hxxps://google[.]com

max time kernel
354s
max time network
367s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
12/03/2023, 12:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com

Score

8^/10

discovery persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 22 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	QuickLaunchInstaller.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	quicklaunchbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	quicklaunchbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	quicklaunchbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	quicklaunchbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	quicklaunchbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	quicklaunchbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	quicklaunchbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	quicklaunchbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	quicklaunchbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	quicklaunchbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	QuickLaunchInstaller.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	quicklaunchbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	quicklaunchbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	quicklaunchbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	quicklaunchbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	quicklaunchbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	quicklaunchbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	quicklaunchbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	quicklaunchbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	quicklaunchbrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	quicklaunchbrowser.exe

Executes dropped EXE 64 IoCs

pid	Process
4400	QuickLaunch_Minecraft_Setup.exe
1044	QuickLaunchInstaller.exe
376	QuickLaunch_Minecraft_Setup.exe
2520	QuickLaunchInstaller.exe
1332	QuickLaunchInstaller.exe
568	QuickLaunchInstaller.exe
2984	QuickLaunch_Minecraft_Setup.exe
888	QuickLaunchInstaller.exe
1332	QuickLaunch_Minecraft_Setup.exe
3972	QuickLaunchInstaller.exe
2728	adawareinstaller.exe
3124	setup.exe
852	setup.exe
1436	quicklaunchbrowser.exe
1980	quicklaunchbrowser.exe
3028	quicklaunchbrowser.exe
2040	quicklaunchbrowser.exe
1176	quicklaunchbrowser.exe
5092	quicklaunchbrowser.exe
2932	quicklaunchbrowser.exe
5380	quicklaunchbrowser.exe
5432	quicklaunchbrowser.exe
5924	quicklaunchbrowser.exe
5952	quicklaunchbrowser.exe
5304	quicklaunchbrowser.exe
5336	quicklaunchbrowser.exe
5188	quicklaunchbrowser.exe
5704	quicklaunchbrowser.exe
5864	quicklaunchbrowser.exe
5876	quicklaunchbrowser.exe
5432	quicklaunchbrowser.exe
5856	quicklaunchbrowser.exe
6484	quicklaunchbrowser.exe
6704	desktop.exe
4640	quicklaunchbrowser.exe
5652	quicklaunchbrowser.exe
6936	quicklaunchbrowser.exe
6828	quicklaunchbrowser.exe
7040	quicklaunchbrowser.exe
4332	quicklaunchbrowser.exe
3040	quicklaunchbrowser.exe
5772	tray.exe
5240	desktop.exe
6628	quicklaunchbrowser.exe
3120	quicklaunchbrowser.exe
6060	quicklaunchbrowser.exe
6156	quicklaunchbrowser.exe
7052	quicklaunchbrowser.exe
6948	quicklaunchbrowser.exe
5312	quicklaunchbrowser.exe
6212	quicklaunchbrowser.exe
2376	quicklaunchbrowser.exe
5788	quicklaunchbrowser.exe
6204	quicklaunchbrowser.exe
3276	quicklaunchbrowser.exe
3388	quicklaunchbrowser.exe
3240	quicklaunchbrowser.exe
6376	quicklaunchbrowser.exe
5028	quicklaunchbrowser.exe
488	quicklaunchbrowser.exe
6132	quicklaunchbrowser.exe
1872	quicklaunchbrowser.exe
6088	quicklaunchbrowser.exe
6692	quicklaunchbrowser.exe

Loads dropped DLL 64 IoCs

pid	Process
1436	quicklaunchbrowser.exe
1980	quicklaunchbrowser.exe
3028	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1176	quicklaunchbrowser.exe
2040	quicklaunchbrowser.exe
2040	quicklaunchbrowser.exe
2040	quicklaunchbrowser.exe
2040	quicklaunchbrowser.exe
2040	quicklaunchbrowser.exe
1176	quicklaunchbrowser.exe
5092	quicklaunchbrowser.exe
5092	quicklaunchbrowser.exe
2932	quicklaunchbrowser.exe
2932	quicklaunchbrowser.exe
2040	quicklaunchbrowser.exe
2040	quicklaunchbrowser.exe
5380	quicklaunchbrowser.exe
5432	quicklaunchbrowser.exe
5380	quicklaunchbrowser.exe
5432	quicklaunchbrowser.exe
5924	quicklaunchbrowser.exe
5924	quicklaunchbrowser.exe
5952	quicklaunchbrowser.exe
5952	quicklaunchbrowser.exe
5304	quicklaunchbrowser.exe
5304	quicklaunchbrowser.exe
5336	quicklaunchbrowser.exe
5336	quicklaunchbrowser.exe
5188	quicklaunchbrowser.exe
5188	quicklaunchbrowser.exe
5704	quicklaunchbrowser.exe
5704	quicklaunchbrowser.exe
5864	quicklaunchbrowser.exe
5864	quicklaunchbrowser.exe
5876	quicklaunchbrowser.exe
5876	quicklaunchbrowser.exe
5432	quicklaunchbrowser.exe
5432	quicklaunchbrowser.exe
5856	quicklaunchbrowser.exe
5856	quicklaunchbrowser.exe
6484	quicklaunchbrowser.exe
6484	quicklaunchbrowser.exe
6704	desktop.exe
6704	desktop.exe
6704	desktop.exe
6704	desktop.exe
6704	desktop.exe
6704	desktop.exe
6704	desktop.exe
6704	desktop.exe
4640	quicklaunchbrowser.exe
4640	quicklaunchbrowser.exe
5652	quicklaunchbrowser.exe
5652	quicklaunchbrowser.exe
6936	quicklaunchbrowser.exe
6936	quicklaunchbrowser.exe
6828	quicklaunchbrowser.exe
6828	quicklaunchbrowser.exe
7040	quicklaunchbrowser.exe
7040	quicklaunchbrowser.exe
4332	quicklaunchbrowser.exe
4332	quicklaunchbrowser.exe
3040	quicklaunchbrowser.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Quick Launch\\QuickLaunch Browser\\Application\\100.0.4896.75\\notification_helper.exe\""	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Quick Launch\\QuickLaunch Browser\\Application\\100.0.4896.75\\notification_helper.exe"	setup.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	tray.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Quick Launch Tray = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Quick Launch\\Application\\tray.exe"	tray.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Windows\CurrentVersion\Run	quicklaunchbrowser.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	QuickLaunchInstaller.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	QuickLaunchInstaller.exe

Drops file in Windows directory 7 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\config\enterprisesec.config.cch.new	QuickLaunchInstaller.exe
File opened for modification	C:\Windows\assembly	QuickLaunchInstaller.exe
File created	C:\Windows\assembly\Desktop.ini	QuickLaunchInstaller.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	QuickLaunchInstaller.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\config\security.config.cch.new	QuickLaunchInstaller.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\config\enterprisesec.config.cch.new	QuickLaunchInstaller.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\config\security.config.cch.new	QuickLaunchInstaller.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	quicklaunchbrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	quicklaunchbrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	quicklaunchbrowser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	quicklaunchbrowser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	quicklaunchbrowser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	quicklaunchbrowser.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133231001144412727"	chrome.exe

Modifies registry class 46 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.pdf\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.pdf\OpenWithProgids\quicklaunchbrowserHTM.ENR4PXBWYW4S5N72U	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.svg\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.svg\OpenWithProgids\quicklaunchbrowserHTM.ENR4PXBWYW4S5N72U	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.xht\OpenWithProgids\quicklaunchbrowserHTM.ENR4PXBWYW4S5N72U	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\quicklaunchbrowserHTM.ENR4PXBWYW4S5N72U	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\quicklaunchbrowserHTM.ENR4PXBWYW4S5N72U\ = "quicklaunchbrowser HTML Document"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\quicklaunchbrowserHTM.ENR4PXBWYW4S5N72U\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.xhtml	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.webp	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\quicklaunchbrowserHTM.ENR4PXBWYW4S5N72U\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Quick Launch\\QuickLaunch Browser\\Application\\quicklaunchbrowser.exe,0"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\quicklaunchbrowserHTM.ENR4PXBWYW4S5N72U\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.webp\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.pdf	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.xhtml\OpenWithProgids\quicklaunchbrowserHTM.ENR4PXBWYW4S5N72U	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\quicklaunchbrowserHTM.ENR4PXBWYW4S5N72U\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\quicklaunchbrowserHTM.ENR4PXBWYW4S5N72U\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Quick Launch\\QuickLaunch Browser\\Application\\quicklaunchbrowser.exe\" --single-argument %1"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\quicklaunchbrowserHTM.ENR4PXBWYW4S5N72U\Application	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\quicklaunchbrowserHTM.ENR4PXBWYW4S5N72U\shell\open\command	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\quicklaunchbrowserHTM.ENR4PXBWYW4S5N72U\Application\AppUserModelId = "quicklaunchbrowser.ENR4PXBWYW4S5N72UTIMHLDFB4"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.shtml	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.shtml\OpenWithProgids\quicklaunchbrowserHTM.ENR4PXBWYW4S5N72U	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.xht\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Quick Launch\\QuickLaunch Browser\\Application\\100.0.4896.75\\notification_helper.exe\""	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Quick Launch\\QuickLaunch Browser\\Application\\100.0.4896.75\\notification_helper.exe"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.htm\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.webp\OpenWithProgids\quicklaunchbrowserHTM.ENR4PXBWYW4S5N72U	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\quicklaunchbrowserHTM.ENR4PXBWYW4S5N72U\AppUserModelId = "quicklaunchbrowser.ENR4PXBWYW4S5N72UTIMHLDFB4"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\quicklaunchbrowserHTM.ENR4PXBWYW4S5N72U\Application\ApplicationCompany = "The QuickLaunch Browser Authors"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.html	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.html\OpenWithProgids\quicklaunchbrowserHTM.ENR4PXBWYW4S5N72U	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.shtml\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.svg	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.xhtml\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\quicklaunchbrowserHTM.ENR4PXBWYW4S5N72U\Application\ApplicationName = "QuickLaunch Browser"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.htm	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.htm\OpenWithProgids\quicklaunchbrowserHTM.ENR4PXBWYW4S5N72U	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.html\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.xht	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\quicklaunchbrowserHTM.ENR4PXBWYW4S5N72U\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Quick Launch\\QuickLaunch Browser\\Application\\quicklaunchbrowser.exe,0"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\quicklaunchbrowserHTM.ENR4PXBWYW4S5N72U\Application\ApplicationDescription = "Accede a Internet."	setup.exe

Modifies system certificate store 2 TTPs 10 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4	QuickLaunchInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd942000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	QuickLaunchInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	QuickLaunchInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	QuickLaunchInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	QuickLaunchInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d4304000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	QuickLaunchInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	QuickLaunchInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	QuickLaunchInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	QuickLaunchInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d42000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	QuickLaunchInstaller.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1828	chrome.exe
1828	chrome.exe
1776	chrome.exe
1776	chrome.exe
1044	QuickLaunchInstaller.exe
1044	QuickLaunchInstaller.exe
1332	QuickLaunchInstaller.exe
1332	QuickLaunchInstaller.exe
1332	QuickLaunchInstaller.exe
1332	QuickLaunchInstaller.exe
568	QuickLaunchInstaller.exe
568	QuickLaunchInstaller.exe
888	QuickLaunchInstaller.exe
888	QuickLaunchInstaller.exe
888	QuickLaunchInstaller.exe
888	QuickLaunchInstaller.exe
3972	QuickLaunchInstaller.exe
3972	QuickLaunchInstaller.exe
3972	QuickLaunchInstaller.exe
3972	QuickLaunchInstaller.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
980	msedge.exe
980	msedge.exe
6884	msedge.exe
6884	msedge.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe
5772	tray.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
6704	desktop.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
672	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 49 IoCs

pid	Process
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
6884	msedge.exe
6884	msedge.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
6628	quicklaunchbrowser.exe
6628	quicklaunchbrowser.exe
6628	quicklaunchbrowser.exe
6628	quicklaunchbrowser.exe
6628	quicklaunchbrowser.exe
6628	quicklaunchbrowser.exe
6628	quicklaunchbrowser.exe
6628	quicklaunchbrowser.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
568	QuickLaunchInstaller.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
6704	desktop.exe
6704	desktop.exe
6704	desktop.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe
1436	quicklaunchbrowser.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
6704	desktop.exe
5772	tray.exe
6704	desktop.exe
6704	desktop.exe
6704	desktop.exe
6704	desktop.exe
6704	desktop.exe
6704	desktop.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1828 wrote to memory of 4256	1828	chrome.exe	86
PID 1828 wrote to memory of 4256	1828	chrome.exe	86
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 264	1828	chrome.exe	87
PID 1828 wrote to memory of 232	1828	chrome.exe	88
PID 1828 wrote to memory of 232	1828	chrome.exe	88
PID 1828 wrote to memory of 4740	1828	chrome.exe	89
PID 1828 wrote to memory of 4740	1828	chrome.exe	89
PID 1828 wrote to memory of 4740	1828	chrome.exe	89
PID 1828 wrote to memory of 4740	1828	chrome.exe	89
PID 1828 wrote to memory of 4740	1828	chrome.exe	89
PID 1828 wrote to memory of 4740	1828	chrome.exe	89
PID 1828 wrote to memory of 4740	1828	chrome.exe	89
PID 1828 wrote to memory of 4740	1828	chrome.exe	89
PID 1828 wrote to memory of 4740	1828	chrome.exe	89
PID 1828 wrote to memory of 4740	1828	chrome.exe	89
PID 1828 wrote to memory of 4740	1828	chrome.exe	89
PID 1828 wrote to memory of 4740	1828	chrome.exe	89
PID 1828 wrote to memory of 4740	1828	chrome.exe	89
PID 1828 wrote to memory of 4740	1828	chrome.exe	89
PID 1828 wrote to memory of 4740	1828	chrome.exe	89
PID 1828 wrote to memory of 4740	1828	chrome.exe	89
PID 1828 wrote to memory of 4740	1828	chrome.exe	89
PID 1828 wrote to memory of 4740	1828	chrome.exe	89
PID 1828 wrote to memory of 4740	1828	chrome.exe	89
PID 1828 wrote to memory of 4740	1828	chrome.exe	89
PID 1828 wrote to memory of 4740	1828	chrome.exe	89
PID 1828 wrote to memory of 4740	1828	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://google.com
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b0929758,0x7ff8b0929768,0x7ff8b0929778
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:2
  2⤵
  PID:264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:8
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:8
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3124 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4460 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:8
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3140 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:8
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3336 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:8
  2⤵
  PID:688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5032 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5208 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:1
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5056 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:1
  2⤵
  PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5244 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5068 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5320 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5052 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5268 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5132 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4764 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4748 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5744 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5852 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=2544 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5736 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5928 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=948 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4748 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5900 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5456 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5496 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5956 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:1
  2⤵
  PID:728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=2736 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5788 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=4700 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6384 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6316 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5552 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:8
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6516 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6600 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:8
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2500 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:8
  2⤵
  PID:4012
- C:\Users\Admin\Downloads\QuickLaunch_Minecraft_Setup.exe
  "C:\Users\Admin\Downloads\QuickLaunch_Minecraft_Setup.exe"
  2⤵
  - Executes dropped EXE
  PID:4400
- - C:\Users\Admin\AppData\Local\Temp\7zS031C8219\QuickLaunchInstaller.exe
    .\QuickLaunchInstaller.exe --install --prod --offer_id=67 --campaignid=12683973252 --aff_id=1001 --url_id=297 --source=GSN --partner=QL210301 --search=5 --homepage=5 --theme=games --type=Minecraft --brand=QuickLaunch --browsername=QuickLaunch Browser --campaignid=12683973252 --subcampaignid=default --wcoffer=true --wcpartner=WC210525 --thankyou="https://quicklaunchapp.com/unlimited-games/install-completed.php"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Drops desktop.ini file(s)
    - Drops file in Windows directory
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    PID:1044
  - - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
      "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\1xntpxza.cmdline"
      4⤵
      PID:3696
    - - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES266B.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC266A.tmp"
        5⤵
        
        PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\qltmp_514350048\QuickLaunchInstaller.exe
      "C:\Users\Admin\AppData\Local\Temp\qltmp_514350048\QuickLaunchInstaller.exe" --nanouniqueid=1678626677376 --noff --install --prod --offer_id=67 --campaignid=12683973252 --aff_id=1001 --url_id=297 --source=GSN --partner=QL210301 --search=5 --homepage=5 --theme=games --type=Minecraft --brand=QuickLaunch --browsername=QuickLaunch Browser --campaignid=12683973252 --subcampaignid=default --wcoffer=true --wcpartner=WC210525 --thankyou=https://quicklaunchapp.com/unlimited-games/install-completed.php --deltams=6232
      4⤵
      Executes dropped EXE
      PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\7zS8D97DF39\QuickLaunchInstaller.exe
        
        .\QuickLaunchInstaller.exe --nanouniqueid=1678626677376 --noff --install --prod --offer_id=67 --campaignid=12683973252 --aff_id=1001 --url_id=297 --source=GSN --partner=QL210301 --search=5 --homepage=5 --theme=games --type=Minecraft --brand=QuickLaunch --browsername=QuickLaunch Browser --campaignid=12683973252 --subcampaignid=default --wcoffer=true --wcpartner=WC210525 --thankyou=https://quicklaunchapp.com/unlimited-games/install-completed.php --deltams=6232
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of FindShellTrayWindow
        
        PID:568
      - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
        
        "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vie1_sij.cmdline"
        6⤵
        
        PID:1472
        
        C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA39A.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCA36A.tmp"
        7⤵
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\adawareinstaller.exe
        
        "C:\Users\Admin\AppData\Local\Temp\adawareinstaller.exe" --installerdata=C:\Users\Admin\AppData\Local\Temp\7zS8D97DF39\Resources\master_preferences.txt
        6⤵
        Executes dropped EXE
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\CR_0F48C.tmp\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\CR_0F48C.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\CR_0F48C.tmp\CHROME.PACKED.7Z" --installerdata=C:\Users\Admin\AppData\Local\Temp\7zS8D97DF39\Resources\master_preferences.txt
        7⤵
        Executes dropped EXE
        Registers COM server for autorun
        Modifies registry class
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\CR_0F48C.tmp\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\CR_0F48C.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Crashpad" --annotation=plat=Win64 "--annotation=prod=quicklaunch browser" --annotation=ver=100.0.4896.75 --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0x7ff6443aeb50,0x7ff6443aeb60,0x7ff6443aeb70
        8⤵
        Executes dropped EXE
        
        PID:852
      - C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\Application\desktop.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\Application\desktop.exe" --afterinstall --thankyou=https://quicklaunchapp.com/unlimited-games/install-completed.php --browser= --deltams=105302
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of SendNotifyMessage
        Suspicious use of SetWindowsHookEx
        
        PID:6704
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://quicklaunchapp.com/unlimited-games/install-completed.php
        7⤵
        Enumerates system info in registry
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        
        PID:6884
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf8,0x124,0x7ff8a90446f8,0x7ff8a9044708,0x7ff8a9044718
        8⤵
        
        PID:6912
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,11445137984897348978,18211806806193106380,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
        8⤵
        
        PID:5324
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,11445137984897348978,18211806806193106380,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
        8⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:980
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,11445137984897348978,18211806806193106380,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
        8⤵
        
        PID:5736
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11445137984897348978,18211806806193106380,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
        8⤵
        
        PID:6460
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11445137984897348978,18211806806193106380,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
        8⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\Application\tray.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\Application\tray.exe"
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:5772
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\Application\desktop.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\Application\desktop.exe"
        8⤵
        Executes dropped EXE
        
        PID:5240
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" chrome-search://local-ntp/local-ntp.html
        7⤵
        Checks computer location settings
        Executes dropped EXE
        Enumerates system info in registry
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        
        PID:6628
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Crashpad" --annotation=plat=Win64 "--annotation=prod=quicklaunch browser" --annotation=ver=100.0.4896.75 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8be2002c0,0x7ff8be2002d0,0x7ff8be2002e0
        8⤵
        Executes dropped EXE
        
        PID:3120
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1812,i,5606184750420733376,4888736899318846982,131072 /prefetch:2
        8⤵
        Executes dropped EXE
        
        PID:6060
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=es --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=1928 --field-trial-handle=1812,i,5606184750420733376,4888736899318846982,131072 /prefetch:8
        8⤵
        Executes dropped EXE
        
        PID:7052
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --start-stack-profiler --mojo-platform-channel-handle=1880 --field-trial-handle=1812,i,5606184750420733376,4888736899318846982,131072 /prefetch:8
        8⤵
        Executes dropped EXE
        
        PID:6156
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=renderer --display-capture-permissions-policy-allowed --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2744 --field-trial-handle=1812,i,5606184750420733376,4888736899318846982,131072 /prefetch:1
        8⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:6948
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=renderer --display-capture-permissions-policy-allowed --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2764 --field-trial-handle=1812,i,5606184750420733376,4888736899318846982,131072 /prefetch:1
        8⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:5312
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --mojo-platform-channel-handle=4392 --field-trial-handle=1812,i,5606184750420733376,4888736899318846982,131072 /prefetch:8
        8⤵
        Executes dropped EXE
        
        PID:6212
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --mojo-platform-channel-handle=4416 --field-trial-handle=1812,i,5606184750420733376,4888736899318846982,131072 /prefetch:8
        8⤵
        Executes dropped EXE
        
        PID:2376
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=renderer --display-capture-permissions-policy-allowed --start-stack-profiler --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4420 --field-trial-handle=1812,i,5606184750420733376,4888736899318846982,131072 /prefetch:1
        8⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:5788
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --mojo-platform-channel-handle=4416 --field-trial-handle=1812,i,5606184750420733376,4888736899318846982,131072 /prefetch:8
        8⤵
        Executes dropped EXE
        
        PID:6204
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1812,i,5606184750420733376,4888736899318846982,131072 /prefetch:8
        8⤵
        Executes dropped EXE
        
        PID:3276
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=renderer --display-capture-permissions-policy-allowed --start-stack-profiler --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5072 --field-trial-handle=1812,i,5606184750420733376,4888736899318846982,131072 /prefetch:1
        8⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:6376
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3596 --field-trial-handle=1812,i,5606184750420733376,4888736899318846982,131072 /prefetch:1
        8⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:5028
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=renderer --display-capture-permissions-policy-allowed --start-stack-profiler --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5368 --field-trial-handle=1812,i,5606184750420733376,4888736899318846982,131072 /prefetch:1
        8⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:488
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5012 --field-trial-handle=1812,i,5606184750420733376,4888736899318846982,131072 /prefetch:1
        8⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:6692
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=renderer --display-capture-permissions-policy-allowed --start-stack-profiler --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5468 --field-trial-handle=1812,i,5606184750420733376,4888736899318846982,131072 /prefetch:1
        8⤵
        Checks computer location settings
        
        PID:796
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" https://www.gamepix.com/play/minecraft
        7⤵
        Executes dropped EXE
        
        PID:3388
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Crashpad" --annotation=plat=Win64 "--annotation=prod=quicklaunch browser" --annotation=ver=100.0.4896.75 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8be2002c0,0x7ff8be2002d0,0x7ff8be2002e0
        8⤵
        Executes dropped EXE
        
        PID:3240
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" https://www.minecraft.net/en-us/get-minecraft
        7⤵
        Executes dropped EXE
        
        PID:6132
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Crashpad" --annotation=plat=Win64 "--annotation=prod=quicklaunch browser" --annotation=ver=100.0.4896.75 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8be2002c0,0x7ff8be2002d0,0x7ff8be2002e0
        8⤵
        Executes dropped EXE
        
        PID:1872
        
        C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
        
        "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Crashpad" --annotation=plat=Win64 "--annotation=prod=quicklaunch browser" --annotation=ver=100.0.4896.75 --initial-client-data=0x158,0x15c,0x160,0x104,0x164,0x7ff7ef62d048,0x7ff7ef62d058,0x7ff7ef62d068
        9⤵
        Executes dropped EXE
        
        PID:6088
- C:\Users\Admin\Downloads\QuickLaunch_Minecraft_Setup.exe
  "C:\Users\Admin\Downloads\QuickLaunch_Minecraft_Setup.exe"
  2⤵
  - Executes dropped EXE
  PID:376
- - C:\Users\Admin\AppData\Local\Temp\7zS8716C909\QuickLaunchInstaller.exe
    .\QuickLaunchInstaller.exe --install --prod --offer_id=67 --campaignid=12683973252 --aff_id=1001 --url_id=297 --source=GSN --partner=QL210301 --search=5 --homepage=5 --theme=games --type=Minecraft --brand=QuickLaunch --browsername=QuickLaunch Browser --campaignid=12683973252 --subcampaignid=default --wcoffer=true --wcpartner=WC210525 --thankyou="https://quicklaunchapp.com/unlimited-games/install-completed.php"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=6484 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 --field-trial-handle=1848,i,8646792544597352200,9021454807753995029,131072 /prefetch:8
  2⤵
  PID:4012

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3484

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
1⤵
PID:3592

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4140

C:\Users\Admin\Downloads\QuickLaunch_Minecraft_Setup.exe
"C:\Users\Admin\Downloads\QuickLaunch_Minecraft_Setup.exe"
1⤵
- Executes dropped EXE
PID:2984
- C:\Users\Admin\AppData\Local\Temp\7zS8AB5BE49\QuickLaunchInstaller.exe
  .\QuickLaunchInstaller.exe --install --prod --offer_id=67 --campaignid=12683973252 --aff_id=1001 --url_id=297 --source=GSN --partner=QL210301 --search=5 --homepage=5 --theme=games --type=Minecraft --brand=QuickLaunch --browsername=QuickLaunch Browser --campaignid=12683973252 --subcampaignid=default --wcoffer=true --wcpartner=WC210525 --thankyou="https://quicklaunchapp.com/unlimited-games/install-completed.php"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:888

C:\Users\Admin\Downloads\QuickLaunch_Minecraft_Setup.exe
"C:\Users\Admin\Downloads\QuickLaunch_Minecraft_Setup.exe"
1⤵
- Executes dropped EXE
PID:1332
- C:\Users\Admin\AppData\Local\Temp\7zS43542B49\QuickLaunchInstaller.exe
  .\QuickLaunchInstaller.exe --install --prod --offer_id=67 --campaignid=12683973252 --aff_id=1001 --url_id=297 --source=GSN --partner=QL210301 --search=5 --homepage=5 --theme=games --type=Minecraft --brand=QuickLaunch --browsername=QuickLaunch Browser --campaignid=12683973252 --subcampaignid=default --wcoffer=true --wcpartner=WC210525 --thankyou="https://quicklaunchapp.com/unlimited-games/install-completed.php"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3972

C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
"C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1436
- C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
  "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Crashpad" --annotation=plat=Win64 "--annotation=prod=quicklaunch browser" --annotation=ver=100.0.4896.75 --initial-client-data=0x118,0x11c,0x120,0x9c,0x124,0x7ff8be2002c0,0x7ff8be2002d0,0x7ff8be2002e0
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1980
- - C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
    "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Crashpad" --annotation=plat=Win64 "--annotation=prod=quicklaunch browser" --annotation=ver=100.0.4896.75 --initial-client-data=0x164,0x168,0x16c,0x13c,0x170,0x7ff7ef62d048,0x7ff7ef62d058,0x7ff7ef62d068
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3028
- C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
  "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1824,i,14756089391609461586,15109225741578251592,131072 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2040
- C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
  "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --start-stack-profiler --mojo-platform-channel-handle=1876 --field-trial-handle=1824,i,14756089391609461586,15109225741578251592,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1176
- C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
  "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=es --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=1724 --field-trial-handle=1824,i,14756089391609461586,15109225741578251592,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5092
- C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
  "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=renderer --display-capture-permissions-policy-allowed --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2672 --field-trial-handle=1824,i,14756089391609461586,15109225741578251592,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2932
- C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
  "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2680 --field-trial-handle=1824,i,14756089391609461586,15109225741578251592,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5380
- C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
  "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=es --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=3352 --field-trial-handle=1824,i,14756089391609461586,15109225741578251592,131072 /prefetch:8
  2⤵
  PID:5432
- C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
  "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=renderer --display-capture-permissions-policy-allowed --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3660 --field-trial-handle=1824,i,14756089391609461586,15109225741578251592,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5924
- C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
  "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --mojo-platform-channel-handle=4008 --field-trial-handle=1824,i,14756089391609461586,15109225741578251592,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5952
- C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
  "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --mojo-platform-channel-handle=4764 --field-trial-handle=1824,i,14756089391609461586,15109225741578251592,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5304
- C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
  "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --mojo-platform-channel-handle=4880 --field-trial-handle=1824,i,14756089391609461586,15109225741578251592,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5336
- C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
  "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=4120 --field-trial-handle=1824,i,14756089391609461586,15109225741578251592,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5188
- C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
  "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2848 --field-trial-handle=1824,i,14756089391609461586,15109225741578251592,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5704
- C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
  "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1824,i,14756089391609461586,15109225741578251592,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5864
- C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
  "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --mojo-platform-channel-handle=5024 --field-trial-handle=1824,i,14756089391609461586,15109225741578251592,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5876
- C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
  "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=4048 --field-trial-handle=1824,i,14756089391609461586,15109225741578251592,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5432
- C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
  "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --mojo-platform-channel-handle=5264 --field-trial-handle=1824,i,14756089391609461586,15109225741578251592,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5856
- C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
  "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5028 --field-trial-handle=1824,i,14756089391609461586,15109225741578251592,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6484
- C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
  "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4056 --field-trial-handle=1824,i,14756089391609461586,15109225741578251592,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4640
- C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
  "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5036 --field-trial-handle=1824,i,14756089391609461586,15109225741578251592,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5652
- C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
  "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=renderer --display-capture-permissions-policy-allowed --start-stack-profiler --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4996 --field-trial-handle=1824,i,14756089391609461586,15109225741578251592,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6936
- C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
  "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=es --service-sandbox-type=audio --mojo-platform-channel-handle=3136 --field-trial-handle=1824,i,14756089391609461586,15109225741578251592,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6828
- C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
  "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2960 --field-trial-handle=1824,i,14756089391609461586,15109225741578251592,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:7040
- C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
  "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5504 --field-trial-handle=1824,i,14756089391609461586,15109225741578251592,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4332
- C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe
  "C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3148 --field-trial-handle=1824,i,14756089391609461586,15109225741578251592,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6072

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e4 0x4f0
1⤵
PID:5848

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A37B8BA80004D3266CB4D93B2052DC10_5F5F520ABA6509FB550A7DDEB645B50F

Filesize
1KB

MD5
267bd1b9f54f3b39326e31058255215f

SHA1
d3a13a5128cbf0b57e087812b9e56725e3e842b8

SHA256
cb8f7a09aa6e0c457d41b9d5902cc09eea4f940874b7538d604a07eccb6929b9

SHA512
23d6600890dcc9cbe569d1b81c15c1b73fc737221d1bd1f94ba74113e1c8444e087f2650c4ad4b6aa986a5d5aea2b685406ed66dd3170fc9161d4d72bd0abf6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A37B8BA80004D3266CB4D93B2052DC10_5F5F520ABA6509FB550A7DDEB645B50F

Filesize
520B

MD5
0f1490378b78e424fc5d9918db95af02

SHA1
c12563ebb8833c5348deefa5acc774bbab14dd00

SHA256
8cac6210c88bf9248744b650edd776c3288d850ece43dd7bd6f39ad97fa05727

SHA512
436ad1e4960009446549674c009b6a2bbd59337cffc765417381be94c8504a067079c0fdee4f5a557e93a08ae42e41670f6987a7288998df28ac80f14775dc30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
37KB

MD5
d90cb261f4a509d886611473296e188e

SHA1
23551f9039c8b855b496f017c8f75b32f6e56671

SHA256
ca6c7cdd1e68e9f251fbf58e0b0ad9e883b38979e264c3cf4125f603b21c8bb4

SHA512
1cca6c9490c8f7adca7441ffea3e7445309d0c52fbaf7252e4c3c73525e00233a8173536c031747a55343bb86e96618d9c96afc6e4f8d25b0106729cca5c8031

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
280KB

MD5
25bd41089923285e9604d1f419254177

SHA1
a9ec971c8a99324e3c4aeecf23dfd806aff53793

SHA256
55024ba2cf12b91554dbe8e2b0e3f23f56859716addf7e9289f82ff087470662

SHA512
6a0e0abf20d7038cf309b95e206394ef0c1e696ccc06402523df34a347a4d0e8e1c66ef4c1ca263b79a6bc8eb7866e72c4835b1ceaf4ac22fd3f582287fe03d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
63KB

MD5
8033fed1f312bbb913b8cf605b68a0b8

SHA1
bd19063c08b669a51b8a3b2c9601cdad9545d911

SHA256
9802c3206b624d67ebc8e6cc7ead579588fae49f9366453d5358c0903dd7589a

SHA512
629fbfce802cc13faceb5b1703142f072c6162137f32e02d514a4270589f6f74b23eb014790229c15dadbf4f7796da1ac8cc04eeea12eac203c3d10848e99984

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
67KB

MD5
3269130a723b49529814d997ef3468c4

SHA1
003e21aa361e918c92fc24020a402369a351d5e6

SHA256
a311724f47fb5774908a1b522934801985c075dc8f4f19065ec702c2f499a6f6

SHA512
c0276d8638520c883a42e9885a3d10530a2b5630fc5637baf0c5bfd2137e7099d33708254c6b7db46cc2296b3c22cc250621c3d854db171487340333562bd856

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
19KB

MD5
9339fcb7338db92ba06368595650e318

SHA1
3e4f06e9153b8d75ed4c03a0d3824c19cb28648f

SHA256
fdc77312345a6c930e43c1ad50ff330bbf724c92d9d83727de85948fff56e186

SHA512
567a3266af16afb116ff9206209697daed59f1ad891696922d7d63a3242013ac171616f094052d2c6a91983137ed638492ed9198031e6e8cb234ff5acf69c627

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
324KB

MD5
486a511328b5d4d20ddd0da0a4558471

SHA1
1c2de6f0c52843b35cc02d86847551ddf7c04678

SHA256
4665c7bb59e7bff0a6af808df4edaf1c3659e68921c48c258bf5e9acd051b464

SHA512
70139f26d4e0d0cdb9c5a7580490d25c23ab291b2c70a6250e53bd7411dd9fce444b977d21ee00f6d514ba78dc84e24f1582b186c71a464c60dd9cc07f4e2f3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
61KB

MD5
d715a1fbdc52b9bc57b9baa095752eec

SHA1
dab6c49f966379b2caf73feb5e2cfe6d272e7cf7

SHA256
0ef72909d991ad4c7c54b6c65c58363a444ce301eaeec0c10a9d5ac6829f00c3

SHA512
a74116f0972697c8b9e9f3755aa3971292894451113dbb8cbe217cea998cbd5cb78fcba1622469e3ffb5838a9d10fce55f7b75568ff4c59f1af9c4c4fc98c0e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
51KB

MD5
17c34b6704e677f6397913d0083f7ec9

SHA1
8bcff109248015c91e0d24aa9504f6be2e8aad4c

SHA256
787c465de39564767de8b1fc1c304376d80fe5b5efe2ee49244c2d648d1f65d2

SHA512
2a337c0c6c8ed028c4b06686dca6586734175d2105b148929f935b12555539cff216ca57a6fba7dde04fcb3b84505e2404ade1b1d89d407f728ca9b37aeed7f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
107KB

MD5
12daede73dbe5160df585b647d8becbf

SHA1
a9e0cfbd153cee8d9a0690871ad9cbaadc3367a0

SHA256
3dbce01674c2185b1a63bac0a9d0bb20fe68ecaf864fe19a76bb4c130c59f1ea

SHA512
109a7e9b427492f379e379f2cfa45fccf61afa879a02d481ad8f6cf374eefba1abce5009f6710a138938a85135d8afbbfd94905bce3ec78551f2ed409d1abb1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
607KB

MD5
5740803e82c43fb79a5ab81b161d9964

SHA1
88e9aa05f0b8e16c905b1c54b416f9cffafa52af

SHA256
47adcbbde66cecfee3bc88b5ec25cd1cb45a3b35ef84a6b86a5824783234ddde

SHA512
beb27f100689fbd59edd4f5cbda14fc8b2b2e281336a67872f4b6e8232b747298aace580000bf9f45a8e0b0909ae28c290f7abfb69b521b6235c45bf2663bf41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
35KB

MD5
e61990a1765f288ccedeff877782381d

SHA1
570e65523583a567e681fbb190067a1a6eecb52e

SHA256
eaf48a6a29227118d7b80c4e806602c8c9488f691242fea96af0bc0ab956e3cc

SHA512
cb3a006884408f16361a6816e90f54a7704c129633ef8657885ddfe9869903abdb95b2da640b41a313fbaa9a138811adc2dee1e9ef6c95db897c52641b216627

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055

Filesize
91KB

MD5
46fa80a188bd81bcf96eada93f4e23cb

SHA1
7ac37e9d9560ee079d114554f94556099d204591

SHA256
e752b77745fbcdd080d2eda649d1a83b9d0536f095b33fb6396ecf7926f197b2

SHA512
d8d1ef43105d76b426d32b4d63e1969d195adb77b8c17fd4a70c473d0ec149bef5060fc3f1a8fb96b03e3b57ca03b4baf9d3aa9a9241e6731c2a856daa36512d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
81debb61677625140d4e75be73cfb736

SHA1
caee30e967076943eccdbc6b9c7ada3da12dae62

SHA256
d4f4a2485f91201a2a562748728a93a91785f31fec0cc62ebad99b56ebacba55

SHA512
36f85f2777eb2978bed3fecf08fca94c55dc826eaeb17559008861648f506af1ed28cff05e9a463d84e55ab753afbaf37ecd666370b3756ac7a175a58412980c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
aaf7f6cb75dd50a0bdc02bf019c86223

SHA1
f578f3bc817eb291b9358b4da44bf290f27386ed

SHA256
1d793932ea9fed0c5514d0abe66cb727fdb838e8eab19be321b574932dd31200

SHA512
39ed2f2c5bee1607ea97056c0e8429513377ee79ad40b062655fa825bd46875e2e2542849a5c9bf3c44fe05efa17f9ff5d83b22251beffa89bd798c29cb6fabc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
96b7ce1da885db59cf61597d32050286

SHA1
4f1326239b41790c4b8ecd44266a8c30e4f20bc2

SHA256
b6f9bd62e9f47191b1f850ee5ad69caddd1a2114ead71e56b580b4c4273cd02e

SHA512
a40078f1611f57426198566b215f5a6223eb8b9cdbd8769b5e3821de92420d8ad1cd98c1cb99c9596054f0c6d8700c529611e47f5be88625766736a9d294902e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.crazygames.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log

Filesize
52KB

MD5
841fad375315ffb5b10a604448cdf2e2

SHA1
18c36ee0531b1f202bc39a191f5bf37f5afc0daa

SHA256
7253521418d8692c84b5a8c871d327ae58372b5d4a03401b5ec8629bca7a7de6

SHA512
63bf3d2f96f526cc0c1e4ed8a9eaf90bd09d811e084e659d892eaf9c414697989af7dd83e47a75c5a6f7021d182aa7f945ea9b082f269e9cfdb9d1fd40266e36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

Filesize
392B

MD5
477548ce257437a9bf5e923b7eb94720

SHA1
9ae0fcb48b01fa9c274550d8ce993bb4e249c98a

SHA256
6fdfbb444fceda33374e7aff5c073aa5262a2811be132016aaee3a917f5f39b6

SHA512
2f7cc34056b4b1058688ec738670c0bcc9b374b69f211658316f1f81f8670a358d3a1ae89b72056d032b573e3ec251b642183b9b5298f1fba05012de3a1f899c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

Filesize
389B

MD5
5faab8297b87a25c8d4850706e89ca08

SHA1
3937db5e60b59a011c5c50fd323ca6280661abbf

SHA256
e17ba3200b3a46638045d630c15e64becf6d08f7dcee5ef4c959012c9b7d5c55

SHA512
e0185fc2cc630f194a3f75a9d61729d7dc332876a5223a559683aed01a6372e0df7a785bc92069dd81e2558656969d3c24a7dcc062f21fd58c6d705735f32060

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

Filesize
389B

MD5
a1b46d01d77ed9234885e90923381045

SHA1
e8b09249ad145509bf137ef6b83ce758e7e8af55

SHA256
97c5ab5013e10d006490e2dd2b6ad4179356a1abf60f3a62c30eef7d92ce66ff

SHA512
09aa326a67ba098726b350349c77e470a02d23ca124c25c443cdcd57081320ee87e0ac4a8683e9161341aaeedfec7bf0821cf2a7f997c8f8e024c4ff58c0af89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe56fbe9.TMP

Filesize
351B

MD5
8063f2d00ba5f951be6e3bc665bff0b0

SHA1
dc7b89107e2e5c003cb4b5aac8fd97a5b77cbc57

SHA256
64ff13a4831845b4c8d80c9033df6146c5928351d035c2af6e7f6e6e6b30e149

SHA512
51e2608bb32281fc2fcb8b8935a879371795692f1a62d6f2dd7f3ef9bdf94caa5294bc2c3bffa88c5c3ef64f615f96edf83f7a52fbe46b64da24532420ec36c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
a83ea17d8aa2e04f95d2029f6090b4fc

SHA1
dfd3e80d554ebe374afb6ebeb4d653e9e3bfeda9

SHA256
55415d6d7af85bcdc78dcb354db6d4b8423a7a61cf2b95c4f74ea204c31ef916

SHA512
fad5449cc896a177694ac3821b87ba6ba444c9d06708b55fe0724b548ba716f1782f5300b46b2e9f601f051ab28832a9d17bf3729eb4185d6a015ef16a584464

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
24872541024317433906545639372841

SHA1
a7afa551bbd2e825c30c98e7ddd04bf0c8bbfdcb

SHA256
a6c0b85ec4ba484c19e9752d22c964c29e96b2190a73235e8e242770d0bf62a3

SHA512
1036b8455f043e7a6cbaee7db9d394af8d6a1c1975fab94fa1be7386ae8f8e84f37b36596a2dd6ded36e61ce8c06940984725daa0cac8ced09bfffd9798889cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
f956df4347cfce11346be003ec3ea214

SHA1
94c6531d9911598a9675fd19bb071461373c9fea

SHA256
bc398eb2dfeab37bc58f6fb5e83fe20ded9c219b0cfc9b133ef4a34550dc4cd7

SHA512
f531ec4aa3399d4ddd7f4c99668273fb034422684d50c2f20a4895c13d211b5f1f3c09368ba5ad9f7aec98049d9abe8401589506315895154b03bd3b52c07343

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
b3415b1184e5deeb340908a27eb10a2f

SHA1
790cdf8d420ced4c5f1be92206158fbe8965a29c

SHA256
fd25d6a131d7e181ad7eb7015db09d07d04a41ed952e566490fc785a3913d636

SHA512
c9fd2f3ea7d8a4f0607cd2e1ea3f7407a54659f3caa4e95fd56044c6edcd40283b9129528c6fb8a9c92b1b56d14e45091aac08a27eae738b6dcb571ca6c7ab0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5323cdb522e9a8e63ae514f7c4e4f524

SHA1
fa2dd42483b4ce8ff49f548fe55d716ca670b8cf

SHA256
f3c9c2d3c7c1fc84448cca72dc300c506e62070ce2ed54042374c677673e081b

SHA512
7865ba574839a3a38081546720c94f23476fff2c0019d619e1450bb103a83c160fc34d249a3cd6cf5d99caa2beeabb5b36303b49f1dcdd598921bc9c0fe31490

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
535B

MD5
24f2af4df7d6d254539213b6da09c4c9

SHA1
f86aa72ea76519f04c6ee6466377f2bf31a33345

SHA256
2976932241e05b1b8184edc41b0fa10ffcd75cde310b8cb6307716d954d3982f

SHA512
c0cf84156e90e222207a30cbe5f095ea2238e70dd8a6b2ab852f3e40426f54f449281df10b6824123b4bdcacd4a5ea4952c7ca8bef537bfaeb2f6a5faab800de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dc7b9d24525b6476901bae5ab3df83f6

SHA1
a769f71225f7f3fb8fac97451d3c48b49b5dd3e2

SHA256
a820ed057dea10968d986131e867c756b78bf4813321982b29791288550edca9

SHA512
f96e9e2661953f2ce5b703bab33ee583066d3f6d93b22377e8b32e396f0c394d0d474c7b5d542a3573c2abefecdc2f6aa5b66da6a113d129f85653a81f7e9390

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
866B

MD5
a3f65959ff2b75c5eae8ce0dfb3b31df

SHA1
632e7c859b581d70efd87bdbe10f839a0a8d4a0c

SHA256
4385f1735997c704223fd664af3bdb68a798ba1a63aecfeca770331149b3ca6f

SHA512
ba0e1d1497ee2044cad5f207dfb26281084158277b23feb1108d9cbfe6f25a15648d5fad12e444dea9110a8ce5776bda4cce0c5fa7ab0f828b144953a8ed6db6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
114827050b0fb9e44f6ea41c4b854231

SHA1
86d7f4946600881604bb072cd3f34bc2dcab4b8d

SHA256
dcdad2d613765d66b8ef878bc9fed2132b1f6d6907f6dc461d36e229db1acf34

SHA512
52fcc0d7bb9dc5759ddf9e4197794ea6c6fd7f1c31fe928466fd6c9ed970ccafed867868903f5381ba8f316537aa429aa7083e317aa6502b6cdcd7c063885698

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e413ea43a391ad3fb0190b34d29ecaac

SHA1
2e3ccbe69124a3abeff5d6d2b39debc8b14614c0

SHA256
b50c95b7c7b102adc8e6133aa52eb97911c9af66ca6f72990ae9d2d7f6f61c8d

SHA512
48901397e65fbc1c0c829a8b031a5a440787c007bc0df0c7349d28fa98c24be37d76ec43140ed940e98b4d80416ebeee6d8c44eafc70a581738f6ead2be139e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
bc34d7f9846cde0312663fb6b9001aa1

SHA1
f5a6b1c2192a7bc379d00cabc7dc3cf0356d5dc9

SHA256
fe1a4c247dcf444322bed0a94067e51bef66cc019df8d07e50a6724c18f5c044

SHA512
d0c8b20c938ba332795e081a0d5845b8a520b9677edffa3e61109d044fe352627a1a892773d0fe1f972abf50be79e98a840d29b010e26e2c392cad1b7ef88977

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0b543e6a8ce5e499346548992b00e013

SHA1
27175b7bcac29a3ba50d6645ed0be203665d7dd7

SHA256
ef76b3624f31d363ab1e38de8a83933fe4cb81fadc2eb55c0b3d46dc3d0ee54b

SHA512
12f0d25231e0f326ccd23888e1c7b5ae0f34b83b8d32e476e560ff8db5b3cc096827d2c638107932e2446d83cc8bafe4ab3945d8b1a5b97ebd56351abd1ca48e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
adf183af7a6baa50c42c9b01c5b0f552

SHA1
f0970ef72c9e4b349eed3ca12d95eaf72cebaeca

SHA256
04986664940585366881d118ee0be04fdf2813afa4eb173b9fbef7f4efc9774c

SHA512
695aa96adda7bc886a69777327a2d2fc6e7578c6296d26990df825b0827c40bf060838e85a83108c8f348e5095c93a47383e64ca80df3796ba1298ca6e5507c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
07a31242804b1d82710c43490447ebca

SHA1
13673603f451522570a98d035c4f2fc562970885

SHA256
246543e1dec54c9d00273afbbbb8526bdbe836dce4aea3d155f4c792555c60dd

SHA512
4003c736e5c45cf65418c9787f898c35746437559a91fcfc2eb931f25becac51c314006b75a150826b45fbda89a29b58be12b626ee6208c31a5e5843626f66e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
43d71e0ff0a72f09d70646a45c213ef6

SHA1
b1ef98fd1e72b8651036e91e9606ada9e4968f71

SHA256
751b1037f208aa22a5ce80ac1ab59e5e6e22b7be7570be6c789913cb2ce0dbb8

SHA512
a1ceab625a82f60fc6b0240f6bfa670bcea9dbc786986d4b71538fc47ff51513368fbe257caec408e00a4907a6a0a480bf0f42d3f210c74893807a503b5fe5df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
301588889661e994509305ee02e166ee

SHA1
c529ecebb6ca1a7613530d275187214f8921c710

SHA256
007e6d09303d987d91d9ac694a2cab2dbf0110d01a4c656a6929d56ef1c494f4

SHA512
ec0c5b07f9f789aaeb37d8afe28cafe4593e7d339aeb370b997dfdbf5b1366c3c7cd8bdcbba4cbae148fbb934d930b94701ae49f5d22accd837d6acf6c2ecdcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
94041c2f0df8cc4affc3be3df05bf95f

SHA1
556d481e8f6769c106edf6be1d9834f661eb3ed9

SHA256
abe7811777ca1ef072d18248fb000481b283b0b2ad738cf4e3c1747a168eb74b

SHA512
6790f7d4ea5f084de04bce36ba189f8a1c7ba67d1a5fca5256274cdd0015886978b59bbef4d2331e09b3d37fc27b4b2341c672b72ed6bccbf751c49634d086c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
cc4ac81579cf59d7fd01c63e35ec7c21

SHA1
1da5e2b59ec937cc3a246314d4bc0ce79ce45333

SHA256
0427c5e10981196d6163298c29a1fcca05783bc393102742f9a3ce3cb281ed6f

SHA512
140c0afd2f0f0661f9fea8518e4f3fb9ad9dbc046f0156185b7241c2d222d663560cf497cbffb3f9ecc2798fd91266f567d04adbf54192cf55e5695acc4e34ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b1b9d63f5fd6ae2eecd1ea6e91fe1d23

SHA1
c44d723203cbeb34d45039eedcb7eca63a4c64e1

SHA256
6bc093e318d94187d34800e613831c6856028307043ba5735cad7a2e791ee99e

SHA512
3733fe79a4f4fd41cdeae97753474e91a23b8e7efdf2aa5f06f51782fde792462560dc8a573e372706e9feebe21ea4f040b7e5e3ec1938e33eb2c4c7df5a66c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5b49fdea1e34bfa54a51b8bf09897994

SHA1
b91bd4c9d7283f20347bed07196376be86c73a6b

SHA256
e6897186940f949180c0436ef0f572d694e2d8645cbec0956b4f90984fc0b8ee

SHA512
62d5d7467485493ff91c4e616be1002cc9f810b2fd1dee00d957b8b59afb0c8ea197e0ddc8c3d25d0687faeb9966e06e82dafd0a6f37ea02ad0e4d0c8745761d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4885135e51c6c9bb25167d3348e1829c

SHA1
da34e68150885f0789dfa49e4c56cf599b5ef510

SHA256
2dc8fb6da54b193c66e61dcc6c8a86e76fcc4137d294a8f4532924a35685f599

SHA512
fff5fab92a8596d6c2e5f745b9e6bf7537ae1e30e89e9d256b03fad2add53c40ce272391342cfbfa637298042eeccda47b84d8da5a57960cf9d5dcf20eecdddb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
181f830094cb436c3642def383a6cb5c

SHA1
029c36ca64a2e3fae53e94dc4b009af43385bcf9

SHA256
c5b2ea600a5cbae7abc80157ad229cbf752c47454515db38edccb9c26f2c718c

SHA512
3c1789a5d6cb36143fd7a052b861670c8babc80242ff458c0a7f2f2bcd876bd6f2ef384d426d71c177cc6556b362c1c40fc9520b22386b58197067850760883d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9580c27f-cb16-4dc6-81d7-b102d393d0e0\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
33ba444d363f05ec4f88c5306e1eb6c4

SHA1
9e751f3405d6735fd0d3b4acdc2acbc2e337a801

SHA256
f28586a750a0978d5505c7794657032059a4b7fc2acbca3f7129e18e499978b7

SHA512
20194127a93e0238c089acc31e7f94be79e47b9cd9822e37bce4d1f959aab85d902cda7bbe3beb8982cc3c0776d2900417c416fef6ab84f682724b713b7116b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
930f0f3f108f21e152129bc689b89417

SHA1
b2ce1729686f7cfae8bfcc0206d051afa3f55997

SHA256
c847123e71d11eb1fead17718cd388eb707d4d918f4632b38bdccf26c711ab37

SHA512
bb4da9d6c82734acc1b56f648908287fa4ac5c0dab0b3c13694538a7db7ff14d073c8d5a30698269d2984f17782854ccf8e024cbc67105fbff8e4bc247f88182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
9c2b1c598f657d4eb2f627456fdd82d4

SHA1
99eec0f6d7f0a054a3b68229da57fcdbc42a8950

SHA256
34a0403303892f64dbffd34914e53fc1b18fdc5470b44c538feb5f9383bf4674

SHA512
773c3f4fa6740a5056612b221d29c2a49a14913dfca66ee8ee70bbb8cbffd1450670bbf671e2a90bc760dbb8c2e44bba6f53aed048de7d9fabc339b876e1b9e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
06245f9ff9f693d4d62cead9f00a08e4

SHA1
45ff3cc696cbd013a28ce6c4ae3fffb5d444e820

SHA256
e764011877673b682256232afac6598c483dd3795f98c4c07c214b03a0d0db66

SHA512
2f0af6c081d03096d73470060fcafe165f0de61bfb7a30e65e67c482b540593e610be9d87581ba37b7081f6bad9a06e6d8bac9a9fc6bbe3e899d303e618168ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe56c6ee.TMP

Filesize
120B

MD5
0c0959a264f54edf00b735fbf5959ab0

SHA1
3fbf0088bf64433fb7d3853b13a79b6f8edbe593

SHA256
713bca79615587308c39c746217d5f74a74fb613a511a591ea29f8819f8ae203

SHA512
85d81f5f6301e66cda765e1bcd8d2947c4c9235481d3ba2ed4571bf4e0ac99e507c579226a1d69e70f3c9d8c201cccd70f1f956933b26fd1f3ed30fd8d291b3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
3501ee0d745a5d5d62fee53fde74074e

SHA1
77c79c68461db57201243f04a67dbc6e8b27183f

SHA256
11f37cdb84d7b609df3f6e20ee783f5e3faef304bebdf6375a1ed42c4864632e

SHA512
7a2c48ffa145c9e408eadecaa3eed9afb706a6313f76b79ff2c72e2bad93ba0df2ce55029fcc0edf57d62f3968b633439f833df0e7bcc49b70e1309faf5c9cc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
303b221dbb90890a0886c53eddfd1a8b

SHA1
e12cefbc099a09637e699e995b55b455808eb5bd

SHA256
05dfa10ad8b248a87acf9faff613309a7bff9935b05eaa485f02557ed4e533b1

SHA512
7086988ea528824d69db2c9da0ec8b743da1a0fdfb1337b53de5b8ca125a3108ff3dece5aecea8a771ca985552f29500475b98da99fe3f348769f3f7d58c93cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
516b298a2e6efe51af5281aa6bdeb17a

SHA1
3256c84c2dd393ca90cbc5c9473a57add0ce1ad8

SHA256
85bc749d26af18e0de9c4d97c05ebf5607690ce05aaa931d88cfd1e5ce670576

SHA512
b9eddd9162e1c2c8c65c9991b335cf7393c366abe0ea7fb505fe0f8e5b0eeebf9bacdd3ecc1f727cdb312b870ec090ed3cb628793efb8eb08b2e32806f9b85dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
41ae23cc6721bc1ecef7e9a7d3a0759d

SHA1
fadbff55bdcdd1874120b3da5cda48d1212ee4d6

SHA256
560a5f1ded8c5bdb01cd52075fa9fad93693a50a9a176dfa22ffa7711a9304f5

SHA512
00b84a32f76240c0d191c707903c4fa5e104cbbefc1282c9643f92d18ea05cff579003b6d72eaf93fe9b9950d42b0643928a204b4fc70ef3f7b6504eb01e94c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
8fb260b0a243ac46f7942e12013cae7f

SHA1
f75d8939f89afd05e4662abb29ff29dd8c72bac9

SHA256
59d4c5c95bcfc80c80204844061360f5034babbd009b551b8b5aca44860fe5dd

SHA512
5d0e3e8fbe7f580d86a6280ea458ce907fdd28fc98282ee4a70b5c54b573143a22a22dba17c803f133299b6207439515267051e4a2189b297af2cd1f92f11173

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
3ccc9c3955326be11ddee2470752f0bb

SHA1
f771c0bdd4d2f6016e1e25d166cc91fb3422a269

SHA256
987bb1af292ce2ad5fcc566cbce7d2e0905db71387a39e6408e8339cf180e3b9

SHA512
a0b9f71dee029b5dd1c0b05d18238118c122e3b296388d1fe6d20ed129ba47cd73ec987237574e48e52540343af832feb492cbdc32e51a194de3a19def78f940

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
c63c7361b9fabc05b79789231bc0860b

SHA1
052251ab33b3d31602ebc99550630b173cf57d7f

SHA256
f494cd5c66fe6c355852cbbef2e48e67c52e9357835c3df27d8802d0912c06e3

SHA512
0237e3eef978ede0cc0dfb34c2122e3f872e59c2e1460111d7f755088bb807021d955a1fdd5520d387894456995f0ec4d1a66fc46fa4cbe8040209402af816bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
18cd3f54d0fdb5c65562f7a90cd21348

SHA1
bee9a24f5461acd9623cdf09940920c0a26f5e7e

SHA256
00e8f388f60b7e5a40efd53913d8e72364b00cf9473d31096415298ff0247b19

SHA512
ce3b1ba49ec223e86678b10c24a4256cfe4d082056e5e17f77aa8029b7adc29898d1f5d5254833393d91334c20c2235546d7b17cc251ea8d569c9072abc50ea6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
118KB

MD5
4f7a2f46bd96af0fc4d024b42e7f2fbb

SHA1
59b68965a3f6c0061cd4c67947eeb8ea2afecf61

SHA256
5dd19a0b86a087a352e734460dc1d4b0b5b6832950bd77ab0b0e2aa55fc0a9f4

SHA512
01d92472ca051c8814cf43045e68789eabb02c491a9885f1fec8d1f7ea999c2f06e11bc6aa2e51e64f923f4495b6d288e4d04aa75877c85d3fe1c2837e0f48d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
118KB

MD5
56a82d4d3d23f1c118c97f5722a43319

SHA1
3110abdde090505ce9c48586f3e400c2a6d44b93

SHA256
0c9baee420aedb969ee94bd7ab31a5cfb1b441466d3f584f80866f4ff5fff044

SHA512
3b3a12bf5a09f54fdd9549d9d15970dbb5ef9fd23cb6c97dc4029090d0b3995097209e3af14509e56b8fe777d2c328c74b4ffd6c242d3eb36aa282f569a277c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe56fb9b.TMP

Filesize
98KB

MD5
8226092c1fa7112afeae5be3d52c833c

SHA1
e214f56cb3a76e4161d9f1e4403093522df0c3e4

SHA256
c5625c183ef2ae31fb45300f569a4497b7672adad3a49a9ddbb5b1a9bdb3d2dd

SHA512
a17582f2554cb307eeb9bcfef2a4a2e732be00906fff9d05e6b5e9484f2bcde44ebd631e7897c729555d73ff59b498c3d34a4aaca8db3da20d5671090ac456af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\QuickLaunchInstaller.exe.log

Filesize
1KB

MD5
22d9406aece23b485a6eb028799b4ad9

SHA1
f7b5adbf8e54816cefcdf93202e8766bd9e7f287

SHA256
f7f80d9cf8471c1eaf961587da26cc3838e8cecc6e1e4df55ab08e2fad444719

SHA512
6ac17741dd71f7e8fc4661fca5d9268a5b0202d1ef299c48413177580b5fe43c8df3afdc49df3b2924029307d2f0deac2898fa46342fa781eb990a6f86e75db9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aaeb1f5e097ab38083674077b84b8ed6

SHA1
7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

SHA256
1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

SHA512
130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1db53baf44edd6b1bc2b7576e2f01e12

SHA1
e35739fa87978775dcb3d8df5c8d2063631fa8df

SHA256
0d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48

SHA512
84f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\412fef3c-78a4-43ef-96ca-b580f0fcf578.tmp

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
64KB

MD5
0c351e7e6e2c4ae5ab88517e9ea14a68

SHA1
1da72fa999fd8a0c8e11b2de70a227ca8646b1ff

SHA256
1e01a09eb90d202c3f129dea69e7551d7fb3762e93716f796eafab01a0755841

SHA512
ac1e4b196300045628908b696927851fd34ccbc35b496769defbca334b70ca45f672c8c083802349d5e36b9d57a06b7045fc0a6159e239d15c706bf7146bc64c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
19KB

MD5
ca7fbbfd120e3e329633044190bbf134

SHA1
d17f81e03dd827554ddd207ea081fb46b3415445

SHA256
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

SHA512
ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
cdbb8e1ea5636eeee73ef6931e0f9d61

SHA1
9e16751b967ce9a0b7e5d116342738e03774ac25

SHA256
75ee163b63270d24315d231c180b728bc98e2b4e90671044510ee5a6a5146fe8

SHA512
ef087886ddd013ec90419635645e6121162060d294efc811d6f2a733bee936363f366cc7511e481417566a21de726b46090d2ac19bb9069d069d57784503faf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5b17bb.TMP

Filesize
48B

MD5
23fc875967eb701fd445302f67bdef83

SHA1
82bd1c93bc622382630dffb0ef01316d62e143bc

SHA256
6b94433dbae5b896e6d8b446f047e7259892344cf023ced893c61a109703181e

SHA512
e77832e0b747b6490ef8da9fdca94c21b336db3ce8a1e006f620a53392e234c19417a4b500a20cf6cd392b6278786db62e86244aafa425e8c0e115e68373d318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
56f1d50c2af26a155f47430ba99f48be

SHA1
fc70f301f022037153e22476ee8eb07d4eb8dc56

SHA256
b16c1a35ccdd4d8827060d90b41ce03d9bc0a52709c722903258e4a1d38accb7

SHA512
9ea18fee783a4b3f98afb1a54dfd956df758bbd003f3f0d0ff1f337c09a36fd2f30876d8fec021c2e024219b306fdd6246ee8d760ad07fef436e2c3bda616e5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
36b26ea20101c6eb7a1ecbc1fa8e0ec0

SHA1
1323e3829ed7621a5a04e666f5d5932d1d551ea1

SHA256
3de219c58939ce62cb1836eef0574b6fb1de285fb098710f9428cb6e9ddad5a6

SHA512
8148f70f19de8dd89d24e9b3d2053119e601066e837ba6e82f5e5b02807da7cf4cc75a83a6177557005a300f8fc43ee6b2dcf1474bf0fe093b029c47fc26a7c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
1c0739872aa327958df92502ed5253d3

SHA1
aa65a91346c22fbcc1000ea3a021d6ccd4e5a9f8

SHA256
eb233d0c471055151c5b264131dae703b70d91873889a60356eabf70ae0381a1

SHA512
d3681c4417beedb0eb6fce28ab7697d198e598192ff26c4e414d608d5551550b76e767aa79a69b203851720421564660c92eb96451b9beef1f4cee1487b13193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2c19dbd95d4d5558ff7f22d291898dbb

SHA1
2f04f6c3c35e71894f77868badfadd8ffedd96ce

SHA256
1bf961719f34579535023f0fd02b3ee55e9623eea8a6a974a4dd3f2f77be4f30

SHA512
cf93bde5c229851867c197acf8a674166bbd2c6e75b420ba98590075319705d6cfcf4c08055214f208537fc26c8c5bfa3b0c5db30b53a73435398c97bf230018

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
af3ab0629bb64683b93aca96c78cb9f2

SHA1
cc0a12dda188d6c4faef780c7ded3f90e7ae534b

SHA256
8691fa9069bd80747654adfcceafb94fbb5144fc54c68f343639e7e0ea62ff86

SHA512
fc48e7af1b262c8c067deb57531d5de6868336932cba45a9162bd369874d4f622e50505b42fdd747648e55ed3e493f0befc2f78b58094b25f3e5c1cca444439c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
47e94a96372e6f095b8a3fd7edc48ec0

SHA1
377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

SHA256
15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

SHA512
5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b0f7edc94a5a5fd0d4d23e78da1b02d1

SHA1
4c1c0156637c110387a584dc39386c7b228c001d

SHA256
8b90edc432a57fa69ca9c0e715761217db94aa20b95049d8a9c044e9c6917128

SHA512
6da8dc54a98ae1855a0d45218509e01f0f26cce86ace654e9ccaf672998c1f4769f25dad6489493ca59f8aa178ab32da788a301e73b261d4962a8bbe2ac44a49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b1818.TMP

Filesize
1KB

MD5
749e2fd10df970ca7a78a46a358b0110

SHA1
2d5ef2096f4fc6886f35bbe58bac3af2c2f45381

SHA256
089f3508f44c76ddd9f3a26d23c9f9d6d919d4f651d0c26e54a2fef8293e3b08

SHA512
fd184647fe8b19812faf32d45834cb7bd81465df0a91c8de10d7319f15a0f89da6fd17efee104344ac864b661b43db5121029581e374239dfb07f89c5f1f6de8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
06d6207ac348e6fbb1f8b631ede46c4f

SHA1
cb88da83f7c4ab0e9d94bd4b9d88136ee5d818f1

SHA256
794a4aaac0f546ac7015d5560363ad7d298352ac76e992fcb75f6cf4b8083a85

SHA512
a04a8e163d5cf83aa289bd60d1c7d56f776927a101d1dea2df5edafb43332c6913e42d820aea652be7c89aab1d436a3ce83e14e46303558c84574f1ad5b6920c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f71a6b443d8c5c0b80039ad908b339a9

SHA1
8246acaa52fc0a6b8720ce685e7f621a330feb22

SHA256
7bfa623f3da86a5181155eb8f09867a925af26b39c6e0ef51f437ee529f46ef5

SHA512
21ff8fb2df7f41ad066e8a1b7679e3edf6acb15e06adea17ea4787f58aabb8acbe01c67ba46f462c53d34e5d9de0f83c4731d8a69d8d2f8e0b65e917096667cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\1xntpxza.dll

Filesize
19KB

MD5
892f01c5b7af9fe10b620615b742fda6

SHA1
5696bbf9e0b63ff7b9d29c84313b3123a33db4f8

SHA256
b02bbfaf70a7b0a99ec8052b4dceb70b3bcabd92a24928427e5deed36bc1133f

SHA512
7be2be83cb97268a3d6f018eec446f28390b8ad4e6ce3566bfeaac20cc1a630c43975645270641aad73df53f8d715602acc36ce377cb6dba3ef55c61a89ac73c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS031C8219\ICSharpCode.SharpZipLib.dll

Filesize
203KB

MD5
0766a83a5d6e178d0f8a7d8b0563c20f

SHA1
7fe8db7a7adbe6f639602ce9859e61515fd67b07

SHA256
f4e1feb64f899b6646524197cb494d9d790b004ca38cc6072fc807da06642484

SHA512
165b2165affbdcfc7c6deae225157dddc91d7b21daffe2723c524c888a9ede61ea368c8c05fb7b203d42d2108ea723ceee5147d20bdd8b425a9485f59e80a01f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS031C8219\Interop.IWshRuntimeLibrary.dll

Filesize
55KB

MD5
a1e07dd8f2b1b4a657aa4cf0557e8b27

SHA1
ee60c8326377575307d60e0cd41f9888b09e5641

SHA256
06804abbb6e02e3f952d70e241b0c134c14f9b85e2a135eb45365b4b09aee827

SHA512
a9620a7ea0353d350cf2e0e0f6e62cc762b8173493d27bf85db3aefe5c422bfdb988f77aa38860be11e7dceefe46e240e85e26576d25b5871911ff1b96b8492c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS031C8219\Newtonsoft.Json.dll

Filesize
422KB

MD5
0521a5d53edf31bb8460ae3fbbb7327f

SHA1
6f3dc7fdf01cc9d23a0d6f02502d233dac3a9e47

SHA256
ff7218005731cd2b5bac4b6ef1843b4305510e0ffd5d146ee5177c81224386d8

SHA512
17c6dcda1d5edee2e261e7f6ec20a89472348021c63591051ff09918adbf5e9dc81e2edf5f96714253b2a48e4e3b1e330142dc7a788ce8ae1afd35f98f8d6392

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS031C8219\QuickLaunchInstaller.exe

Filesize
2.3MB

MD5
71e9348e62590bcb48eda48f64d53a87

SHA1
2072f8a7d6c366b609a750ef5cccb6a6951c2c05

SHA256
43fad6ea36767808bc9460a6d9d28fe6f2f09b76e921bf458af8621d964a0725

SHA512
f38f8325869d079d919207b47f1c50fbf4311b038681f32f1cc16f6801b49a7780287e401b637982eb1c028e5659111c086a406a9069ca349631c12922ab4ba1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS031C8219\QuickLaunchInstaller.exe

Filesize
2.3MB

MD5
71e9348e62590bcb48eda48f64d53a87

SHA1
2072f8a7d6c366b609a750ef5cccb6a6951c2c05

SHA256
43fad6ea36767808bc9460a6d9d28fe6f2f09b76e921bf458af8621d964a0725

SHA512
f38f8325869d079d919207b47f1c50fbf4311b038681f32f1cc16f6801b49a7780287e401b637982eb1c028e5659111c086a406a9069ca349631c12922ab4ba1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS031C8219\QuickLaunchInstaller.exe.config

Filesize
1KB

MD5
e832be28aff79d3eea47b9205ab96455

SHA1
8a4940ee9d76cdc5dab2161e79bf1d0bf431d4cd

SHA256
e8f2b805006137e74e3f922a5e9c5ecc15a200a51cf7dbe6d67f4b5fb1c8ddc0

SHA512
c2bccdb87a421d4730ad99d810f54bf4f3aa40243a1750f0699ff98422e119c63db855daa0b6bcbd38545eaf6cb253c51c6d9a951ee5ad1f1a767e6deda5763f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS031C8219\QuickLaunchInstaller.pdb

Filesize
843KB

MD5
b82ae91a3b5fec27fc7a2c761c0eea23

SHA1
357b339ebf989efe3ac86f7d86eab5d259449019

SHA256
f47eea6ff62f8c73c10d0ab02ca16eac66967f6e8d145694734e1bff6c17ce40

SHA512
0a29f62865c393b6a0f1e96c9136f39069ccd36464ebb22a36dbfe50e45da5c957d7b1703d5bbd8cea2f6d7e073eb4ca15f718a4d4b1d9096d230dd0c1cb6097

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8716C909\QuickLaunchInstaller.exe

Filesize
2.3MB

MD5
71e9348e62590bcb48eda48f64d53a87

SHA1
2072f8a7d6c366b609a750ef5cccb6a6951c2c05

SHA256
43fad6ea36767808bc9460a6d9d28fe6f2f09b76e921bf458af8621d964a0725

SHA512
f38f8325869d079d919207b47f1c50fbf4311b038681f32f1cc16f6801b49a7780287e401b637982eb1c028e5659111c086a406a9069ca349631c12922ab4ba1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8716C909\QuickLaunchInstaller.exe

Filesize
2.3MB

MD5
71e9348e62590bcb48eda48f64d53a87

SHA1
2072f8a7d6c366b609a750ef5cccb6a6951c2c05

SHA256
43fad6ea36767808bc9460a6d9d28fe6f2f09b76e921bf458af8621d964a0725

SHA512
f38f8325869d079d919207b47f1c50fbf4311b038681f32f1cc16f6801b49a7780287e401b637982eb1c028e5659111c086a406a9069ca349631c12922ab4ba1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8716C909\QuickLaunchInstaller.exe

Filesize
2.3MB

MD5
71e9348e62590bcb48eda48f64d53a87

SHA1
2072f8a7d6c366b609a750ef5cccb6a6951c2c05

SHA256
43fad6ea36767808bc9460a6d9d28fe6f2f09b76e921bf458af8621d964a0725

SHA512
f38f8325869d079d919207b47f1c50fbf4311b038681f32f1cc16f6801b49a7780287e401b637982eb1c028e5659111c086a406a9069ca349631c12922ab4ba1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8716C909\QuickLaunchInstaller.exe.config

Filesize
1KB

MD5
e832be28aff79d3eea47b9205ab96455

SHA1
8a4940ee9d76cdc5dab2161e79bf1d0bf431d4cd

SHA256
e8f2b805006137e74e3f922a5e9c5ecc15a200a51cf7dbe6d67f4b5fb1c8ddc0

SHA512
c2bccdb87a421d4730ad99d810f54bf4f3aa40243a1750f0699ff98422e119c63db855daa0b6bcbd38545eaf6cb253c51c6d9a951ee5ad1f1a767e6deda5763f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8AB5BE49\Newtonsoft.Json.dll

Filesize
422KB

MD5
0521a5d53edf31bb8460ae3fbbb7327f

SHA1
6f3dc7fdf01cc9d23a0d6f02502d233dac3a9e47

SHA256
ff7218005731cd2b5bac4b6ef1843b4305510e0ffd5d146ee5177c81224386d8

SHA512
17c6dcda1d5edee2e261e7f6ec20a89472348021c63591051ff09918adbf5e9dc81e2edf5f96714253b2a48e4e3b1e330142dc7a788ce8ae1afd35f98f8d6392

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8AB5BE49\QuickLaunchInstaller.exe.config

Filesize
1KB

MD5
e832be28aff79d3eea47b9205ab96455

SHA1
8a4940ee9d76cdc5dab2161e79bf1d0bf431d4cd

SHA256
e8f2b805006137e74e3f922a5e9c5ecc15a200a51cf7dbe6d67f4b5fb1c8ddc0

SHA512
c2bccdb87a421d4730ad99d810f54bf4f3aa40243a1750f0699ff98422e119c63db855daa0b6bcbd38545eaf6cb253c51c6d9a951ee5ad1f1a767e6deda5763f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8D97DF39\Resources\AirfindSearch.json

Filesize
434B

MD5
e03c4f0bed8f90ea41cabf99b56764cd

SHA1
cd726a806dcf0d5bd9086d7f189223ccb8cb5837

SHA256
bc7d956b51de482b14c96062b5558f432a6810ef6b5f518f1c3133307f126223

SHA512
b57ff6d63c0544bec40c8c3bb32fea626d22679a9e918bc83481689f8fe87f10fb839e7bf2fa0520399faf117871d2b84349e47820670eef4701e347ff4618c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8D97DF39\Resources\BingSearch.json

Filesize
355B

MD5
c66015311fe62bb123017cac51e5479f

SHA1
183b75544e7529da0c23945c2fd780fc7c52fc0b

SHA256
36e4a1d5db811e1d446e51e6a61ef7776228bd20c3404e7e04cfa9f65e2ac7e2

SHA512
52a0a329b20f80a1218253d49871923c3a4f51bc3bc98c6a5b0872e8d1619ed65313457f2bee67b39df7053822247ba1689a3728e4728e65f382fe21b420c23c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8D97DF39\Resources\DefaultSearchEngine.xml

Filesize
412B

MD5
43d4f6795ec06a19ddf246ec5d4acab4

SHA1
cc40a728bc8f5722f76348c937189a244f339279

SHA256
d50266364edcd9e65d2d93f4c20d0a3d8391445a295703388ed867b8375c1c35

SHA512
4bfe46b0a52ae76366c704b432b4d28d63e5e856275393492792e8f1c240afcc945ba99cb328255180d2cac918d7d5b92434d1ed612eb61875b30bd3679e8fca

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8D97DF39\Resources\GoogleSearch.json

Filesize
375B

MD5
23086bc1b44c760d68fe509c74462287

SHA1
11e1ce261f02f3bad768ea9378c132bbc79961a9

SHA256
94a848d9af40b394cf25268a946bf9b6058c87525a2831786b6fb7c9eef4dbf6

SHA512
e32ee98f6716d2f4de578d987834d688acb76c34fe01d87674c5cbece02f9b15643cf0e7cd63d1f1502df8b4f365ffb494b63cda0a7cbb6f0bdd3526aefd719c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8D97DF39\Resources\PdfUiConfig.txt

Filesize
7KB

MD5
5657e7b56bb1d7bef584ad375548824d

SHA1
3dd8c66d18c12ec9dde87c487d1f938b08b4f856

SHA256
8460ad0ec110570453e657572f8f1f5e95c6d7e6cb6560622b3c504fceabf5d8

SHA512
266c22afeab829c293abe4067f8494d5a5d1a5cc9bbf3920cd50cee9b28ec14c7b03c3a69c957d29ad211e60a4630626d410c82be090eb1670ce44eabd4edca9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8D97DF39\Resources\SecureSearch.json

Filesize
343B

MD5
081d0122b6430e54347a8700143558a7

SHA1
c757014ee01d1d297f1bb50e48510314640cb8c0

SHA256
e70ebc2d3a965b7a89a35275122d332dd4d8925785eb21dc027574db8f7ba252

SHA512
ac6f0737293dba85759cd1b6c1138d248327cd0f3dabdf4acae659163f88d03804d2a5a83843677627f076710b554638d1067093702815be6ec10943697295a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8D97DF39\Resources\UiConfig.txt

Filesize
60KB

MD5
02c290c3d27350627ca859c595952cf0

SHA1
85d4d3ff0edfe33961aa4fb78bbf99a527d632be

SHA256
497aa2c432a34db955a79ad05f8c61a3fe7eed81dd4eaa00f1f237a407bf7231

SHA512
007ca7cdd6f967b1d84b2c823c434ab6a0ab9372a9eef4a8db9e3930e3166247dc96be79f3abea4878a3d2cd56e422e5e025103d9446d1650a005406b1392bbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8D97DF39\Resources\Yahoo.json

Filesize
217B

MD5
189015ea3534b1b82e9a965a4efbec53

SHA1
052753902de2f6b1fbc9139e6266c7efad58671d

SHA256
7a548e5abf06a38d793125ac03faabea9127a3282ae75efcf60b880dd6324739

SHA512
a102fa88664f1c0e248ebd1326509679dfce887abed4d0bdb7b7b6bf4305a37358d37199784cf808aa9148ee49d4eafc00ac20e4fd0d634a9b30f8fafed04f3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8D97DF39\Resources\master_preferences.txt

Filesize
156B

MD5
8b0a2937544145f266545a9a8d4fec62

SHA1
037311ab08804a37609d993dbe3d63e9b02f0e4a

SHA256
129fbb28a0e8f735ea8d8c676f2ffda5a683152b7103f9409c5b854f230e1bd2

SHA512
0ee42edd2f314da439b6afcba711a3bd383035ed901374e08a61b684291cfebcf4eb3d92ff012bed4753888081204601f779a814f1d89953e464fed0d6c88071

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES266B.tmp

Filesize
1KB

MD5
ed18813268328d78ea2c791e8a2f0579

SHA1
b7effab6eb96df06e2681ddf66cb947c90697677

SHA256
4cbb2f4845c797a37fb658bb79068652a46d8dd4e16fa86503334e4a84bb0d82

SHA512
0060de67332e8e7950251caef5278e9e1e82e6538ddc7362b71469af4ac020b545e5b844ee7cc34a7b166978a66fa9fc71b8f5a11a6b8b4aec3e62008299a1bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\a64642ed-e18a-471f-ae62-8658700a7e29.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\qltmp_514350048\QuickLaunchInstaller.exe

Filesize
1.5MB

MD5
0e6ef5b2d8d792fa3a0d68262c12e618

SHA1
e5e6edde2423aef5a7b8206bf9a19abccf3e5f43

SHA256
f033795212ca23880c19c4925f168009e8f357a9742caf444cac27cfbc62169b

SHA512
99bba390e01b9433e44937dfca6500286e6cc64330245d6087afab7020e20dbff719f7595af75b965295201c2e80da4ee19c4ff1db1229b3d3223ed8b4bed592

Download Submit
C:\Users\Admin\AppData\Local\Temp\qltmp_514350048\QuickLaunchInstaller.exe

Filesize
1.5MB

MD5
0e6ef5b2d8d792fa3a0d68262c12e618

SHA1
e5e6edde2423aef5a7b8206bf9a19abccf3e5f43

SHA256
f033795212ca23880c19c4925f168009e8f357a9742caf444cac27cfbc62169b

SHA512
99bba390e01b9433e44937dfca6500286e6cc64330245d6087afab7020e20dbff719f7595af75b965295201c2e80da4ee19c4ff1db1229b3d3223ed8b4bed592

Download Submit
C:\Users\Admin\AppData\Local\Temp\qltmp_514350048\QuickLaunchInstaller.exe

Filesize
1.5MB

MD5
0e6ef5b2d8d792fa3a0d68262c12e618

SHA1
e5e6edde2423aef5a7b8206bf9a19abccf3e5f43

SHA256
f033795212ca23880c19c4925f168009e8f357a9742caf444cac27cfbc62169b

SHA512
99bba390e01b9433e44937dfca6500286e6cc64330245d6087afab7020e20dbff719f7595af75b965295201c2e80da4ee19c4ff1db1229b3d3223ed8b4bed592

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1436_670917854\3d1b40b8-a04d-42d7-867a-d4566df195ea.tmp

Filesize
2.6MB

MD5
3fc4ce572ed4353c3c95ea4a6e551ac2

SHA1
995e3964ec276d14c0f5260913e9500fb7071b10

SHA256
cf4e3facd8ca4fd2b0d665117a448cbad4fef5e7de684a11e901ea874f6694dd

SHA512
74ae1304df84be0233d64fb82bd797aa66573dafc2ff978ae07fa57d1b51de4b81d1ca70a7cfde5c4b01a747c11d00e3018cf2bf4efdbc81cf2d6a67322244d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1436_670917854\CRX_INSTALL\css\custom.css

Filesize
21KB

MD5
3c77c99e6c5c3a02da6c5da37b958408

SHA1
844dd7ddeba826610092c6bb27a2e45c4a23a847

SHA256
cd9a93f3b055e7245cd5bbe2d0dcb38bf559e401de63748b80aa308cfc3e1305

SHA512
241e41cd73a0640d8578aa11416729cdd4de9aa68e6e8be8ff85376b4bfb985ec377fac6a1b56754295f66ab3e929b8bce50d8dface91caaa765fd7d9cb5270f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1436_670917854\CRX_INSTALL\img\icon_16.png

Filesize
596B

MD5
773a73332c084096c113e956df5105da

SHA1
bd6bc16804b2cd17bd344f65de6612810a262a88

SHA256
8a7c7c3bf63868778fa3a636bd4d1172b5e11b5d9d5172b6a92c104c02da3b23

SHA512
94663153d11b68dfd29d8ccdbd9950b1775c9dc3baaa1f56efed56df9df9358244677a5cd7a3ef76d9354543dcc75bd211dcd06e16abe7eb713a3768cafe3716

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1436_670917854\CRX_INSTALL\js\contentscript.js

Filesize
5KB

MD5
35bf6d54b2753f6bd8804000616dbf8e

SHA1
f0e7982838c4879cfba9910a9b92cb2ad1438bf0

SHA256
707a5af8e48ca2514e73b91b7c56312a56c5f645d6cf9c2998561d4927efc225

SHA512
d33f1ebf3924483be11ea6d6e9e28c03f5438e1c567279a9119443d144c1a103b70d49ad6eaef29787050de5ba76f3ea91c4109cec807dfe59396769c437ac7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1436_670917854\CRX_INSTALL\js\functionUtil.js

Filesize
12KB

MD5
2f758828413ce088b92561d7100b2c8f

SHA1
26058e3546abcf126329c12d94f73d1095cc7517

SHA256
5696efcf789bbfd0715bcbcd814cc2519d16d352ffc53b81ddab378137807fa6

SHA512
751f0e14c1357a8c1d8b10ee1c8c4c827bdd646bcad5bfcb4402b17fcf3b2af689db1e3ec6dce693301641b7df041d03f47979ad395a883730319eb1ed10dfd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1436_670917854\CRX_INSTALL\js\lib\socket.io.min.js

Filesize
53KB

MD5
fcd8c4de0d3c8dbf93179518e9ed3eb0

SHA1
409ee197138f1aade7f5b08f0c8a85217ae5e59f

SHA256
b53cfafd4b7c7e8f65bfb37f579cc4fd39652abfaa9591a2019545d92fa8cc72

SHA512
bebb834cf3d9b9d624b2c4cbbf2026d85683ff609be7e0939be0aae4551c6baead0d9b54128094a40d96e2d6e17456e6dadf38ff11649ca9bf17bdc398976dc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1436_670917854\CRX_INSTALL\js\popup.js

Filesize
69KB

MD5
494746a9aeabdf5be355ace44b92d127

SHA1
ee30a44eccca38bfa32d1e5cc4d7e63361cb854f

SHA256
e70734286e4548efa3ac345d528efb5de64343996d81951d0631fdc2433c38da

SHA512
49e2826c799d4a59f75668ead85cb73934bb56a87d50e78240a152bbee294e481de71b48901ebde092bd07caa97f62deacae9426529bc6972dddec2be7f5bc0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1436_670917854\CRX_INSTALL\js\scraperscript.js

Filesize
1KB

MD5
addb156d7fc4a2f4f29b183e76a5661a

SHA1
27c975c05cfd283b3d0643ac5c513b398d67f9c0

SHA256
55835291f2fdb4039fbc37b1247b873954d0dea45e5637e3b0b3d45d35dc848d

SHA512
7c0eb56bd8393340fd0ae1484c1c893ded97d5022fbdd90f452d90d66c8f475e03c62d288c6998fd7d5b4da31bae012e384c42d811fb12b257bc8165af51e62f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1436_670917854\CRX_INSTALL\js\systemUtil.js

Filesize
2KB

MD5
2a4942e4a5f6ff167dd0dbac2e02fb4c

SHA1
978cadc91bbddd6a755ac1ef80fe4cb638cbbaf0

SHA256
9a78d8045bceacd37de29268a3d61f8c6193b269394b7a73c77c11ecba8d9cd7

SHA512
0307018bce0e18a88311064c9d90cbf387dba04258522ca933c62ae8a86f4ad5ab986c53630bebab4920b14c61dff6b663c629219e713e61cc1cb29e697051ec

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\Application\desktop.exe

Filesize
5.0MB

MD5
9a094dae3fc0d28f8fd341e5285c82fa

SHA1
8381a00063751e298cc3bf7883f3b787888e5b41

SHA256
ca2035e227987815be6ea555cda723357095640124566fd15456490bd0a4b731

SHA512
88cee71e3742ecab865f137008e0855be84e3002966172e078f29e910928aa45dd4ead608420e1fbc5c374ae04f969393378e04ccf655db584fe1e8368fe25db

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\Options\Partner.txt

Filesize
48B

MD5
00452a77b92e356b404505c2d76691e4

SHA1
54fdb14ee61bbc5c4c039ab16bba71a4de92d734

SHA256
dd0221eddc2031636bd8019cafcb5e52b7e70f2c36ec39a9592b09019b8d416a

SHA512
9d97eea7b955f78f58bf0c8e240ea0b44dc124d2f9c79464faf21966094e2e33f3ea63d781da0ffd143959506dd0aa56d10f0d4bd3591a34e28ad73ec664ba64

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\quicklaunchbrowser.exe

Filesize
2.3MB

MD5
ea77a679d35408edefa832ffa236a419

SHA1
5d78063eb0123ad934fb9fa8eef0761f9ecc9198

SHA256
4a8392fffa239297e7dea69536a65c146736b9eca19be25fef01d5da68522b91

SHA512
14cf12cc2b7b961babe728ae39ed67eb29a11f44fc7500cb3277f5bc84af4d5bf0d1e908be09a0e349fa0126e8b8d5e4c35b04b86fb1c4fb1912444331c5618f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Crashpad\settings.dat

Filesize
40B

MD5
ffa204055bae4a0f5ba895df2d3959fc

SHA1
be9a95efd76a9fbe3836b2c8044a8138424e2c48

SHA256
dd04be3a312ac5bff349af02efbddc862a22eeae6a779b8c9d1a9d3adbab12de

SHA512
4c81b0d886c206f3351830d26b1037679494fc9ade0922aa1c23247f060a8311482da3e3dc3bd16d8d893cedf16d177e966c332bacff91ee6b1346b297dca831

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\3d7d2729-3bc0-4210-900b-e38e88c47d9d.tmp

Filesize
166KB

MD5
4cc546b6eb0f0a80126bffaf36a6562f

SHA1
da4f32a7455c76e633fd07cea3a27637abff89fe

SHA256
c36752fd48ed355a77599094babbf51b4e3568170a05ad63c45f99c968e3f05b

SHA512
b8502b92eef664c7efddf1b061ebcb4298db7c3f9e9b987acba51c5894abff91a81b157f03ea131ea0b7900c5468a05b35046f62da99f11de2d1ba77d5b12b80

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
63b487cce508c55ce8734049055cc8b2

SHA1
02ccd01874f1b1449c852ce269ba4da5de834b95

SHA256
503bd310003ee5deefacc7a729cd80dc2cd9053d0d21ea51a23694028b955d03

SHA512
a282bf6e7283ccc85f0016b528e3858d2ed5863c27692ecf93e5e51a1ce27a18271941e8d6bc80d518fd5428e2342e4ddc452178eac3c9eabe79b71b656ad7ca

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d66821f5545aabb86d6d3e55ed0e601d

SHA1
cec9cff8681b0db655b068c85a7502f78fecdae4

SHA256
1ada395f50b33d1ed9d944255f95e0650164f84284002f6cc620c4430f5b6ce6

SHA512
ead81c839e946dc47a5a136f388d97e759be42eae8c57b3beea09c4505db915173196e570665ce88ae7aecd769938daec32785c17940001b425a4dc69f80a024

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Code Cache\webui_js\index-dir\the-real-index

Filesize
576B

MD5
d09f69faeaa43b9535bc1caae8b15bc8

SHA1
48dfd8ef1278f2127edd9ab93a60b1e10133ebfd

SHA256
c11a9324062b7e240d52cf7588cb579af012b215605b2f1beec1eaafc132eb15

SHA512
45c2d21ea8fa9bca52a33c8f25df91576827c7fd81ec49f0ef22c20ebf2393ef3aed7a490b4c7c1688e19654f63762480d22842c8f43cac9136d406333bf3630

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Code Cache\webui_js\index-dir\the-real-index~RFe5af5ea.TMP

Filesize
48B

MD5
bc6d03ee90f00a1144f6e63ad12b5312

SHA1
cc33c2667f85f1526cf51049cab2a80c6bc72f6a

SHA256
93ebf1b5bdbaa1144c5eb8bb3446aa3491806151bf33c5414b4cf59b9ebf6d96

SHA512
fc8e66484a813c66a75a1c1ba265e4f4f09e8486ff975aa696f5af6ced49ec0d66664e54bc7c80be30bfd29cf3fe99c2128876317575cd7fa54456458b4aafed

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\LICENSE.txt

Filesize
34KB

MD5
9dddebe18473aa0f80f79c449ded4266

SHA1
b3ecc44a5c34c6aaace987eac07b486db3bc3feb

SHA256
1b728b9ca80a6ea27fb9348c902dacf88b7fc7b12e22b693f4cb88bc8358985b

SHA512
3d0a7d2241a463d1848ab76644fc8519ff524b1a88a659a009811cb46e62617ad241b54b318bc3ef25869acbecc44c44b5890498f0a5d359102aad2ede9b7b46

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\_locales\en\messages.json

Filesize
163B

MD5
4ceb596ecb8ad1385bf21e81d374cb08

SHA1
781df34c2d5c5529c1615f7ff00634d7dcd36807

SHA256
07819b7eddf8d595e8a462994aedb1ea5f629326db3f5cfb2911d418861848e3

SHA512
70c4baee229e225ea11e093f303f545ccca3356d724705da5f4691b52c8d0af86c8cbec041f3442294584719ffea78074d61aad2c06363eb49cfa24ca2cdf9dc

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\_metadata\verified_contents.json

Filesize
11KB

MD5
9286e96719bbd0d03728a84082f7ebd5

SHA1
d2f2aa3d8011feefa9ed89629af436e0b7af78d8

SHA256
d119358fb3dae900ca29da91e6d0c184500972de5cb704534d4eaf1682eb1a82

SHA512
2427fc3e9214cd85e3776d2f61476892dde3227e192bcd7ab1e125b626dd0715a57801c69f6e9490f33a50880d9a51018c5347d63a67200b58151bff87897308

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\background.js

Filesize
349B

MD5
613a639514df9659f2f369cb69e631a8

SHA1
3a44e086b3f709de498474f98e073a31ca828f8c

SHA256
cad1ca417abccc6fd01648dcd762dc0438b105a563859ad9020a51abc805d22e

SHA512
db0c28750380e623f4bd3350e4a452771120b208d977206597dd3061ecdfe64ace19398ca44f7087b430c7a23284998c68366d216d99aca32d36a2e6427dd5cc

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\css\bootstrap.min.css

Filesize
149KB

MD5
c0d88f3dbe50265a0583e95d977c2c37

SHA1
9f4928456d73a5321a62cb823e6814ad46185291

SHA256
4bcdd3ac12b9168838ec1d58ad6d08ba7b6a365c5dfa91de80ea5cc3e9238009

SHA512
009bf0bf55fa6d14133deaa982d35b661a1b2cc9a98c8dea1f9c4478d081b72336d5e5e4aa8c53ec9a8bc24defff5bb4f2aaf6fc71405936d7e5597021dec7d5

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\css\fonts\Lato-Bold.ttf

Filesize
71KB

MD5
24b516c266d7341c954cb2918f1c8f38

SHA1
542498221d97bee5bdbccf86ee8890bf8e8005c9

SHA256
d7f0b7f2570f2f28b504da1181b4d71b1420b10be2c4fd690927f1c8ee3b19c3

SHA512
e8d26a275d257dce57cd05de36f6477a974757068fe2b130ea2b11b9f28afaca14261c20ef16030554560a42ee3c4bbd42f40fc9b41d5f716495a896a4719326

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\css\fonts\Lato-Light.ttf

Filesize
75KB

MD5
2bcc211c05fc425a57b2767a4cdcf174

SHA1
ad0d178564445a535b15d417f5b18019923d3bab

SHA256
fb5343c4375c38b1c3026336d355335e6a5b8531cbc9c6506eb4b6f6d67c152f

SHA512
f431dbed65a46db47ee9ac2ded8f75c1e2dcda62d06d8b17f6d84a3312cc6a618b4ae2c4feb659f9b8a0d9ab773004d29e6cd76f8a5f9aa3472ee2a297bf34a3

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\css\fonts\Lato-Regular.ttf

Filesize
73KB

MD5
122dd68d69fe9587e062d20d9ff5de2a

SHA1
e923c72eda5e50a87e18ff5c71e9ef4b3b6455a3

SHA256
e82542aed8293f49fc83c4aaea566b1f6b4fc7a9ab5da11e6fb9bc0973b5324b

SHA512
30c39f8e242efd6671b9ca59436db45ebffe5cc7f7dbc5a53fb21b399f2a52a9f2e68611b4241163a7de5ce934ad9dc9c6c9845e80bea7982ad6b6cda05dbc61

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\faq.html

Filesize
10KB

MD5
7be8a6dd8d1235cf21fe2850092c46cc

SHA1
606ee303924205e9bc71710a5ee53ab05d60d2e4

SHA256
3fbc8b06de44f5f5b1f04dc25eeca8c75bce49a9341de7c8a9dce080537f377a

SHA512
8ab56aa3e44694758d8fa49d81acbeecb1af2520fc9caff27d218563d436b91948506243a2272003579439aded61c72da689efbd4d17a747218eea3cf9f655a6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\bt-pro-logo.png

Filesize
3KB

MD5
4da9a7971a65832016d7ef17707a92f4

SHA1
8bb6a79bca7d28ece97b33a3559cc8f25cc23691

SHA256
60ee538f646031083305c95467688d82fd64e66f325e9324dead0a1be961bb2a

SHA512
3095cffd74f0d64734a2c08e39bb9ff2d1e620ad9446ce1369734cb7deaadbce2baf3dae9dedf704520234936ca60b02a308efd9d6b20a40143ba63c9ec7f33a

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\chevron-collapse.svg

Filesize
494B

MD5
c556a20d60a4ec1abb1b1210c24010b3

SHA1
7bb5aed0bc25f7e2a1a6b84795957a5ec653f04f

SHA256
43cf3b83cb433b61ceab27dbc7b8617162ee2531d73acaf472bcee0bc94bad52

SHA512
cb537cd83f895fdbd50fc5c9361c40eda8147fa481867423e92c3dd10928d50bde413d76714df6757d4d72811f2d92e5f3abd266aff4114a2fb78fc10ed5afd6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\chevron-expand.svg

Filesize
461B

MD5
885cc1aeb845e720fbc47cffb3fd8e84

SHA1
e62c8c8d5bdd41bc23791818033e56294231abf7

SHA256
f4e85b61702060ebb083c0711ea57cff22c490f93a1f94eb92af6192939705c4

SHA512
410a3d9d2ec8ddf269c412f5194b0832797b80f90fc45a82135516e676616779b76941d032cec9d8891079caed6d2770231831db97371ec3bfcfe8e80cf16c7e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\dl-icon-blue-loop.gif

Filesize
4KB

MD5
ef6b067739cc25cc08fc07254c3ff200

SHA1
6d9b08fc11519595ca111f828cee7035a5f6625b

SHA256
93186ffbf224458edf5d1fe894ad698724b98475b9bb019b204734d8f84a19b8

SHA512
dead1884c34837445e8e2c5d4781712f938a748d7c70265d5473f3408a5125bc86a4e71a64f4667612f24623016da586ec984fc5d313593bab1d14de6dea47b9

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\dl-icon-blue-once.gif

Filesize
4KB

MD5
4a45b31ab66e4c1ccefe09c5b75d8571

SHA1
ecf925ed456fc244ad3b143584a317b6e8d0d7e5

SHA256
92319dadc737a2d77812815b40acde4e19a9ee1f8098bcefa60a168b72467413

SHA512
ea632d4871d71efe152be6d71401fd098339c22801cecbb17b840a80d862272880254e121532b516054f8f89708cdedd7e99bffcb2f345a7e48eddd6f497aecb

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\dl-icon-blue-static.gif

Filesize
252B

MD5
212355e598623bbf5253bc602bc2cb2b

SHA1
25cdb778458003f39a7344887a5eeb383ab15a2a

SHA256
909681526a2a218a496ec2705d1ac1981b5d5ad56e04b2f637866943e34e7e69

SHA512
4f68e361910a0d29b4c555b1bb6656a8c26b3c0c32c613e4c655408d1773d52dba24748a7b2527464da6541da2b4719cdd7582e1b64d0fb6885fe8e759ea84dd

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\dl-icon-green-loop.gif

Filesize
4KB

MD5
29351d90fc2296da7fe0e0a56d04ece1

SHA1
3f89acf924f28416ca684a92c0c270060209d096

SHA256
bbe5c6aeb123af546616d35ed5b927717796981025a2951887258539ae9c15b7

SHA512
da7028b97c6bb19c73462f1ff3c8e61fa64f1ad0fb7fc06b297556c078b11983a74e1564e84501828047c1a4acc9adba3665362176118cdeb9500573fc28a992

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\dl-icon-green-once.gif

Filesize
4KB

MD5
d05a81f63d2d27b97b80393ef5a82048

SHA1
d40eb50840f35ca6be136295b0ba61dc763156ee

SHA256
50d8af8b23bceb40ebc45708e39c190e19c0693d03c6f267ba86da90f2f5b850

SHA512
bfb0c5d7e2abb118bb3e838fc44d3b22ef84257bb63382c5c0cc6a024cdee36b32ed609791392f31e7fb5fc6c963722148c1ffc7ca575419056ae4f17be2ef63

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\dl-icon-green-static.gif

Filesize
252B

MD5
d300f1b7f53bcf8c0494ba57325213a7

SHA1
65d87dde7f958ef0bade5a50f15675fae5c8bd9d

SHA256
d34ab9b3b3ea7e6c1259f4b725402de399773487bbf94f221fff6f02bd12d76c

SHA512
bf342743f631ef0102a2fd07be4e512e13f9dd8844179b665192e533ad00eda215c3c0962b7d14e36d05707910dca5685da8e726e85bef3b5c686b4c8648af4f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\download-icon.gif

Filesize
1KB

MD5
e7be682974664957a8eeed8b6240cf11

SHA1
3f9f1d543a337d9c24d06e97eddbee4b32663d60

SHA256
e1d2622d270cbf9e10f1ef27fa62b26f53af84ed955bce62e8a0949b4fdaa172

SHA512
12f8ad19b1f5cc670ffd17390fb0e6e44fb328b9bcecc1d4a13fee4687a8f1f8fc62f8293f8d57dae8a83a63550c9164ae7edaf851750cbb04c69c69a6348130

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\download-loop.gif

Filesize
2KB

MD5
e6455c1cbac2a0b75ce9103c123e54cd

SHA1
8dbd4d5885cfef4e82eb6a62c795eb16679a0a81

SHA256
bae046f5379d3c09ce652749e08b9f95cdfc88cc5b8dd5775498f625a835c45a

SHA512
778922809a84ba2d06d5ac1de094fa21f62849815bba3c528cca9801812800c8ea3bdf1491c9b5af426ff236cbcfc27faa03e3451210936913c8ee572ed24e9a

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\faq\chrome-store-logo.png

Filesize
2KB

MD5
f65e0c30ac29ea684b5f8fa6870a56e3

SHA1
d926d4b42da711d4118c74f2059c010649254b5e

SHA256
10b0852a121860ad427dceb3411ced96bfa65a64e36174535dbe3e730865393f

SHA512
9c68e2cf26b100206dfe1467719415de48cd767b073f2e318aadaaee86cf9507636197afe09f456c31cb27c740f7d2a18ea3c5d263ceb05f8f2d0e5fad3265eb

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\faq\cta-expand.svg

Filesize
579B

MD5
f9fd206779c0dca4f37e4f855a00c932

SHA1
ad5586bf44f3162737c1915ecfe7e2b2557ab265

SHA256
f411b4377488cfb2b30b659ad8f0cbf0da5513debe6ce6539fe2713336ec31b8

SHA512
ca68a83a6f1967839ea778f4ef07ea94e5c996960c0975219a4ee83e60d1874b0fd970abfa205d98c5bd7f09905d6327a57d754942fb80b1ba42611fbec93dbd

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\faq\cta-shrink.svg

Filesize
686B

MD5
531696e88bb56ae0b8026dbb09c5266b

SHA1
5beade3d8c59d34fb3e4d6dea306e80afe4dee6a

SHA256
53556ef4f2e10e086743829fc8c6d2435336af162bc7b2c2fbae0dea80457035

SHA512
203d9af979ea600ec9d8befd273cda740bb2c83140261b4221a3a325d4907b335246c4ea789dc2226aaf0ef1d8670e3e9ef21d5da3f4d2c8c267c17bbed78fd1

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\faq\hero-vis.png

Filesize
86KB

MD5
14e9f3234aae0d93a6f0f3135449f494

SHA1
6caf3c96538a61ca71d81d6b14d0fb799a12ea17

SHA256
5b205f158227738b1c9f9697d571e76c39db6cd913145b98c097eb103e020099

SHA512
378f24f25494e9cc2372134f4d010b9f1b70cb3655e8bd41cbdb452bddca96a602b6f0c30d4d4b44f5b50e676d8ce9aacad96e2a2a35e22da473660bdd840fb8

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\faq\site-bg.png

Filesize
2.3MB

MD5
ed3eb6a101e5180602d7b63a2015713d

SHA1
ad5dbe6cf8b9336c3483a62be0b27167cc31da26

SHA256
0997452045d1f2d78438250046841ebc05aa2351ec7655a3be7f102d53c5b30c

SHA512
f3accd75e5ba5bac04498dcccaf78481f89c49c32f48e91180a2caec27fdf4e866f3b65646a9b005e85bd4653264aace379d1fc73a21cd3fc3b979645d1ff692

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\faq\ts-free-header-logo.png

Filesize
6KB

MD5
0fad32842456be9d2f454e5fe783f4c4

SHA1
4cb9936ec6b4aaa1bf7e3564d672ce9f20256d00

SHA256
1be82ff664d77863c85f78c05212720e1751f8ebb90deb434d10c4a31c08e9c7

SHA512
f9f3c89d57a46cf789b475a09ed174068bb82b5c898aa5bda628fd39fb73962fdc16a3d7e5a8442411ab183a3e41ddf4c7c2012c35245464ee6ee3e1c6719a02

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\icon-1080p.svg

Filesize
1KB

MD5
164ef21f78ebc75cbe2c4425d94b5ec1

SHA1
84e9d6f66e19945aefdd9d83cd00769e4de84421

SHA256
5932b7dc8b76714af936c6f5e607c5d5c901c9d6a8dd6f94bcccc3f8f8d173dd

SHA512
c35b86efd64c970e860ba45ae367bdedd972f8eef9e3b2ba952823d5a83d2367159bd517f97352cbcc68d6d63b868a8acdfb9a6f74200a1958d70a1ffc017159

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\icon-4k.svg

Filesize
3KB

MD5
aa9f078a04e8120fde2290731cfcb274

SHA1
cb4a832a7e66760c67b93f70f129d235bcfe89f3

SHA256
074fb64ea08f98356db0a9d803c7fef4b96ccb29cf9261a82577ed09320b39bb

SHA512
cbdde2b53004a9bc923a83ef621079748ffc812d1fa462fcc71b91c9d22eca3adcc83ac9dc4a5135e0a0df582136d2f62868436ac706d3a2d16d73e27bdc16c1

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\icon-780p.png

Filesize
284B

MD5
1c34f528480c99be434c90e197bccfe9

SHA1
d27685c0e9724256dbeff75647c75b664ce342f6

SHA256
40ec94cf023ca99f663632be23afed63eaff028f96cc23c68999dd125fcb2c4d

SHA512
41ec5a53e7791e0c42b3bd0aa72c867285c5ea93c8cf4e5abf8eba4be9f028adc682cf8af6d7c8c7bb7b8ef7183303391f1feb84aaccd1703e627ebef1e65c32

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\icon-alert.svg

Filesize
1016B

MD5
c35ddd690f0abdb955bf60bc04beca7e

SHA1
d13c0a6f33bf01c7b9e5526e244dbf9150749634

SHA256
b7e782d4df9ac4157f003b384e0fbf6d8aba22223e53b1c52c33f8eeb402a7bb

SHA512
376389651fc81a8a0fd9c71b73688d0a55042b9ecd0e1459fcc173bdf7cabd4017e7e8e8b60e1a9f4f5b35d363abea6a4ef9dafa20cdb6cc9131650f2a41ecf7

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\icon-buy-blue.png

Filesize
298B

MD5
d8868a6aa77f939e706418c9f7d7e2dc

SHA1
ebe0426e71f63673b91103cb446db13a550b11e5

SHA256
29f13f0d191a10b9e8c54960cb6cd2cbb17e50e1fbb29d432577fd3cfeb6a200

SHA512
bee37691b2a7cfe5568541d57e86c2ce59f46f2aef6b11b2251651bce1fe2dea76a81aba1898b504321baf695d2459db22d1074ffdedc2dc8f2e9072c7a27ea6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\icon-buy.svg

Filesize
613B

MD5
d3e927b6e29a71f80fb43df46e2c5234

SHA1
588e0f3efe350dc1e98cc7b1bb53a4cced7eb094

SHA256
715410a265bc95e0924b76cb0a97fdf0eda0ba5d85e03c460dd587a813203d1d

SHA512
119f5a1c95c3b1ce1d6d10129aad6c5b950231b6cb13180b101d1d1d739e720f318321497724e5ab021bb77687f433b676bdafd183fe546aa7f404e077ee8e42

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\icon-check.svg

Filesize
310B

MD5
95e0ed8b46152e4e7cb154e94487e7fb

SHA1
9c0e7e94c8abb3fcb6ef75483ca040a3b2229afc

SHA256
57559447188da612929f895ac014f328c642fea203a952d1212ecc3d40def948

SHA512
d5ee0fab2dc1aba5c80b3000d0041072564126d7edbc7f3ad4fbf20a0e175810f43b230d5b5d3fec4ae1bdcc594d27e2ce117efc27ff114eb2262a889ba6316f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\icon-download-hover.svg

Filesize
908B

MD5
fd3ba149220013842d9d40bf5392bd8e

SHA1
85d36d9396dbbb6a410c5d8e75f54741fa3bddc7

SHA256
4265fd53a55dd60eda07ec1a31cd733c76420b2f6a6561732630d9d14e5f5fe8

SHA512
46f10c7c9aa74a15f71ef30bd9ead4f30700865e157a26f2fb0974007a2acb867539ba16f1d46f83ebf94dad49c4b1efbc769faa5ca8c364f96798faee936c8b

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\icon-download.svg

Filesize
899B

MD5
153a73ce060f33789dcc9c499fdb0f43

SHA1
2d8ea944463d0bbaa5a6d000ca1b11572cdc625a

SHA256
fc9a592aab615fa465d25e29e95ed99dc0b1a7ee3820fbdf6c6e6ab40442cda6

SHA512
f1193b6a91291b127e8394fc6143f8bdcb5994db0ab22dbcdb37f90e9d2d01189587dccc5c6a0b5d6a02b7b1511eaeaa74bb1c1b4d06c62addfa220189744afd

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\icon-faq.svg

Filesize
991B

MD5
d4646525a33843582c22d408f0f1ff8d

SHA1
2b5a4d82671056136c3c236e9bb2579536f0d46d

SHA256
4f9998d940c10a272bec51ebea9bfbb7f69224aad9790d98bec680bba0d438c8

SHA512
21ec3ffa7e5ddc3af9978f5c6f5ee468c9414692cc56c2f90cd91fbb51ced3b2af879494f749e83904426a4a51a9f4f5023483d5c4883bee4bca0e615d52d7fb

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\icon-feedback.svg

Filesize
1KB

MD5
26a0cc1f12e0dc7646c84102941de064

SHA1
1774c9a2c6f12d6cf01c9f22ce401a899e4d375c

SHA256
1df68fbe3a93d695c0a8cc1ca7c6d99c0b1d02c4ebefae6aad17bd8649d41d65

SHA512
715c112d37a39b9c069fcfcb161e93b196ebc67f21cb501ca2fce3e1be79eab363858967a4665f14598a42aa007903c1a08dd88927c1388b80f2e7dca831bb30

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\icon-home.svg

Filesize
1KB

MD5
6eb78abd788e2cdbbc3cca35322b2380

SHA1
a4cebea66f507f0552d4ebcfebf874ee79cd9038

SHA256
dc2f46c0bb49dfc3fcdb0284e8f53d9e267c919b319e1f12f16b277bdfeed206

SHA512
5233c9f3b793c37153241e8a97adfb142085eacba96030c13d74f790fe54c370fcef09db0d47e5080cfc0488f92825501105b9c5acac3f5b0dff0c57b07664aa

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\icon-invalid.svg

Filesize
1008B

MD5
7efe3d27b358cab1b6e3e5fc6c9431cc

SHA1
41aa54818ad1b3de5d7de3bc6eb1c5c37a0af5d3

SHA256
c473e33e276ab5ed3ec4a052d5c53078c7341bdef2d975b5dcf05bc86478f631

SHA512
2ac54a958a83f15052833c860c9eb8a9614655cff9c311bbfbf32908c467aa1429668d4ea5a5c07ff2e4d6c74d3ddbd63b9ae6ba9f3e5928e4560e500cc96a2f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\icon-key.svg

Filesize
1KB

MD5
07818f7160dc8c80cf00eaa4fa65946c

SHA1
eefd32d7b60f57ecf818e70fb803b0d62b1247a1

SHA256
91df81713805e130d1c6136a527b55290c5028a5bdeb59a6fe45acef28ac0376

SHA512
db5dedaf20d74d07070b7b30d7c1a6f5f64839d3235af0ba2b6cec79058ecbeb60aca00ca3f4acbee66c0fa453bdf8c0927880090889d47cc6a7dde30162ee5d

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\icon-key2.svg

Filesize
1KB

MD5
b990990ed5045ffd6046d443c28890ed

SHA1
c78c4487dd93106c7f6d636451bb61855e0ea66b

SHA256
5b3cee63a153c87dc876d14f0883c9c2f1f799f6ba389ea4737680f26d33a8cb

SHA512
a158493d4b05d199470ddf57f84989fa4252538b95c285c36e61935bef5ab90cc8088877116c8c01c51a9bcb26b2d7e14f39d5306e608317e0335ebd88d0791f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\icon-peers.svg

Filesize
379B

MD5
5409a1b61386867c0e2c98468a402afc

SHA1
a0f7de8ea3c02ee8ccbf3694c1553ec258781b0b

SHA256
296e7ac838ca67e6499eb6f481fb0456b9c42008d2c24ba0727346d34ace8f25

SHA512
70c7d12e4bc4ebccc68d4575042540864a54e4ceb75258b65bfc6ca25d1b8459ceabe9714098d1d927b3bfcd3c1ad17a2e95a6ca023c91e6d7759bf91ecc3817

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\icon-search-blue-hover.svg

Filesize
798B

MD5
2c7a67e2dc19e1e95ab7b98e0b1e3d2e

SHA1
801413a16ee0c9f7495852a3d2ca9e24989ee1e2

SHA256
9063329762e8acb724b7dffb47f2f4818a86942b2e5dd70062729e60e934cd1d

SHA512
4f991fbc95d31fb9868f54bbc4d5d37fad47acce043859639114acc67b0e05f1ab5305f20b08a711f95198934e671f70e670a0e117a13f311e22ffda763dcf39

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\icon-search-hover.svg

Filesize
840B

MD5
a59861619e3b7bed92d048479c2edbda

SHA1
9ac80c3fce625ed073b0552af901428d4da62c68

SHA256
30c737cad3ce5b70d4a0c6550785a5817a27d0f207dc8d2fd569caba7448da10

SHA512
c1c63861c69f655aaf26b06226417360d67aa22f0443c8685b32b91e0f0f1f7597a0ce4873bede59022d6d20ce5d5848268bbe02b9f29bcf2a296c501359f7c6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\icon-search.svg

Filesize
523B

MD5
abcb474647e274284e9acdd40f2de70d

SHA1
9b7311c9600d7edcae80de391ec9ed3d6bc63aa2

SHA256
c62549cec55a1c5bbe72a9c0051bb26f89b7a120621c17ce92799b60f051fcdb

SHA512
9ab6219c01d01f3ba99e0d96e15cd31352905666d8defc2cfb62f0cfae8f3c875818649b748d3bde1a8b041bfb4432e7bdee4d07354db4a69b0f6024efe2dfd6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\icon-secure.png

Filesize
333B

MD5
20deffed818a2fc78bd038039030ac6d

SHA1
168e2a4cf78791dee6e4cb482088aa985b8d5ac8

SHA256
d281329ecd1767b03797a761d31984c68af6f9bf3e4c159e5bc0fe060a3d58be

SHA512
ba3abe2cda22325623296acfb53bdabb3c3c7f50ff79cbae33aa19dee2bb2614e5a4e083beddedbf7f07b5e6e5be8369ba51256a8ec2d9f9e5c32d5b23c84286

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\icon-seeds.svg

Filesize
381B

MD5
e8f9e6576d06eb96ee84f5850b5b62ae

SHA1
47eba21c2fcffc90c9506a83eac9df6c4868aca3

SHA256
8ffc980f22ae0eb16c1c6d726006e55693cc485c13b1b2dfcad00d36a8b213db

SHA512
2fa977226eb108e4da5587b96f0f55d364c42d51cfe2ab58d6ce811bf5bcf49e82608185cc9742a0e92ae62d694a050aef66ac04422f768c9cb790c99d1be783

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\icon-settings.svg

Filesize
1KB

MD5
ccd90cc5b1597e21cc571fa0c5383b9b

SHA1
fc122b2b6e4fbe7909cf0051892f76c561b5b163

SHA256
b7b2d2e0d01b069e143d040db24ef4bb5ba663689c01b224a25f8483431b648c

SHA512
6b6ad5880f6387bcccefc124a4d0785c00d783929d30a6f7ff69fa3ac625fc94d608862a2234703c29d19654b73ccb5e424156eddf241f98b891dd036a588bfe

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\icon-success.svg

Filesize
1012B

MD5
153c44b84b9b99e9c7ea697290edf723

SHA1
a99b1deb2ce5c43fc51712924d2026f427a801e0

SHA256
e7e901d7c1e04ae400e0f521b08ae928ce0ca075f909688133f9cbcdb3ff7ece

SHA512
1899df27b53acbc5de317a4811b25cda396151b8cdbcf5330dc8831726510fd8faaf5ae4d5510303f8fa1c98efa5cb1c8345822c05e03f692499366efa2c30b3

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\icon-sync.svg

Filesize
839B

MD5
4c0a9f81421275f2c4a41bfbd585aef7

SHA1
44207001f413731fde1ab8140ad735c1ef327f12

SHA256
065b2c968546ac4c08f7925d34c9d5010a19d69be1fd72cd5034fe5fe803374f

SHA512
1655e589b6b98f8684e0b54b24d32e867f60fd9a59291c4159b5446df32f1b8a423e0cfba7dbe187d7d29b7b1c78c494ec2a86535949d6541b832b81f219c6c1

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\icon-video.svg

Filesize
1KB

MD5
67ee77ac53794727ddbab2e61a051b35

SHA1
29d88bff58c46cf17355aa7bebbd95f013dcd6c9

SHA256
6647a9cabfb1e79c1307e71917a363c693d2d8c0b8d2707fb1b25098e005956c

SHA512
29f70d8c4f2e8cc6520ea35e10610fe909eaf9aaf23c26e42c97906ce548edcf44f7a907501c3b23131f675ee2688088d16da7b052889524380f20b0db880354

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\logo_32x32.svg

Filesize
1KB

MD5
8d919241e4d381fc4bc8c38e07e8db42

SHA1
9da3403bc0c9a592166d27ee21f293c22b5f61a2

SHA256
383b7fdfe219378ca16d229e4e01a98925b03f179503d78b438daf9816afdb20

SHA512
e346884802aefaabd78333160fd3cf04cc9bfebe05e8b17f933afa73ba816c3b50d84a1f2e00d502f699496d30a3fe7eade15f0d010c807df1d1a82c1aa14074

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\overflow-icon.svg

Filesize
290B

MD5
c50d2904dd51b00eb1afefb97d83b856

SHA1
3feca387ec7fad92652728df4395d98c62e35e7b

SHA256
c0aa1de634c2d34b8e8bcb98863ce2594119088acf07ee1fe7d325c3ac8a6b0c

SHA512
bb88366d24e8710721b3c7306f2ca8c27dcce44bf957a4f2c7a1721610a881fa64ce815f2ffa2c67ca48da1ee49e304deed8b49f5134056913aa4932726320f3

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\rectangle.svg

Filesize
156B

MD5
90f94d768ba53139f8fd8de7a2bd2b74

SHA1
5331e1d6a2aa0250b196a86277a5a948335fb8b6

SHA256
1575c27eabb83ea51c6aa3cae2fb19e80ee386acd4f5d77a7db418e5ab7f47dc

SHA512
14fd10a68af4ff885e436f4c2e270afc332e2c35df70775154e109d6ae06cc890c987459aac68e347c2579384f015e4a1c279b22d500f8d84d3b841e6c233d26

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\ts-free-logo.png

Filesize
4KB

MD5
40e386f581aef166e791131fe94039f8

SHA1
47b9b0848d3c9577ef4e85ef6aabc34062775f17

SHA256
526eb20b324e0eb115bc98c7a262b540114d5a0b91fcde2ddeb4079743388a71

SHA512
7eb1324d88f0af8aeb29917a7a265b398d3fed02a90258849e4ae61b643552196938d22acbd8ad51fd4602a23a280d44fc1442ae6f11f8409483c0f8be4279d4

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\ts-free-logo.svg

Filesize
9KB

MD5
d8bd696523fbaac814453681d1c07309

SHA1
3f298c2cc3b003c905de7ae0943ed6fbebed753b

SHA256
6aeb80339620af5a087fb85e2eb1c2178bb463279a58de3842b7103ad3403ea7

SHA512
dbffc82403ea4f99ef98ae5e14bdf6e9aefb6c9544486084451ed41b498904c29c4c6f1d4f89abc8c9c2302aca7d373798bdc750d09cae44ffae7df936aded50

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\assets\ut-pro-logo.png

Filesize
4KB

MD5
591f78b3dec1811d82a8bdec36527ec1

SHA1
0589465240c376066dd3572bc6ae822a1d3c5533

SHA256
7cab2b4ff7c418327ea31afd1ba0b9621b024b8ddfabebeda2f6feaedffc713d

SHA512
ec5365a20ed51e8abafc88961c2d2d2331338e21f765877423ca70ac02124bc0e89be83208755fdfd4fdc8cb75864dc2cb7525c440e4a654513d30ff02e9da81

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\browsericons\icon32.png

Filesize
1KB

MD5
4f7409ddeaae4b90fe099508a1764f95

SHA1
2ec5b8b764f1eab2f9e850ef983aa8abb7b6db95

SHA256
7bc2553156dd0dd46f0c7962f142388776cf1004dba8d20f160b3ca42e36ce99

SHA512
b4efdb6949f68dd6a7b848e5784cbe735e529df53e38b415998914c2d048c12196a75f9af4dcad9feff7d2cda70d29243271f218cb1554e8a5bf35b6e3462025

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\img\icon_128.png

Filesize
8KB

MD5
81ad059e44b4cfcf1b406a79945da371

SHA1
793c2912de96a7c4bcab278793ffcfeb356b6f15

SHA256
06c4772f851d50c967342723e798c0b5d96cddf6ae62d38b8f68908d9240c849

SHA512
f94495e716ebefb1f29fe5c50987a881a75fe9fb3296bb9203050b519e5a407d618592581b868e9e9d3baa22d7b2b7a6badc32dbc4a4e9c58fd9c883bb44e242

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\js\backgroundscript.js

Filesize
9KB

MD5
f9ed6eccab8a57615a5060a8356bb17f

SHA1
9b291732fa459668a97fabc15106f1dc09cfc736

SHA256
de592c582fe3c2f9615828668e6f452a47e08ee2cb8ee9122a0690ba0ecef9c7

SHA512
2ba5ac0a74139506b28813fbb982b980049e13e7321112954d4f1d91fe57b0a599e262ba86736484969c780e25db173dfcbc5cb2fa1493a577160827bff49b96

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\js\config.js

Filesize
582B

MD5
d96ae9577dfee6bf511609842c53a458

SHA1
0f29aaa662062da5b726b5f7d58f724b8f23c2a4

SHA256
0bfdcf96050986a018c35146d00fe67372423d59efc5269d1380eee822b5e407

SHA512
387ac78f871f7a14b9d54411b828b1db13dfb8e7557cecc32529302296f28bf6aa242216bc6d9bc7cc4bd7c464584fc4d5b7c4ef5cc07de22c8e371fa74a7c5f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\js\inc\base32.js

Filesize
2KB

MD5
01d0912ea352ac2eac036c14497b84d0

SHA1
419564fb2f87ffe4b863832daa122ade1395262f

SHA256
5e19ffcb5f69a56805c6bb8050049a4e32e287d5894144645e13a2c50d2b5c6d

SHA512
f7e0264c2e78825c85b6b6a6a8416805f1a4367722a543df4b326f087a99f52df32f704bb66d7841fb5ecedebe0a8444577eb381281fbc6e236720d3d8209beb

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\js\inc\bencode.js

Filesize
4KB

MD5
4dd7971660aff54692aac64668174dd1

SHA1
7bd8ef485eba207529d5f2ccc5b19210a81398b0

SHA256
92cb956f87005382a573c10cc167dc9c9ce00a6b05f97a89cece539e7104d03d

SHA512
7d367f6905a2f1d8b438c90e81e94fb6597378de68327cf9af5667f7889536bc4ae5d6e134b1ab3ede2949728a90db8ee4f8b03a0f863f4822e248405fe68063

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\js\inc\magnet.js

Filesize
7KB

MD5
6f335dadd87a8e87b7715ba00578e152

SHA1
54dcd37f93800772b7462659f9c4fe8417eb22b1

SHA256
c14624caa461e8bd0180c8fc82435cbca875ca92009f20ac39b62f4e887e1f51

SHA512
583c48ef6722d39fb01ab04239a59c84873007562cd76697e59323a8e0996b80fea2901804d3b378346f6f12b42fde7f201256a0229de13b2dd57113e820614a

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\js\inc\sha1.js

Filesize
6KB

MD5
a8b95a00931c413aa19d6bd6333904e4

SHA1
711508d16907f3821eb1eda671ddba82164aeaa1

SHA256
df7d7144eee089154e9eac36e2ace84efeee3a4211f59bf0b6d4147a389102f5

SHA512
abc0f500d17e9f217414d8f03d1334f1297a329570567005b3680e464c757c1f664eda2acb47d549fa215c09d7c81fe945df0f29322ef0214ec6d830ae100aeb

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\js\inc\torrent.js

Filesize
10KB

MD5
5bea317e228bcedb99b65b7eb58d1b62

SHA1
998df8f84393f17abe059f297f9ab6c9f7e141f3

SHA256
27b11f49eb3f3f617a0b5f67ba3a106b9f64c7359f02e99edf15cf7277756a46

SHA512
aafe78648a20e73df99d1c9cb54aeafeb389fd6cfadf19c316406e933cae60c5a5bdb866e74c6b76ddffdcc236d30ef249f00c747ad7d6aae2e157619ed704f7

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\js\lib\bootstrap.bundle.min.js

Filesize
76KB

MD5
189f332ecdd3d42e781939666518e92f

SHA1
6584cd9d44d7a886ab89378a34d3ba8e46577124

SHA256
2955219abcb2f853bcbbb5f6fd16fcc8b750b36dc962686279c9523f7a5e2f64

SHA512
7c14c2a5aff0c1811aafd31c1f068d9c7de6de892495a762cba7129836ad147676dd4c9f062930edd0590e77063396d197c9df1bd6a5db7b4d7d6abe32de97ae

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\js\licenseUtil.js

Filesize
7KB

MD5
5dedfa71985c03f53700c1c520c3dbb5

SHA1
f1f13c796fe1dea1549ccb919d8c1943f657587e

SHA256
5a174c6a3b276734ca0cc131e4de8e1e7dc600eaed27429e9bd4e484173ababe

SHA512
5976a10cea385536b00e8a5d99c2018582294c0d5c003ee3889d2cd7ba8b92c0c1359d750bed9583bbe6eb6dabfb0eead09ec83efda0c12e1262b0e152976d74

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\js\start.js

Filesize
10KB

MD5
20b792c44107c48b9495205bf706bdf5

SHA1
8e45bba38713fe72fbdaa0b714b37c4fe92b999b

SHA256
8a902af983020d43c8d2276ed203742c3b309227217de21fcab09e131469fa99

SHA512
293f744ba10b0e9ae8629e409d4cebe3a634b2af8edd85b16d330827d5f43aee542f7a8f4c32c5ee7977d54e597494a52a8f213f719d8809ec8ffb6cfacd34b6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\js\storageUtil.js

Filesize
767B

MD5
8c8c153e144821d1a30bbb7e77c014c6

SHA1
8653daa097b71221e494c17940a1eb5b700befdd

SHA256
77395a5dc0397675a474fb6de87fd8cd3c97ce83a421b08dfdac6d85d7fe1ee0

SHA512
df465f57d6fc6e6374acd8add044eae256668a44e4512389282aabe97e051f74a169283fe5678fabdd5577c1280ce58707701e8951151b0a286949a725b56d40

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\js\telemetry.js

Filesize
7KB

MD5
878a02aecbb427772a505274d1f6bc57

SHA1
0bf2cdc6358c16bfcd62c70d192cfea21ec395c7

SHA256
f14c204d0d4b134066730f62062e82bf9fa7aefd3781d75678545ec1df66b5ba

SHA512
b6b113f29cf5c49a10bcd29a02405f9ab68a6bb38bee1dfe5de8d39f22dca0aea900c9253cda7e48263e965e9ef39d79f1e6d3633e8750191caed366551bcaf7

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\js\trackingDataUtil.js

Filesize
5KB

MD5
b5dcf1afc3418f47541a46b60fa96e84

SHA1
56054806ceba46c7325a4e8bcb44aa5375543d39

SHA256
006895c661f2cc0718eb38b60e0b39022084aa8f45237cd0b19c0379b56acd56

SHA512
1e66324fa6bb517a51f7e434fc885599ee5e872893cea150ea921667d096402bcc3f6a79884c8800f314924af0c8fecae1cd8c4a4016d5dc4b854d7751a4fa43

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Extensions\Temp\scoped_dir1436_1036574023\CRX_INSTALL\manifest.json

Filesize
2KB

MD5
f9c3706cd04adefc6db048f6f832f695

SHA1
ee773368c1c3286beaf8cda3b7f1d666533ff0ba

SHA256
1d1aa881640446540cff4c4426801dccdb8226edb44e5e83d7ffdd9a83a58b59

SHA512
9a2478db5633c159066653490e973a0c9a208739c3053539381d88974f2c60435520961905bb32e85b9d6f750f3f5ad82508979684ff8cbad178d4511f4b5c73

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
364479b578e2b7c81bf45175a0f24fe9

SHA1
d7e8875531b28d545602c0ed8e279049437e556a

SHA256
e849f80a26c2b450e1b0d0bb5966078d6c973cf7f0d9e9656180a1e5592f078f

SHA512
62759807567261b880833d1538200e647b2093a0e8aa35590052f373ad1d173a1f89738a504ee2776ed44496a1174fbfb5c9ce24047da2dc5f5526c36a3dcbd0

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Network\Network Persistent State~RFe5b393d.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9320acb9411939c2083cd5a0e6ad114f

SHA1
b8d2584565ad5fcd34fcfbbf19919bdde8df4fcb

SHA256
6d7cfd277777bb54935d62acd774ec00e625944630b065d74c5329958570dd69

SHA512
4f26aec0cf37071e7b7c39a84cfc32ea8b770f00ac9983d69a5faa9812a14e62d047a9cc014f31d1eb3c7cb098aa5ac829b3165ec9877744c5382c9cfa3a8cf5

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
394aec5375cf9afe266849c2380d713b

SHA1
edef0f22b60ee067934b9d7251719ca782e502c2

SHA256
bad4e77aa5fcd588a1d999a1fe06eeff7d55fc2c21751d7f641b0f13b5663b95

SHA512
b5a9493957a5e0240f7b4ffce825f08b55f3af8efaff58ed3c12cd06235b0964fb32293f8e934bc0dde54139ebfe1ad83347eb749299cc5cb050dde26d503942

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8f1bb986eb974588ccfbd913a883b38d

SHA1
7df8de2541c0b2bb359003a1e174a2245b97f14f

SHA256
8482e73f3a115e1ba83e81eaf1303fa71bfe865b7a6a909209ebb7b3d9db9e7b

SHA512
247a8962e2ef1b303546d6ae453976a4c0246b4dc6c6b717cca01ac61c478177e978125908450a23047e8833bea2625a71f29db2724eb73bf44eaea5ccdc0aa4

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Network\TransportSecurity~RFe5afa20.TMP

Filesize
537B

MD5
3e0e4f05421615d49ebbedc72ed080dd

SHA1
3b00b7fbe55c809e8a02c14b12006a1c1f7c0af6

SHA256
8c89082e684822651911808fa8cc95adbe6593328558406a83b994d5802cb385

SHA512
e9531dc8a66a3f90739f76ace2c57fdd43a6f93166524ed33943e501c3378115a5aa0354d0dd01fe654fd0a7b9c1872e63507e95f72560b4635d07bd2cc81594

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Preferences

Filesize
5KB

MD5
d667b16b00d92c12caa3e341e84755ad

SHA1
180c3900da84f512e7fa6402ea25a149ce8856a0

SHA256
d7bd536672a8eb1b6aed502e758ac00d93037725b51c0e52703b19437ccab539

SHA512
5e19b7b945b4fdb606d398927b160eb37f07e69882694c44f38a4396dc7ea6f4cd6de622035518464102cfe4282c247d3b1deeac65e8c52a6106915fc6933e2b

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Preferences

Filesize
6KB

MD5
cab820809b5dee1710a902de7f2a837e

SHA1
ade6106f3e567e9f61a9c2f0497736edf9024f4d

SHA256
5ae5d91b659ccdc0a4c90868450713b5e138ee22f1ee32c3c67ea8c0bd2957b7

SHA512
c3010dbf6558723ca69b0fe75c070effd0135425caaf2e0ac8e5b491481dfde65a1f835ff0ba367179c030111eee8bc572e93376ebff079f46bec27b82743ecb

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Preferences

Filesize
7KB

MD5
b98e442d7f3fda32d7ea6cd14c82fab3

SHA1
7291ab2ad76849f8a6fd1f88986c3ad1fb6f0dcf

SHA256
5b5137689acfe0491bba605d7782f0ca182573acc1f098a9495225fe2640d7e9

SHA512
634884f6e381b0cd7871b2cd9e1b3655a16691ebee9e153c89f19adb4db9cf7df2c7a1861a0c1a6c2f5bf04f0e8c0bb1ebf3c9357acc6de547e7c0f10fd592a0

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Preferences

Filesize
5KB

MD5
456aba248b9ae7d3f0d86ef9d1cab8ca

SHA1
717ff735797c70747a60e5f0b056301e043c2161

SHA256
698b630492067616d32c12d975ec92bdd9c1bb239ac12b32249052a0057d8b4d

SHA512
aabc30dcdd3dce0403ee3874824dcc26c768d66ae8230b46fdae0697890c6db53a8c6f1654a6b3bab726d77a70e1bcf700d572b7fc7d40e03de0d99436e74893

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Preferences

Filesize
5KB

MD5
1fa685a5ccbd7590a638daf550a5c2ed

SHA1
8068e412d440e37162d1d15f58c8d4209701ee51

SHA256
069a7be835fad81181577b61c0545fd428dea88143f2280700455d2d77c668fa

SHA512
7f2c3f39f5a77fd7c8d11954bb23cd25bde6d0bc2783c32b6a58f47a9968f5b3f8f054e1e7ee9696bf6a36cd8e75e38084b0c1a760a39f78c81804a60f4d5759

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Preferences

Filesize
7KB

MD5
a7e6e3fc58100a5988629e92867ae0f5

SHA1
0217c4f573d7f0636d8e6ae6bf2193c44cc013ad

SHA256
957b0ebad8b5a253e401dcc9fc596fe6f975c79a852ab599951fe46bfcc58cfe

SHA512
d3c661d947814a13f3d752055c85205ed50e7fbebeb466c3ceca1d888dd78558619481b394a8c7775127b76738fb3db4392fc90aebf2501eb7331456ca4c0850

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Preferences

Filesize
7KB

MD5
4e04fc228986b4ec924ccd6c41376237

SHA1
91fe39bdeb2afab17f047dcbe4a81bcbc2329844

SHA256
6273eda7ea1403cdeabba4175e07d7bc5310848378035045ec4a6dc3d08342d1

SHA512
93661f8007ce39ea7b783ccae41f875a4368bc92f499daa7dc96f58cac7288d236fa6e46d72f811f8488bd3951ebfe169fafe447e1654e7d2dc9cd6b6371eefa

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Preferences~RFe5aa28b.TMP

Filesize
2KB

MD5
ff561a6c22360320134148249d7412d2

SHA1
946adb67fa75a667089aec90aa08bfcd1958591f

SHA256
b756f737262a808a06486b70269b68da7e1bc7c25bd7da72f53dd7837af7256f

SHA512
22036a59165b4f1e4a1f35d7df8014de041013934c1ba95eeea4550e20a18597877f07df2518872e57146b59f93008a99b4a9c3075d9144bfa5a3bbbc592e37f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Secure Preferences

Filesize
10KB

MD5
5a2ee727a3f93248c13262ddda39f652

SHA1
78b6a7ffcf364afc74f9d7109ebc7dd9758c3332

SHA256
cca51241de43fcc91b069213cbb578733de3255f49005c21d566bf08e8939dd8

SHA512
b412320739ee2fa55d6e21ee1f730ce02cb36956b0e45929ed3c1f309698b0f8bf36e1d7d85a26c4ac8fda5e232a9fb197a3e327e55ba639ce2d04f95913e8ee

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Secure Preferences

Filesize
11KB

MD5
1b16eafbc0039ef808cc70e950942392

SHA1
5bfc0f7a524eeedddb11c5dccb8760d77444ebc6

SHA256
6a8d926ad5e5390b30a0ecee972bddea54dc2a57ea0833e980f41b32e491a2ec

SHA512
f746bc4887826c99da986df96fcfa738bfab789c17b677a0f35d2d8bcb5a1195fe94989916b800f8c77acce7ff1869d5c2a4a1d9820496533f3bd78c0b4f7791

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Secure Preferences

Filesize
11KB

MD5
5650647f8a5e8b3b0d285d11b309a2d1

SHA1
ba4292011bedee9f21d7a5202f4eeeb3810d7bb0

SHA256
03ab8bb5c30c0f759c58f4d91cc537db8fda64cb6d9a2459c98191000189ec62

SHA512
fbea1daed288d4790f2232bcd0088c87d5a7374f55abd25bc828dd95595ecb895cbec9e51299cdefc86dcfa55421a2cd6a24e3a3f7f03ee7e1baf45ae5d9c7bd

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Secure Preferences~RFe5aca18.TMP

Filesize
7KB

MD5
752bc979b842b52877eb3808ccb007e9

SHA1
3823c872087fb51aca73dd6ae23bcc50cc4ca9da

SHA256
a4aca3536acd45bf108946a1835953b97526a888ff1f171353dc04bbd1c127e2

SHA512
b9c394f73812ced3134b348d4e951574630459a0405e065f4ed904962d25e7cc926fd9f84a74b4ecb59829ead98309670ff06647ae45f6ba7ebf2d58cd302342

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
408B

MD5
49a36b1d5471beec9a66a424e4bb57fe

SHA1
2019fac82a31369d0fe093915439a5003008ba51

SHA256
e191990b6c23d9faf8fb22400e8a345c65a13bfbf8590bc70f08a4f78b4bb5e9

SHA512
9bd8416bd022dcafe2399b3904c8d4be236fc9b3a145f2290e6f45550cce022e922748c91996bbf23b83225592d12123710ffb4e56b9e380903d5646e4be111f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b12b9.TMP

Filesize
72B

MD5
b7709b0aa4dead160df39c890925a231

SHA1
d808f93eb32a318a083216f033493c4097868d97

SHA256
6674a21f7858a89eff9f092c178efe3a037ba49c9cf10e5109212f85c011e610

SHA512
47591e2f555c05fd4761f9e4b985714ecad8a80a61903981172c6ef163e827577b3530f8c4896b338dd52ed5a607ae46a0ec6fdf26a69c078537983f95ebc921

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Default\Trusted Vault

Filesize
33B

MD5
5141ad8f83fa0958909c2bf635840e0a

SHA1
caf2ae38d438c21dbd7713d3e2a45f761da4215e

SHA256
49284bca1535492e98346fb6163adb462a9c4b9714cb283b6b3756f380ccc6a1

SHA512
45dadd2f17101ac576c14cd99d3306db64904466c33f5e16560157759275cb0b2233c1a63a181e7bab7d5a01f973d75fcb9d1c03785eefd5035c064f0faf850e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Local State

Filesize
1KB

MD5
0d0a9e426e8c0d719c93f77a8228a24b

SHA1
6023e8784b97d4696dd5d4c13c4f0cc53e845e38

SHA256
ae11ee4fd30d026cb38c78f9b8c728d779d6c3773d54fd9067e6b87ee8af39df

SHA512
f9276041befd548d9472f55eda5e4f77a7d1585d7986185849638879e073648e71b22033796fa0d848136f4267b519d6a5be86c5cbf5b6fd7f62743b4273f786

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Local State

Filesize
2KB

MD5
2545ac5e45bb0f5489545376fc508f88

SHA1
4f004c69a566231e22199c8780d7481849624af4

SHA256
1e5cf042b543d9a6dcb785e41075f9823e7770877a5bf2ec8a87dafadb4d54fa

SHA512
4a29ca03c9dd4655fa036e60bd3f218bbeb4cba4560a8f32e85acade9fa22f2fecee51ad6f5154f5b268b77c196f239ced2520436ffb86d2f95e1d3e18c57cd8

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Local State

Filesize
2KB

MD5
a128625e6bffbae1b900967cfa2290ac

SHA1
bb33e9b6be8dcbe317aedf20b3082a005a372c82

SHA256
53a0ff123c24f695341a585a93673c019af6aa629b434e8d1b15efdcd018cebc

SHA512
3c2ec1d14a6bd4c7aeffabe8b4a4215999ae830de1802dbb2ff8ad4bac6af47558f0911bb01cf84ac07cd709cbd9164989c3d0dd757250a208b7a8eaa1c5f2a0

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Local State

Filesize
2KB

MD5
9994306958c9fc0090545eda1638e315

SHA1
adf67b0ed5f29430e4847b1dc13304551ba46c0f

SHA256
6d58f94f7a19106fd118af1e5cb5e5d08f20fb5da902862da2fde73e5247db59

SHA512
7faec1a2d9e37a63b82f84a899fe443d26606c3105e8930807d48b0ce89f6b16f7b5b92b975851fe24b0c5283284f9f2ac92dcda658b729d16b19736f3c9317a

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Local State

Filesize
2KB

MD5
256344df5b398fc21b634d919bdcc159

SHA1
558b5bf6df29c0a2d7357024449798a40298615a

SHA256
ab2f51e109c92fd2d8868d02236b81c839ca21df75272ed79d05a1f4bd0ed893

SHA512
14274a996af9ff736192dd9494ed2c8c34183930d25f2541f68739247aaf1c79993b81ea239178b84691116c937b6624c57e8011187f443a16e58efdde741eab

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Local State

Filesize
2KB

MD5
fd035bc0c448886911b2e930ea913f5e

SHA1
04dc7a9aa58b6d679d5b9d288c956db33df5c700

SHA256
b116f69813cd2346762e124c380ff621665e0fa43354db769fb65e88e67257d8

SHA512
7b16d3c137b75fc6160ec52ad110aa58e4163bc8277068c644e623653c0c8e6040959d5c7dd8d6bb1166bb9834901975bb2ae84077cf5c3dbedda77e6dd5611c

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Local State

Filesize
2KB

MD5
6ae15e27ecf1ace9448d00d0f0e8c8c9

SHA1
fe8438cebf139e82f22790d45350bf21512944af

SHA256
50fccf8646a76eac09d5929f31237ce41eb797d4190b7f8e0a26835362a110e4

SHA512
17a2270f5711958746ff5e3ea7622945b86382fc62b59d5d418ce828ef09860fd1dbb5909d476cbf45a6272da5d63422c0a5454aef43765f81aa5384f9b90ae3

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Local State

Filesize
2KB

MD5
c9a9cbf3d49d0c3cca5155de50daefd7

SHA1
fb8f6493c64ad59584223bdfa61e7684ebbfdfd5

SHA256
5619c2729d7e90b22730c6735c5bca77f6e72c3d11b1328f041cdc5476319b6f

SHA512
ecbd6e0841e37f7e140a789201a3b195045474589b18695626b00ce15536404bdb482297a57151e8e188f38ca52bbd2904e17f778fd70001daa013c8bdd13e66

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Local State~RFe5aa579.TMP

Filesize
1KB

MD5
ebf2c0eb6865b87832a7b1ef3095ba18

SHA1
26849ce5010d9a869fcf411937563e295d7aa917

SHA256
5711b3fc21a4b7c25cb9dc4018e2bbbfb9d40ec5d791ba3f099eb44405cde603

SHA512
6f34ff7b448e33d877e7a10161f60f6cf60ed8ededc66f3231164023eb92a838147fa531573247d6824d04ed52bbd315f83abdde8918f8d424634cfda979cbb5

Download Submit
C:\Users\Admin\Downloads\QuickLaunch_Minecraft_Setup.exe

Filesize
1.3MB

MD5
493d945be2f0de91b890ecdc1fcaf7dc

SHA1
97d751af6c4315ce155010c692660295b2dcd32c

SHA256
f4ac4b72deea42287e4c17c9d81893fe8ba863039953d3b2bc072eb9eacb3de2

SHA512
352ff4bc3be1893855d0894eb23fda6f30f496381e3cdcefcdf932aec9773fc0da4869bd0f625f95208b1240b1969d56eca5f7b31fd8d948d15f4efe518bebfd

Download Submit
C:\Users\Admin\Downloads\QuickLaunch_Minecraft_Setup.exe

Filesize
1.3MB

MD5
493d945be2f0de91b890ecdc1fcaf7dc

SHA1
97d751af6c4315ce155010c692660295b2dcd32c

SHA256
f4ac4b72deea42287e4c17c9d81893fe8ba863039953d3b2bc072eb9eacb3de2

SHA512
352ff4bc3be1893855d0894eb23fda6f30f496381e3cdcefcdf932aec9773fc0da4869bd0f625f95208b1240b1969d56eca5f7b31fd8d948d15f4efe518bebfd

Download Submit
C:\Users\Admin\Downloads\QuickLaunch_Minecraft_Setup.exe

Filesize
1.3MB

MD5
493d945be2f0de91b890ecdc1fcaf7dc

SHA1
97d751af6c4315ce155010c692660295b2dcd32c

SHA256
f4ac4b72deea42287e4c17c9d81893fe8ba863039953d3b2bc072eb9eacb3de2

SHA512
352ff4bc3be1893855d0894eb23fda6f30f496381e3cdcefcdf932aec9773fc0da4869bd0f625f95208b1240b1969d56eca5f7b31fd8d948d15f4efe518bebfd

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 67880.crdownload

Filesize
1.3MB

MD5
493d945be2f0de91b890ecdc1fcaf7dc

SHA1
97d751af6c4315ce155010c692660295b2dcd32c

SHA256
f4ac4b72deea42287e4c17c9d81893fe8ba863039953d3b2bc072eb9eacb3de2

SHA512
352ff4bc3be1893855d0894eb23fda6f30f496381e3cdcefcdf932aec9773fc0da4869bd0f625f95208b1240b1969d56eca5f7b31fd8d948d15f4efe518bebfd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\config\enterprisesec.config.cch

Filesize
464B

MD5
84ed9e45a91282deba4befc9a18a0961

SHA1
a0739f66163a6cd393004f1cef11a062015f845a

SHA256
ed7f5020ca8382682d2d0480e784e4a5f4f11197243712b4e0650a85fe45eb20

SHA512
46c34edc4e1523f0429b12434bfe68877d5f543daa3d9f8928934fa60d36a3d4d4a5da18727f9f4ee7fd086ef6c3b0b632fdd982b82de12087b0730e34df8633

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\config\security.config.cch

Filesize
464B

MD5
84ed9e45a91282deba4befc9a18a0961

SHA1
a0739f66163a6cd393004f1cef11a062015f845a

SHA256
ed7f5020ca8382682d2d0480e784e4a5f4f11197243712b4e0650a85fe45eb20

SHA512
46c34edc4e1523f0429b12434bfe68877d5f543daa3d9f8928934fa60d36a3d4d4a5da18727f9f4ee7fd086ef6c3b0b632fdd982b82de12087b0730e34df8633

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\1xntpxza.0.cs

Filesize
43KB

MD5
97d1d7d548e711772ef90b95966d519f

SHA1
4ae045ebbf134e2af5dc169a225d5ff94b0bc276

SHA256
1c27493e00cbb9520835d714a434520411969fc57ccfe910ddaa66b76138f6b4

SHA512
dcefdaf15dc0fee696acff3a87d44ab4e5110d68532a2e89f1078ff85678b7a363589ca9dbe8d1cdb3d8ba283b0f61ec333c820cfd59f3f2e3a3d8996d257f99

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\1xntpxza.cmdline

Filesize
425B

MD5
afb8ddbb0ed54fff4fb94ae80d43d1bc

SHA1
3aa49f4092f6bc6d418f5be18fcb5e5649f67c58

SHA256
fe7246710835d478f8995ef96911d986923ad3e677a6069fde23d2cd42fab55a

SHA512
b1061212987156893ce3dfb557c749fbbf85549cb4f3d01f46e64568908f0452b0ebbf4f00374d460bae5c42a54b62bb1b37ca2cb781706d0e8dde01f57683cf

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC266A.tmp

Filesize
652B

MD5
f84e47cdf109cbea846315d5bff91697

SHA1
bc54227a7ac642d71c21ef2ed3b39a3f2336eda4

SHA256
e53f2698586f84cadf72934bdddd3b6567059d8c9dccbebe7b9fd1aab917e29b

SHA512
ff0803834f03db57df17f6ef0c4b353ab507052bf03a0a89d0652733caa4cb92aae88cc54049855a38dfeffd204c852abe6c36dc874a3996cc70cc745a2ab370

Download Submit
memory/568-1686-0x0000000001AE0000-0x0000000001AF0000-memory.dmp

Filesize
64KB

Download
memory/568-1623-0x000000001EED0000-0x000000001EF04000-memory.dmp

Filesize
208KB

Download
memory/568-1742-0x0000000001AE0000-0x0000000001AF0000-memory.dmp

Filesize
64KB

Download
memory/568-2345-0x0000000001930000-0x0000000001940000-memory.dmp

Filesize
64KB

Download
memory/568-1590-0x000000001F520000-0x000000001F5BC000-memory.dmp

Filesize
624KB

Download
memory/568-1649-0x0000000001AE0000-0x0000000001AF0000-memory.dmp

Filesize
64KB

Download
memory/568-1650-0x0000000001AE0000-0x0000000001AF0000-memory.dmp

Filesize
64KB

Download
memory/568-1684-0x0000000022040000-0x000000002205C000-memory.dmp

Filesize
112KB

Download
memory/568-1857-0x00000000018D0000-0x0000000001904000-memory.dmp

Filesize
208KB

Download
memory/568-1730-0x0000000001AE0000-0x0000000001AF0000-memory.dmp

Filesize
64KB

Download
memory/568-1755-0x00000000228E0000-0x00000000228EE000-memory.dmp

Filesize
56KB

Download
memory/568-1753-0x00000000228F0000-0x00000000228FC000-memory.dmp

Filesize
48KB

Download
memory/568-1585-0x0000000001AE0000-0x0000000001AF0000-memory.dmp

Filesize
64KB

Download
memory/568-1550-0x0000000001AE0000-0x0000000001AF0000-memory.dmp

Filesize
64KB

Download
memory/568-1549-0x000000001E370000-0x000000001E3DE000-memory.dmp

Filesize
440KB

Download
memory/568-1548-0x0000000000F80000-0x000000000121E000-memory.dmp

Filesize
2.6MB

Download
memory/568-1744-0x00000000230F0000-0x0000000023139000-memory.dmp

Filesize
292KB

Download
memory/568-1743-0x0000000001AE0000-0x0000000001AF0000-memory.dmp

Filesize
64KB

Download
memory/888-1622-0x00000000015E0000-0x00000000015F0000-memory.dmp

Filesize
64KB

Download
memory/1044-1389-0x000000001D3D0000-0x000000001D7A4000-memory.dmp

Filesize
3.8MB

Download
memory/1044-1395-0x000000001D940000-0x000000001D966000-memory.dmp

Filesize
152KB

Download
memory/1044-1379-0x0000000001310000-0x0000000001320000-memory.dmp

Filesize
64KB

Download
memory/1044-1386-0x0000000000980000-0x0000000000BD0000-memory.dmp

Filesize
2.3MB

Download
memory/1044-1387-0x000000001C860000-0x000000001CD6E000-memory.dmp

Filesize
5.1MB

Download
memory/1044-1388-0x000000001CEB0000-0x000000001CFE6000-memory.dmp

Filesize
1.2MB

Download
memory/1044-1408-0x000000001E8D0000-0x000000001E8E0000-memory.dmp

Filesize
64KB

Download
memory/1044-1392-0x000000001DDF0000-0x000000001DE5E000-memory.dmp

Filesize
440KB

Download
memory/1044-1393-0x000000001D8E0000-0x000000001D8F2000-memory.dmp

Filesize
72KB

Download
memory/1044-1394-0x000000001E050000-0x000000001E140000-memory.dmp

Filesize
960KB

Download
memory/1044-1424-0x000000001E860000-0x000000001E86C000-memory.dmp

Filesize
48KB

Download
memory/1044-1407-0x000000001FC10000-0x000000001FC9E000-memory.dmp

Filesize
568KB

Download
memory/1044-1406-0x000000001FB00000-0x000000001FB7E000-memory.dmp

Filesize
504KB

Download
memory/1044-1405-0x000000001F980000-0x000000001F9F0000-memory.dmp

Filesize
448KB

Download
memory/1044-1404-0x000000001F8C0000-0x000000001F909000-memory.dmp

Filesize
292KB

Download
memory/1044-1403-0x000000001F890000-0x000000001F8AE000-memory.dmp

Filesize
120KB

Download
memory/1044-1402-0x000000001F2B0000-0x000000001F86A000-memory.dmp

Filesize
5.7MB

Download
memory/1044-1401-0x000000001EBA0000-0x000000001EBEE000-memory.dmp

Filesize
312KB

Download
memory/1044-1396-0x000000001E140000-0x000000001E44E000-memory.dmp

Filesize
3.1MB

Download
memory/1044-1398-0x000000001E4E0000-0x000000001E542000-memory.dmp

Filesize
392KB

Download
memory/1332-1516-0x0000000001180000-0x0000000001190000-memory.dmp

Filesize
64KB

Download
memory/1436-3973-0x00000200C6600000-0x00000200C6D29000-memory.dmp

Filesize
7.2MB

Download
memory/1436-2989-0x00000200C6600000-0x00000200C6D29000-memory.dmp

Filesize
7.2MB

Download
memory/1472-1748-0x00000000008B0000-0x00000000008C0000-memory.dmp

Filesize
64KB

Download
memory/2040-1805-0x00007FF8CEBD0000-0x00007FF8CEBD1000-memory.dmp

Filesize
4KB

Download
memory/2376-4201-0x00000222D42E0000-0x00000222D4310000-memory.dmp

Filesize
192KB

Download
memory/3592-1586-0x0000000000640000-0x000000000064C000-memory.dmp

Filesize
48KB

Download
memory/3592-1587-0x000000001A070000-0x000000001A090000-memory.dmp

Filesize
128KB

Download
memory/3592-1588-0x0000000000B70000-0x0000000000B80000-memory.dmp

Filesize
64KB

Download
memory/3592-1589-0x0000000000B70000-0x0000000000B80000-memory.dmp

Filesize
64KB

Download
memory/3592-1741-0x0000000000B70000-0x0000000000B80000-memory.dmp

Filesize
64KB

Download
memory/3592-1740-0x0000000000B70000-0x0000000000B80000-memory.dmp

Filesize
64KB

Download
memory/3696-1416-0x00000000008D0000-0x00000000008E0000-memory.dmp

Filesize
64KB

Download
memory/3972-1685-0x0000000001450000-0x0000000001460000-memory.dmp

Filesize
64KB

Download
memory/5304-2033-0x000001E76D4D0000-0x000001E76D500000-memory.dmp

Filesize
192KB

Download
memory/5336-2034-0x000001B991F60000-0x000001B991F90000-memory.dmp

Filesize
192KB

Download
memory/5856-2540-0x000001981D360000-0x000001981D390000-memory.dmp

Filesize
192KB

Download
memory/5876-2167-0x000001666A3D0000-0x000001666A400000-memory.dmp

Filesize
192KB

Download
memory/5952-1953-0x00007FF8CDBC0000-0x00007FF8CDBC1000-memory.dmp

Filesize
4KB

Download
memory/5952-2032-0x000002002B470000-0x000002002B4A0000-memory.dmp

Filesize
192KB

Download
memory/5952-1949-0x00007FF8CEAE0000-0x00007FF8CEAE1000-memory.dmp

Filesize
4KB

Download
memory/6204-4215-0x0000022F015F0000-0x0000022F01620000-memory.dmp

Filesize
192KB

Download
memory/6212-4205-0x00000257D4070000-0x00000257D40A0000-memory.dmp

Filesize
192KB

Download