab5228015e99420686d6aacd4c6dbc8a589ac01aebb3c9cf85cd71ef4644d9da98d041df0746144539c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A332899\Resources\Yahoo.json

Filesize
217B

MD5
189015ea3534b1b82e9a965a4efbec53

SHA1
052753902de2f6b1fbc9139e6266c7efad58671d

SHA256
7a548e5abf06a38d793125ac03faabea9127a3282ae75efcf60b880dd6324739

SHA512
a102fa88664f1c0e248ebd1326509679dfce887abed4d0bdb7b7b6bf4305a37358d37199784cf808aa9148ee49d4eafc00ac20e4fd0d634a9b30f8fafed04f3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A332899\Resources\master_preferences.txt

Filesize
156B

MD5
8b0a2937544145f266545a9a8d4fec62

SHA1
037311ab08804a37609d993dbe3d63e9b02f0e4a

SHA256
129fbb28a0e8f735ea8d8c676f2ffda5a683152b7103f9409c5b854f230e1bd2

SHA512
0ee42edd2f314da439b6afcba711a3bd383035ed901374e08a61b684291cfebcf4eb3d92ff012bed4753888081204601f779a814f1d89953e464fed0d6c88071

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5388_382708099\59b72f9c-5085-4035-9ce7-7cc0a7a94250.tmp

Filesize
2.6MB

MD5
3fc4ce572ed4353c3c95ea4a6e551ac2

SHA1
995e3964ec276d14c0f5260913e9500fb7071b10

SHA256
cf4e3facd8ca4fd2b0d665117a448cbad4fef5e7de684a11e901ea874f6694dd

SHA512
74ae1304df84be0233d64fb82bd797aa66573dafc2ff978ae07fa57d1b51de4b81d1ca70a7cfde5c4b01a747c11d00e3018cf2bf4efdbc81cf2d6a67322244d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5388_382708099\CRX_INSTALL\css\custom.css

Filesize
21KB

MD5
3c77c99e6c5c3a02da6c5da37b958408

SHA1
844dd7ddeba826610092c6bb27a2e45c4a23a847

SHA256
cd9a93f3b055e7245cd5bbe2d0dcb38bf559e401de63748b80aa308cfc3e1305

SHA512
241e41cd73a0640d8578aa11416729cdd4de9aa68e6e8be8ff85376b4bfb985ec377fac6a1b56754295f66ab3e929b8bce50d8dface91caaa765fd7d9cb5270f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5388_382708099\CRX_INSTALL\img\icon_16.png

Filesize
596B

MD5
773a73332c084096c113e956df5105da

SHA1
bd6bc16804b2cd17bd344f65de6612810a262a88

SHA256
8a7c7c3bf63868778fa3a636bd4d1172b5e11b5d9d5172b6a92c104c02da3b23

SHA512
94663153d11b68dfd29d8ccdbd9950b1775c9dc3baaa1f56efed56df9df9358244677a5cd7a3ef76d9354543dcc75bd211dcd06e16abe7eb713a3768cafe3716

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5388_382708099\CRX_INSTALL\js\contentscript.js

Filesize
5KB

MD5
35bf6d54b2753f6bd8804000616dbf8e

SHA1
f0e7982838c4879cfba9910a9b92cb2ad1438bf0

SHA256
707a5af8e48ca2514e73b91b7c56312a56c5f645d6cf9c2998561d4927efc225

SHA512
d33f1ebf3924483be11ea6d6e9e28c03f5438e1c567279a9119443d144c1a103b70d49ad6eaef29787050de5ba76f3ea91c4109cec807dfe59396769c437ac7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5388_382708099\CRX_INSTALL\js\functionUtil.js

Filesize
12KB

MD5
2f758828413ce088b92561d7100b2c8f

SHA1
26058e3546abcf126329c12d94f73d1095cc7517

SHA256
5696efcf789bbfd0715bcbcd814cc2519d16d352ffc53b81ddab378137807fa6

SHA512
751f0e14c1357a8c1d8b10ee1c8c4c827bdd646bcad5bfcb4402b17fcf3b2af689db1e3ec6dce693301641b7df041d03f47979ad395a883730319eb1ed10dfd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5388_382708099\CRX_INSTALL\js\lib\socket.io.min.js

Filesize
53KB

MD5
fcd8c4de0d3c8dbf93179518e9ed3eb0

SHA1
409ee197138f1aade7f5b08f0c8a85217ae5e59f

SHA256
b53cfafd4b7c7e8f65bfb37f579cc4fd39652abfaa9591a2019545d92fa8cc72

SHA512
bebb834cf3d9b9d624b2c4cbbf2026d85683ff609be7e0939be0aae4551c6baead0d9b54128094a40d96e2d6e17456e6dadf38ff11649ca9bf17bdc398976dc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5388_382708099\CRX_INSTALL\js\popup.js

Filesize
69KB

MD5
494746a9aeabdf5be355ace44b92d127

SHA1
ee30a44eccca38bfa32d1e5cc4d7e63361cb854f

SHA256
e70734286e4548efa3ac345d528efb5de64343996d81951d0631fdc2433c38da

SHA512
49e2826c799d4a59f75668ead85cb73934bb56a87d50e78240a152bbee294e481de71b48901ebde092bd07caa97f62deacae9426529bc6972dddec2be7f5bc0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5388_382708099\CRX_INSTALL\js\scraperscript.js

Filesize
1KB

MD5
addb156d7fc4a2f4f29b183e76a5661a

SHA1
27c975c05cfd283b3d0643ac5c513b398d67f9c0

SHA256
55835291f2fdb4039fbc37b1247b873954d0dea45e5637e3b0b3d45d35dc848d

SHA512
7c0eb56bd8393340fd0ae1484c1c893ded97d5022fbdd90f452d90d66c8f475e03c62d288c6998fd7d5b4da31bae012e384c42d811fb12b257bc8165af51e62f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5388_382708099\CRX_INSTALL\js\systemUtil.js

Filesize
2KB

MD5
2a4942e4a5f6ff167dd0dbac2e02fb4c

SHA1
978cadc91bbddd6a755ac1ef80fe4cb638cbbaf0

SHA256
9a78d8045bceacd37de29268a3d61f8c6193b269394b7a73c77c11ecba8d9cd7

SHA512
0307018bce0e18a88311064c9d90cbf387dba04258522ca933c62ae8a86f4ad5ab986c53630bebab4920b14c61dff6b663c629219e713e61cc1cb29e697051ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\wci.exe

Filesize
547KB

MD5
37076e8fd3fe281ee1a89136c05f7ed8

SHA1
f8d8e4454b781137394714f033de7ad1d1f795fb

SHA256
066d7389642304b86fc8a5c125ac20dbb33780773abe6330150c52c29cf0d280

SHA512
73af1bf9ea0bdb6530df682ab9cc9e65e739a1580bd4eaf049e1cc327957152be1cea8882f98594376c091d5446ae3bc3831d23a8be1eafec16204e119dc4435

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe

Filesize
2.3MB

MD5
ea77a679d35408edefa832ffa236a419

SHA1
5d78063eb0123ad934fb9fa8eef0761f9ecc9198

SHA256
4a8392fffa239297e7dea69536a65c146736b9eca19be25fef01d5da68522b91

SHA512
14cf12cc2b7b961babe728ae39ed67eb29a11f44fc7500cb3277f5bc84af4d5bf0d1e908be09a0e349fa0126e8b8d5e4c35b04b86fb1c4fb1912444331c5618f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Crashpad\settings.dat

Filesize
40B

MD5
d1c98226070725b84c322626750cedea

SHA1
64aac3e8560db0136dddd3d0d915d0db58809fbb

SHA256
ade8301a0d6401a15125332c3a1a482ec3518c9bab49935261d84d1d2e7a3460

SHA512
300da31ffc1067bc2eb0c189a44244043eddd876643678b900be5ac19829be0cef4477e7d05bdda4b936e62cc1840ab7c2aeb7cf87f83f8509b95be0738c07c2

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\LICENSE.txt

Filesize
34KB

MD5
9dddebe18473aa0f80f79c449ded4266

SHA1
b3ecc44a5c34c6aaace987eac07b486db3bc3feb

SHA256
1b728b9ca80a6ea27fb9348c902dacf88b7fc7b12e22b693f4cb88bc8358985b

SHA512
3d0a7d2241a463d1848ab76644fc8519ff524b1a88a659a009811cb46e62617ad241b54b318bc3ef25869acbecc44c44b5890498f0a5d359102aad2ede9b7b46

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\_locales\en\messages.json

Filesize
163B

MD5
4ceb596ecb8ad1385bf21e81d374cb08

SHA1
781df34c2d5c5529c1615f7ff00634d7dcd36807

SHA256
07819b7eddf8d595e8a462994aedb1ea5f629326db3f5cfb2911d418861848e3

SHA512
70c4baee229e225ea11e093f303f545ccca3356d724705da5f4691b52c8d0af86c8cbec041f3442294584719ffea78074d61aad2c06363eb49cfa24ca2cdf9dc

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\_metadata\verified_contents.json

Filesize
11KB

MD5
9286e96719bbd0d03728a84082f7ebd5

SHA1
d2f2aa3d8011feefa9ed89629af436e0b7af78d8

SHA256
d119358fb3dae900ca29da91e6d0c184500972de5cb704534d4eaf1682eb1a82

SHA512
2427fc3e9214cd85e3776d2f61476892dde3227e192bcd7ab1e125b626dd0715a57801c69f6e9490f33a50880d9a51018c5347d63a67200b58151bff87897308

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\background.js

Filesize
349B

MD5
613a639514df9659f2f369cb69e631a8

SHA1
3a44e086b3f709de498474f98e073a31ca828f8c

SHA256
cad1ca417abccc6fd01648dcd762dc0438b105a563859ad9020a51abc805d22e

SHA512
db0c28750380e623f4bd3350e4a452771120b208d977206597dd3061ecdfe64ace19398ca44f7087b430c7a23284998c68366d216d99aca32d36a2e6427dd5cc

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\css\bootstrap.min.css

Filesize
149KB

MD5
c0d88f3dbe50265a0583e95d977c2c37

SHA1
9f4928456d73a5321a62cb823e6814ad46185291

SHA256
4bcdd3ac12b9168838ec1d58ad6d08ba7b6a365c5dfa91de80ea5cc3e9238009

SHA512
009bf0bf55fa6d14133deaa982d35b661a1b2cc9a98c8dea1f9c4478d081b72336d5e5e4aa8c53ec9a8bc24defff5bb4f2aaf6fc71405936d7e5597021dec7d5

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\css\fonts\Lato-Bold.ttf

Filesize
71KB

MD5
24b516c266d7341c954cb2918f1c8f38

SHA1
542498221d97bee5bdbccf86ee8890bf8e8005c9

SHA256
d7f0b7f2570f2f28b504da1181b4d71b1420b10be2c4fd690927f1c8ee3b19c3

SHA512
e8d26a275d257dce57cd05de36f6477a974757068fe2b130ea2b11b9f28afaca14261c20ef16030554560a42ee3c4bbd42f40fc9b41d5f716495a896a4719326

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\css\fonts\Lato-Light.ttf

Filesize
75KB

MD5
2bcc211c05fc425a57b2767a4cdcf174

SHA1
ad0d178564445a535b15d417f5b18019923d3bab

SHA256
fb5343c4375c38b1c3026336d355335e6a5b8531cbc9c6506eb4b6f6d67c152f

SHA512
f431dbed65a46db47ee9ac2ded8f75c1e2dcda62d06d8b17f6d84a3312cc6a618b4ae2c4feb659f9b8a0d9ab773004d29e6cd76f8a5f9aa3472ee2a297bf34a3

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\css\fonts\Lato-Regular.ttf

Filesize
73KB

MD5
122dd68d69fe9587e062d20d9ff5de2a

SHA1
e923c72eda5e50a87e18ff5c71e9ef4b3b6455a3

SHA256
e82542aed8293f49fc83c4aaea566b1f6b4fc7a9ab5da11e6fb9bc0973b5324b

SHA512
30c39f8e242efd6671b9ca59436db45ebffe5cc7f7dbc5a53fb21b399f2a52a9f2e68611b4241163a7de5ce934ad9dc9c6c9845e80bea7982ad6b6cda05dbc61

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\faq.html

Filesize
10KB

MD5
7be8a6dd8d1235cf21fe2850092c46cc

SHA1
606ee303924205e9bc71710a5ee53ab05d60d2e4

SHA256
3fbc8b06de44f5f5b1f04dc25eeca8c75bce49a9341de7c8a9dce080537f377a

SHA512
8ab56aa3e44694758d8fa49d81acbeecb1af2520fc9caff27d218563d436b91948506243a2272003579439aded61c72da689efbd4d17a747218eea3cf9f655a6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\bt-pro-logo.png

Filesize
3KB

MD5
4da9a7971a65832016d7ef17707a92f4

SHA1
8bb6a79bca7d28ece97b33a3559cc8f25cc23691

SHA256
60ee538f646031083305c95467688d82fd64e66f325e9324dead0a1be961bb2a

SHA512
3095cffd74f0d64734a2c08e39bb9ff2d1e620ad9446ce1369734cb7deaadbce2baf3dae9dedf704520234936ca60b02a308efd9d6b20a40143ba63c9ec7f33a

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\chevron-collapse.svg

Filesize
494B

MD5
c556a20d60a4ec1abb1b1210c24010b3

SHA1
7bb5aed0bc25f7e2a1a6b84795957a5ec653f04f

SHA256
43cf3b83cb433b61ceab27dbc7b8617162ee2531d73acaf472bcee0bc94bad52

SHA512
cb537cd83f895fdbd50fc5c9361c40eda8147fa481867423e92c3dd10928d50bde413d76714df6757d4d72811f2d92e5f3abd266aff4114a2fb78fc10ed5afd6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\chevron-expand.svg

Filesize
461B

MD5
885cc1aeb845e720fbc47cffb3fd8e84

SHA1
e62c8c8d5bdd41bc23791818033e56294231abf7

SHA256
f4e85b61702060ebb083c0711ea57cff22c490f93a1f94eb92af6192939705c4

SHA512
410a3d9d2ec8ddf269c412f5194b0832797b80f90fc45a82135516e676616779b76941d032cec9d8891079caed6d2770231831db97371ec3bfcfe8e80cf16c7e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\dl-icon-blue-loop.gif

Filesize
4KB

MD5
ef6b067739cc25cc08fc07254c3ff200

SHA1
6d9b08fc11519595ca111f828cee7035a5f6625b

SHA256
93186ffbf224458edf5d1fe894ad698724b98475b9bb019b204734d8f84a19b8

SHA512
dead1884c34837445e8e2c5d4781712f938a748d7c70265d5473f3408a5125bc86a4e71a64f4667612f24623016da586ec984fc5d313593bab1d14de6dea47b9

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\dl-icon-blue-once.gif

Filesize
4KB

MD5
4a45b31ab66e4c1ccefe09c5b75d8571

SHA1
ecf925ed456fc244ad3b143584a317b6e8d0d7e5

SHA256
92319dadc737a2d77812815b40acde4e19a9ee1f8098bcefa60a168b72467413

SHA512
ea632d4871d71efe152be6d71401fd098339c22801cecbb17b840a80d862272880254e121532b516054f8f89708cdedd7e99bffcb2f345a7e48eddd6f497aecb

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\dl-icon-blue-static.gif

Filesize
252B

MD5
212355e598623bbf5253bc602bc2cb2b

SHA1
25cdb778458003f39a7344887a5eeb383ab15a2a

SHA256
909681526a2a218a496ec2705d1ac1981b5d5ad56e04b2f637866943e34e7e69

SHA512
4f68e361910a0d29b4c555b1bb6656a8c26b3c0c32c613e4c655408d1773d52dba24748a7b2527464da6541da2b4719cdd7582e1b64d0fb6885fe8e759ea84dd

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\dl-icon-green-loop.gif

Filesize
4KB

MD5
29351d90fc2296da7fe0e0a56d04ece1

SHA1
3f89acf924f28416ca684a92c0c270060209d096

SHA256
bbe5c6aeb123af546616d35ed5b927717796981025a2951887258539ae9c15b7

SHA512
da7028b97c6bb19c73462f1ff3c8e61fa64f1ad0fb7fc06b297556c078b11983a74e1564e84501828047c1a4acc9adba3665362176118cdeb9500573fc28a992

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\dl-icon-green-once.gif

Filesize
4KB

MD5
d05a81f63d2d27b97b80393ef5a82048

SHA1
d40eb50840f35ca6be136295b0ba61dc763156ee

SHA256
50d8af8b23bceb40ebc45708e39c190e19c0693d03c6f267ba86da90f2f5b850

SHA512
bfb0c5d7e2abb118bb3e838fc44d3b22ef84257bb63382c5c0cc6a024cdee36b32ed609791392f31e7fb5fc6c963722148c1ffc7ca575419056ae4f17be2ef63

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\dl-icon-green-static.gif

Filesize
252B

MD5
d300f1b7f53bcf8c0494ba57325213a7

SHA1
65d87dde7f958ef0bade5a50f15675fae5c8bd9d

SHA256
d34ab9b3b3ea7e6c1259f4b725402de399773487bbf94f221fff6f02bd12d76c

SHA512
bf342743f631ef0102a2fd07be4e512e13f9dd8844179b665192e533ad00eda215c3c0962b7d14e36d05707910dca5685da8e726e85bef3b5c686b4c8648af4f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\download-icon.gif

Filesize
1KB

MD5
e7be682974664957a8eeed8b6240cf11

SHA1
3f9f1d543a337d9c24d06e97eddbee4b32663d60

SHA256
e1d2622d270cbf9e10f1ef27fa62b26f53af84ed955bce62e8a0949b4fdaa172

SHA512
12f8ad19b1f5cc670ffd17390fb0e6e44fb328b9bcecc1d4a13fee4687a8f1f8fc62f8293f8d57dae8a83a63550c9164ae7edaf851750cbb04c69c69a6348130

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\download-loop.gif

Filesize
2KB

MD5
e6455c1cbac2a0b75ce9103c123e54cd

SHA1
8dbd4d5885cfef4e82eb6a62c795eb16679a0a81

SHA256
bae046f5379d3c09ce652749e08b9f95cdfc88cc5b8dd5775498f625a835c45a

SHA512
778922809a84ba2d06d5ac1de094fa21f62849815bba3c528cca9801812800c8ea3bdf1491c9b5af426ff236cbcfc27faa03e3451210936913c8ee572ed24e9a

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\faq\chrome-store-logo.png

Filesize
2KB

MD5
f65e0c30ac29ea684b5f8fa6870a56e3

SHA1
d926d4b42da711d4118c74f2059c010649254b5e

SHA256
10b0852a121860ad427dceb3411ced96bfa65a64e36174535dbe3e730865393f

SHA512
9c68e2cf26b100206dfe1467719415de48cd767b073f2e318aadaaee86cf9507636197afe09f456c31cb27c740f7d2a18ea3c5d263ceb05f8f2d0e5fad3265eb

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\faq\cta-expand.svg

Filesize
579B

MD5
f9fd206779c0dca4f37e4f855a00c932

SHA1
ad5586bf44f3162737c1915ecfe7e2b2557ab265

SHA256
f411b4377488cfb2b30b659ad8f0cbf0da5513debe6ce6539fe2713336ec31b8

SHA512
ca68a83a6f1967839ea778f4ef07ea94e5c996960c0975219a4ee83e60d1874b0fd970abfa205d98c5bd7f09905d6327a57d754942fb80b1ba42611fbec93dbd

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\faq\cta-shrink.svg

Filesize
686B

MD5
531696e88bb56ae0b8026dbb09c5266b

SHA1
5beade3d8c59d34fb3e4d6dea306e80afe4dee6a

SHA256
53556ef4f2e10e086743829fc8c6d2435336af162bc7b2c2fbae0dea80457035

SHA512
203d9af979ea600ec9d8befd273cda740bb2c83140261b4221a3a325d4907b335246c4ea789dc2226aaf0ef1d8670e3e9ef21d5da3f4d2c8c267c17bbed78fd1

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\faq\hero-vis.png

Filesize
86KB

MD5
14e9f3234aae0d93a6f0f3135449f494

SHA1
6caf3c96538a61ca71d81d6b14d0fb799a12ea17

SHA256
5b205f158227738b1c9f9697d571e76c39db6cd913145b98c097eb103e020099

SHA512
378f24f25494e9cc2372134f4d010b9f1b70cb3655e8bd41cbdb452bddca96a602b6f0c30d4d4b44f5b50e676d8ce9aacad96e2a2a35e22da473660bdd840fb8

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\faq\site-bg.png

Filesize
2.3MB

MD5
ed3eb6a101e5180602d7b63a2015713d

SHA1
ad5dbe6cf8b9336c3483a62be0b27167cc31da26

SHA256
0997452045d1f2d78438250046841ebc05aa2351ec7655a3be7f102d53c5b30c

SHA512
f3accd75e5ba5bac04498dcccaf78481f89c49c32f48e91180a2caec27fdf4e866f3b65646a9b005e85bd4653264aace379d1fc73a21cd3fc3b979645d1ff692

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\faq\ts-free-header-logo.png

Filesize
6KB

MD5
0fad32842456be9d2f454e5fe783f4c4

SHA1
4cb9936ec6b4aaa1bf7e3564d672ce9f20256d00

SHA256
1be82ff664d77863c85f78c05212720e1751f8ebb90deb434d10c4a31c08e9c7

SHA512
f9f3c89d57a46cf789b475a09ed174068bb82b5c898aa5bda628fd39fb73962fdc16a3d7e5a8442411ab183a3e41ddf4c7c2012c35245464ee6ee3e1c6719a02

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\icon-1080p.svg

Filesize
1KB

MD5
164ef21f78ebc75cbe2c4425d94b5ec1

SHA1
84e9d6f66e19945aefdd9d83cd00769e4de84421

SHA256
5932b7dc8b76714af936c6f5e607c5d5c901c9d6a8dd6f94bcccc3f8f8d173dd

SHA512
c35b86efd64c970e860ba45ae367bdedd972f8eef9e3b2ba952823d5a83d2367159bd517f97352cbcc68d6d63b868a8acdfb9a6f74200a1958d70a1ffc017159

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\icon-4k.svg

Filesize
3KB

MD5
aa9f078a04e8120fde2290731cfcb274

SHA1
cb4a832a7e66760c67b93f70f129d235bcfe89f3

SHA256
074fb64ea08f98356db0a9d803c7fef4b96ccb29cf9261a82577ed09320b39bb

SHA512
cbdde2b53004a9bc923a83ef621079748ffc812d1fa462fcc71b91c9d22eca3adcc83ac9dc4a5135e0a0df582136d2f62868436ac706d3a2d16d73e27bdc16c1

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\icon-780p.png

Filesize
284B

MD5
1c34f528480c99be434c90e197bccfe9

SHA1
d27685c0e9724256dbeff75647c75b664ce342f6

SHA256
40ec94cf023ca99f663632be23afed63eaff028f96cc23c68999dd125fcb2c4d

SHA512
41ec5a53e7791e0c42b3bd0aa72c867285c5ea93c8cf4e5abf8eba4be9f028adc682cf8af6d7c8c7bb7b8ef7183303391f1feb84aaccd1703e627ebef1e65c32

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\icon-alert.svg

Filesize
1016B

MD5
c35ddd690f0abdb955bf60bc04beca7e

SHA1
d13c0a6f33bf01c7b9e5526e244dbf9150749634

SHA256
b7e782d4df9ac4157f003b384e0fbf6d8aba22223e53b1c52c33f8eeb402a7bb

SHA512
376389651fc81a8a0fd9c71b73688d0a55042b9ecd0e1459fcc173bdf7cabd4017e7e8e8b60e1a9f4f5b35d363abea6a4ef9dafa20cdb6cc9131650f2a41ecf7

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\icon-buy-blue.png

Filesize
298B

MD5
d8868a6aa77f939e706418c9f7d7e2dc

SHA1
ebe0426e71f63673b91103cb446db13a550b11e5

SHA256
29f13f0d191a10b9e8c54960cb6cd2cbb17e50e1fbb29d432577fd3cfeb6a200

SHA512
bee37691b2a7cfe5568541d57e86c2ce59f46f2aef6b11b2251651bce1fe2dea76a81aba1898b504321baf695d2459db22d1074ffdedc2dc8f2e9072c7a27ea6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\icon-buy.svg

Filesize
613B

MD5
d3e927b6e29a71f80fb43df46e2c5234

SHA1
588e0f3efe350dc1e98cc7b1bb53a4cced7eb094

SHA256
715410a265bc95e0924b76cb0a97fdf0eda0ba5d85e03c460dd587a813203d1d

SHA512
119f5a1c95c3b1ce1d6d10129aad6c5b950231b6cb13180b101d1d1d739e720f318321497724e5ab021bb77687f433b676bdafd183fe546aa7f404e077ee8e42

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\icon-check.svg

Filesize
310B

MD5
95e0ed8b46152e4e7cb154e94487e7fb

SHA1
9c0e7e94c8abb3fcb6ef75483ca040a3b2229afc

SHA256
57559447188da612929f895ac014f328c642fea203a952d1212ecc3d40def948

SHA512
d5ee0fab2dc1aba5c80b3000d0041072564126d7edbc7f3ad4fbf20a0e175810f43b230d5b5d3fec4ae1bdcc594d27e2ce117efc27ff114eb2262a889ba6316f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\icon-download-hover.svg

Filesize
908B

MD5
fd3ba149220013842d9d40bf5392bd8e

SHA1
85d36d9396dbbb6a410c5d8e75f54741fa3bddc7

SHA256
4265fd53a55dd60eda07ec1a31cd733c76420b2f6a6561732630d9d14e5f5fe8

SHA512
46f10c7c9aa74a15f71ef30bd9ead4f30700865e157a26f2fb0974007a2acb867539ba16f1d46f83ebf94dad49c4b1efbc769faa5ca8c364f96798faee936c8b

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\icon-download.svg

Filesize
899B

MD5
153a73ce060f33789dcc9c499fdb0f43

SHA1
2d8ea944463d0bbaa5a6d000ca1b11572cdc625a

SHA256
fc9a592aab615fa465d25e29e95ed99dc0b1a7ee3820fbdf6c6e6ab40442cda6

SHA512
f1193b6a91291b127e8394fc6143f8bdcb5994db0ab22dbcdb37f90e9d2d01189587dccc5c6a0b5d6a02b7b1511eaeaa74bb1c1b4d06c62addfa220189744afd

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\icon-faq.svg

Filesize
991B

MD5
d4646525a33843582c22d408f0f1ff8d

SHA1
2b5a4d82671056136c3c236e9bb2579536f0d46d

SHA256
4f9998d940c10a272bec51ebea9bfbb7f69224aad9790d98bec680bba0d438c8

SHA512
21ec3ffa7e5ddc3af9978f5c6f5ee468c9414692cc56c2f90cd91fbb51ced3b2af879494f749e83904426a4a51a9f4f5023483d5c4883bee4bca0e615d52d7fb

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\icon-feedback.svg

Filesize
1KB

MD5
26a0cc1f12e0dc7646c84102941de064

SHA1
1774c9a2c6f12d6cf01c9f22ce401a899e4d375c

SHA256
1df68fbe3a93d695c0a8cc1ca7c6d99c0b1d02c4ebefae6aad17bd8649d41d65

SHA512
715c112d37a39b9c069fcfcb161e93b196ebc67f21cb501ca2fce3e1be79eab363858967a4665f14598a42aa007903c1a08dd88927c1388b80f2e7dca831bb30

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\icon-home.svg

Filesize
1KB

MD5
6eb78abd788e2cdbbc3cca35322b2380

SHA1
a4cebea66f507f0552d4ebcfebf874ee79cd9038

SHA256
dc2f46c0bb49dfc3fcdb0284e8f53d9e267c919b319e1f12f16b277bdfeed206

SHA512
5233c9f3b793c37153241e8a97adfb142085eacba96030c13d74f790fe54c370fcef09db0d47e5080cfc0488f92825501105b9c5acac3f5b0dff0c57b07664aa

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\icon-invalid.svg

Filesize
1008B

MD5
7efe3d27b358cab1b6e3e5fc6c9431cc

SHA1
41aa54818ad1b3de5d7de3bc6eb1c5c37a0af5d3

SHA256
c473e33e276ab5ed3ec4a052d5c53078c7341bdef2d975b5dcf05bc86478f631

SHA512
2ac54a958a83f15052833c860c9eb8a9614655cff9c311bbfbf32908c467aa1429668d4ea5a5c07ff2e4d6c74d3ddbd63b9ae6ba9f3e5928e4560e500cc96a2f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\icon-key.svg

Filesize
1KB

MD5
07818f7160dc8c80cf00eaa4fa65946c

SHA1
eefd32d7b60f57ecf818e70fb803b0d62b1247a1

SHA256
91df81713805e130d1c6136a527b55290c5028a5bdeb59a6fe45acef28ac0376

SHA512
db5dedaf20d74d07070b7b30d7c1a6f5f64839d3235af0ba2b6cec79058ecbeb60aca00ca3f4acbee66c0fa453bdf8c0927880090889d47cc6a7dde30162ee5d

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\icon-key2.svg

Filesize
1KB

MD5
b990990ed5045ffd6046d443c28890ed

SHA1
c78c4487dd93106c7f6d636451bb61855e0ea66b

SHA256
5b3cee63a153c87dc876d14f0883c9c2f1f799f6ba389ea4737680f26d33a8cb

SHA512
a158493d4b05d199470ddf57f84989fa4252538b95c285c36e61935bef5ab90cc8088877116c8c01c51a9bcb26b2d7e14f39d5306e608317e0335ebd88d0791f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\icon-peers.svg

Filesize
379B

MD5
5409a1b61386867c0e2c98468a402afc

SHA1
a0f7de8ea3c02ee8ccbf3694c1553ec258781b0b

SHA256
296e7ac838ca67e6499eb6f481fb0456b9c42008d2c24ba0727346d34ace8f25

SHA512
70c7d12e4bc4ebccc68d4575042540864a54e4ceb75258b65bfc6ca25d1b8459ceabe9714098d1d927b3bfcd3c1ad17a2e95a6ca023c91e6d7759bf91ecc3817

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\icon-search-blue-hover.svg

Filesize
798B

MD5
2c7a67e2dc19e1e95ab7b98e0b1e3d2e

SHA1
801413a16ee0c9f7495852a3d2ca9e24989ee1e2

SHA256
9063329762e8acb724b7dffb47f2f4818a86942b2e5dd70062729e60e934cd1d

SHA512
4f991fbc95d31fb9868f54bbc4d5d37fad47acce043859639114acc67b0e05f1ab5305f20b08a711f95198934e671f70e670a0e117a13f311e22ffda763dcf39

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\icon-search-hover.svg

Filesize
840B

MD5
a59861619e3b7bed92d048479c2edbda

SHA1
9ac80c3fce625ed073b0552af901428d4da62c68

SHA256
30c737cad3ce5b70d4a0c6550785a5817a27d0f207dc8d2fd569caba7448da10

SHA512
c1c63861c69f655aaf26b06226417360d67aa22f0443c8685b32b91e0f0f1f7597a0ce4873bede59022d6d20ce5d5848268bbe02b9f29bcf2a296c501359f7c6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\icon-search.svg

Filesize
523B

MD5
abcb474647e274284e9acdd40f2de70d

SHA1
9b7311c9600d7edcae80de391ec9ed3d6bc63aa2

SHA256
c62549cec55a1c5bbe72a9c0051bb26f89b7a120621c17ce92799b60f051fcdb

SHA512
9ab6219c01d01f3ba99e0d96e15cd31352905666d8defc2cfb62f0cfae8f3c875818649b748d3bde1a8b041bfb4432e7bdee4d07354db4a69b0f6024efe2dfd6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\icon-secure.png

Filesize
333B

MD5
20deffed818a2fc78bd038039030ac6d

SHA1
168e2a4cf78791dee6e4cb482088aa985b8d5ac8

SHA256
d281329ecd1767b03797a761d31984c68af6f9bf3e4c159e5bc0fe060a3d58be

SHA512
ba3abe2cda22325623296acfb53bdabb3c3c7f50ff79cbae33aa19dee2bb2614e5a4e083beddedbf7f07b5e6e5be8369ba51256a8ec2d9f9e5c32d5b23c84286

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\icon-seeds.svg

Filesize
381B

MD5
e8f9e6576d06eb96ee84f5850b5b62ae

SHA1
47eba21c2fcffc90c9506a83eac9df6c4868aca3

SHA256
8ffc980f22ae0eb16c1c6d726006e55693cc485c13b1b2dfcad00d36a8b213db

SHA512
2fa977226eb108e4da5587b96f0f55d364c42d51cfe2ab58d6ce811bf5bcf49e82608185cc9742a0e92ae62d694a050aef66ac04422f768c9cb790c99d1be783

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\icon-settings.svg

Filesize
1KB

MD5
ccd90cc5b1597e21cc571fa0c5383b9b

SHA1
fc122b2b6e4fbe7909cf0051892f76c561b5b163

SHA256
b7b2d2e0d01b069e143d040db24ef4bb5ba663689c01b224a25f8483431b648c

SHA512
6b6ad5880f6387bcccefc124a4d0785c00d783929d30a6f7ff69fa3ac625fc94d608862a2234703c29d19654b73ccb5e424156eddf241f98b891dd036a588bfe

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\icon-success.svg

Filesize
1012B

MD5
153c44b84b9b99e9c7ea697290edf723

SHA1
a99b1deb2ce5c43fc51712924d2026f427a801e0

SHA256
e7e901d7c1e04ae400e0f521b08ae928ce0ca075f909688133f9cbcdb3ff7ece

SHA512
1899df27b53acbc5de317a4811b25cda396151b8cdbcf5330dc8831726510fd8faaf5ae4d5510303f8fa1c98efa5cb1c8345822c05e03f692499366efa2c30b3

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\icon-sync.svg

Filesize
839B

MD5
4c0a9f81421275f2c4a41bfbd585aef7

SHA1
44207001f413731fde1ab8140ad735c1ef327f12

SHA256
065b2c968546ac4c08f7925d34c9d5010a19d69be1fd72cd5034fe5fe803374f

SHA512
1655e589b6b98f8684e0b54b24d32e867f60fd9a59291c4159b5446df32f1b8a423e0cfba7dbe187d7d29b7b1c78c494ec2a86535949d6541b832b81f219c6c1

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\icon-video.svg

Filesize
1KB

MD5
67ee77ac53794727ddbab2e61a051b35

SHA1
29d88bff58c46cf17355aa7bebbd95f013dcd6c9

SHA256
6647a9cabfb1e79c1307e71917a363c693d2d8c0b8d2707fb1b25098e005956c

SHA512
29f70d8c4f2e8cc6520ea35e10610fe909eaf9aaf23c26e42c97906ce548edcf44f7a907501c3b23131f675ee2688088d16da7b052889524380f20b0db880354

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\logo_32x32.svg

Filesize
1KB

MD5
8d919241e4d381fc4bc8c38e07e8db42

SHA1
9da3403bc0c9a592166d27ee21f293c22b5f61a2

SHA256
383b7fdfe219378ca16d229e4e01a98925b03f179503d78b438daf9816afdb20

SHA512
e346884802aefaabd78333160fd3cf04cc9bfebe05e8b17f933afa73ba816c3b50d84a1f2e00d502f699496d30a3fe7eade15f0d010c807df1d1a82c1aa14074

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\overflow-icon.svg

Filesize
290B

MD5
c50d2904dd51b00eb1afefb97d83b856

SHA1
3feca387ec7fad92652728df4395d98c62e35e7b

SHA256
c0aa1de634c2d34b8e8bcb98863ce2594119088acf07ee1fe7d325c3ac8a6b0c

SHA512
bb88366d24e8710721b3c7306f2ca8c27dcce44bf957a4f2c7a1721610a881fa64ce815f2ffa2c67ca48da1ee49e304deed8b49f5134056913aa4932726320f3

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\rectangle.svg

Filesize
156B

MD5
90f94d768ba53139f8fd8de7a2bd2b74

SHA1
5331e1d6a2aa0250b196a86277a5a948335fb8b6

SHA256
1575c27eabb83ea51c6aa3cae2fb19e80ee386acd4f5d77a7db418e5ab7f47dc

SHA512
14fd10a68af4ff885e436f4c2e270afc332e2c35df70775154e109d6ae06cc890c987459aac68e347c2579384f015e4a1c279b22d500f8d84d3b841e6c233d26

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\ts-free-logo.png

Filesize
4KB

MD5
40e386f581aef166e791131fe94039f8

SHA1
47b9b0848d3c9577ef4e85ef6aabc34062775f17

SHA256
526eb20b324e0eb115bc98c7a262b540114d5a0b91fcde2ddeb4079743388a71

SHA512
7eb1324d88f0af8aeb29917a7a265b398d3fed02a90258849e4ae61b643552196938d22acbd8ad51fd4602a23a280d44fc1442ae6f11f8409483c0f8be4279d4

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\ts-free-logo.svg

Filesize
9KB

MD5
d8bd696523fbaac814453681d1c07309

SHA1
3f298c2cc3b003c905de7ae0943ed6fbebed753b

SHA256
6aeb80339620af5a087fb85e2eb1c2178bb463279a58de3842b7103ad3403ea7

SHA512
dbffc82403ea4f99ef98ae5e14bdf6e9aefb6c9544486084451ed41b498904c29c4c6f1d4f89abc8c9c2302aca7d373798bdc750d09cae44ffae7df936aded50

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\assets\ut-pro-logo.png

Filesize
4KB

MD5
591f78b3dec1811d82a8bdec36527ec1

SHA1
0589465240c376066dd3572bc6ae822a1d3c5533

SHA256
7cab2b4ff7c418327ea31afd1ba0b9621b024b8ddfabebeda2f6feaedffc713d

SHA512
ec5365a20ed51e8abafc88961c2d2d2331338e21f765877423ca70ac02124bc0e89be83208755fdfd4fdc8cb75864dc2cb7525c440e4a654513d30ff02e9da81

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\browsericons\icon32.png

Filesize
1KB

MD5
4f7409ddeaae4b90fe099508a1764f95

SHA1
2ec5b8b764f1eab2f9e850ef983aa8abb7b6db95

SHA256
7bc2553156dd0dd46f0c7962f142388776cf1004dba8d20f160b3ca42e36ce99

SHA512
b4efdb6949f68dd6a7b848e5784cbe735e529df53e38b415998914c2d048c12196a75f9af4dcad9feff7d2cda70d29243271f218cb1554e8a5bf35b6e3462025

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\img\icon_128.png

Filesize
8KB

MD5
81ad059e44b4cfcf1b406a79945da371

SHA1
793c2912de96a7c4bcab278793ffcfeb356b6f15

SHA256
06c4772f851d50c967342723e798c0b5d96cddf6ae62d38b8f68908d9240c849

SHA512
f94495e716ebefb1f29fe5c50987a881a75fe9fb3296bb9203050b519e5a407d618592581b868e9e9d3baa22d7b2b7a6badc32dbc4a4e9c58fd9c883bb44e242

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\js\backgroundscript.js

Filesize
9KB

MD5
f9ed6eccab8a57615a5060a8356bb17f

SHA1
9b291732fa459668a97fabc15106f1dc09cfc736

SHA256
de592c582fe3c2f9615828668e6f452a47e08ee2cb8ee9122a0690ba0ecef9c7

SHA512
2ba5ac0a74139506b28813fbb982b980049e13e7321112954d4f1d91fe57b0a599e262ba86736484969c780e25db173dfcbc5cb2fa1493a577160827bff49b96

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\js\config.js

Filesize
582B

MD5
d96ae9577dfee6bf511609842c53a458

SHA1
0f29aaa662062da5b726b5f7d58f724b8f23c2a4

SHA256
0bfdcf96050986a018c35146d00fe67372423d59efc5269d1380eee822b5e407

SHA512
387ac78f871f7a14b9d54411b828b1db13dfb8e7557cecc32529302296f28bf6aa242216bc6d9bc7cc4bd7c464584fc4d5b7c4ef5cc07de22c8e371fa74a7c5f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\js\inc\base32.js

Filesize
2KB

MD5
01d0912ea352ac2eac036c14497b84d0

SHA1
419564fb2f87ffe4b863832daa122ade1395262f

SHA256
5e19ffcb5f69a56805c6bb8050049a4e32e287d5894144645e13a2c50d2b5c6d

SHA512
f7e0264c2e78825c85b6b6a6a8416805f1a4367722a543df4b326f087a99f52df32f704bb66d7841fb5ecedebe0a8444577eb381281fbc6e236720d3d8209beb

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\js\inc\bencode.js

Filesize
4KB

MD5
4dd7971660aff54692aac64668174dd1

SHA1
7bd8ef485eba207529d5f2ccc5b19210a81398b0

SHA256
92cb956f87005382a573c10cc167dc9c9ce00a6b05f97a89cece539e7104d03d

SHA512
7d367f6905a2f1d8b438c90e81e94fb6597378de68327cf9af5667f7889536bc4ae5d6e134b1ab3ede2949728a90db8ee4f8b03a0f863f4822e248405fe68063

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\js\inc\magnet.js

Filesize
7KB

MD5
6f335dadd87a8e87b7715ba00578e152

SHA1
54dcd37f93800772b7462659f9c4fe8417eb22b1

SHA256
c14624caa461e8bd0180c8fc82435cbca875ca92009f20ac39b62f4e887e1f51

SHA512
583c48ef6722d39fb01ab04239a59c84873007562cd76697e59323a8e0996b80fea2901804d3b378346f6f12b42fde7f201256a0229de13b2dd57113e820614a

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\js\inc\sha1.js

Filesize
6KB

MD5
a8b95a00931c413aa19d6bd6333904e4

SHA1
711508d16907f3821eb1eda671ddba82164aeaa1

SHA256
df7d7144eee089154e9eac36e2ace84efeee3a4211f59bf0b6d4147a389102f5

SHA512
abc0f500d17e9f217414d8f03d1334f1297a329570567005b3680e464c757c1f664eda2acb47d549fa215c09d7c81fe945df0f29322ef0214ec6d830ae100aeb

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\js\inc\torrent.js

Filesize
10KB

MD5
5bea317e228bcedb99b65b7eb58d1b62

SHA1
998df8f84393f17abe059f297f9ab6c9f7e141f3

SHA256
27b11f49eb3f3f617a0b5f67ba3a106b9f64c7359f02e99edf15cf7277756a46

SHA512
aafe78648a20e73df99d1c9cb54aeafeb389fd6cfadf19c316406e933cae60c5a5bdb866e74c6b76ddffdcc236d30ef249f00c747ad7d6aae2e157619ed704f7

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\js\lib\bootstrap.bundle.min.js

Filesize
76KB

MD5
189f332ecdd3d42e781939666518e92f

SHA1
6584cd9d44d7a886ab89378a34d3ba8e46577124

SHA256
2955219abcb2f853bcbbb5f6fd16fcc8b750b36dc962686279c9523f7a5e2f64

SHA512
7c14c2a5aff0c1811aafd31c1f068d9c7de6de892495a762cba7129836ad147676dd4c9f062930edd0590e77063396d197c9df1bd6a5db7b4d7d6abe32de97ae

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\js\licenseUtil.js

Filesize
7KB

MD5
5dedfa71985c03f53700c1c520c3dbb5

SHA1
f1f13c796fe1dea1549ccb919d8c1943f657587e

SHA256
5a174c6a3b276734ca0cc131e4de8e1e7dc600eaed27429e9bd4e484173ababe

SHA512
5976a10cea385536b00e8a5d99c2018582294c0d5c003ee3889d2cd7ba8b92c0c1359d750bed9583bbe6eb6dabfb0eead09ec83efda0c12e1262b0e152976d74

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\js\start.js

Filesize
10KB

MD5
20b792c44107c48b9495205bf706bdf5

SHA1
8e45bba38713fe72fbdaa0b714b37c4fe92b999b

SHA256
8a902af983020d43c8d2276ed203742c3b309227217de21fcab09e131469fa99

SHA512
293f744ba10b0e9ae8629e409d4cebe3a634b2af8edd85b16d330827d5f43aee542f7a8f4c32c5ee7977d54e597494a52a8f213f719d8809ec8ffb6cfacd34b6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\js\storageUtil.js

Filesize
767B

MD5
8c8c153e144821d1a30bbb7e77c014c6

SHA1
8653daa097b71221e494c17940a1eb5b700befdd

SHA256
77395a5dc0397675a474fb6de87fd8cd3c97ce83a421b08dfdac6d85d7fe1ee0

SHA512
df465f57d6fc6e6374acd8add044eae256668a44e4512389282aabe97e051f74a169283fe5678fabdd5577c1280ce58707701e8951151b0a286949a725b56d40

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\js\telemetry.js

Filesize
7KB

MD5
878a02aecbb427772a505274d1f6bc57

SHA1
0bf2cdc6358c16bfcd62c70d192cfea21ec395c7

SHA256
f14c204d0d4b134066730f62062e82bf9fa7aefd3781d75678545ec1df66b5ba

SHA512
b6b113f29cf5c49a10bcd29a02405f9ab68a6bb38bee1dfe5de8d39f22dca0aea900c9253cda7e48263e965e9ef39d79f1e6d3633e8750191caed366551bcaf7

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\js\trackingDataUtil.js

Filesize
5KB

MD5
b5dcf1afc3418f47541a46b60fa96e84

SHA1
56054806ceba46c7325a4e8bcb44aa5375543d39

SHA256
006895c661f2cc0718eb38b60e0b39022084aa8f45237cd0b19c0379b56acd56

SHA512
1e66324fa6bb517a51f7e434fc885599ee5e872893cea150ea921667d096402bcc3f6a79884c8800f314924af0c8fecae1cd8c4a4016d5dc4b854d7751a4fa43

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir5388_267708002\CRX_INSTALL\manifest.json

Filesize
2KB

MD5
f9c3706cd04adefc6db048f6f832f695

SHA1
ee773368c1c3286beaf8cda3b7f1d666533ff0ba

SHA256
1d1aa881640446540cff4c4426801dccdb8226edb44e5e83d7ffdd9a83a58b59

SHA512
9a2478db5633c159066653490e973a0c9a208739c3053539381d88974f2c60435520961905bb32e85b9d6f750f3f5ad82508979684ff8cbad178d4511f4b5c73

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Preferences

Filesize
5KB

MD5
adc8bfc5c3da23c2613f7d95afd8e5d8

SHA1
a5dae84ed545550953668997d0fb0c092052f951

SHA256
abc6b288408c223e0f17a6853400cb33b7e7fa2c46f22e9bfa64b8e453385a88

SHA512
466aa3d5e2ce7dc7f6e5da78e665be561fac21998408210c1ad685916f54adfc502e4cad45c1c7934792e5c64ac5e5683bd54720bced64aad95332d2214090ab

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Preferences

Filesize
6KB

MD5
246f7743d6ae304b90400b686f5eac3e

SHA1
44965c2db5bd57f8bf72cc7f10829672d5c73ba5

SHA256
f80f08c5c2ffbdcb0fec110753f851b7d0de2448f560ddc5aaf7be6f59cff847

SHA512
e2a97e07679b211abd8d39e9f491a79d6d4cc18a7f55066d112275039b183aea0e45c96331e50b070c462718806a4f6dd07dd79746322715d0c88c965fa5a884

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Preferences

Filesize
6KB

MD5
e9126c893ba0d4e1c9884fc0333d0fef

SHA1
f5a3a815b5a1a0f3ab14c5135309f1b5b025f4c4

SHA256
991719801ffa71cdafd9df14d361e1970ffcafe9353c10d55f4e4dfb626f841f

SHA512
e73a0d0e6a947314c74f067b23706791c088ce0c91e16f3ac9600e6c01df4ca8933e69a9bdd76449b23da972080c689613c5e5a0cd767cec1bc356fab13a0e32

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Preferences~RFe5ba4c8.TMP

Filesize
2KB

MD5
424c9726f046be818ebc1905dbab61bc

SHA1
024c3ef809f425128cde52532c2b70a97b3f8234

SHA256
ca3c21c2f138a1c954bf41ff6d83b8256704e16920fd4cb023951ac67c186b26

SHA512
01fdf056c5665659393ed50e2699e5a03031500c3c949437e3917fec4696fec35bc1c41c2e3f4f3681e87351f7a7e069471ebfc4f6b9c87c7ac5ac58cfa26638

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Secure Preferences

Filesize
11KB

MD5
a7759ced899f28c442f12b7a8a142f3d

SHA1
928a2a2da5d5000a4bf806e4cf4083962f294952

SHA256
43e207dfd52d39dc436025882460baf68e4c59550512900223a77b68dd843dbb

SHA512
c7c921b5e8a5d63ea81e563bce0c3ec34674159ec34be0675fbab4b4a07ae7247864183eb7cc0eb070618bdec4c738a6b524d375a2db5dd70a0afe33e1f77b41

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Secure Preferences

Filesize
10KB

MD5
2a51ad016a4010b8aa0bab1021ace0ce

SHA1
647f0444cb2f32b19ad39ba91337bed427b9bcd9

SHA256
3cb3894db9ee0dc7e097bbf178c3cea9c37b4a0632827dfa02df73e248ff4857

SHA512
74ec1893c9b558dc26f0262ddef01120dcbe3f38aaf2e6098e8b749c0578dee3b7e2a38b6af39443299119f015196877adf94f256f0f42bf8a52cceac47a25a1

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Secure Preferences~RFe5bcf33.TMP

Filesize
7KB

MD5
f09276b8976015ff00c5fc538bea2dba

SHA1
305214186190e879689f4469527085f6128a38f5

SHA256
62bbc68eeb1cb934d6e547756ee5096378047473ae404fc4d88ea483ff87b03e

SHA512
a9dbfffc903287ce8cd1fe969a9abf9e36a7dfb360ae347231b27baca5efe9b560019fa82b3a49037c59fcf08f2a9cdc4e03269a550bb0ea1e45fa8aca63ffb8

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\c69dcc89-5939-4474-bc99-f575e166ece4.tmp

Filesize
166KB

MD5
4cc546b6eb0f0a80126bffaf36a6562f

SHA1
da4f32a7455c76e633fd07cea3a27637abff89fe

SHA256
c36752fd48ed355a77599094babbf51b4e3568170a05ad63c45f99c968e3f05b

SHA512
b8502b92eef664c7efddf1b061ebcb4298db7c3f9e9b987acba51c5894abff91a81b157f03ea131ea0b7900c5468a05b35046f62da99f11de2d1ba77d5b12b80

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Local State

Filesize
1KB

MD5
7d725fab887157505878a4079641f7ee

SHA1
92cdd2490574450f3412100a9bf5b3b987273de3

SHA256
85df7da5cce396ea4df59dae2103ec85d7014943f5184ef88be50e74fb1a98eb

SHA512
bb84672d8869139618ef77715d4acdce3e49d7a15792d549979d306d9749b28090e71f9a51158cb08aa5e615e6af00c3d40f07819506849d75cb378beff44697

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Local State

Filesize
2KB

MD5
39073ddb68c30a25c8693c562656cd42

SHA1
5ef21232d771c3069b3cb5ab139828eb82abe90a

SHA256
bac4c9ad3e829b315fe59080f3536fb68763268e139f1b97bb6953d485db5661

SHA512
9f0e816370574e0d50f61b9f7b383c11c1691823a6ce134ed550f628bb4f278d14018798a2f5d8b2940fc063b387692f721ca087d9edb8387ad26f11465386e0

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Local State

Filesize
2KB

MD5
a2433e5e9d563609a4cf4ddada97db36

SHA1
0dacddd4cb6a3c52ef7cc998de4dc6ae1d9bb793

SHA256
adbd180831b55c8617a9c7ba1b03fbfdfc4db96b59caeff06429b62503dce7b3

SHA512
90b5a08d453a94f9f4707bc0257fec1677646e3cf2c9538828750d861bc5c04856676a6cb87a1d69d3942eec690123c6bdb21f4ce4f95d3c172b93a35bf26c34

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Local State~RFe5ba891.TMP

Filesize
1KB

MD5
c945a06487030113407eefea67ce7d33

SHA1
f714b06f5c628d6127756dd721539b03c666ba0e

SHA256
79581c0734b2fcac9cb411e646aaaf4a1550d0e6a956bc6deec00fbd00afc8ec

SHA512
78f40462c7ee9a1bda3ec1ec84434948b4077a8b6cf94d4effe2e3921e8a616cbed720dc3fe2ef7cafeee689ab0f662359b284716c47c180ed45bbac317f8eea

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ActiveFeatures.zip.tmp

Filesize
17KB

MD5
cc1ee4ebdacd2e4dce86ab2e7607ad22

SHA1
dc3e843d1af3bc32973dd50d3038b6a9ae880529

SHA256
1a6694b6dc85463013b308acdafaffac82c0971166efdb551121441ea4f20e42

SHA512
74693d1450a0b6ea7ad6534f7b7337bbcbb12dc0b547ca65e7be9768025ee6c14b40b5a61d140a6864d8ec63e60b1f8dc13f7b25fd798bfa0e2079f226c5ecdf

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ServicePartnerInfo.txt

Filesize
183B

MD5
a3248913b4a3d8a8d74f065c1c266bf3

SHA1
956d24c7285992a155af2cfd5498c852843e306a

SHA256
a59edcd34ef4b3e9594657516182e9c34ebea4dabf38ce6ef06abb857838dfc6

SHA512
b5ad1b6d4b7ec4c634c0e688b4e7d2053d07f0ecb7b10091b60221187ac9535d00bbd76d5a41a659f5070fedeb1f5d6c74db3081fd88181a6a06d549832edf6d

Download Submit
C:\Users\Admin\AppData\Roaming\Velocity\SuperLaunch\Application\QuickLaunchInstaller.exe.config

Filesize
2KB

MD5
de7a850f4d4b59dd391e97f6c7a98f3f

SHA1
40fc2b57b1a3621cf39c054fd58e46aa4593935b

SHA256
3ca8fab06600440655a997caa4789471b36643ee549fb2c36e0848859abd68b2

SHA512
98d426027cdf1f94d9fa8c20bbf206d01c843b8bb400404dd82e358e9bdb7d709f7ce2a334452ef89fc2a626f010c70ae7c08b0721b2d608f0ff12ba16908004

Download Submit
C:\Users\Admin\AppData\Roaming\Velocity\SuperLaunch\Application\desktop.exe

Filesize
5.2MB

MD5
a186113f682c3f9b9b82eb1f82f3a012

SHA1
5daa388561b9546627b3af32e85459e4c8eb11cb

SHA256
c189f78a9461af83f9b7a482c317a8c32a2ad2f0c85c918820105a57277cebb7

SHA512
5f4cf894a6d337f7f186db4b1d1472e5d5ce0a7b716b473f7f6cc1838bbe424cf199d680a239c062829aaf1421dd3c25e04340fc0738095a25dc1fd9fe70214f

Download Submit
C:\Users\Admin\AppData\Roaming\Velocity\SuperLaunch\Options\CustomSearch.txt

Filesize
28B

MD5
9bf3138a2788970d5b76de278e309ecf

SHA1
6dbd00c9be4b010b52fc8764ea146cde9c4bded7

SHA256
88e4aceb6e5645e4b6a24514b0fc8bc38280a376734a711facaa4f4270835642

SHA512
0f318557944c22c5aa25b0bec7977f9cf9670e964b4055d2e85ef41786941fbf64ab23088e839bb6add63bea97094ce53b64698e8a018d2196a455c3dd0d5841

Download Submit
C:\Users\Admin\AppData\Roaming\Velocity\SuperLaunch\Options\MidConfiguration.txt

Filesize
4KB

MD5
e98e1a81ea01e7356d4330e6c48b3668

SHA1
84d5f090f3b71ed3e1fe3fcac3a21af9a4770fed

SHA256
58f4d1938191ca6dfb2db807bf355b2d3cfa124088cd49389d101700e9487201

SHA512
88709b2f4fb124737f14c4dcc28f174d981030e1e97b891ab84f48684e4a69fe881ba81460957f7e2d2088e4faa1e015c068583c6a1d6e3f6630854a448516da

Download Submit
C:\Users\Admin\AppData\Roaming\Velocity\SuperLaunch\Options\Partner.txt

Filesize
48B

MD5
f4d61eb639dc99bc6ee23848fdd7ab92

SHA1
fbaeb5bdcd0a03e33ffd06900691e590c84e2753

SHA256
253ee0b321d925a2d2233df8f2ce706f3326547e6ddc2bb7edcd73881012ad47

SHA512
2322284f86018716355bcd8b3203005f7856266f6e5d81c180675d52cb350b2c6bfac2b51b1b6a5f68cd3d047fd4b47b3d146159c4a5dcbd021a5577528e9c36

Download Submit
C:\Users\Admin\AppData\Roaming\Velocity\SuperLaunch\Options\Resources\icons\AMOOB.png

Filesize
12KB

MD5
2a6daea0e5b192bc9fc76fb8dcb6b4c7

SHA1
fc64591e8bddf8fe358fcffe539ccfeabe48b9d7

SHA256
419383925638c68962fb8c85b7a900926c87f7991b496dd5638b2174ad4d3da3

SHA512
6f54de22cefaf21477d051a9ec6c75de4b9cbff43c06ea8ce52afe17fc5db4483d9490a7225202a59d559bcf4b37dda5fa3089d7c891880662dd1add6f3dbe66

Download Submit
C:\Users\Admin\AppData\Roaming\Velocity\SuperLaunch\Options\Resources\icons\SOLOB.png

Filesize
6KB

MD5
27208e3852b6912d29f1db9a5bcf4840

SHA1
472dba969739b1e5dfef9d2d017774d8e77eddc7

SHA256
2fedd8048a6660f167218cd01a9e96853a94dc71f694f07069bccdb96569d407

SHA512
78c3dc286fc9203e73e6db4e5f18ff571b3fe72e1e05e04796c0f9a719310aa607b4aed106b818b3efccadb7a41364616aeb496758286f904de865c1f5d3a2bd

Download Submit
C:\Users\Admin\Downloads\robux-1-0.apk

Filesize
8.3MB

MD5
eed7abe7b61efd420afd69f696247a46

SHA1
7e5a02fda4a9625af829dcb62216970f608c3556

SHA256
98beb9b1156ce4e49b2feeb3ef9438b56ccb914d75a68c3792d557787058429e

SHA512
0d479b566b145e132b6bbe8bedd6e480c807d0aa33ece06ac8703ecb6a7b482d4d7efb8d5cbdba02fdd51e3062df82f443d498d37a578ed729395e2f0f99cc6d

Download Submit
C:\Users\Admin\Downloads\robux-1-0.apk.crdownload

Filesize
8.3MB

MD5
eed7abe7b61efd420afd69f696247a46

SHA1
7e5a02fda4a9625af829dcb62216970f608c3556

SHA256
98beb9b1156ce4e49b2feeb3ef9438b56ccb914d75a68c3792d557787058429e

SHA512
0d479b566b145e132b6bbe8bedd6e480c807d0aa33ece06ac8703ecb6a7b482d4d7efb8d5cbdba02fdd51e3062df82f443d498d37a578ed729395e2f0f99cc6d

Download Submit
memory/560-142-0x00007FFD08C10000-0x00007FFD08C11000-memory.dmp

Filesize
4KB

Download
memory/2104-2951-0x0000000002FD0000-0x0000000002FE0000-memory.dmp

Filesize
64KB

Download
memory/2104-2696-0x0000000002FD0000-0x0000000002FE0000-memory.dmp

Filesize
64KB

Download
memory/2720-1579-0x0000022381310000-0x0000022381311000-memory.dmp

Filesize
4KB

Download
memory/2720-1601-0x0000022381310000-0x0000022381311000-memory.dmp

Filesize
4KB

Download
memory/2720-1602-0x0000022381310000-0x0000022381311000-memory.dmp

Filesize
4KB

Download
memory/2720-1585-0x0000022381310000-0x0000022381311000-memory.dmp

Filesize
4KB

Download
memory/2720-1607-0x0000022381310000-0x0000022381311000-memory.dmp

Filesize
4KB

Download
memory/2720-1600-0x0000022381310000-0x0000022381311000-memory.dmp

Filesize
4KB

Download
memory/2720-1586-0x0000022381310000-0x0000022381311000-memory.dmp

Filesize
4KB

Download
memory/2720-1577-0x0000022381310000-0x0000022381311000-memory.dmp

Filesize
4KB

Download
memory/2720-1574-0x0000022381310000-0x0000022381311000-memory.dmp

Filesize
4KB

Download
memory/2720-1604-0x0000022381310000-0x0000022381311000-memory.dmp

Filesize
4KB

Download
memory/3372-2520-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3372-2633-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3512-2176-0x00000000007B0000-0x00000000007C0000-memory.dmp

Filesize
64KB

Download
memory/3584-2309-0x00000000010A0000-0x00000000010B0000-memory.dmp

Filesize
64KB

Download
memory/3584-2197-0x000000001A810000-0x000000001ABE4000-memory.dmp

Filesize
3.8MB

Download
memory/3584-2196-0x0000000001210000-0x0000000001230000-memory.dmp

Filesize
128KB

Download
memory/3584-2195-0x0000000000980000-0x000000000098C000-memory.dmp

Filesize
48KB

Download
memory/3584-2198-0x000000001AEF0000-0x000000001B026000-memory.dmp

Filesize
1.2MB

Download
memory/3584-2194-0x00000000010A0000-0x00000000010B0000-memory.dmp

Filesize
64KB

Download
memory/4976-179-0x00007FFD0A1A0000-0x00007FFD0A1A1000-memory.dmp

Filesize
4KB

Download
memory/4976-178-0x00007FFD08C20000-0x00007FFD08C21000-memory.dmp

Filesize
4KB

Download
memory/5544-2243-0x0000000003440000-0x0000000003450000-memory.dmp

Filesize
64KB

Download
memory/5816-2317-0x00000000027E0000-0x00000000027F0000-memory.dmp

Filesize
64KB

Download
memory/5816-2199-0x00000000027E0000-0x00000000027F0000-memory.dmp

Filesize
64KB

Download
memory/5816-2193-0x00000000027E0000-0x00000000027F0000-memory.dmp

Filesize
64KB

Download
memory/5816-2244-0x00000000027E0000-0x00000000027F0000-memory.dmp

Filesize
64KB

Download
memory/5816-2141-0x00000000027E0000-0x00000000027F0000-memory.dmp

Filesize
64KB

Download
memory/5816-2298-0x00000000027E0000-0x00000000027F0000-memory.dmp

Filesize
64KB

Download
memory/5816-2308-0x00000000027E0000-0x00000000027F0000-memory.dmp

Filesize
64KB

Download
memory/5816-2315-0x00000000027E0000-0x00000000027F0000-memory.dmp

Filesize
64KB

Download