lumma | hxxps://github[.]com/Bhaggo/Bhaggos-Quick-Cleaner/releases/tag/v1[.]2

Analysis

max time kernel
433s
max time network
430s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 12:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Bhaggo/Bhaggos-Quick-Cleaner/releases/tag/v1.2

Score

10^/10

lumma discovery execution stealer

Malware Config

Extracted

Family

lumma

https://museumtespaceorsp.shop/api

https://buttockdecarderwiso.shop/api

https://averageaattractiionsl.shop/api

https://femininiespywageg.shop/api

https://employhabragaomlsp.shop/api

https://stalfbaclcalorieeis.shop/api

https://civilianurinedtsraov.shop/api

https://roomabolishsnifftwk.shop/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	BhaggoQuickCleanerSetup.tmp

Executes dropped EXE 3 IoCs

pid	Process
2804	BhaggoQuickCleanerSetup.exe
3904	BhaggoQuickCleanerSetup.tmp
3924	peformancebooster.exe

Loads dropped DLL 19 IoCs

pid	Process
3924	peformancebooster.exe
3924	peformancebooster.exe
3924	peformancebooster.exe
3924	peformancebooster.exe
3924	peformancebooster.exe
3924	peformancebooster.exe
3924	peformancebooster.exe
3924	peformancebooster.exe
3924	peformancebooster.exe
3924	peformancebooster.exe
3924	peformancebooster.exe
3924	peformancebooster.exe
3924	peformancebooster.exe
3924	peformancebooster.exe
3924	peformancebooster.exe
3924	peformancebooster.exe
3924	peformancebooster.exe
3924	peformancebooster.exe
3924	peformancebooster.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
602	mediafire.com

Suspicious use of SetThreadContext 6 IoCs

description	pid	Process	procid_target
PID 6200 set thread context of 6740	6200	1227006289.exe	219
PID 5960 set thread context of 4928	5960	1227006289.exe	223
PID 1240 set thread context of 5624	1240	1227006289.exe	225
PID 4988 set thread context of 5936	4988	1227006289.exe	227
PID 5808 set thread context of 5072	5808	1227006289.exe	229
PID 4940 set thread context of 1232	4940	1227006289.exe	232

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Bhaggo's Quick Cleaner\translations\is-DBVOQ.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\translations\is-6S68Q.tmp	BhaggoQuickCleanerSetup.tmp
File opened for modification	C:\Program Files\Bhaggo's Quick Cleaner\unins000.dat	BhaggoQuickCleanerSetup.tmp
File opened for modification	C:\Program Files\Bhaggo's Quick Cleaner\Qt6Gui.dll	BhaggoQuickCleanerSetup.tmp
File opened for modification	C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qtga.dll	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\imageformats\is-TF6DO.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\translations\is-OBM4U.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\translations\is-GIU29.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\translations\is-CQ69J.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\translations\is-1RRAM.tmp	BhaggoQuickCleanerSetup.tmp
File opened for modification	C:\Program Files\Bhaggo's Quick Cleaner\libwinpthread-1.dll	BhaggoQuickCleanerSetup.tmp
File opened for modification	C:\Program Files\Bhaggo's Quick Cleaner\Qt6Widgets.dll	BhaggoQuickCleanerSetup.tmp
File opened for modification	C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qwebp.dll	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\is-J3V6U.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\is-J8P0S.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\is-8DCPJ.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\is-4BTOU.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\imageformats\is-KS5D4.tmp	BhaggoQuickCleanerSetup.tmp
File opened for modification	C:\Program Files\Bhaggo's Quick Cleaner\peformancebooster.exe	BhaggoQuickCleanerSetup.tmp
File opened for modification	C:\Program Files\Bhaggo's Quick Cleaner\libgcc_s_seh-1.dll	BhaggoQuickCleanerSetup.tmp
File opened for modification	C:\Program Files\Bhaggo's Quick Cleaner\tls\qopensslbackend.dll	BhaggoQuickCleanerSetup.tmp
File opened for modification	C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qicns.dll	BhaggoQuickCleanerSetup.tmp
File opened for modification	C:\Program Files\Bhaggo's Quick Cleaner\platforms\qwindows.dll	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\translations\is-LO02U.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\translations\is-KJ3R4.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\platforms\is-4B098.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\translations\is-ENP9S.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\translations\is-U4TPG.tmp	BhaggoQuickCleanerSetup.tmp
File opened for modification	C:\Program Files\Bhaggo's Quick Cleaner\D3Dcompiler_47.dll	BhaggoQuickCleanerSetup.tmp
File opened for modification	C:\Program Files\Bhaggo's Quick Cleaner\generic\qtuiotouchplugin.dll	BhaggoQuickCleanerSetup.tmp
File opened for modification	C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qico.dll	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\unins000.dat	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\imageformats\is-J2G51.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\translations\is-3NPQI.tmp	BhaggoQuickCleanerSetup.tmp
File opened for modification	C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qgif.dll	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\iconengines\is-1PQ0I.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\networkinformation\is-FQCUT.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\translations\is-G12KC.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\translations\is-P6JIO.tmp	BhaggoQuickCleanerSetup.tmp
File opened for modification	C:\Program Files\Bhaggo's Quick Cleaner\styles\qwindowsvistastyle.dll	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\is-O4HUP.tmp	BhaggoQuickCleanerSetup.tmp
File opened for modification	C:\Program Files\Bhaggo's Quick Cleaner\tls\qschannelbackend.dll	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\is-LQAHS.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\translations\is-7FANA.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\translations\is-D36C2.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\generic\is-I4JQA.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\translations\is-ARVS7.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\translations\is-2J7VA.tmp	BhaggoQuickCleanerSetup.tmp
File opened for modification	C:\Program Files\Bhaggo's Quick Cleaner\iconengines\qsvgicon.dll	BhaggoQuickCleanerSetup.tmp
File opened for modification	C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qjpeg.dll	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\is-MKPQ1.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\is-6EIBM.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\imageformats\is-PC5A7.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\translations\is-TNKBH.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\translations\is-A7685.tmp	BhaggoQuickCleanerSetup.tmp
File opened for modification	C:\Program Files\Bhaggo's Quick Cleaner\networkinformation\qnetworklistmanager.dll	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\is-FS49E.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\is-GO91M.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\is-QU1IR.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\imageformats\is-5HQIF.tmp	BhaggoQuickCleanerSetup.tmp
File opened for modification	C:\Program Files\Bhaggo's Quick Cleaner\libstdc++-6.dll	BhaggoQuickCleanerSetup.tmp
File opened for modification	C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qtiff.dll	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\translations\is-9PDA7.tmp	BhaggoQuickCleanerSetup.tmp
File created	C:\Program Files\Bhaggo's Quick Cleaner\translations\is-ART2Q.tmp	BhaggoQuickCleanerSetup.tmp

Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
4040	powershell.exe
756	powershell.exe
1820	powershell.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 8 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000073c7eb973396fb40000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000073c7eb90000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900073c7eb9000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d073c7eb9000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000073c7eb900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607672280841034"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3571316656-3665257725-2415531812-1000\{46C7E095-09F8-4D7E-B6AC-4F525871C014}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3924	peformancebooster.exe

Suspicious behavior: EnumeratesProcesses 39 IoCs

pid	Process
4448	chrome.exe
4448	chrome.exe
3904	BhaggoQuickCleanerSetup.tmp
3904	BhaggoQuickCleanerSetup.tmp
756	powershell.exe
756	powershell.exe
756	powershell.exe
1820	powershell.exe
1820	powershell.exe
1820	powershell.exe
4040	powershell.exe
4040	powershell.exe
4040	powershell.exe
4088	chrome.exe
4088	chrome.exe
6868	chrome.exe
6868	chrome.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3924	peformancebooster.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 53 IoCs

pid	Process
4448	chrome.exe
4448	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeDebugPrivilege	756	powershell.exe
Token: SeIncreaseQuotaPrivilege	3996	WMIC.exe
Token: SeSecurityPrivilege	3996	WMIC.exe
Token: SeTakeOwnershipPrivilege	3996	WMIC.exe
Token: SeLoadDriverPrivilege	3996	WMIC.exe
Token: SeSystemProfilePrivilege	3996	WMIC.exe
Token: SeSystemtimePrivilege	3996	WMIC.exe
Token: SeProfSingleProcessPrivilege	3996	WMIC.exe
Token: SeIncBasePriorityPrivilege	3996	WMIC.exe
Token: SeCreatePagefilePrivilege	3996	WMIC.exe
Token: SeBackupPrivilege	3996	WMIC.exe
Token: SeRestorePrivilege	3996	WMIC.exe
Token: SeShutdownPrivilege	3996	WMIC.exe
Token: SeDebugPrivilege	3996	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3996	WMIC.exe
Token: SeRemoteShutdownPrivilege	3996	WMIC.exe
Token: SeUndockPrivilege	3996	WMIC.exe
Token: SeManageVolumePrivilege	3996	WMIC.exe
Token: 33	3996	WMIC.exe
Token: 34	3996	WMIC.exe
Token: 35	3996	WMIC.exe
Token: 36	3996	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3996	WMIC.exe
Token: SeSecurityPrivilege	3996	WMIC.exe
Token: SeTakeOwnershipPrivilege	3996	WMIC.exe
Token: SeLoadDriverPrivilege	3996	WMIC.exe
Token: SeSystemProfilePrivilege	3996	WMIC.exe
Token: SeSystemtimePrivilege	3996	WMIC.exe
Token: SeProfSingleProcessPrivilege	3996	WMIC.exe
Token: SeIncBasePriorityPrivilege	3996	WMIC.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
3904	BhaggoQuickCleanerSetup.tmp
3924	peformancebooster.exe
3924	peformancebooster.exe
3924	peformancebooster.exe
3924	peformancebooster.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe
5080	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4448 wrote to memory of 2544	4448	chrome.exe	86
PID 4448 wrote to memory of 2544	4448	chrome.exe	86
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 3036	4448	chrome.exe	87
PID 4448 wrote to memory of 1080	4448	chrome.exe	88
PID 4448 wrote to memory of 1080	4448	chrome.exe	88
PID 4448 wrote to memory of 1668	4448	chrome.exe	89
PID 4448 wrote to memory of 1668	4448	chrome.exe	89
PID 4448 wrote to memory of 1668	4448	chrome.exe	89
PID 4448 wrote to memory of 1668	4448	chrome.exe	89
PID 4448 wrote to memory of 1668	4448	chrome.exe	89
PID 4448 wrote to memory of 1668	4448	chrome.exe	89
PID 4448 wrote to memory of 1668	4448	chrome.exe	89
PID 4448 wrote to memory of 1668	4448	chrome.exe	89
PID 4448 wrote to memory of 1668	4448	chrome.exe	89
PID 4448 wrote to memory of 1668	4448	chrome.exe	89
PID 4448 wrote to memory of 1668	4448	chrome.exe	89
PID 4448 wrote to memory of 1668	4448	chrome.exe	89
PID 4448 wrote to memory of 1668	4448	chrome.exe	89
PID 4448 wrote to memory of 1668	4448	chrome.exe	89
PID 4448 wrote to memory of 1668	4448	chrome.exe	89
PID 4448 wrote to memory of 1668	4448	chrome.exe	89
PID 4448 wrote to memory of 1668	4448	chrome.exe	89
PID 4448 wrote to memory of 1668	4448	chrome.exe	89
PID 4448 wrote to memory of 1668	4448	chrome.exe	89
PID 4448 wrote to memory of 1668	4448	chrome.exe	89
PID 4448 wrote to memory of 1668	4448	chrome.exe	89
PID 4448 wrote to memory of 1668	4448	chrome.exe	89
PID 4448 wrote to memory of 1668	4448	chrome.exe	89
PID 4448 wrote to memory of 1668	4448	chrome.exe	89
PID 4448 wrote to memory of 1668	4448	chrome.exe	89
PID 4448 wrote to memory of 1668	4448	chrome.exe	89
PID 4448 wrote to memory of 1668	4448	chrome.exe	89
PID 4448 wrote to memory of 1668	4448	chrome.exe	89
PID 4448 wrote to memory of 1668	4448	chrome.exe	89

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Bhaggo/Bhaggos-Quick-Cleaner/releases/tag/v1.2
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1ce8ab58,0x7ffe1ce8ab68,0x7ffe1ce8ab78
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1912,i,5554429880424973637,1720343083265752074,131072 /prefetch:2
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1912,i,5554429880424973637,1720343083265752074,131072 /prefetch:8
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2184 --field-trial-handle=1912,i,5554429880424973637,1720343083265752074,131072 /prefetch:8
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1912,i,5554429880424973637,1720343083265752074,131072 /prefetch:1
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1912,i,5554429880424973637,1720343083265752074,131072 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4456 --field-trial-handle=1912,i,5554429880424973637,1720343083265752074,131072 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1912,i,5554429880424973637,1720343083265752074,131072 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5008 --field-trial-handle=1912,i,5554429880424973637,1720343083265752074,131072 /prefetch:8
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4340 --field-trial-handle=1912,i,5554429880424973637,1720343083265752074,131072 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 --field-trial-handle=1912,i,5554429880424973637,1720343083265752074,131072 /prefetch:8
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5020 --field-trial-handle=1912,i,5554429880424973637,1720343083265752074,131072 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5052 --field-trial-handle=1912,i,5554429880424973637,1720343083265752074,131072 /prefetch:8
  2⤵
  PID:2692
- C:\Users\Admin\Downloads\BhaggoQuickCleanerSetup.exe
  "C:\Users\Admin\Downloads\BhaggoQuickCleanerSetup.exe"
  2⤵
  - Executes dropped EXE
  PID:2804
- - C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp" /SL5="$E0044,20045463,1187328,C:\Users\Admin\Downloads\BhaggoQuickCleanerSetup.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    PID:3904
  - - C:\Program Files\Bhaggo's Quick Cleaner\peformancebooster.exe
      "C:\Program Files\Bhaggo's Quick Cleaner\peformancebooster.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: AddClipboardFormatListener
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of FindShellTrayWindow
      PID:3924
    - - C:\Windows\SYSTEM32\cmd.exe
        
        cmd.exe /C C:/Users/Admin/AppData/Local/Temp/peformancebooster-GLZxLN/RestorePointButton.bat
        5⤵
        
        PID:1704
      - C:\Windows\system32\reg.exe
        
        Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v "DisableConfig" /f
        6⤵
        
        PID:1048
      - C:\Windows\system32\reg.exe
        
        Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v "SystemRestorePointCreationFrequency" /t REG_DWORD /d 0 /f
        6⤵
        
        PID:2712
      - C:\Windows\system32\reg.exe
        
        Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v "RPSessionInterval" /f
        6⤵
        
        PID:3500
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -ExecutionPolicy Unrestricted -NoProfile Enable-ComputerRestore -Drive 'C:\'
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:756
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic.exe /Namespace:\\root\default Path SystemRestore Call CreateRestorePoint "Bhaggo Restore Point", 100, 7
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3996
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -ExecutionPolicy Unrestricted -NoProfile Enable-ComputerRestore -Drive 'C:\', 'D:\', 'E:\', 'F:\', 'G:\'
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:1820
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -ExecutionPolicy Unrestricted -NoProfile Checkpoint-Computer -Description 'Bhaggo Restore Point'
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:4040
      - C:\Windows\System32\SystemPropertiesProtection.exe
        
        C:\Windows\System32\SystemPropertiesProtection.exe
        6⤵
        
        PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4232 --field-trial-handle=1912,i,5554429880424973637,1720343083265752074,131072 /prefetch:8
  2⤵
  PID:4136

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4876

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:4792

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:3
1⤵
PID:852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffe1ce8ab58,0x7ffe1ce8ab68,0x7ffe1ce8ab78
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:2
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4432 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4544 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4564 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4888 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8
  2⤵
  PID:5284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4560 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8
  2⤵
  PID:5368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2476 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8
  2⤵
  PID:5904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4668 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8
  2⤵
  PID:5920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5080 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3028 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3044 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3200 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4248 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8
  2⤵
  PID:6120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3016 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5448 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4352 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8
  2⤵
  PID:5764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4996 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5464 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=2748 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5772 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5864 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5712 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6292 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6524 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7068 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7268 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7420 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6844 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7492 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7488 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6592 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7292 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7640 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7812 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7376 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8040 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=6540 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=6584 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7292 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=8528 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8732 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8468 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8408 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=7620 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=6364 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=6592 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:6304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=7816 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:6332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=5408 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:6348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=8856 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:6468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=6368 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:6496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6532 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=5660 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:6404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=5672 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:6412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=5792 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:6648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7924 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8
  2⤵
  PID:6824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=8424 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5708 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8
  2⤵
  PID:7148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8
  2⤵
  PID:6708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2980 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=876 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=1288 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1
  2⤵
  PID:6976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5424 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8
  2⤵
  PID:7008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3176 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8
  2⤵
  PID:7064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2320 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8
  2⤵
  PID:6408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5344 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8
  2⤵
  PID:5288

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3652

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x49c 0x46c
1⤵
PID:1540

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6964

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:5080

C:\Users\Admin\Downloads\Software\1227006289.exe
"C:\Users\Admin\Downloads\Software\1227006289.exe"
1⤵
- Suspicious use of SetThreadContext
PID:6200
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:6748
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:6740

C:\Users\Admin\Downloads\Software\1227006289.exe
"C:\Users\Admin\Downloads\Software\1227006289.exe"
1⤵
- Suspicious use of SetThreadContext
PID:5960
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:4928

C:\Users\Admin\Downloads\Software\1227006289.exe
"C:\Users\Admin\Downloads\Software\1227006289.exe"
1⤵
- Suspicious use of SetThreadContext
PID:1240
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:5624

C:\Users\Admin\Downloads\Software\1227006289.exe
"C:\Users\Admin\Downloads\Software\1227006289.exe"
1⤵
- Suspicious use of SetThreadContext
PID:4988
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:5936

C:\Users\Admin\Downloads\Software\1227006289.exe
"C:\Users\Admin\Downloads\Software\1227006289.exe"
1⤵
- Suspicious use of SetThreadContext
PID:5808
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:5072

C:\Users\Admin\Downloads\Software\1227006289.exe
"C:\Users\Admin\Downloads\Software\1227006289.exe"
1⤵
- Suspicious use of SetThreadContext
PID:4940
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:4744
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:1232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1ce8ab58,0x7ffe1ce8ab68,0x7ffe1ce8ab78
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1916,i,7418018117384825651,10736251443387976064,131072 /prefetch:2
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1916,i,7418018117384825651,10736251443387976064,131072 /prefetch:8
  2⤵
  PID:5344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1916,i,7418018117384825651,10736251443387976064,131072 /prefetch:8
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1916,i,7418018117384825651,10736251443387976064,131072 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1916,i,7418018117384825651,10736251443387976064,131072 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3636 --field-trial-handle=1916,i,7418018117384825651,10736251443387976064,131072 /prefetch:1
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4560 --field-trial-handle=1916,i,7418018117384825651,10736251443387976064,131072 /prefetch:8
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4164 --field-trial-handle=1916,i,7418018117384825651,10736251443387976064,131072 /prefetch:8
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 --field-trial-handle=1916,i,7418018117384825651,10736251443387976064,131072 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1916,i,7418018117384825651,10736251443387976064,131072 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4980 --field-trial-handle=1916,i,7418018117384825651,10736251443387976064,131072 /prefetch:8
  2⤵
  PID:5832
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:5512
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x1f4,0x244,0x7ff717d9ae48,0x7ff717d9ae58,0x7ff717d9ae68
    3⤵
    PID:5708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4604 --field-trial-handle=1916,i,7418018117384825651,10736251443387976064,131072 /prefetch:1
  2⤵
  PID:3184

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Bhaggo's Quick Cleaner\Qt6Core.dll

Filesize
6.2MB

MD5
ea87b9f7c2d7a298e7ec3a75c365e3cd

SHA1
e874107427b7f57c8004e15021108e4423d393bb

SHA256
ad7e2aefbc09fae1fc27c02810c7bbb2bca818a2ec53d049900b95bf2ed450eb

SHA512
26978d90a5b5327efb37077c1c74ffe3893373526c6e067d2f47767e55fc60d1dfca72aa284aee19b8f0aad9c9acde8138e128112e42bbf1bbab9d3365978219

Download Submit
C:\Program Files\Bhaggo's Quick Cleaner\Qt6Gui.dll

Filesize
9.3MB

MD5
873a4f02b3dfedc2bcd8e50468a183e8

SHA1
0290df5c47f38d75f74e5d4c9431578f875b0f21

SHA256
e110467d488601c9e8394d9fc85583426afe24bfac2e83d53ef8c29dc9078135

SHA512
dd7f2b5b7727c9aac9107880ab374eef69d64e70096e333249c288f3c40aedc68bdd26f2de976b2ef8ab6455a42a3f2319c6219a6ba3ea8b9df18af8eb87b2ef

Download Submit
C:\Program Files\Bhaggo's Quick Cleaner\Qt6Svg.dll

Filesize
354KB

MD5
c1e3a26bec19280c763530a0aa774c84

SHA1
97727b7b5e59b35f4eb4612473c2eebb2ad51b71

SHA256
36002505bd1128771ab0b52881bad77b129c2534eae272edf20555ab576a16ce

SHA512
4b48989b274a8f17c84837fd378d04451fb1b0d8307b76c7e53bb97dfb353501217c403ca18ae73b6a61323213b621097f46ae320efb84c5a4b2892d5eba3f09

Download Submit
C:\Program Files\Bhaggo's Quick Cleaner\Qt6Widgets.dll

Filesize
6.3MB

MD5
6e31c9c15abb8ee9a267494c85ae4260

SHA1
04445c6a459537dfb0defd0f37bda9b4f95d3182

SHA256
4a2353808555a1b4cfefeb1c2cd81dd9e1cb0a44931e386a2049abf8081581ad

SHA512
4e4fb327c6a1ed8baa9e43cf7ccac4fcaea59a5f98995d4a14479f2027ab6a92ec38b383502df1bc3bef45ab177db15559c70bd54637d86d1329f6cca340935e

Download Submit
C:\Program Files\Bhaggo's Quick Cleaner\iconengines\qsvgicon.dll

Filesize
68KB

MD5
0e3214f0ba7ef00b469491a897e98287

SHA1
0130872d8ce974a0a6cc1850af5e1b42d14cb3a0

SHA256
1e66b6b555befbeca80fb80732b8c9c7a7b0fb01fd1527d94a437dc3b3963843

SHA512
ee759fa89812e53998ec671666c73d43848c52412f2a4162547a1ad412ede4525b0c20d21e6fb73b853f8873778c4c416ac075adf6e805db900c0487ec04114b

Download Submit
C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qgif.dll

Filesize
47KB

MD5
e334303ce65aa711ad8816e7e93497c4

SHA1
894b8a6c21894eaff771a172a9cc2da9ef8e7cd4

SHA256
f909dd35b2a0ab905501e79658e492bb888b71ab99599eacaec0851e98b853a9

SHA512
07b467eee52e5e34d25f2ba2c0da29f24315c101bacfd198fb201457838e22dbf7cfbc5d61dd49c20cef7def25814da7d69d61868e45d4e40a0ec187723c5c9b

Download Submit
C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qicns.dll

Filesize
55KB

MD5
77bb0186a4f0a21774944f02669fc4f7

SHA1
ebaf323d84cae3d8b636baaa57871331ec59901e

SHA256
1f52feddce926e7061532daabb01bd6dcff42ed2b9c9ea5cdb24bf5bc1c37d31

SHA512
c8d237d4d1e619c1d9e8ab84f36c723f76ec1680d7bf941c61a2b8bb377e4d233d46ff3f871708829a21eadddfc6df10e517c9b2b58a8ecc3274137d94075b1d

Download Submit
C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qico.dll

Filesize
47KB

MD5
685d2195c27877f9a4404b98cd1fc0e7

SHA1
ccfb5b1137eff3f288c9770301ee17593b4287a5

SHA256
15549719d617179b57d9408288bfb5fd42679471a3cd0ee1c783ce5ef695cf8c

SHA512
9a22974b8bccb56b4d34db3d9fd564befbb13852a090b7e21224ccfbfba9bc3dbc6d6a4c89ee8b70f76cc25db62c37630613e3faa235a71677c24abc6b11ffd8

Download Submit
C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qjpeg.dll

Filesize
463KB

MD5
a2598dc0afecc9179d4aa176ea306c0f

SHA1
8a9d382f884aa356c68c546ecc34096990017bac

SHA256
40e99d0fac21dda2c5196d7db56ce8a0fc578e66a6b27f98a4185fc143b815d0

SHA512
08d2806fc4800d557e48e1841b410f12240bcba29583f781533a656980b2ddf48aa4a094280360656a16da5ae2467b2c289efcbffc180bf7f06d3d2f620f3ef1

Download Submit
C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qsvg.dll

Filesize
39KB

MD5
72dca45741f78a3ce0bb65138793f3a7

SHA1
108928beec264c80a9d1cf6bd7aa5d432bb85680

SHA256
fcd81ee65b2c912e0b8695c3b9409263715085838878b3ecdafdc78f81b5c07d

SHA512
330977bf3ccf0db392d0100830eff623817bc936386b3dc6d2d75041293cb6ca78b1238b8c5ff50035d32fd7caa0484ef7ae90db951bbcf1c8c82dc997fb8eb9

Download Submit
C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qtga.dll

Filesize
38KB

MD5
9cffa9391352463ce7f8c676a67bcfb9

SHA1
8fd9dd1f07bf8d30f78b7911e2c7b54087d51863

SHA256
97e6728be3fde72b01cb42bc9594275f32f95cda55840ee166c853280d61cdbb

SHA512
6d7fef5d380502c4f71d77330a4b1d65178dc0732306538fbb5d3881a013f215134bc5a9888c01e1e8bc2aafca0c97422ae58514589eb0e1f0afff4defb6bea4

Download Submit
C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qtiff.dll

Filesize
479KB

MD5
2d3770e00b5f29b4efcfb2536c246a06

SHA1
c1dad21c2ee368091106e254be46c51384c85913

SHA256
3511cb474ddb5d76ea4bfbe6e219245758181d8994890177e55f6ea63874ca93

SHA512
703a75f85e78948d391621e39e49f6a96aacd18c4eb342fd9d6f1e1c5747c05fb7cd3d22ec4665e541eee263d638b623180b8fbbf2e335935ca95cf99b9dd57a

Download Submit
C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qwbmp.dll

Filesize
36KB

MD5
d8a3f571f2cdc42c312c85ee86e0f641

SHA1
b40cf28de5cdc6f0398a3221b77cbe67facaa6d5

SHA256
02f56960807722401b52132d6fddf2d02108e45d36c8a3d45bb242e2afe75ea2

SHA512
9c0e3003419988e2e711970338366fa33c8efab845e19e9e61cb079d3451a5f17b7ae7654d8056efc9e674a6d052a198cd2454d2756f2b0a6a6a4449dec50e75

Download Submit
C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qwebp.dll

Filesize
42KB

MD5
bf3e8ffe00af65cf1b6a76fa06b4bfa0

SHA1
e00df1f75ebb750c3089caf20b2a046e336d9608

SHA256
e15de2419dc8ba3dcd026b8b88d13fe26b1822435783c70cd530cb6d0b11a9e6

SHA512
3db2f100913728d677eec77c75bee1db0be97cbc16d8d176717d325ada0f8c7de411fa4676eca374fbd874e4aeff942a4d86b9ee140b5122d5bd6f24ab30317c

Download Submit
C:\Program Files\Bhaggo's Quick Cleaner\libgcc_s_seh-1.dll

Filesize
73KB

MD5
a839c13c8fcd337a056d62a005a6aee7

SHA1
c9f8f6ca8becd7fad39017fd45c0b7835bedf173

SHA256
8660371ef7b69772138ef71f9077ae5c742b4a9b768ccca59263d20e8dec1815

SHA512
90751af770300c136245d0d5113a305876ab00ceb8968b14693082239ccacb091991e6b5d07599d9e3d9044a9ebfb92c3adfbf23f8754cc3024fde7cf17d81a1

Download Submit
C:\Program Files\Bhaggo's Quick Cleaner\libstdc++-6.dll

Filesize
1.9MB

MD5
44f0f8c88e813509aa1eecd3acdbe261

SHA1
508fde8f55ef54e2a728c562f4e662a0e8b4cb92

SHA256
715612765ea5b513c497958111e2fb4101a69198568b1226e7a4b5f9c6b3df35

SHA512
a9a15079207364118e37f591c82f3408eb738e2dc7faaa552531655dac2f07798e3fdf8b7311c2c0297aec8e7cd6e8e73db21dce00a06bb6aa32d1f05a381cf2

Download Submit
C:\Program Files\Bhaggo's Quick Cleaner\libwinpthread-1.dll

Filesize
52KB

MD5
11e800f423c7fcc83afcf43ba30b3784

SHA1
1b0c43e49f0e8a0adcf47ebafab0161c2a05c1ee

SHA256
48a1d7fb4f81671babb514a801946f49b7c4efc54aafe7caa81f9a582ac30690

SHA512
f71bb3c83a91fb9afba8eea186c74f9838ec157c6ceeb29c5892f3ae15adf29a03177775bf0b3aef75b2b30686ef79459b00902ff544c622d2fa44709ced7ff9

Download Submit
C:\Program Files\Bhaggo's Quick Cleaner\peformancebooster.exe

Filesize
3.1MB

MD5
ce6c403d00e8527f427ae6ed41f53f6e

SHA1
c3f7f0521cfc80e0ca25036267676ad672b642fb

SHA256
ce8e8c7b1eab4aa1b2595c30428d0dadd56856e58ad238e9b8aef9761b1525a6

SHA512
dcd25d878b606ec81808de5905a612fbcbbc1f5a5e697e49c96f58cab28771e0011895d07f281421f525fb2d3dcf516d77b7181aba1669cb5225b7410f43dd8a

Download Submit
C:\Program Files\Bhaggo's Quick Cleaner\platforms\qwindows.dll

Filesize
1009KB

MD5
569c5edfc1d2a8607edc5ebc67625b0d

SHA1
3853fb6624b2e41d91fece9e84c9ab8aff60e3eb

SHA256
dd4530c1bed736e4e71e2d12133f27a413df29d7c26d4e0047f10d221b552bd2

SHA512
f8d012ce7e3127bb64916e084f5c200e32d1cb2a10d086c41970adb8cb71dbd37ceb16d824f448eb549d16bd348dc03f9f1b5f40ccabddb153a4950bdbaccc28

Download Submit
C:\Program Files\Bhaggo's Quick Cleaner\styles\qwindowsvistastyle.dll

Filesize
158KB

MD5
5a297eae45c1985d9d187fbb91830c66

SHA1
512ef254a348be4a22a12c0d2d6de133bf52c4d3

SHA256
b7a13dc946032b25325fc4c74a545b1f954d26f8f0646ea93dc8e0caa309a62d

SHA512
d6e50b92987e550028ef7d9ac565dbcc95b636e424bc5d0da91d68d8579e8f9d86c16aa8d88c2eb89da9af6f59096cbda36dfe5f575e5450d0b8c54b8abba7a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9ec1fd75-2149-4eab-88d3-81db9c535518.tmp

Filesize
98KB

MD5
97a4d41ac1b7f29b92420e893b0300c8

SHA1
7fc653389493ef3c21483030cf0b73ab46ffa0fd

SHA256
d350c83a9f7c1a2c45dff228be0dbacbc2d6cf558fb7328672eea9550c995c51

SHA512
33a72bc35e256d5e60cfb25cd3498e55197d0e105d72ef013acfaaf7e8527f6e159e93aea7137faddd4cdcdaf0eb30847cc7488440f35b2bed18cce6e9099776

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
d0df793c4e281659228b2837846ace2d

SHA1
ece0a5b1581f86b175ccbc7822483448ec728077

SHA256
4e5ceefae11a45c397cde5c6b725c18d8c63d80d2ce851fa94df1644169eafc9

SHA512
400a81d676e5c1e8e64655536b23dbae0a0dd47dc1e87e202e065903396e6a106770cec238093d748b9c71b5859edf097ffff2e088b5b79d6a449754140a52ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\08621d9c-5c88-41aa-b0ae-9d45e7d53db0.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
221KB

MD5
d1b2842af90b94c55b27b30c6948702d

SHA1
86cd83c8edc70c4f402ab0ec747ddc194279ae05

SHA256
652e9d06014b3d489ea1ccae091334529666c6ebd113b1cb552cd40ec7a22224

SHA512
9ca5f02318b2d90d5feb90e85b2fd602aed1771d13d2245c74db467d90550825b851f245851778d3f764988c9ed3988c95e671c085d76e03bd4fb473d0590c5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
20KB

MD5
f218c31d967d7d050e360b26b39df4c3

SHA1
3a03e2ae75080ef0755bf1a1131640e3ed773d1d

SHA256
791410a89899725c497f590cb9138f238713dcf1b318340c18cf0682d52b63aa

SHA512
f97d6fa798fbfa27b3578777d938c327a0b1ea1379c4e0d50d640e4682fdd88dc210d30432320140d5ebdfb6ef721f0b844801a81305c877cba1d3e05d0097c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
46KB

MD5
f0d81b309d4441d6dc22bdcb9e9e7d01

SHA1
77e7510fd01735991f8eb242a8a20acf5c7326d6

SHA256
90b890766ed0dfc173b119f625e4bde7785d509a76d27354148bf0a80a09889c

SHA512
79d3758017eb11ff478e0c258405aeb66eeef77b6041689708667948c85c1ff27688491eb8fd7efba3e5d392e299c055b3ae54fd212a0f5caaca3d91c425829e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
797KB

MD5
0cfb67892105b9bf320af38afe0a7289

SHA1
121ab021c0387005944acf7853071a714d578b72

SHA256
8af04f334fcf75e8cb9fd7d152151e6b18e02d25903d6ee3092b2a3faa6d6f6e

SHA512
db236b32d23618864a6ee49991f594908177b55d88a03593fc208971327115d5532b697c90ee561826a147e64cfa1137f295da410e79056badbc8bf642a13e7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
32KB

MD5
01b7644a0c89401f39c0cd3d58196f3d

SHA1
7b58356b54014cd00373fd17f83c66adbe719c28

SHA256
98ddfc4446c9e5e87a8a9aea39dc23d3180ca33a66072fb72b3e84fc4c9a809c

SHA512
0dd1122c2cdf6544635b8bd98d1487f4749b97140fc7879a1f052ff5ec5feaedefe773d785e4f794b90ee009e4ab79e9550ea38b8259475373b5bbff40c86c63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
32KB

MD5
2d59be438acc0826f9b6f0ed8c5475fc

SHA1
c248569b512be765b38baba61d60df21b55628cc

SHA256
8969d1c9a3cf687d3cfef6268f61a41443b244530b63f4fb2582a87959caa044

SHA512
75cb97e0b78d379fe8f8e96c90f898b26a72308507aa2c15caba0675609c03738e912c47145e8d6abb71f651b64f3d791046bfc1bcff56be5af35253b44d587c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
afbe8567bef3a4a5a146e8fe2381cdaa

SHA1
31fc859b49cc8c7087afb0016f309d0aaca338e3

SHA256
72b421a893d8cb0872189b21cd7d4e439b8ceca3697842284fe8aab229e2bb9f

SHA512
ab8ecfc4f3bd756e1b6942f8e944f880f45f4732e520c1b2a0387e9b4837285a795dc00d2e7d6b0b0a829303b9ac5a622a0a14c87c86e00afd21babaae1914c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
55fc36a34db5b9f3f4bf11975a24653f

SHA1
2ea8c62c7e0a13a9c2ce10b65a47fcad39646a85

SHA256
46ef72b23aede68bd6fd1512a070214367b1ff3233f1b234c7021fb15c2a6803

SHA512
27b992a25cdfddd39581e09ba239b64b79af45c866afbd7af7467d4d8d79fc88db6ba8dcf203b22192c036e7f62ecb62e0b0daebc0cc02c3059e055a300798bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
03b796924f9d40d44ec7acfed6bbe6b4

SHA1
e7e13ed7b5946c8cdd0a84d7cae28276c758bf68

SHA256
fed611433926c2c292beeb45bad33dd2bd0919683401bbe0bbe3f535e9ee6dd7

SHA512
6e36e85ab232117ea8078f84a4b497bc4f6dce8e79a4e405d73d6a825b04029676cd21612590d3a35f3aed6611bfeb9ae9b109fece5cafa42780cbdd630658ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
37357c1f21b97bab453dc6f79fa7ead5

SHA1
2f11ef3f3124ede3e19fe1c197bc4cb2f8477a92

SHA256
ca513176e8d7eb05739f369c10de6b64d0ac10d8125649d7ea3cb371a1d48f38

SHA512
1e2bf725a14282b641728ff6ac6c060b3b110a27d4465b6f112fa41d95feef6e5b318dc8a0a5ca7145a02a69f2658b8ebd339c6c906831e7c9b109d346d417cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
8c1e0f9c794c24e2c5ebe3b12c4084fd

SHA1
2f781328b285c4f4897045130a318ad0769cfdff

SHA256
967cd5a81d47c9c48893707d3cbda473fcb2219193947d20ff7b1f3e3f4e6a99

SHA512
e8fd6b59f96e66b29a2108f9c93095edb7df48498272e87832e78c505e221c5d37e94767c6f10a7a0b14b262c2bba6a643bd18d5d99b04611b3af630de668843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
17KB

MD5
8edd987b4823b7762cf40816064417db

SHA1
c7d959b3628edc074bcc15a99f327b1461e03a91

SHA256
6b3add87830aeb33e67de33396ce92b1872ca81e4841e1a62346be6d4c9139a7

SHA512
598d42f660ef67cf3d5eec48e5dcbbe3b4116729c469cca33c5105c367a3bf67a08d92c3bf5c5bd3bbc65563c82375ce0a6d8bb3ff2bf3e8bef14aa3bde31f06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
4d9b203e20f5c80593eb9b84a3879cab

SHA1
1f76bae97b33dbebcd890e90e4a1f6529b3a896b

SHA256
acfaad8fae2e7ce71190290c7be962afecd39ad3317c8e30a2ec68bc43e76f6a

SHA512
e262f71f717bcd4ad19c0450be7da5ca9f50262152c15242831c52bf7f0859bd119fb445ec4445177276ec10811a7b788660961e56113346ff5ae03446573af3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
19KB

MD5
f643e99bfe5e3a4ed64ea14c13dbb527

SHA1
37b45f66a2f60958d4b1f9ce660813ea4bd38eab

SHA256
1474f68cce29884eb3e6f1977ad08f40d60629cc5da8486282cb58d039b003a8

SHA512
2d3c630eb17036e34f9e956ae9a6bf67ebee5153790b10426ba33146ce76234bafdabb2bb564fd6bf613618d43e6418c4fc9ec79821e55120802b61a45662fe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
19KB

MD5
64eb84931c9bf693c644fa7cdb407071

SHA1
0121c0d6adb57606af162da48faeaccc6ce849ab

SHA256
73c35e3ee7520404a9c863b89bbc1567666e67294ec15f0d78d4743221ffa6ac

SHA512
330c8b915ecc58bbed98a2e1916d9bd42ff2e78a8fabd0aefc4ae52f01e9fcd29b6ef7868b03eac95b814eeec0bc65b2260a2bf68e1a0dbb6fdd850c114ecd7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
33151f0cf555dbed67d21673bee12631

SHA1
1a7c19c73fb62918989dcfd856755b50205c701b

SHA256
8501b62af4d4d17fe1958e97bf04b61d33035b7ed4ece7f9279b9b6e109b17fc

SHA512
f6d8a5f10047630e1c3345b5f578b345a69569345ae83a3ddce0365dad485da7ca73dcc9b715886fd123e1f3804953ffc26fbfabfe42cd6f49e93c8c33a71104

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7b8117d0d91dbaeb4d76cba49a7b584a

SHA1
92dab295436123e5d312762fab8fe6b0f2e687ee

SHA256
33e543660b272016df2d79b6f20080e0b6f2a54438bb81dea5bdd052ba10e28e

SHA512
f7a45cdff4443496114ae5780fb26fac83a7b171d930ac979480be5f1577358d4dd1f8496e1231172e42833d3fec7835ccbb7fee4caef1bdaad32c7442202d16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7a038dddb5757f8c8d12ceaba76a22eb

SHA1
430f303c234fc229bce2625c473a00bc963f6138

SHA256
b78bddf6c8dfb54aa1367fcceee5e53cdf8a1fd36323f14fefd4f011fbc56035

SHA512
3e8fedcc6668e9d7c3877a1dc89030c96a53d28d7dd4d8a745bb7fe1952c64087a3dc6cabf4cf42d40c940d8bb02aa768e0bdd3826a8fe49e47df996f02ac16a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
98471b235fd5e197586a4cf1106df8e6

SHA1
8324bffc19ff251544b0e315de80d77bbd81abb2

SHA256
506f630c7d11dd7bcb47da4ba8b66e7f58a613733f17ba90ccd704afd37c97e9

SHA512
8881e55cda726aabf25967ac335c71aff51db8844459af2ae248509e648add42e8dab344064439f1d3d77dd7f56c5c4bc7ddc926cd7bc3c8841d3638aef746de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
2bc8c5aa67eb02a36d166a59c642d61f

SHA1
3fb93dba019270809f65dae907378b81de37fb4c

SHA256
fd5110f106b465292f2f387b45660237237896d9b9abd34985140b8f4403c3f9

SHA512
421ccf0f317868ca8726d15432dfbdc838535c016106ce537b861b34db340265088a4eb25593b653f1fe5735206c78862f5629e083b426beb3a23a5fea3469c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
70dc26c4ea2104a842a5338f1ad1a2f2

SHA1
b4950bcd292c117ee65b5a4263ab312a717c749c

SHA256
dc869c27e570a5d7332e7618bcf3601b749d55003b063496c2215db70284e06d

SHA512
9b9b39aaa58006ac6c056a2add669317992f91437bb98607063578f21f8f21117dd54307d159f2d2cd626acf559896851b003e87f52512a14167d984407e1c62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
9bfc9f36f54b656a293f19dd7ae6c687

SHA1
3a424d418f0f0051400ee02e7eaa478a0fdc1058

SHA256
e0c6f89aa1907c6561c64ab80bd13ef946289fb4f39261fc75b30e9ae155d775

SHA512
d278cc871a62dc4ce2ac202980b479644205ad6d02ba9bea6f44905e1ac5ef94f96f493c7eb0e709920a56b3563d96a31c35a115e659feeb364d84c55ac9ba37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
d68d961786b56ddeaf2af8b939eeb8d6

SHA1
d0bf61c94358ba074069f54ed51a21e07b1070ab

SHA256
0d3bba1bdfdf33d602df95c94f5d75bd31a9b49b7e66f32dbbd21901adddfd10

SHA512
f673260da2adda463a422cc71eb5993346f1ce4d682b29fca4c32a5a4b814184f2bc291ec926b353abf062c06ffdcb16e58225619348c327bdf0e26ae265c189

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
e9b5be0c7b83be571833b2b0fe1148a3

SHA1
a255b5842b0e6ae917a8e63bd0b297aa24a5fd1e

SHA256
8708af9a15e484a90ca1af30a0d641afc830c8c28c8552b4f1c3957f5bce254c

SHA512
4b8cea477a5ca06e82b81a76911056fd1e2cc83110f4b9c639c0c87a874dc83c4cb633976e82d9095e782ebe84c40321542f370bb9e9b1bec3e376b4d12f764e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
1366e0472bf081a9709286fe96307364

SHA1
e304f59f9c37aef0658693f8874541ec70b406aa

SHA256
d8647f2bfb27b48f18d7b5251c735cacb8fd090a6c1b09077bc2e4a1b245e9fa

SHA512
d09057a9e9c9b817e0873dd6843ef21c6a2b628d7be1b4781737abc4cdacb2e959baba6d7c8bf9e927ea4757424777e830f628542d44150269800af57fa3c881

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5bb8b507b52bf23fe5ebfa35953d0e91

SHA1
1ced51cc213ac7fa1b6b67f6a4ff053dd2b96911

SHA256
7d75b7c5b122eacde4eef8e9dd7ea779d4a262615c9c84b69e8bd75ddae6ccb5

SHA512
cc806bef0d365b87ad0e4b0d15d382ddd84bfe7b8cad1a27c76cd6e62425ce4c924fee56ee157e50afa370beb00a4f258eecaa4c5e5a4111f575f06a3c869001

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
69bd62133cb178fd31a1a0cb4509cc15

SHA1
92404c9f012b18551faa779902925cc783a84e5f

SHA256
551f52b800d8bacdbea0171b37a5c25f18ab60c5ed96945d632458c9ecd33c6a

SHA512
51ea4529e7c106c9934858e2b883066bd19ee5eba56a326ec858cc6cee14ed15f9702c64745cb0c6e5a19dce8f79166e32bc13c4ca5f720b46342a680cbfbc2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
fc83ed19bc6fe066a36b7f06a53f8a2f

SHA1
4674c73d3c8dbf4a125911ce648e9e37a238531a

SHA256
eaf50df025bfcd1931147a971c6b33fe7457637a26d90ea75a709d580e7b5566

SHA512
e3bc8534c60d09543913d799cc0b2a1666d95322a46497bba3f9d9e71c526fdc3375012c059ddd0bdfbce6c401b7d7bef6ae7bf87b41506b027a7995a35a21aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
89d42ebc28640ca0eb9e99db4dc6a2ad

SHA1
7cffb3db92dc2b64c55baef2398ac963f8d2431b

SHA256
dfcba4248b300966ef960c4e763bd2731c3ab7604c63495585062cf225aa608e

SHA512
e2c8e6104fe94a79560b214dea661c7ca39b212a23c33cab2d1289d9a05b5a1946b8a7796caa6f6165b1ba3db9fb725eb18e64ffcae6ec0efe2166885448db02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
90c09cbff6464d961a088a79f871d63e

SHA1
41439fbf86d7e7ca404ae2b30ff7aff4e9d3de4b

SHA256
31b5f2db352220d1bb9cdf2712cf1199d133722f011334e6a58165609c05c404

SHA512
54b7dce389a21e62e9793d43fba24e0ef62870c17b363fd528b6eb85eb3269907975721d90c59308d1329d52fd2ba7be9966757d877a9665f97697ffac368fdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f141e99cc479fd268f6c3d918c94203b

SHA1
a38bb5ea55442f170945dae4ec9b29ef931ab7ee

SHA256
d9d3f860f16ce31085409a651817cee3baaba0d5e95334dba5ca3c42ba5c5a29

SHA512
32c0a4e3e07b3539fffdb4428c6eaa4c5280a72a4528d0ba46386c7fc3cd3aaf445dc47eb879ae5be9a5a07c6fb73f35bb4d6968f7d9c427013a871d6b7742d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
07f157428bff524e1ec23179f30fa384

SHA1
7faff4b83f93f38a8184c74464f6cb3ebf3750b5

SHA256
2fede7abe4cfcfcf898115d69daa4c6dfab1f13d9e62c2533ee51b769856869b

SHA512
048b9748a4735aca3742edfb1e807999af0499567b24e6b01037fd895809045108425c5e4d74f8f59234c1a1539844822e3fec84a622182b215c553e24fef729

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c26b60aeff58813d9364c48eaa945531

SHA1
5a308bef0e66a733738f448225cd5e2b4db6ad65

SHA256
dcda560b5d350da19a02ef7099e21ce12787d3b896060865420e917061aebe4e

SHA512
8548916bec7b15f76ace37c44ecfa33caa824e40c834c28c06e9e856ea4a900d56b62815826aaf7c10f2c67de91202c08e7e293ff2d79c1919ec2a128e0d7f6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
55f4dca1080430bb050c3c23fd88bea9

SHA1
2b74b15948c0598b667db86862b44d92223149f3

SHA256
9e52f44b0b3a1623aa417e657ed0c44dfa9368589d5147d1a1dbec12a7113db1

SHA512
80a3ac0a9bfe1d000eb547b6d2aaf2122b9f23cbe405899c557af60ba0aab35b72228ad6dfd63d443f09395b1cf3174e6e869e7fa15fa055bbc4d3281f536fa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2d08fc28b704051d24dfb2d41cbd2a0e

SHA1
c23960cb3a7fac37a550ad9368a642d06b90284d

SHA256
d74fb494de4e10de72244a5505fd9d569e7863c361cdf0ec016264e528463381

SHA512
bdf5938ef3db05de75c3449b007000d10aab2ef18738e8cae64cbda0894c901a82f27103fde7110db2b631c8b1d0e48f45826d26fe347dda2cbb56e32866d5bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1d141eaa94be8f5295dc946385546ad4

SHA1
2f9d52a02f393705f4542bbbd83847b2df5e2804

SHA256
9966031403de826fdd844ae492de8e06ea3d2c61572d84a8a499a483306cd7a4

SHA512
edd9cac14bac4c586bc8e082835c2c2f0d3666f64c3c15ce3c738303f1e31efdb9a833229b369d4f83601fc0bc9091bc6b0b7a85124e564752c5334637a2a9a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
34c00e378b26cf54bd0004b5d843a522

SHA1
6b76a416dcafb804021a6dba344bd9e5ac5eef7c

SHA256
cf2db383169b14c5ed6dc278b719434c68f4dad1cd7a54371d237697a5ba52c5

SHA512
37e5e0b7fbe1b613ef63d09c0f51c04056c31ccb54ff446310ec153c5a9b4308c72e66dcf0e214100d8c297b3b3a3b0b352451084db657a3f41169740527e126

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
bacad99f22cd4424bdae7e82bead285c

SHA1
31f505d3c8377e31a1fc8029a057fc132ab1fa80

SHA256
eef1d0605c988b32792765558449acf7ebfd7625c6bacd91ab0ee1508c78a8f6

SHA512
9df0c11343a7433b0e936a3db98e6d78b85bd9c1d7dd333f6fc090da05c7c076ffd0b82005e091007d1524a2fd7177c4f247a9787018255297ba5bc020249564

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8eec1d80-76e2-4d39-9bd4-2d7504bcb949\index-dir\the-real-index

Filesize
2KB

MD5
bd16468dbff7f159a9db92462459bb31

SHA1
baba8bd3c5c5b44d73d026f8d836372c0c45f1c0

SHA256
38c00eb6b3efc33b8f8222f8c356b8fb7cd9bd798b67ae2f71bc4f6654958910

SHA512
64887c37b824318b5769a727e9f3dc61250eebfb80a1f96b102425c352eb06e5787875be544a2097209836c0c6ef092e025b3ef9543b52b7e7caab66983ade18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8eec1d80-76e2-4d39-9bd4-2d7504bcb949\index-dir\the-real-index

Filesize
2KB

MD5
e14569ab9dc1f807e8fb3e62229ceb11

SHA1
3bc853d465186d23087c475d880e6c2f4764f533

SHA256
ac3b96493ad49fd178f0914ba29fe2544891f85a900346dc5115f3a450ed0dd4

SHA512
d85d1d0623bf245fa3e6c85fb657adabdded1fb28297ffe2441e536201bced31ff3d126df8932cd67254458a0ef33a2e0fb802f3735ecdce1e8aa1f0f22b81b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8eec1d80-76e2-4d39-9bd4-2d7504bcb949\index-dir\the-real-index~RFe58c00f.TMP

Filesize
48B

MD5
d7fdca7d1b1cd40fefc87705ce0fd2f8

SHA1
f15ba86db186e767329ebba5b189cb852b515589

SHA256
49f8b0e7d7e5bdc21295ef69243aaa96b4d4eb62282d5b05f76a115b2936668c

SHA512
a5d79d73073b4b02e5cf241f8e2e9d823bc84a840f33aa278ab8ff14298b9a8719b80a44071e25ec8d68a173d32f311cb271c0598b680113b202d9af878cc2b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d3ef72d4-3665-4508-aab1-e814ba5dfe6f\3d0fef3b9a86d718_0

Filesize
2KB

MD5
24d8e96d23538cc16141ef32077e2257

SHA1
6ba098b2166e3ff8387aaea0fc22ac8938fc7dc9

SHA256
85197408fc35810bcfc0486de65bc733d3fc8cf56dc144602bb54231f9830aa3

SHA512
141c28a19fb7012ef1fe1aaf5382b8b57ee3f70aa5d5beb3f41b32a8ad97b58be49169ebd41cd59af670eac6ea45199843c8c38d2438581f696eaa03e7103426

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d3ef72d4-3665-4508-aab1-e814ba5dfe6f\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d3ef72d4-3665-4508-aab1-e814ba5dfe6f\index-dir\the-real-index

Filesize
624B

MD5
d2191d0e38dad966995eac7b58df001c

SHA1
2bc3384d926da3b05ba5e3ddd60e617fc87baaf7

SHA256
55b9658929dcbd0a8d5b58f3bda960198c2b7ef44064b02b8a6825ae3672ad05

SHA512
46e8e9debbb8ba46cc3931ddef0006ce3e7cfcd83382a4bddc54bbb214f17c0205053fdbdd47034968454dead5d677ba28fcf6702321860ffa518b928dde8a3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d3ef72d4-3665-4508-aab1-e814ba5dfe6f\index-dir\the-real-index~RFe591bbc.TMP

Filesize
48B

MD5
f386ebff8587832509b51a6e43fb8bdf

SHA1
6d18ab3cfdd82cedd92784ec0b621ca7c3c9c2cd

SHA256
eb376915d21c97d3fdf3923a95da2912491b9ba0b640c5886715bce35d52653a

SHA512
45295ed7f6fb913defde66c2ac3e83d30c9c3a4e07939dd845bd4c0be1e92b084a499e106f5f557aeb47b0ea4f14d3eb4eb9ca56f9d4b079029c5ef6f7bbc500

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
1b09f925ca114665b959a07a92f991a6

SHA1
ea3555d5e758a5ae3e2e31e1ad86a40f6a58a35a

SHA256
2203cb4c7bd6424299edd6e86709f0b7e8c2021cf22e5515a8a35af4d9c85bbc

SHA512
3decb1a8b463b859b27df7682c32953dc488088f868d378dc56de5ee8c297108730c7945b118fcf87c0065c202fd6b1fb8a46a976276672ba29c3aa0ebf95f75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
482e82decfe800d9f55373a030411e09

SHA1
2fe5fc157b23f7a57dee76ce1d892244019d5a65

SHA256
4a9d0603c3ae9b597bca251c97acd2341b3a02da54cb8082ccf8c66bf5988eae

SHA512
c111bf36f7a7ab1574b6e88a2d481c0cd11dba52749d0a19225685b2795384be71725376007081f837cbacd93028d0693f449b826d1d083557be6bc1285027f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
c3243b5bc42bb49288c661ecf4d27e63

SHA1
23efdc878a1270bbe59ba7bd62aa7d28d898e7ed

SHA256
f080482a77e9f1ce177e1a236d93969c52dd9da25e17252db2911d60fc89a668

SHA512
984e761a71e55ef8b374843f566796eb2493c22013354d99d27a635edc46a464e2ba1f666cfd2b0e16fb162411d421fc212b52a7563041e652fc1c5bed92145e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
004621b0bffd5235979eba6a617d3f58

SHA1
58ff5627fce4f803c83c513641a4d73d995b1d1a

SHA256
44a5e085e950a8ef63aad83840f4260c3944e351d269419e97bf25cf0c9c3e08

SHA512
601165b39c4dfe29ff2a1ee13c48e0477f1ff9cf95bfc3ef00914033cb6a5f5a24d8fe9be4366a84e98cc98cfaa57f8d1ecee5128b21db019c8e371f8111f91a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
567262e6f36c512845d663155abc4a5f

SHA1
7d66491fd9b720deec0164af872166f2d746ac25

SHA256
b7ec7fff962223081df219103fef87279ecaad42ae24a9756e25474bb605d63e

SHA512
f9dc1964d6819df2ec28b781887fb9b87e2143a24e5731984abbf990c914dfb5ad56612bebef408f878685263c4d79940a55d70ebfd7b143673be4124550a1e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
78f9d8ede23c4324d94eb4028a8de3b6

SHA1
671ab103a39427e00d2c3d0c907e95e47d0b2d73

SHA256
1842e185a9d3c5adf410e3cca21b965a6273329c1bff55ffc3c57f706585206d

SHA512
1c45405471b79ae6455ce51b78514ee3225f6e048c2dfcaf0a083e9bd206c1a4b6e1cff19f2fbeff51a9c09af007e1f91c670da3c26ea548f92b7d1e684788d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58b06f.TMP

Filesize
119B

MD5
a082c0812634d602eb6e8ad0780f97e3

SHA1
7b2944569dbbc96f1c0c068bf906696a6508fe45

SHA256
b46917a28af7bd1ecfa604bd92df43d82c14bb8018213a22262cc4d1d61062ef

SHA512
65ff37cf63268e7d19a1b3da95965b8c21879cfa288bb0d5ad3f35a05a3469db141d68c9f3bd4f27ccbd34ff3408705e20fd5f3b56d53ccd7174ab06cf6bbaeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
e0a82606fa57eead25d64b2456adbfde

SHA1
cb6fac888ae67ac6ed162517865af9c9516f4f1f

SHA256
71e84737b38e5816971491467378ffab67932f6e678d309debb7ec0a71a874f7

SHA512
ee870b71f57bb554a4e3ee5636ef5166e0f67847968ea88ece1131960f8c0596ec90407d19c019f0022e69e6463cd27a92284938be6dfb6493d6eb97c5d2d6e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4088_1654385838\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4088_1654385838\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4088_2090855945\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
990e46917cdd150da23da5abee78aaa0

SHA1
eacba29f0d43bfab515b09f92bbb8252264b555a

SHA256
0dc9a101479e2cd49d9d4a3082cf0070c4d88a32cf44425c3a4762edaf75a576

SHA512
41a1d77b1c91a83b1de62f6573e1de99a63b24f658b291a3e05bb22356d54917ba9acb23a2bc32703cba6ddd78e76d3cae2ebd6c12a609682a9269c1654ed6aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
5bc1549e22e065f893310ce974991a1d

SHA1
fb3c3e2fce5219e80c670b4376d36f6a9cd9572d

SHA256
12dd72ec4a5e6b3b2eb5764bacbe51a3d670806c316776ad007d27c48170d3ed

SHA512
6ee4804e29f37e367dad78912a8446770d302d4596f190e4ec1c1c0534a19d48cc254fbde62839ea749dc078f181702def6386ad68e32f60fae0e6928c64f151

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
c1ac9963cd36dcd619975dc756db6635

SHA1
831cf314ba0dca0cc48b822139f2f95651345382

SHA256
6d7e103a208285cf5c35d0c4f462811443c4a39e97e28da2b4cf6cc8fb12f3f3

SHA512
03782945abdc5ac418991cff4cfd2bafe6e425679c44cf99b8e37e27451ffbaa6c68074282b571f9f774b7374406e062856190e6cafee8643c9bc3745f548bf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
49e1a3d57bbba3a0aff7e96af468356d

SHA1
48b3c31495c40151bda3d0081c37ee9153fa21a5

SHA256
a56c01544691ef97290fde49e4f6e057c13afa508c35ed522fe42491f53782a0

SHA512
169ecdde2cd8b77d2378371c594a9d6e1db31ce7a35301df37391e13001d5d1201c83e3330a016edd15a7fd0cd155e29dfdaf65c7d905629d7f173e23ea01ee4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
738e8beb32fb03b8a3e1f592e00b1182

SHA1
3e8fe4cf19a9e603be4767573da18797ee20d174

SHA256
fda5e69cfc0e203912fe1d32603da25cd4ada854ac32d6531567d82a7489c04a

SHA512
d574f87c5b3161a66969a007d9c6ead8312e142eb54bfefa02ed52f2f882f9af90ea10c86cb7849bbed949d11405a84a1a54e3973d24b0344b66692e7ad98236

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
735552c8630d07e8fd1089b76d6b3c96

SHA1
e753847a9528901fe1e3ed96d4769faf10d70588

SHA256
1cf7cfbd308a83f7586b64bae31d2576746daef7557b8df9f292dcc7974df774

SHA512
42d9667825194105aa388d72fe6d09e9767301826522e3b80231f12a17d93a53f86c611c1b5fc5bcf5e42fb626c7912e4539af40e00c3e6bed80bf2534383437

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
3089917ae8101a3a946b2ebfabd000df

SHA1
791b47e4926c8b9eb58c6c8494e19669d3fdb0c1

SHA256
0d151b3cdf44091845596eda28e8fecd04af685c7c1bdf3ed2e26cedd4384703

SHA512
9c35f2f57085b2c794866d8883b38e07b13bd764b45859fb1279de76dedbc64e5816148a15d3df2bb316985a05ceac295147661947ae7c8ea31d93f62b9c044b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
133KB

MD5
c25c1bc6ef2eec0e829c2783f2258a62

SHA1
c3da3ef44bac0b9f0a3d3dc8b5e10b2e8d05898e

SHA256
2941a4cd80aa1597448e63ecaeb9e47fa01a50b3f311fc92505b83e138983290

SHA512
62b27e640e2d09eeae17fb2794b796d2caaeac35e4d9f98ed28ecbed13899725867a3e75149064cdc9e22c5b20dc5c0b6e0121419d0202e211f303c9d049f878

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
5635bf9afa5d3b98f8ff9ecc0df7def7

SHA1
c88539f5fc6a34482b70fb5ce1fd41e89d186f11

SHA256
7413f8d0c7c74fd58badb036f6e04d407e156dac0c5bc3f2e36c4816e8fafc70

SHA512
52d0d95245c9cbc5906b00fe204f09d62b2cda0226a381cdb3385066863b535d7fc581c336fa5f296717d303c6e1f626120be7ff924a7dafc51d48fd67c9cc16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
7db2dfb87fbc8742d5de49a9191ad236

SHA1
a868e47fbb344a317de03f59140c1cb1656b0b7c

SHA256
364e6fabebe5c8490a01c2752391795746d08f84ea696ba7c9c2841210428f65

SHA512
cc678f1ea13403454fe84af75fb98811d4e6481405ff2ae6fbff889791d295bba6278c02f781950eef1d41f2beab9785ff78cfa3cfbf5b0c1670d642b690e36b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
1b5b336828b6894c8349e94000943afb

SHA1
bfceddaf618b30deaa510a4e9c03462f2d9a2cfd

SHA256
bd510d6872245a1ee5c8009174bbbd23286e47b92a501dbb39c67b513f334c98

SHA512
b56180958e2537fbe27c6fb31f9e06a45e115e4228f0232d1f568f0ed361d565836d000de6a8db01c9f1fc5e16a53bc178a1635f68f51c7a816840c695be8a4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
2fe53d05a7923961db782d8f80630b2e

SHA1
f4dc87c721e0242b8492241c49e7e02a75bd62b0

SHA256
e69389abc2cada537ed30c2113d3a6021ba86751ae419320b878b21bb5c786a3

SHA512
f2358b6610c014035802eeb5d362ab24abeb9d1926377b91afdf937a98ca13ba22fefe5470272df46d1e56679d87e2c09687a8c0d939d3a58287ba02cc851f11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5983fb.TMP

Filesize
89KB

MD5
293a76984a3ba03109035bfd3d1ef63c

SHA1
795a5070991bad5ee99ebd1c2d8bbe05fe67ad1e

SHA256
c0bf5c7fa7d21c526c1f59e5462efef48fb25dfc6f7668c9657472e76f1f8913

SHA512
327c9b3da4c47cb5bf4cce12c877edf71bd794ac02f8b56eb29df1fc315ca51f19c315067fede57fa79dde468e7a89614bf15a6de5f647a958cd14bdb4ef7ad9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
6cf293cb4d80be23433eecf74ddb5503

SHA1
24fe4752df102c2ef492954d6b046cb5512ad408

SHA256
b1f292b6199aa29c7fafbca007e5f9e3f68edcbbca1965bc828cc92dc0f18bb8

SHA512
0f91e2da0da8794b9797c7b50eb5dfd27bde4546ceb6902a776664ce887dd6f12a0dd8773d612ccc76dfd029cd280778a0f0ae17ce679b3d2ffd968dd7e94a00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
64B

MD5
d8b9a260789a22d72263ef3bb119108c

SHA1
376a9bd48726f422679f2cd65003442c0b6f6dd5

SHA256
d69d47e428298f194850d14c3ce375e7926128a0bfb62c1e75940ab206f8fddc

SHA512
550314fab1e363851a7543c989996a440d95f7c9db9695cce5abaad64523f377f48790aa091d66368f50f941179440b1fa94448289ee514d5b5a2f4fe6225e9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
e5ea61f668ad9fe64ff27dec34fe6d2f

SHA1
5d42aa122b1fa920028b9e9514bd3aeac8f7ff4b

SHA256
8f161e4c74eb4ca15c0601ce7a291f3ee1dc0aa46b788181bfe1d33f2b099466

SHA512
cb308188323699eaa2903424527bcb40585792f5152aa7ab02e32f94a0fcfe73cfca2c7b3cae73a9df3e307812dbd18d2d50acbbfeb75d87edf1eb83dd109f34

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_czezapyj.kuc.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp

Filesize
3.4MB

MD5
96bf72cc1e5ceacc0b900289df3d72ef

SHA1
270c556a22902e58e94e58d837df3c4ef4d73dc9

SHA256
e1da68f9feb143337473cb4b45910c50f523edfc8809e3988095311fbf4a6555

SHA512
855402a08c24273f4d3b3119bf59589bb37734f8ec9f7ad13ba3069c1ff2ff3e976a656bce1ca2addbb9d7e48604ee1782adda60bd5f8794199b0650e2407034

Download Submit
C:\Users\Admin\AppData\Local\Temp\peformancebooster-GLZxLN\RestorePointButton.bat

Filesize
985B

MD5
accc17da2a942fde62ac18511cfd2d78

SHA1
6498cf49193f1cb41c4864815f7123cb16560e7d

SHA256
1d3d0448fd91b5c04ea67b20c5652e626a34bde163c36dccd8ba4d664dabd74c

SHA512
b689e6d0744bd797c9841ec082f772ad858c41e5268709fa4a8d032c243eb73f07ce17c1743917f2bc0e7cdd7665a68fccaef4c02a70ccf2f7ad3b8530af593e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
c5b96cc088a9d26aa216b1d380bb7dcf

SHA1
e3fed96b9d23cd2008577a3cae218dfa541e9580

SHA256
8c4a125aa62e24eb6f196655d806e42fc55da68ddb1452760726deb64caf1b10

SHA512
0f6abe98394a713e24f1e6b467baad1ea5fecff788568f312e078e46f79753ef9c2c92d788d3fd6290e2ddba6bf192b6b20821b738995a9eb90c2f859aeb60a7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
d92ab14c12c0a2b0499343e1513f5001

SHA1
61f1ce520c1e58869984088424235659cf2b7833

SHA256
b2a11daa9865f97af1768c440896f7d87f917911c3a4ce8d5706a610773f9abc

SHA512
465b88bc1b6e1fb86c083fcacd6e32e34cdaede49519ab204be8bb1f198ad33908295fc97bf44c126040687f87ef8f634421d42dcae27c711ec5f602a9935c9d

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 716032.crdownload

Filesize
20.0MB

MD5
88370493f8ae3b4373d713fff1737ef4

SHA1
fcb57fb45e2d08e54521dcc622df6b3fa1180a4f

SHA256
adc907859265c570547e9e7ee415c3ce59e4d4c7aad6697f9a6fbd7a58667cae

SHA512
8c6fcc0eb6bae1f8dbf1810d521c0135d11985aabda77dcdff47a063abbbbbf0712c1d25f0dc31a912e6d8eea2f559f732afd28e8f1dbe67762fb4bed8caf10d

Download Submit
memory/756-490-0x00000206C7A90000-0x00000206C7AB2000-memory.dmp

Filesize
136KB

Download
memory/2804-172-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/2804-415-0x0000000000400000-0x000000000052F000-memory.dmp

Filesize
1.2MB

Download
memory/2804-468-0x0000000000400000-0x000000000052F000-memory.dmp

Filesize
1.2MB

Download
memory/2804-169-0x0000000000400000-0x000000000052F000-memory.dmp

Filesize
1.2MB

Download
memory/3904-176-0x0000000000400000-0x000000000076B000-memory.dmp

Filesize
3.4MB

Download
memory/3904-416-0x0000000000400000-0x000000000076B000-memory.dmp

Filesize
3.4MB

Download
memory/3904-441-0x0000000000400000-0x000000000076B000-memory.dmp

Filesize
3.4MB

Download
memory/3924-498-0x00007FFE0DFB0000-0x00007FFE0E5EF000-memory.dmp

Filesize
6.2MB

Download
memory/3924-457-0x00007FFE1BD50000-0x00007FFE1BD68000-memory.dmp

Filesize
96KB

Download
memory/3924-510-0x00007FFE0CC80000-0x00007FFE0CD01000-memory.dmp

Filesize
516KB

Download
memory/3924-511-0x00007FFE0CC60000-0x00007FFE0CC73000-memory.dmp

Filesize
76KB

Download
memory/3924-500-0x00007FFE0CFF0000-0x00007FFE0D950000-memory.dmp

Filesize
9.4MB

Download
memory/3924-508-0x00007FFE0CD10000-0x00007FFE0CD70000-memory.dmp

Filesize
384KB

Download
memory/3924-509-0x00007FFE14700000-0x00007FFE14713000-memory.dmp

Filesize
76KB

Download
memory/3924-499-0x00007FFE0D950000-0x00007FFE0DFAC000-memory.dmp

Filesize
6.4MB

Download
memory/3924-563-0x00007FFE0D950000-0x00007FFE0DFAC000-memory.dmp

Filesize
6.4MB

Download
memory/3924-496-0x00007FFE0E5F0000-0x00007FFE0E7D4000-memory.dmp

Filesize
1.9MB

Download
memory/3924-497-0x0000000064940000-0x0000000064956000-memory.dmp

Filesize
88KB

Download
memory/3924-494-0x00007FF62B030000-0x00007FF62B353000-memory.dmp

Filesize
3.1MB

Download
memory/3924-505-0x00007FFE1BC90000-0x00007FFE1BCA5000-memory.dmp

Filesize
84KB

Download
memory/3924-504-0x00007FFE1BD50000-0x00007FFE1BD68000-memory.dmp

Filesize
96KB

Download
memory/3924-503-0x00007FFE1C830000-0x00007FFE1C846000-memory.dmp

Filesize
88KB

Download
memory/3924-506-0x00007FFE0CD70000-0x00007FFE0CDEC000-memory.dmp

Filesize
496KB

Download
memory/3924-464-0x00007FFE19690000-0x00007FFE196A3000-memory.dmp

Filesize
76KB

Download
memory/3924-466-0x00007FFE14700000-0x00007FFE14713000-memory.dmp

Filesize
76KB

Download
memory/3924-502-0x00007FFE0CDF0000-0x00007FFE0CE20000-memory.dmp

Filesize
192KB

Download
memory/3924-470-0x00007FFE0CC60000-0x00007FFE0CC73000-memory.dmp

Filesize
76KB

Download
memory/3924-459-0x00007FFE1BC90000-0x00007FFE1BCA5000-memory.dmp

Filesize
84KB

Download
memory/3924-455-0x00007FFE1C830000-0x00007FFE1C846000-memory.dmp

Filesize
88KB

Download
memory/3924-507-0x00007FFE19690000-0x00007FFE196A3000-memory.dmp

Filesize
76KB

Download
memory/3924-501-0x00007FFE1D790000-0x00007FFE1D897000-memory.dmp

Filesize
1.0MB

Download
memory/3924-495-0x00007FFE21820000-0x00007FFE2183A000-memory.dmp

Filesize
104KB

Download
memory/3924-518-0x00007FFE0CFF0000-0x00007FFE0D950000-memory.dmp

Filesize
9.4MB

Download
memory/3924-519-0x00007FFE1D790000-0x00007FFE1D897000-memory.dmp

Filesize
1.0MB

Download
memory/3924-517-0x00007FFE0D950000-0x00007FFE0DFAC000-memory.dmp

Filesize
6.4MB

Download
memory/3924-516-0x00007FFE0DFB0000-0x00007FFE0E5EF000-memory.dmp

Filesize
6.2MB

Download
memory/3924-562-0x00007FFE0DFB0000-0x00007FFE0E5EF000-memory.dmp

Filesize
6.2MB

Download
memory/3924-564-0x00007FFE0CFF0000-0x00007FFE0D950000-memory.dmp

Filesize
9.4MB

Download
memory/3924-565-0x00007FFE1D790000-0x00007FFE1D897000-memory.dmp

Filesize
1.0MB

Download