eternity | c154ec2d62ecbdab62fd4fdf97157ff93efbc1640871a68bca38e43dad55d2b4

Analysis

max time kernel
307s
max time network
388s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
11-05-2023 18:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WLAN Optimizer.exe
Size

106KB
MD5

e998f77c0943056319a6a46c330606a4
SHA1

f69f38d17a6b97d75a479d584d07e49fa43bf29d
SHA256

c154ec2d62ecbdab62fd4fdf97157ff93efbc1640871a68bca38e43dad55d2b4
SHA512

484424d5edb1574e0f5aef981995dc852ba277a3dfbeb9542aabe56cf4b8a7df8e4a75742829399d63278d328616f39d8df780f1e57f89930848515b228dfb28
SSDEEP

1536:5/tmdEb3KQHXPUel8WV17Mq4ahXu/nNPzzlK9HXXCUc1Wm/nps8F7Yq8Ih:3mMvqq4fnNQXCrWm/npsMp

Score

10^/10

eternity persistence spyware stealer

Malware Config

Signatures

Detects Eternity stealer 3 IoCs

stealer

resource	yara_rule
behavioral1/files/0x000500000001a4b0-634.dat	eternity_stealer
behavioral1/files/0x000500000001a4b0-635.dat	eternity_stealer
behavioral1/memory/2928-636-0x00000000012F0000-0x00000000013D6000-memory.dmp	eternity_stealer

Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
eternity

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amax Client Freezer V.21.exe	Amax Client Freezer V.21.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amax Client Freezer V.21.exe	Amax Client Freezer V.21.exe

Executes dropped EXE 2 IoCs

pid	Process
2928	Amax Client Freezer V.21.exe
540	dcd.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2572	2928	WerFault.exe	56

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies registry class 24 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\sql_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 03000000020000000000000001000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\sql_auto_file\	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\sql_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\sql_auto_file\shell\open	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\sql_auto_file\shell\open\command	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 02000000000000000300000001000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\0\0\0	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\.sql\ = "sql_auto_file"	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\sql_auto_file\shell\edit	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\sql_auto_file\shell\edit\command	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\sql_auto_file	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\.sql	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_Classes\Local Settings	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\sql_auto_file\shell	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
2232	chrome.exe
2232	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2492	rundll32.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	2000	WLAN Optimizer.exe
Token: SeIncBasePriorityPrivilege	2000	WLAN Optimizer.exe
Token: 33	2000	WLAN Optimizer.exe
Token: SeIncBasePriorityPrivilege	2000	WLAN Optimizer.exe
Token: 33	2000	WLAN Optimizer.exe
Token: SeIncBasePriorityPrivilege	2000	WLAN Optimizer.exe
Token: 33	2000	WLAN Optimizer.exe
Token: SeIncBasePriorityPrivilege	2000	WLAN Optimizer.exe
Token: 33	2000	WLAN Optimizer.exe
Token: SeIncBasePriorityPrivilege	2000	WLAN Optimizer.exe
Token: 33	2000	WLAN Optimizer.exe
Token: SeIncBasePriorityPrivilege	2000	WLAN Optimizer.exe
Token: 33	2000	WLAN Optimizer.exe
Token: SeIncBasePriorityPrivilege	2000	WLAN Optimizer.exe
Token: 33	1460	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1460	AUDIODG.EXE
Token: 33	1460	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1460	AUDIODG.EXE
Token: 33	2000	WLAN Optimizer.exe
Token: SeIncBasePriorityPrivilege	2000	WLAN Optimizer.exe
Token: 33	2000	WLAN Optimizer.exe
Token: SeIncBasePriorityPrivilege	2000	WLAN Optimizer.exe
Token: 33	2000	WLAN Optimizer.exe
Token: SeIncBasePriorityPrivilege	2000	WLAN Optimizer.exe
Token: 33	2000	WLAN Optimizer.exe
Token: SeIncBasePriorityPrivilege	2000	WLAN Optimizer.exe
Token: 33	2000	WLAN Optimizer.exe
Token: SeIncBasePriorityPrivilege	2000	WLAN Optimizer.exe
Token: 33	2000	WLAN Optimizer.exe
Token: SeIncBasePriorityPrivilege	2000	WLAN Optimizer.exe
Token: 33	2000	WLAN Optimizer.exe
Token: SeIncBasePriorityPrivilege	2000	WLAN Optimizer.exe
Token: 33	2000	WLAN Optimizer.exe
Token: SeIncBasePriorityPrivilege	2000	WLAN Optimizer.exe
Token: SeShutdownPrivilege	300	chrome.exe
Token: SeShutdownPrivilege	300	chrome.exe
Token: 33	2000	WLAN Optimizer.exe
Token: SeIncBasePriorityPrivilege	2000	WLAN Optimizer.exe
Token: SeShutdownPrivilege	300	chrome.exe
Token: SeShutdownPrivilege	300	chrome.exe
Token: SeShutdownPrivilege	300	chrome.exe
Token: SeShutdownPrivilege	300	chrome.exe
Token: 33	2000	WLAN Optimizer.exe
Token: SeIncBasePriorityPrivilege	2000	WLAN Optimizer.exe
Token: SeShutdownPrivilege	300	chrome.exe
Token: SeShutdownPrivilege	300	chrome.exe
Token: SeShutdownPrivilege	300	chrome.exe
Token: SeShutdownPrivilege	300	chrome.exe
Token: 33	2000	WLAN Optimizer.exe
Token: SeIncBasePriorityPrivilege	2000	WLAN Optimizer.exe
Token: SeShutdownPrivilege	300	chrome.exe
Token: SeShutdownPrivilege	300	chrome.exe
Token: 33	2000	WLAN Optimizer.exe
Token: SeIncBasePriorityPrivilege	2000	WLAN Optimizer.exe
Token: SeShutdownPrivilege	300	chrome.exe
Token: SeShutdownPrivilege	300	chrome.exe
Token: SeShutdownPrivilege	300	chrome.exe
Token: SeShutdownPrivilege	300	chrome.exe
Token: SeShutdownPrivilege	300	chrome.exe
Token: SeShutdownPrivilege	300	chrome.exe
Token: SeShutdownPrivilege	300	chrome.exe
Token: SeShutdownPrivilege	300	chrome.exe
Token: SeShutdownPrivilege	300	chrome.exe
Token: SeShutdownPrivilege	300	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe
2000	WLAN Optimizer.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2000	WLAN Optimizer.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
2000	WLAN Optimizer.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe
300	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2708	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 836	1500	wmplayer.exe	32
PID 1500 wrote to memory of 836	1500	wmplayer.exe	32
PID 1500 wrote to memory of 836	1500	wmplayer.exe	32
PID 1500 wrote to memory of 836	1500	wmplayer.exe	32
PID 1500 wrote to memory of 836	1500	wmplayer.exe	32
PID 1500 wrote to memory of 836	1500	wmplayer.exe	32
PID 1500 wrote to memory of 836	1500	wmplayer.exe	32
PID 300 wrote to memory of 916	300	chrome.exe	33
PID 300 wrote to memory of 916	300	chrome.exe	33
PID 300 wrote to memory of 916	300	chrome.exe	33
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 868	300	chrome.exe	35
PID 300 wrote to memory of 1324	300	chrome.exe	36
PID 300 wrote to memory of 1324	300	chrome.exe	36
PID 300 wrote to memory of 1324	300	chrome.exe	36
PID 300 wrote to memory of 1812	300	chrome.exe	37
PID 300 wrote to memory of 1812	300	chrome.exe	37
PID 300 wrote to memory of 1812	300	chrome.exe	37
PID 300 wrote to memory of 1812	300	chrome.exe	37
PID 300 wrote to memory of 1812	300	chrome.exe	37
PID 300 wrote to memory of 1812	300	chrome.exe	37
PID 300 wrote to memory of 1812	300	chrome.exe	37
PID 300 wrote to memory of 1812	300	chrome.exe	37
PID 300 wrote to memory of 1812	300	chrome.exe	37
PID 300 wrote to memory of 1812	300	chrome.exe	37
PID 300 wrote to memory of 1812	300	chrome.exe	37
PID 300 wrote to memory of 1812	300	chrome.exe	37

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\WLAN Optimizer.exe
"C:\Users\Admin\AppData\Local\Temp\WLAN Optimizer.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2000

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1880

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1460

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
1⤵
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
  2⤵
  PID:836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6379758,0x7fef6379768,0x7fef6379778
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1304,i,13692030276253146378,3003647837812347972,131072 /prefetch:2
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1444 --field-trial-handle=1304,i,13692030276253146378,3003647837812347972,131072 /prefetch:8
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1304,i,13692030276253146378,3003647837812347972,131072 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2192 --field-trial-handle=1304,i,13692030276253146378,3003647837812347972,131072 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2224 --field-trial-handle=1304,i,13692030276253146378,3003647837812347972,131072 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1336 --field-trial-handle=1304,i,13692030276253146378,3003647837812347972,131072 /prefetch:2
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2652 --field-trial-handle=1304,i,13692030276253146378,3003647837812347972,131072 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3916 --field-trial-handle=1304,i,13692030276253146378,3003647837812347972,131072 /prefetch:8
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4036 --field-trial-handle=1304,i,13692030276253146378,3003647837812347972,131072 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3900 --field-trial-handle=1304,i,13692030276253146378,3003647837812347972,131072 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4508 --field-trial-handle=1304,i,13692030276253146378,3003647837812347972,131072 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1304,i,13692030276253146378,3003647837812347972,131072 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=1304,i,13692030276253146378,3003647837812347972,131072 /prefetch:8
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2332 --field-trial-handle=1304,i,13692030276253146378,3003647837812347972,131072 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1304,i,13692030276253146378,3003647837812347972,131072 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 --field-trial-handle=1304,i,13692030276253146378,3003647837812347972,131072 /prefetch:8
  2⤵
  PID:2856

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:844

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap13907:100:7zEvent9663
1⤵
PID:1124

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1176

C:\Users\Admin\Downloads\Amax Client Freezer\Amax Client Freezer V.21.exe
"C:\Users\Admin\Downloads\Amax Client Freezer\Amax Client Freezer V.21.exe"
1⤵
- Drops startup file
- Executes dropped EXE
PID:2928
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2928 -s 1552
  2⤵
  - Program crash
  PID:2572

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Downloads\Amax Client Freezer\AmaxCheats.sql
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:2492
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Amax Client Freezer\AmaxCheats.sql
  2⤵
  PID:2076

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Amax Client Freezer\AmaxCheats.sql
1⤵
PID:2504

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Amax Client Freezer\AmaxCheats.ini
1⤵
PID:1956

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Amax Client Freezer\AmaxCheats.sql
1⤵
PID:2760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6379758,0x7fef6379768,0x7fef6379778
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=1260,i,16792363720724022400,11853993126606709489,131072 /prefetch:2
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1260,i,16792363720724022400,11853993126606709489,131072 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1260,i,16792363720724022400,11853993126606709489,131072 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2316 --field-trial-handle=1260,i,16792363720724022400,11853993126606709489,131072 /prefetch:1
  2⤵
  PID:604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2324 --field-trial-handle=1260,i,16792363720724022400,11853993126606709489,131072 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1180 --field-trial-handle=1260,i,16792363720724022400,11853993126606709489,131072 /prefetch:2
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1488 --field-trial-handle=1260,i,16792363720724022400,11853993126606709489,131072 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3824 --field-trial-handle=1260,i,16792363720724022400,11853993126606709489,131072 /prefetch:8
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3840 --field-trial-handle=1260,i,16792363720724022400,11853993126606709489,131072 /prefetch:8
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3608 --field-trial-handle=1260,i,16792363720724022400,11853993126606709489,131072 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2596 --field-trial-handle=1260,i,16792363720724022400,11853993126606709489,131072 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3636 --field-trial-handle=1260,i,16792363720724022400,11853993126606709489,131072 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3420 --field-trial-handle=1260,i,16792363720724022400,11853993126606709489,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2708

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1012

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
c6e4431d295a1842fea0a903fba97f96

SHA1
b61072829b60b8e757f84812d1e44ce318b8eb12

SHA256
775ba22acda7362b3b8913914d10b3df1610e9ef9e11619c36c6607811bc9f93

SHA512
15761feea1df597afc51529909961187188ce64601193513ecbe41bc8b22fb5877d48a8ce85ce45fb874c8ac51049bfb1eb6cff16164104bc53cbcc38737f5b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
ed4ad79bfdc1a5498999207460c293cf

SHA1
7a8f8603e07ea348f5efa5ef70cb3ed564b9e64e

SHA256
e936de4d249a1b322b308d33560d30391ce5c733ad87abcaacfc4638696d40eb

SHA512
4e8792aa3cddd4caabe908e78cbe2865762a5b9ac42b84a99d5c0b83e98acf0ca8a40c6669329f7c5e779c7de002ecd45f51ea9cb26d9be4aa2f75d0abf81009

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
a8b8700d73edc7b0960b931ada0a2f85

SHA1
eae7e4d4421bf88ab8dcfdd5385f6da6b113f8fe

SHA256
d6e8c2f8e336658e9e3161e7bb4a6d455deb59ca612cd5ec4c5a9986678f402b

SHA512
febef9d41663cd8f986959bc58f3e7ea866e28363a0ca44c6c59e4436d595b50668135ad6f0cbfefc1152b3c526d6a22ee93755032eff356083210e260d2097d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
ad6d5f41c660edd5dd8578df49e1b3eb

SHA1
dd8dbf720af4c53281bd8503629b3db0cbd8cd38

SHA256
d4fdde3080f3c3489644f5b8daccc284b606644bcd0046d4ff3aa0eea50bf2b8

SHA512
d61d4cac2246a511ea54248bb2a9f18593559298c28e51c88a9d2dd93b9cce0886603d5e62a9e1edab5ec6a66b4588315c762cab4a397022bf3b94e50d0d45b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
2442fb86696323b4d86547fcd0c06468

SHA1
4fa6075e113865d57997fed98e7534358dd6df1d

SHA256
7ace59fbc162d1dcc3cf77848733a8e392935ca527375c82dbcc7d741ad694a5

SHA512
57646ad96a1bf2078f2b952463b515137bf3d67f9b620e118afea1989e42bea9729a5437d6cada4de5c402c96198a580d1b5a9ba397e76ae7b3c9b1b0230ea26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
32KB

MD5
4489b7800f8a35da4cabf6c434f5d73f

SHA1
2f0be7df282de6429e4d776e905ef616de023efe

SHA256
b2660a0a37a677b532a99a55c49c6991d757ae30c608da03940c2b7236233743

SHA512
70ec5541bda5f918022f79e37ba035fdea6e248368b159e5334eb82efe7bd08ff6d4bd1c12681bb99dc5fc2b7a5b539ae91ec783644d160a4f2e7b6b102c8af8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
38KB

MD5
2aa6f8db72b0cc8caf253e34e73de3c0

SHA1
d0c2957a1d5a78116999d507be79b7aefbb6da18

SHA256
9c192e220654d25ba1a8348d11eb54b0fbb601539a3943521d8dfd235cbd3b2e

SHA512
266af093ac410e6202b61f150fb16545074cc0acdc2adcd52bc4ceb91f9b7fcda112aafc6ec933fa4f38fbf246790003415905b92ad12549c6a4234dd4190dd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
41KB

MD5
86a123d1d13c120f51bd66051b5d1457

SHA1
5cd5fcbbdeb944b403306f59b6076dc767f3861e

SHA256
ea34cbe533d6a915e4cc093bf6ab8fba0989710864d4ef4bf83af0d3734f7bc4

SHA512
d4cd5cadad4216e4206e5621aa915f2cd10f3f890b854d99705c2fe7a98596d0cce38d0bc6a37c2b2b3f376d249871e275cac0bf5cfa067218d403d618978458

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
161KB

MD5
d0689623f131fcb540b6b70ff1c8b55a

SHA1
50726cae90a7d1cd36246d1d929a2ab77a785de6

SHA256
345aa90fb35c263b36c1fbe3dbe0d4151029eb80bebb0b759b5344960e950883

SHA512
e7ba0546266d2e798912cae355aad65b73fa8c108349ea73074700701e55617c46a49edf531e2424a98aee1d85ce340ce94def0b121eaa191c0e510074fe58c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ee772072efaabcff0368e94c1397982d

SHA1
c4657ee0a3a7f5e77e649a3e17728030339222ee

SHA256
6f67ba6cb1f8bc0c0b18891aeacc0536db4cd0822f6cd9d3114dbaf1220dac63

SHA512
456fc3e948740f70e7905d1571ec299cabf6a7c5e486e8c741519af1da791552874c451f3650894b8b8f7afabba424e721c03a6b28c4a316c90a5fcd5f657111

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a4fb798362fb66b6648565262f185cde

SHA1
9bca5dcf077c43754e29811376e48f37f9f78516

SHA256
a5c3fd160e1a69aa39f7678a5aebd06d5933621769265913602748616a278dcf

SHA512
d0338e08debcaec751d2f977355240c1c8878ef5fb3917da04266a4e6c6ab65dfcfe4933a4897f4553d60464ed22174415f20cc202cb653d60925187f34043e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cbb8f51afddd2f2036069db4a5745340

SHA1
02a61e4d91a83942c5959b28db27ebf95bfbbf69

SHA256
7183de43b921a941251d367d790dd995cf50c0d5c896c696f656da02eb2503e7

SHA512
02b920823b741a3bfb9df6b21dc0e8d342440d29d281a86ce0c5c3246e3aa491f373b0217eddf0e5ead3164d3442a8ba7ef02c49b1824a13a5fd265fe1cd80c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
ebfeef9fdf2ec21c1d90cd332777f05e

SHA1
a7a17b9695c145a020f22a9010a5fe8219b25c58

SHA256
62fd827ec4e949efe289a4943eecb553f7b2520952d170b6d566db3c2f2ec44b

SHA512
5a42bf3cd56d3b389a41221d52e746b7dd13e6d89e38171b165369c276807d8d8395eeec54ccc921efd4a12b2286015305eec6da7ecf146bcfb51fa0c1c9608e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7d1e978cc9cd8b6167bc8885c3e0b485

SHA1
ae224a07eab882d4647d8052ea0a18e310ed205e

SHA256
fd5bd8b7210eec9b8d652ddbc38b84cfdece9c4e1481b69a632fa39920098d27

SHA512
693e088c05fe4a74c9a50f31702766050597f5d9644e8175a43b17e6b0bacbd97cc7864d4c31f3cc717ebfa3631feff3ef627ab5b51971b3991b9223527068f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cdd828b46534345e081443437edf394c

SHA1
9e5bf666b91877da0b4b72309585f5bd69b48c29

SHA256
ae750fed79c412a03296a088661b5f49eb35949b39450dc87e8d1ddcbab89d38

SHA512
5ca5e9164e5c56721e42a6d8e026a44c44cef2f93666b1da548cca08ccd3ec282012731d0541f8e09ec4065ab4e01c07a0014562231ce922a973e2e034600e2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f863adbfffd444b91096910960a71888

SHA1
77b4b27a737fc44307630c2b5387ddc9431974d5

SHA256
ba78305b8d09231bcdaa7dc09fd0dc49af05925930ab29329d0a30da580def2e

SHA512
018599bd583a0e8c8efd3f2031458d547d0191dbefdc6369f59eeb39ffeb407bddb1244e61dc119953ba350c6a72231925c111918cf031124309c603b63d2aca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
247B

MD5
fcbea39370ee94b4fdd698a70c65088c

SHA1
44e31aba17ce758b3d2a26c196d2c48f7f68e391

SHA256
059f165f49c8e750b76fcffe33f2ff148192d7b51ca568c8c805b71dec86241c

SHA512
f26db11ec3826b608310a06473a56b967bf962ff3e8049f925a4fd86abc188d70cee8c9a0c79864e236d18e54a8d6f4ed46e677fdf9bd8aee7c38c2460b00809

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
577212c4b216fc29a5a35fa915295978

SHA1
3fd1f98fba9f63bb6535e654c84949ef49b32354

SHA256
e05bc8a70bca38c65fb1ddbe2adea097b06678fefd9183269159c247c2380b68

SHA512
af8e115d4a13f872d78c721ad4f8454365a27b6ec7f53eb76f375fbe5e4ca61303d14cce5da3858880faf78a8ce623656680ad0b44a28651c69c74b42fe687bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT~RF6dfbae.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f863adbfffd444b91096910960a71888

SHA1
77b4b27a737fc44307630c2b5387ddc9431974d5

SHA256
ba78305b8d09231bcdaa7dc09fd0dc49af05925930ab29329d0a30da580def2e

SHA512
018599bd583a0e8c8efd3f2031458d547d0191dbefdc6369f59eeb39ffeb407bddb1244e61dc119953ba350c6a72231925c111918cf031124309c603b63d2aca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
3686e91e38166600fc2124b62b4aa602

SHA1
767c7c42f550f42aa8533ef7d180a13fd7d54a2d

SHA256
3e96e1954c383f12e10c4457c351ee6d8c937660f9c592c63772f6e5f57af407

SHA512
3e149ab7d7ad6feb6df52ecaccefdfb86c8251ea9e0c0fa2ffd6892dee3df4d9689e3847a46d1f72e16873bb003a985efd6aed16febf009ef1e662715f905aea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
6ee12262f023d44ff01c961dd596d0f7

SHA1
459c56278b6bc818a4701de8a89a3b7a56655d2f

SHA256
b0434b8ccb69c49cf1c7989ca64b204e5b8e7d934f18ddb46a409705f7133608

SHA512
344a515593cafe46707f6d55312f7299ffb6ed66744cd4ea1e821316fe62fc72b5b20a59882da7cb49b4688842a2b7e5071f03e625477e5b69d760523efbe86d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6c91777fb3cd2c06bc59717531a38d4c

SHA1
858e0ba7141322190a2aa3b52a82e961d002e4c6

SHA256
0fa2e0f573f8bd2d1e376c33f559ec36dc8eedfe6a4d9fbe4e659752f4f97130

SHA512
5dcbd206729fed4ae8f602ceb4eb627ee745b959337ea91bb0c5ab8346dbf3f2ae7e5702947d25b37537a89527584bd3bae61298b4b3e8b71c7c02f68b78f65a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
13d2531d3770f3e1e3e7d49064462cce

SHA1
dc5e672b76db29c8361efbd766ff4bf17efae69b

SHA256
670a08fda1123dd61707b4c0cb8a4fd450cb44dd56fab1441a02bc5c730bdf6e

SHA512
e9978c98f460f2bfce64013224698cc75091131b8ea826010951547a015e08d0aa6b63a4c6902cf138669d6b696736f79ca39bcd302d2cfb6f8f35b7f432037e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
0ce87ebda627bdb86714371c9215c775

SHA1
7ae903ec4b0d45de9ca43dc3e2ac443782b4f1de

SHA256
c98265d54d52850e8f731716fd30013f7edc501773c68cddcd352ee2f6f05eda

SHA512
4d838b23226282de48bd81694af8b351ed05ec8d44dbdaf68cb42697c932c8786ac6a752145edecf553ec4ec7c4a17bbc0b7b2b1bbab0e8b905f3470affe17cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fbe5c10d0078b9e3e57ed97e30720e06

SHA1
87ec1ba226af594acf25055f5c12a5cc4344fea0

SHA256
808981041dd47533dedff9027cd727a016b604f55b02d9fbfc7dab0c89aa7e1e

SHA512
45ad7aaeb5b7f9d1989ded81468c2080a3a336bf652098053a6613612e6f264bb45c27f836f60607bed63e55ad76b7b25c7719ea8eb7cdcb4710271b3c05db30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1ff6db4dec26777ef93f6d3a4393d652

SHA1
04937af5eb961eeb8a4cf380c9d2bc396f3a47f6

SHA256
0a976615e6f6149a57bd257271c9ccbba86160fcb89edab4a4db4f103fa507a2

SHA512
8858ee8f9c064454810da4119fcd3671537e1a376b8976aa3b1bedd2d2940aa0ecd811b2d8e2ba3d935d4749249de15b845bb6aef3e2953c5f3dda4b35767071

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e8f188129954e7f3fa8f23d3cf2b0dcd

SHA1
3dab0dce19d23b118b29ea5ac6fa5cdab13f1554

SHA256
137361d530e40aa53a0b36dff15e0b8bb5b5c93a801a5955b7e91a5f1e858f47

SHA512
da825bbc65fcc15a5675e9dff9fbbd946cc0b8a332f73aa63410d755336a2b8d90b5e429d8745c5ca265ab7fdd9a8193ddbf544231745afacbbe2cc734473d7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
680d5c6d0d5b508921fc8e7d7f021f76

SHA1
df1a9d17beca8c8f0c1f315ef9c959e9394e7594

SHA256
0b218c6f841e506d6283d3d63ef5e4846af0d87ce449e328242eab57c3b68053

SHA512
9fd3d97c7b02573d9dd7e44563a5400325de9345301a298ee49d91cd297105baafe3d1b73a7c07f28d53ec042f9a4cd25a1794e4fdb8e4e3d40fb3c8f4349123

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e2a9625c083864ecd8f98fbcf99854ed

SHA1
226273575b508816ea71d6d991e2bd11c89aa8b9

SHA256
8a06faecf4c5c4ad6c07d00192adc2152ad06ad8b1a79eb14233c0dfc997f8a2

SHA512
8e5d6b3f0dea3cc0774208df2d84729108dc8156df37dbb31a81fa87086c222d68b081c0b9bece9f4369fd3037d3e919b8e25f7bc87ce5d5fc370d3538efe3dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
83ec2224481184c975a57f5dc9f4d796

SHA1
80374f93ab5ff0e6ce43bb60abb2124fe81e46f8

SHA256
a22f3b3e6426f7dff55cda96ffa92efa66352de3119ac1f66fbd08842d9ac374

SHA512
614b5f3e543127fc6603b9d67d63b7fe4a1bf7f5d6ab04219c52cb27b05b74836bcbdb99a508b456928715310bc97991bdaa615c67149e02454571d14c9bee16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ff9a931dc039c14a2f834a6e0e42d675

SHA1
f1b47a970cef1928af6641cbcb1c62b745d93044

SHA256
b761e63e17b67eac2b03715161a673d619944fd0588da851f86fdbc1f6021ab5

SHA512
07fd7c552c73051ac9d6f81ff4514ced628a035a83562b113661e1542aafd66749a30dd20d046ca9e564950dace127d1350015493e9255713e5346d022c50feb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
86559dcbb470390d898f5c8b447fcd39

SHA1
ba677849710c38af2dd3f74a997539c8bf52c828

SHA256
8d5a5312c3aa24b4595d3ef0dce8e37fc8175424ea0bfa85bf71be8021d06390

SHA512
884583e5e6b89005ecca722ec202ae42374b9c418fe13e312a957d919e61273472980e276f1cd9863499d7b2603802e82f2d8e16fa6d6fa97e7bab20543201bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
125d86662cf92114f8765833514d5cb0

SHA1
b2d06c3520464c32c82e9cf65307898fd736c69f

SHA256
a167cf3a90f7cb891c9d9dcafb1cce7e9507ffe954d044874395166973a35819

SHA512
b7172db8b38ab3c19b709701af5540e345436d35ff09f1c95bdc82d873e57e626558e5a62fc63b1150382810d357f7943ed802f33d5e62575f7901bddb6c1336

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7b0135da15539e0d68b4e167ae18dc05

SHA1
fa328076d414c5552e86f7b2a68251bfa0865773

SHA256
609ca13f2793487cc9545fe7e0e003a8337b3f4c1bd1513d621931e60f98851c

SHA512
49e1aa2cfc748e9b70cc2afd417faa4884679d514d930ecc94cb2a40bf16f9d2ac394a7e3292e66e7a26063093efb0c2391b4da1fe1ef46d896a10483f2d5590

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
97ea72e2560c96ad7c3e0a3eb54fc139

SHA1
3e2fae1f0a7b731972adb1e17799fd6a35dd6bf2

SHA256
5af7c417fcbbf5e34a20824202c75e58ddc98671ee8bff8dd948cc6643c2bf2c

SHA512
66039eb7382020989348bfb5a9c7fbb9255fdd654f3f1c354d25200e0e63cbff99fe1fea4e2ed1bea7a5fb19bec5f20a9414d26a7ab81d7b3368ac1f93f66fe1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
27b179a94cdc6941abf9d1e11679c744

SHA1
30620301a5f8ed96bf96b05c3a9ece681c622b99

SHA256
82138fad325a8da705fc5aa670bb311e929c6a4b1e1e5b1cfb39076b05a8e8e8

SHA512
97b6679f6f5ab3154d0d09632e12944e2b2bd1515588642be1de11c2fa619cfb28ef9ebe8229b654c36e9119dfe13f386b6a53a000d4b6a0c5e4e6eeea07c1fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
8250d0f5c3c52e9dcce6b561d9d4aedb

SHA1
8d7f993d312ac691c9968d37f31da05848650716

SHA256
d370d24f0ba4eb61df861d0eb082f6e40459db2f5fe60ccb6a72abbf6306d757

SHA512
74023e3e5a1ccf3c4ddfbbc6ef465928d04416f68d788c0ef40da46ad502b96c1d7c31842b764905ef74be2f935f3f072ee13e9a2e7d0b08c3a7a4c500fe9842

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
4c72d5dc5cd6c8f234927232afcca36c

SHA1
8f110cb7694d92209ca5599d01ae4bbdf29cf7a8

SHA256
e8b3771a60461e205ff3654089021ef678ca5323561b28285a5742708dafb3c5

SHA512
12f6ff73f5faba70a3aafe30cc21030c4aadd2a9d3ff10c332e9bd21d10ed3ef3b9fbd7c836a2148cdeaccd3a7dedc90e707646470c38feecb47e4088d905c97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
e49137193e7c77fb8b28cd65338f8120

SHA1
264d096e252d166c19c511d7a9f699f4177d7ba9

SHA256
b1ec1b1d3650c2a105d26ef082df99b049bac70a238646f0ee724458804119d6

SHA512
dbe902043210fbac1acf2998d28d071475fcb6098116860eabba5bfc6ee7eacf6bd7a23a1dac5ad81d59b8c33ce8633b5289b8d4296502a72a2b4f30a20a092d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4decb94d0d1eddfaeedb1f9dce072459

SHA1
3324e85ebac8f33dc2e80133430128970babd7a7

SHA256
63b2ea1b0910adaa96b64af0fa87b567dfa4d8b7eb3f6f1f0ff74bc3c265a6e3

SHA512
c4abd48f540f9f00e3391392354c82863913d4414d5b875734e4745a61b4c05d38ff2c77af1a3aef0a4161682d64692a4d13783b969a1aec9c4213f3e6328560

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000006.log

Filesize
1KB

MD5
4e2db52213e3fa2b089b8274b9ff48f0

SHA1
59e0ebd4aaaa99704be7ff3098a60594afe184e7

SHA256
c999931db0c6bdcfb6650cc2b4a455bdcea9fd682c3db70010ed66155efc8123

SHA512
3a4004927bd93ef8077edbf48cc7eefbfed013bfcfb172093108ad82430cb0cd8ad0abd7445e6b5dd83572d6d178a85d509909aaed5ea0b4ff1847c194037c47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
249B

MD5
624d0a78e85843b37a3554650ead8b09

SHA1
b06c8570a35934dcad38d19df0e976217badca6b

SHA256
c1e56d715e84176e41be6346f27ec45da870f56b2fb5892a86c07dc56abc9e2d

SHA512
3ebfa0b294eecb81dcdbc0278606c74a4da7d5b565c9843ea67adfc560e64f114c079ac7675d1b2be4b4333fe68324e5b6a90519700a2e74728f3cb854e091b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000004

Filesize
90B

MD5
ac5ca65c3ca57b518ed4b2967d8bb535

SHA1
2a120e38f4d5b88eef5003739731e3244b9e104d

SHA256
736bbc68d3228bcee4e4acfb6719cf67aac09f05745a957123658b8740071790

SHA512
aabb0beaab621117d70e29804b611d5296ffa799bdcb85ce8165ee28e87eadad975382c46d2a4a3d1bfd7843a20c19a9bd8bdd47ab691a86677dd55a56a45cd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13328309741323200

Filesize
9KB

MD5
26dbadcfb2e736c1808f634a02295960

SHA1
8db49fd847508c87249d344603ff92de2437ff7f

SHA256
836d30b280123a2a04b6156f8edcf2e2c36a89148de1b8e85e4f24659e51dbc9

SHA512
214775acfe0f19b7a1506821bc5c82331762e3e972ebc5ddf7e2d6c84532f3460932df5c6e9bb73f310c1714e48cfab8b823f413ee12a074e229e36415d0e663

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000006.log

Filesize
72B

MD5
df0afe8760ab1ddc263308e0e984a99b

SHA1
4b8bc2aa0fbd40448e01f4636c0defd4aa4081b5

SHA256
6d3c6be370226326333e7669f7fe8e5fbd41f304839c400b2a58cc69a937391b

SHA512
3158cbc464bfd2a61b4b7f4dabb5683be1d70442360e2c2cb2a5b0e70f405d078c9ace80e3ddb2b92bfbe7ba2349fe21906fd2084141e57033d13bf63c1de53e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
249B

MD5
7d69ece5ffe1cfe189ecc3dbd8d61652

SHA1
bb97fd18b28e78e35264f061851409a4f31a835e

SHA256
bb363f25e3f11c505339b00ee696fb26d6a87a3aad95b43b91bb458a85e30005

SHA512
124c1225f2d7ba77e5ecaac16d97fc14e4adc1edeae08cbdb6755ddcfb1f718e2e3f0a3d0e808d4e5434eb7a94599dab4e18efee6baeaf587d3ee0bf3c010ca4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000004

Filesize
107B

MD5
f3a604cc1687a04eaabc91b49ed90eac

SHA1
507d0c1334e11f23da43bb9c8702652511893d03

SHA256
628a12f2ebfd6d19731a8a362956c95803f1d909293f6936542fb458d8be1a39

SHA512
a49c1632af45f2a938c2752aeb67e254e92a04bff91affe95952ba7960a60ec143639565790898d55a5ac4d5eb34c2dab1b93e295840d4e30cf3b16d913a7806

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
249B

MD5
4a009bdbd82dd1c1da3c043f2b79c719

SHA1
20f39e7ba25ccd79319d8578d2f2b5ad6860ba53

SHA256
bc1b24262fbb0a5e5ef46a7cb9ba3ac51b9909886d77649c76d5d1a292f6fc7f

SHA512
4d4c8393ac1587548b2eacb932ab596c03b2f4ff64d2a6f9cb70b1e5264933a47b1f481763e5c90e49dd2b0b6e22d3f79472625f82500e65d12ec0a46ddc1d83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000004

Filesize
117B

MD5
63d832bd47d6e550eaef754596d8fdaa

SHA1
3b11fd4048f84fe5143057e7e90a42c4220e1807

SHA256
4dd9ab33b9f8a5aa6b190ee3a88133be4d10b5dfdeff0c3ca060b825ff6420dd

SHA512
586287b26249591e5ae5ba0847bfcb3c3c4bbfb0cef433ecfb2052bbf0f37527bb72ddc57447c37c6879f50a28c96575b911fd121c3f145a061ff57ccacf479c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
b04045b131584e1c44f0e3b8d7c45ec8

SHA1
5f015462ab4c09254b92149ad97e5ce3af4e2a57

SHA256
82aa81c21e28277a7493ca881409d74e450ba15c442f04393e09542516e6d69b

SHA512
b599c77cb051425030cdd5425638c06190564631202ebad0aed639a68602af2dc40080e09a1dd7ff6a85d2aefe2b4846e0a88aff2e6c39ae0be0b9737c0341be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
92KB

MD5
cb2facc59deaebdc1ae5e2ddfe5897d4

SHA1
5f4714cb198ace42bd77ec33715daf137fcc9747

SHA256
47fc198fee0f291d27728f32f28bcfd667cc2e29e1433502259143ee21560005

SHA512
7a02fc4e3e6fef3ea5233121796496be1f9d70169456f7485e75b4d1ff693f96f46802a341abfaca750f20d9d183da466572f803ad79abc3e22ed45579a9652f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e1a92a37-ca4f-4885-8df4-022dfba402b3.tmp

Filesize
4KB

MD5
d4ee841dd53c3e93f84893dc3dd19a51

SHA1
dc9f7678941e59200341785712c68c9fa28f450e

SHA256
27399cc63f6a1e3fdc0d0eed9cd202cddc971721828dd40e9295315804bd63d0

SHA512
ae6cac34a94b61735b4badba0cab4611eaf38059ce99cde0ca2f40a1fbd36e8134abd58355aced327ec54cb11b9188ca473537c4c61ed00fc9feff4becb9059d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000006.log

Filesize
666B

MD5
37f09693b942ef61f1cbbe2de1df0570

SHA1
3e1fa8e531298df109dd5e91dd016669d67f7d13

SHA256
5dd936de357726c241b29f2314ee2fb261fc0c2ce4a9f1eb89756119fe189cb6

SHA512
fe6a074165f2ae5be645b1f4f4d5b042c31813d90506f7390f5ca9c52e60981ad38975887980641ec15d3e403dbde33b757675cd1aa603e87adbd4b1034b875d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
249B

MD5
2495ba4dba5f3bcc2ed2c85e0215dd3e

SHA1
82b820143982ca92bfb36b236e8a523a705970c5

SHA256
daca3ee1e7dfaf3f48781eb9006e34a77517fc24221d41fbbc7950f485a17a19

SHA512
103c5b3f79478ecdc9cf821eed3496b73d4b0b55ca3bcb0180d31782e1fa64c522bc5af29d305ee6d2e225d4f0cf5e017f59687d17795d65238a5d64b8821045

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000004

Filesize
84B

MD5
be2a12b06745bb5de6254b2592d8ab20

SHA1
19a3dc035140689628e54095af6c4b4dae44b55d

SHA256
29e140732c7fc2d81fb1f506cc94386ce55f27446f9277e66236080cdf6f5944

SHA512
fad84027f46c0d4e4fb0357c15d77f7a86c941042ce538e0e89e5b8c477ed3cb46e262e3a3da186eadbb266c9288965c7299b4dc2a7ae1b346230dc48a7ecdba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
61c6e0fd7f562f7cc9a3507a8f389488

SHA1
887941f3b76f7367a4ed2150dec363e414743db2

SHA256
40e1e7fc307187d349c46a7dcdd32d73fb17e4934d8d738c84d85bda891699fa

SHA512
b84b4094a08ef84e756990c7384a3cb0767383ffb5de4597bfc3b8c1121e47ba63f08f4a548405836a86c1acdafbbcd14ed1b30b6495f0782f2f80f551c5445d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
f2aad434d656526591e9d48a5c7aa83b

SHA1
fb49ed9b4033cb2516bc4c001a3e671ab716908b

SHA256
8e38d44b59d2de6d6ab31b97634a5cf6a8e1458d02624b5f87f2afb9c17fbad1

SHA512
1ea95ffd37dbd0c850e88f85b29ff1de85b9cbeb14c04a8e78143c6cc5f95fe6661a31a922a3ccf679448eddfaa97debdd47425bd5b9fe230b94aa780e03a68f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
41ae5d81f2dcd1c8f01c3346b5eabcc4

SHA1
78ed04e1d634f328cc96091795dc3aba6394dd64

SHA256
0af69dbd0a0d087956b123a984a280382b8469a79079059d19e602058e4e703e

SHA512
c29543060f2744ac2c14a743371c1abe3025ca77044efb4878b3e4513aab04ee9e883afbd9022a3f0e7df5941ab3a2ae22d1fc0d5900afeac70b31bc535bf6be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
14bc2e413cebb69ab6112f010b4e7072

SHA1
54006a8bfef2c34f2edadb4a9b38a713091d928d

SHA256
8e8e1ded19159211a00a1f153e792a455fa7712286acd49913faa2bfe5d5985d

SHA512
4680af5a05a3faf9f0de7e2cdbb82bead1fe19009d647220b6f7e86b5c0835baa24dabfbc9850488a45790066210ad08aabb6eabc80ca835862a4f702f7b5b10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b5a69a1f-0aaf-4344-9179-6517ba07a29d.tmp

Filesize
149KB

MD5
41ae5d81f2dcd1c8f01c3346b5eabcc4

SHA1
78ed04e1d634f328cc96091795dc3aba6394dd64

SHA256
0af69dbd0a0d087956b123a984a280382b8469a79079059d19e602058e4e703e

SHA512
c29543060f2744ac2c14a743371c1abe3025ca77044efb4878b3e4513aab04ee9e883afbd9022a3f0e7df5941ab3a2ae22d1fc0d5900afeac70b31bc535bf6be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\fc16bb52-d2e7-4019-8884-dab53eabd201.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\dcd.exe

Filesize
227KB

MD5
b5ac46e446cead89892628f30a253a06

SHA1
f4ad1044a7f77a1b02155c3a355a1bb4177076ca

SHA256
def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

SHA512
bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

Download Submit
C:\Users\Admin\Downloads\Amax Client Freezer.rar

Filesize
524KB

MD5
64c3b843d304650820afa0368b184ee7

SHA1
468aad4206cef76439377fda4a77d03db442c43c

SHA256
a98ed892e537f6e039b3a9b88a01fb3ff22e4613bafc2d065b84927fbca8335d

SHA512
858876b677f9d0dda467411b7abf2f28fb49ac8db422ab9209f77ca09536eb6c37d002cb35989c39ffb19415939212c0c38f4b4b57b29e5152a1b2fbbc45be30

Download Submit
C:\Users\Admin\Downloads\Amax Client Freezer.rar.crdownload

Filesize
524KB

MD5
64c3b843d304650820afa0368b184ee7

SHA1
468aad4206cef76439377fda4a77d03db442c43c

SHA256
a98ed892e537f6e039b3a9b88a01fb3ff22e4613bafc2d065b84927fbca8335d

SHA512
858876b677f9d0dda467411b7abf2f28fb49ac8db422ab9209f77ca09536eb6c37d002cb35989c39ffb19415939212c0c38f4b4b57b29e5152a1b2fbbc45be30

Download Submit
C:\Users\Admin\Downloads\Amax Client Freezer\Amax Client Freezer V.21.exe

Filesize
886KB

MD5
745bffd2ea212059100bada35ce78c7c

SHA1
1d8aa9d5a7c360c32ed49e0758374a2444761295

SHA256
158f3337b60a1223096bd0b250ed355a57c538048ded217db814a48ece207599

SHA512
cc6f8dd798a28e3ef37507d7b1ea14aa4192be87b3c2b1d8bb5e5848b32a23bb65598472e767e1d0f9867efd28a2e919fc9861a75e796962264c332471ede1b2

Download Submit
C:\Users\Admin\Downloads\Amax Client Freezer\Amax Client Freezer V.21.exe

Filesize
886KB

MD5
745bffd2ea212059100bada35ce78c7c

SHA1
1d8aa9d5a7c360c32ed49e0758374a2444761295

SHA256
158f3337b60a1223096bd0b250ed355a57c538048ded217db814a48ece207599

SHA512
cc6f8dd798a28e3ef37507d7b1ea14aa4192be87b3c2b1d8bb5e5848b32a23bb65598472e767e1d0f9867efd28a2e919fc9861a75e796962264c332471ede1b2

Download Submit
memory/2000-54-0x00000000020A0000-0x00000000020E0000-memory.dmp

Filesize
256KB

Download
memory/2000-57-0x00000000020A0000-0x00000000020E0000-memory.dmp

Filesize
256KB

Download
memory/2000-56-0x00000000020A0000-0x00000000020E0000-memory.dmp

Filesize
256KB

Download
memory/2000-55-0x00000000020A0000-0x00000000020E0000-memory.dmp

Filesize
256KB

Download
memory/2928-636-0x00000000012F0000-0x00000000013D6000-memory.dmp

Filesize
920KB

Download
memory/2928-637-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2928-647-0x000000001B5A0000-0x000000001B620000-memory.dmp

Filesize
512KB

Download
memory/2928-638-0x000000001B5A0000-0x000000001B620000-memory.dmp

Filesize
512KB

Download
memory/2928-641-0x000000001B5A0000-0x000000001B620000-memory.dmp

Filesize
512KB

Download
memory/2928-640-0x00000000002D0000-0x000000000030E000-memory.dmp

Filesize
248KB

Download
memory/2928-639-0x000000001B5A0000-0x000000001B620000-memory.dmp

Filesize
512KB

Download