hxxps://cs16[.]688[.]org/

Analysis

max time kernel
925s
max time network
929s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 00:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cs16.688.org/

Score

8^/10

bootkit discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
5388	CS16Launcher.exe
3372	hl.exe

Loads dropped DLL 25 IoCs

pid	Process
3372	hl.exe
3372	hl.exe
3372	hl.exe
3372	hl.exe
3372	hl.exe
3372	hl.exe
3372	hl.exe
3372	hl.exe
3372	hl.exe
3372	hl.exe
3372	hl.exe
3372	hl.exe
3372	hl.exe
3028	hl.exe
3028	hl.exe
3028	hl.exe
3028	hl.exe
3028	hl.exe
3028	hl.exe
4448	hl.exe
4448	hl.exe
4448	hl.exe
4448	hl.exe
4448	hl.exe
4448	hl.exe

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	hl.exe

Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	hl.exe
File opened for modification	\??\PhysicalDrive0	hl.exe
File opened for modification	\??\PhysicalDrive0	hl.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Win32Project6.exe	CS16Launcher.exe
File created	C:\Windows\SysWOW64\Mssv12.asi	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\valve\valve.rc	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\cstrike\userconfig.cfg	CS16Launcher.exe
File created	C:\Windows\SysWOW64\Core.dll	CS16Launcher.exe
File created	C:\Windows\SysWOW64\GTlib.ini	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\sw.dll	CS16Launcher.exe
File created	C:\Windows\SysWOW64\voice_speex.dll	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\vstdlib_s.dll	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\GTProtector.asi	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\hlauncher.exe	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\hl.exe	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\valve\hw\geforce.cfg	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\protector.ini	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\hwpatcher.dll	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\tier0_s.dll	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\restart_debug.bat	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\steamclient.dll	CS16Launcher.exe
File created	C:\Windows\SysWOW64\cstrike\autoconfig.cfg	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\cstrike\bin	CS16Launcher.exe
File created	C:\Windows\SysWOW64\hwpatcher.dll	CS16Launcher.exe
File created	C:\Windows\SysWOW64\vstdlib_s.dll	CS16Launcher.exe
File created	C:\Windows\SysWOW64\cstrike\resource\GameMenu.res	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\BCShield.asi	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\upatch.dll	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\cstrike\valve.rc	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\cstrike\motd_temp.html	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\GTlib.dll	CS16Launcher.exe
File created	C:\Windows\SysWOW64\cstrike\banner.cfg	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\config\rev_ServerBrowser.MGB	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\valve\motd_temp.html	CS16Launcher.exe
File created	C:\Windows\SysWOW64\steam_appid.txt	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\valve\autoconfig.cfg	CS16Launcher.exe
File created	C:\Windows\SysWOW64\vgui2.dll	CS16Launcher.exe
File created	C:\Windows\SysWOW64\hl.exe	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\Win32Project6.exe	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\GBRGuard.ini	CS16Launcher.exe
File created	C:\Windows\SysWOW64\Mp3dec.asi	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\rev.ini	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\msvcp120.dll	CS16Launcher.exe
File created	C:\Windows\SysWOW64\tier0_s.dll	CS16Launcher.exe
File created	C:\Windows\SysWOW64\dbg.dll	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\valve\hw\opengl.cfg	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\valve\motd_temp.html	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\cstrike\bin	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\protector.dll	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\FileSystem_Steam.dll	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\Steam.dll	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\protector.ini	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\platform\Servers\serverbrowser_english.txt	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\cstrike\liblist.gam	CS16Launcher.exe
File created	C:\Windows\SysWOW64\valve\userconfig.cfg	CS16Launcher.exe
File created	C:\Windows\SysWOW64\voice_miles.dll	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\crashhandler.dll	CS16Launcher.exe
File created	C:\Windows\SysWOW64\cstrike\autoexec.cfg	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\wwwupdate.db	CS16Launcher.exe
File created	C:\Windows\SysWOW64\wwwupdate.db	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\Mssv29.asi	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\voice_miles.dll	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\cstrike\resource\GameMenu.res	CS16Launcher.exe
File created	C:\Windows\SysWOW64\valve\banner.cfg	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\cstrike\cl_dlls\ParticleMan.DLL	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\GBRGuard.dll	CS16Launcher.exe
File opened for modification	C:\Windows\SysWOW64\swds.dll	CS16Launcher.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1456	3028	WerFault.exe	182

System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CS16Launcher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CS16Launcher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CS16Launcher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CS16Launcher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133702301825941244"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{E6E064D2-9F87-4C4C-83E1-5A8DE7837916}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{35F7582E-B25F-4B4A-A494-9C4B1DFC6A10}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{5BE646E7-0224-4AD8-BEE6-2EC73948530A}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 25 IoCs

pid	Process
2848	chrome.exe
2848	chrome.exe
2960	msedge.exe
2960	msedge.exe
3172	msedge.exe
3172	msedge.exe
416	chrome.exe
416	chrome.exe
416	chrome.exe
416	chrome.exe
3028	hl.exe
3028	hl.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4448	hl.exe
4448	hl.exe
4448	hl.exe
4448	hl.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
5456	OpenWith.exe
4448	hl.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe
Token: SeShutdownPrivilege	2848	chrome.exe
Token: SeCreatePagefilePrivilege	2848	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe

Suspicious use of SendNotifyMessage 61 IoCs

pid	Process
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2960	msedge.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2960	msedge.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2960	msedge.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe
2848	chrome.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
3372	hl.exe
5456	OpenWith.exe
5456	OpenWith.exe
5456	OpenWith.exe
5456	OpenWith.exe
5456	OpenWith.exe
5456	OpenWith.exe
5456	OpenWith.exe
5456	OpenWith.exe
5456	OpenWith.exe
5456	OpenWith.exe
5456	OpenWith.exe
5364	AcroRd32.exe
5364	AcroRd32.exe
5364	AcroRd32.exe
5364	AcroRd32.exe
3028	hl.exe
4448	hl.exe
4448	hl.exe
4448	hl.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 4736	2960	msedge.exe	116
PID 2960 wrote to memory of 4736	2960	msedge.exe	116
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 3572	2960	msedge.exe	117
PID 2960 wrote to memory of 2136	2960	msedge.exe	118
PID 2960 wrote to memory of 2136	2960	msedge.exe	118
PID 2960 wrote to memory of 4904	2960	msedge.exe	119
PID 2960 wrote to memory of 4904	2960	msedge.exe	119
PID 2960 wrote to memory of 4904	2960	msedge.exe	119
PID 2960 wrote to memory of 4904	2960	msedge.exe	119
PID 2960 wrote to memory of 4904	2960	msedge.exe	119
PID 2960 wrote to memory of 4904	2960	msedge.exe	119
PID 2960 wrote to memory of 4904	2960	msedge.exe	119
PID 2960 wrote to memory of 4904	2960	msedge.exe	119
PID 2960 wrote to memory of 4904	2960	msedge.exe	119

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cs16.688.org/
1⤵
PID:4216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=2128,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=4776 /prefetch:1
1⤵
PID:4516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4196,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=3916 /prefetch:1
1⤵
PID:2872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5392,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=2136 /prefetch:8
1⤵
PID:4196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5400,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=5468 /prefetch:8
1⤵
PID:4380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --field-trial-handle=5844,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=5852 /prefetch:1
1⤵
PID:4500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5156,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=4892 /prefetch:1
1⤵
PID:4884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5964,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=5896 /prefetch:1
1⤵
PID:4856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6248,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=6240 /prefetch:1
1⤵
PID:4372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=3504,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=4932 /prefetch:8
1⤵
PID:4176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=4932,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=6412 /prefetch:1
1⤵
PID:1652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=6488,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=6532 /prefetch:8
1⤵
PID:3952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --field-trial-handle=5028,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=6340 /prefetch:8
1⤵
- Modifies registry class
PID:3504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=6468,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=6692 /prefetch:1
1⤵
PID:4388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x238,0x23c,0x240,0x234,0x264,0x7ffe62fad198,0x7ffe62fad1a4,0x7ffe62fad1b0
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3212,i,3147188078834114595,7501418632222552023,262144 --variations-seed-version --mojo-platform-channel-handle=3208 /prefetch:2
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1968,i,3147188078834114595,7501418632222552023,262144 --variations-seed-version --mojo-platform-channel-handle=3260 /prefetch:3
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2276,i,3147188078834114595,7501418632222552023,262144 --variations-seed-version --mojo-platform-channel-handle=3364 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4508,i,3147188078834114595,7501418632222552023,262144 --variations-seed-version --mojo-platform-channel-handle=4528 /prefetch:8
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4508,i,3147188078834114595,7501418632222552023,262144 --variations-seed-version --mojo-platform-channel-handle=4528 /prefetch:8
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=560,i,3147188078834114595,7501418632222552023,262144 --variations-seed-version --mojo-platform-channel-handle=4584 /prefetch:8
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4528,i,3147188078834114595,7501418632222552023,262144 --variations-seed-version --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=3100,i,3147188078834114595,7501418632222552023,262144 --variations-seed-version --mojo-platform-channel-handle=4584 /prefetch:8
  2⤵
  PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=756,i,3147188078834114595,7501418632222552023,262144 --variations-seed-version --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --field-trial-handle=4448,i,3147188078834114595,7501418632222552023,262144 --variations-seed-version --mojo-platform-channel-handle=4484 /prefetch:8
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --field-trial-handle=3828,i,3147188078834114595,7501418632222552023,262144 --variations-seed-version --mojo-platform-channel-handle=4276 /prefetch:8
  2⤵
  PID:932

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"
1⤵
PID:2304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe6ba7cc40,0x7ffe6ba7cc4c,0x7ffe6ba7cc58
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,1431116115688405852,17983668794406949684,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2184,i,1431116115688405852,17983668794406949684,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,1431116115688405852,17983668794406949684,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2364 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,1431116115688405852,17983668794406949684,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3424,i,1431116115688405852,17983668794406949684,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4048,i,1431116115688405852,17983668794406949684,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3696 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4828,i,1431116115688405852,17983668794406949684,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:5436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4872,i,1431116115688405852,17983668794406949684,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  PID:5540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4468,i,1431116115688405852,17983668794406949684,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3280,i,1431116115688405852,17983668794406949684,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3560,i,1431116115688405852,17983668794406949684,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5128,i,1431116115688405852,17983668794406949684,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4708,i,1431116115688405852,17983668794406949684,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5476,i,1431116115688405852,17983668794406949684,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3544,i,1431116115688405852,17983668794406949684,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3540,i,1431116115688405852,17983668794406949684,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4532,i,1431116115688405852,17983668794406949684,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5604,i,1431116115688405852,17983668794406949684,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5568,i,1431116115688405852,17983668794406949684,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5736,i,1431116115688405852,17983668794406949684,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4640,i,1431116115688405852,17983668794406949684,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3496 /prefetch:8
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5988,i,1431116115688405852,17983668794406949684,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3064 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=3564,i,1431116115688405852,17983668794406949684,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6028,i,1431116115688405852,17983668794406949684,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4572,i,1431116115688405852,17983668794406949684,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6124 /prefetch:8
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2780,i,1431116115688405852,17983668794406949684,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5428,i,1431116115688405852,17983668794406949684,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1320 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4584

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5160

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5492

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x508
1⤵
PID:2820

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Temp1_cs16-main.zip\cs16-main\CS16Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_cs16-main.zip\cs16-main\CS16Launcher.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:2080
- C:\Windows\SysWOW64\CS16Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_cs16-main.zip\cs16-main\CS16Launcher.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  PID:5388
- - C:\Windows\SysWOW64\hl.exe
    -steam -game cstrike -noforcemparms -noforcemaccel
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Writes to the Master Boot Record (MBR)
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3372

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5456
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_cs16-main.zip\cs16-main\Core.dll"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:5364
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5340
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=20AE515E9AE28D35125826CDA5562D6E --mojo-platform-channel-handle=1728 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:1384
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F91F9A55687BFC5BF979834E4D2061ED --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F91F9A55687BFC5BF979834E4D2061ED --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:1
      4⤵
      System Location Discovery: System Language Discovery
      PID:2684
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6E889594A6FF34AAD739646E9A2EAEE4 --mojo-platform-channel-handle=2328 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:5392
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=033611FBB83886681D0380A2FA7413E4 --mojo-platform-channel-handle=1816 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:5244
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=05EB5A1DB422E7904B209883A8A6F43B --mojo-platform-channel-handle=2444 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:3832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6072

C:\Users\Admin\Downloads\cs16-main\cs16-main\CS16Launcher.exe
"C:\Users\Admin\Downloads\cs16-main\cs16-main\CS16Launcher.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4672
- C:\Users\Admin\Downloads\cs16-main\cs16-main\hl.exe
  -steam -game cstrike -noforcemparms -noforcemaccel
  2⤵
  - Loads dropped DLL
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3028
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 800
    3⤵
    - Program crash
    PID:1456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3028 -ip 3028
1⤵
PID:5092

C:\Users\Admin\Downloads\cs16-main\cs16-main\CS16Launcher.exe
"C:\Users\Admin\Downloads\cs16-main\cs16-main\CS16Launcher.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4536
- C:\Users\Admin\Downloads\cs16-main\cs16-main\hl.exe
  -steam -game cstrike -noforcemparms -noforcemaccel
  2⤵
  - Loads dropped DLL
  - Enumerates connected drives
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:4448

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x508
1⤵
PID:5564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0b20886e-1492-4da1-b889-68d448d42147.tmp

Filesize
11KB

MD5
0f0d4134c63510b2372579b9d8b9fea4

SHA1
08dc48693063a7f2f686c7adca4fef9e063b56c1

SHA256
175a6fc4a08682c001e45db6a3788c79c687a9985b04dce6cf2b09874f8f4fbe

SHA512
463b6715c9918fb1406c5c3f5a5a0c9d8f1613a18f4482f2ab263a7f32d2de13db92cd5993fe7e4392206a9e9cf5c5f3efa1fb28282a0f1ab53a9d5b2e376d8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\293883a7-3b8f-4ed5-a2da-b817d92cb298.tmp

Filesize
11KB

MD5
89d938fce17ae44f51c9435168ffa307

SHA1
14158fcf93166a68fc3e95ba0372382676c2821e

SHA256
f9afa8f83212e12626912dc009e8507443a0ad9afa0d83c1c5c6b91e2849f975

SHA512
c7e9b38aa24bc2088520429ad673f39521ff80656c56726f98b8255df6615e76e04a83e1b6aee7b34006591f9f0df10fbfbdf6aa0dfe72b91da278882db1c823

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c7e8fbe8593d789ff292434797899fee

SHA1
5b0f914cc59d7f5054f08f0797dd3b667a6a0640

SHA256
c260dde2b2f8ed95e1e7bf6d665cf349ba6332db9996862b4bf1341e09d07d6c

SHA512
08b5d074934630615e80df2f8c357af897380f5069d2b53cff285cfe1c1926fca6fff182149d56fff174fe9d7a04a6ffc68a5b707ac10989f2997fc2f024c4ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
20KB

MD5
564e38f2e39ff4d39c4982118a2dfa6e

SHA1
361c9446e928db9908b2b61cb65ccd2e1294a658

SHA256
c3b439ea96c1f9ff49b36a478ca810c05270be6305080030ef5409979914ffb3

SHA512
8e09a680427aed0b0272653c4418bf4fb0d9fcf078c84c04aafe4c4abae2022249713e3220d5c819553e0115cb919b5de1031de8a76fd6b51aaa93e428574e07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
32KB

MD5
18998e738c0c21101de9ce5779d456d1

SHA1
87d1d4eaf022f27302d96b47a36e44dd2bd0cca2

SHA256
9bb5dcf2c959d41f60fc1f6b710611726878e7519d5ee8016d10fa0267a13290

SHA512
a54fd2cf45d06132d6b60e4358aeb77ee32217d7b74a1defe752e3c8b2458af198caeddc596d0dffd6027f827564ef044c1485a45df857e6bc8b3f75f9f6e518

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
32KB

MD5
b52a6714d8f826dfb95bbce8b6133118

SHA1
d379be1fa86367a570d4ca16aee342561ad25d67

SHA256
5f35a91b6bfb1dab5043b904531f8705d7c116273b178995688a4492c20fc295

SHA512
79eff5d17020beecbd294d777001d9612bd9923868406a6f5d45c93ce5930de059ab4c86b0fb7a884d123c91512bb385eab7b70a3bcf857a4ecbc6c5e7261d36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
45KB

MD5
c2cbb38ef5d99970f0f57a980c56c52d

SHA1
96cff3fd944c87a9abfd54fa36c43a6d48dac9cc

SHA256
85369a1cf6e7ff57fe2587323c440ed24488b5ed26d82ba0cd52c86c42eec4a7

SHA512
50371320c29f0a682b9ae3703ef16c08f5c036e84d5056e658f5d9be7607e852adf72c13bf2d0b63fc492f5c26d330bdeb2ba38bfd8b0d4567f0cc6b0c0f7bd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\03ae0658db22f33f_0

Filesize
289B

MD5
6abd997ee3ac20133eb9fb2f969b8853

SHA1
bd258e0e59631d200911144bef8a7082c299140d

SHA256
c9773cc4d4f6a3f6da6217a0198d07963fdcaec4aa4f9073dfcea0eb8a43317d

SHA512
fa2783298c888da3cfcc41eb893bf70110b34856412032f4431083c7d2bd706960ac4ee2dbbd6b7571f3ae63a52413f6eb0618275320966c6372b0b36e3e520b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f1e238929875955b_0

Filesize
370KB

MD5
9db054883b0b119ffbadc2f251530694

SHA1
924c3f7e73310529cc2eac39012c915c5b28c8cb

SHA256
a224a5a5a7ce0ce74b1a927b6c819a51ff69e7417e000adda385fbdab20603d3

SHA512
577df65a3bb26dee04b7ad79ae713d151c798440d39222e2a2120aae848122e27f6b4a6b87b9c69ab8f14c27d8e3e36a845d18fd54019277bbcaaecd13ba81d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
5dd58611305582df0511907daa362519

SHA1
c83cb3c9663a6da9dc97d06a24f2a535240035eb

SHA256
4eed8862ca8d47f928de9f0422f994b33d59176e3d0d1a1656ad0b1333e25ff3

SHA512
04c0e0f08624f15a2a110ad0e9c07b94fe97163f5ecfc53c60b36a6b2a6972af84f22573ded6c81421dfcd06c88ce3bb251cd6aa28f351a0fae8aca139138949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e81d194debf5374dc2a1c143475d6376

SHA1
c1cd2a15112764e7395a5c254f1b29b5432687a8

SHA256
b3d63a6c7771ccb6a965e0783fb61856e0ea3fd2de436717cd3419da7335f6aa

SHA512
24a3c904719db44e9fefecd20ee1f0dbb77c3b4965a767cb21c820dfb30e84ef63829bf135dc68e8dbc194866b0ecb6d51df80e75a20ccacdcd0c31d1ea4491a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
490291dca771bd297077cae3991dc6ec

SHA1
b5a6844a0abc2af6fe98252d2d2b3ebc8b7d75f3

SHA256
b3382542c7151b010c1bb9a52eebb17ebfd5689d4ad5eddc9dd8760148f6c7da

SHA512
acf66deb80ec2b40a1ce48964e21a533d39d9aaa99ca2670a4b8ca8d62f31f78c876f81d173ef7a87ee0c5bf696b163fff1f649318739ac3d3a05d8018bbbec2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
92dc06609a680bfe608100d0345c8577

SHA1
13e9e48a14ccb95150262bb1a101390a1a5f9ee0

SHA256
2c09fdb97d02ea551cd5849f42e48b0d15f351e840d03eda5cf3d119548cef4b

SHA512
dbd12a59a7b2800652c53c0a19455e27ecb26841db2f1e9a9bd4ab51f03a032cc7d5df81fbd7f8d9156c475f8ff78fe19959d771549b90460df7eb93ed6bf200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
562355b9760ff5c1ff989795cf001455

SHA1
dabd102bf14e0ae093fc6e5dcae745f6836af3ec

SHA256
6094509329d5baa6de1b115ae3e3e87cc500b65fab20eefd3055fecadb0feafc

SHA512
1410d2b61d18557e72fa3dc109cdb6760bff8216c05dafa2a71b4cdfb33ce310a419418333392d5e72e5e24da205df5a1b0815fdfbe8a9ff29c48d2f620809a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
2f89060fbf6b29333e9056abc6f4cfd4

SHA1
f08c419a33abe400721977c56eb9ee4517ddd8ca

SHA256
dee3c22eff5eb3229099ab4f2cee8aa56de694455b115760342c2b323f8c6f2f

SHA512
699ebbd2d9ccb89ca7bebf6a4ea8fa33c8238e49caac0a596de79b3314d4f3c571d331047cbaa813560c54dc672ef7e648dd755b40e56d23c85dbedd54dc129a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0e1fcb668541cf91947081dfca0c9a0d

SHA1
5a8ec48ea43dbd100b36e7b8d4393e3d3a9096e1

SHA256
f0611c4fb66cf5db98bbf204b1895b0d6b8a8bca071a7e56d17fb6ed40a9ac52

SHA512
d172f1903afdb5adc4e6eb28fc6889f801367172b33989b4cc58579c564a715791a4b2e9307dd42e7a0d94925679148c200b289889a3490ff131660113537e1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
445f7c061a85aa070d56929fba9b3e7a

SHA1
e74e6b9b7859794d293f6cb46add6a767ae7c4df

SHA256
fa67133e2678e11f0b8a2359b93a045dcb22d94a4f3ac8651decc6d44c3b60c0

SHA512
61f69a9cbecd0c4a7c709d46394bc29873a744383a253e1eb0c614cd32e9895823a0f25f87add1566aea1faa8b74cc2cff2b7d5b5b831379c79a6c5761587f56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
73954416884b69e1023c3be9dc1cdff1

SHA1
00559d1fff508a0580e52acdf2bd2e5d4d4dc7e9

SHA256
0049196c457b36f85e422e61bc279ed324abab738ddb2c0ab4afdc2080f2e13f

SHA512
a24e66ee904a3204a182e2d5dca1bb1363b8dfe04115171c25498ea92e021a02d1c930d8030e913719ba23f308b085fe1e0dd4f86f1b8780b8a4be15dd133b3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
41af5329d6e78edf16f3069196ce1593

SHA1
118ecf450fe6a2945a0ca8f129cb78e71162c985

SHA256
d96a8adec90b019083a092b3f85d5f0ba75b33d9a35a5d357954fe2c9ba61c5a

SHA512
59e1113592b9fbd95525c9dcdae718bef6a3cbab2845b331dec520c2892c18df9240e2245d087d52da9c245d871bb9d0b01b9a044fabc4f636d9e2784ae44f98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
00278959e768d399d25a49e18f05b4c3

SHA1
9f21122cb97dca4f25347b79bca330d541f014e6

SHA256
ba5011f6a384cd36afb4577a58bb703582a49613bcc0d7976cc444a993cdd239

SHA512
d7b8ca912ad63807b5b40f1d1b3c2f7732aba24a065e986c96f8a650e58adb949fa189cecbf8e8b6927ff9d3e6047ecefa64754a5e75b04d90fc799a53e954de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
38e9dce9f70d3e5c29172221f18c9e1c

SHA1
901feee1c4a187975ad391b20703a4b3628355ae

SHA256
fee25a28564a3586abbb59afb811a8298d77d4b77cf991d352d7d67fef868865

SHA512
c359e0dcfb50467cafa32de84c27d196af982b6db946dad25f131c00a594ad9e7e5afa86f6760c6b0eafe09bc607ccaf7c8f33ee583d5097ac897b071fd02107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
85059959eca6be151ddbdba3791f358e

SHA1
fb79ad658633f8aed8ffb4374d74e98f23429610

SHA256
9f3795abb4e62cc4af4fdaf80c5911109a54f0ce3cfa73c87e6d4a85d57064b6

SHA512
a1d051db2614e8989ec91ccab83dfcbc90218c5c098f6569e9d3f95546b338ebb7cd53958acb3906f6489614648122a72fe579eef27e34f9405de68068014678

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7e2035aa1cb76b0c68ea7ca1e7871ba7

SHA1
4fa0fe12e490c5473d48eceaca7b5137fd9d08f0

SHA256
52df7462f16811f9de03c5881d70f45f99bc794874da2ae0f7c7458a105cbff3

SHA512
6aa9d32c67cee00c27096d29c56502c86a0d5d0a6d2c60d20eb00328255b65b6a8720fba52c0814c5541ef50fd97a343c99c2890661ab792fecd6fa32f875e0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dce30659d4d278e4c47c5a12d9e36d81

SHA1
316b037e3c7a5a176ebc0b09e94de573bc370223

SHA256
d09b6982d4b4d414c0149411e770d5f83a1ebbe2fdaa262bd2bcd9af4d8ea1a0

SHA512
10e768f41c672c81e990f954a579c795a851885debe42df3fce0252e70cbde8cfb5f6cf7b37f6673be87dce0ed0e4517ba8d3356db2bc1ec75aa14f2ef07a319

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5f321227a19786385fc0036ee6471d5e

SHA1
bce43ec5942f362f1d592e63e5c90f4632c5805b

SHA256
b3ca429b85dee4d7d62c1b5976c0ab5301aa61f678e988dce37492bcc20725e3

SHA512
ea29691c07b12c5ad9b60d1cfd3d4fd3a2f7786955a5420674e3222da3844b67eb95a78c26ba9445b9643870eb5387ba062924b84481670703c4ce70a22302ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
75386d45f312d353c5af576ee19544bc

SHA1
9d9ba6c579de4bcfc51786195276aad65ea27abd

SHA256
82f9e56852f5e395a6b77f4a2cdff5c4a6d7e1f28aa7461016b03f835d91c7d5

SHA512
fac9f7161952d900e2a6b36ba70ec348008dd10c8890a411bbed432ff7cd98213df35192ea3add072a6bfc8a127e292baed3ee2c147cd92c1d044eccfdf45d64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7377720cb051f720862d21eec288bef2

SHA1
581bcf91a285e3824fa656e85725143766f4a2f7

SHA256
81653d8ff47349df9d88f63153eede0480e086dca1dca7603b20adcffe80f06e

SHA512
2644efb8fe3d8afa7adcac8fe08839b63120186f3d04acd3b7befd0a1641640080b95a7fe9344e73c75d98b8800e3a81ee7a303a24b8157f8b71a4bd837b4b81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bc086753919fa40beb56d19bdfdd4c7b

SHA1
b0f3d9508cb2fb259ec95383cb89439d1da3cadc

SHA256
4cd0f009c8d330c153c981aa94a5cd1bca4ba5e86324380769d73b82ed06edfe

SHA512
be4e2a90a996107eebbdc1545553e8b206255472c66cb9b8e6eb6bd245e2141fdc128efba405568cb15333e8c9e2da0cb63021822db73a88f83f771fc86f9cf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6620bfe270f8ff8f068dee5d33406731

SHA1
e27045db7a375cabbea8300143e523f0af8906b5

SHA256
5f499efdf1e618812f9f24d346e68a37d7bd064674164550f31a3dbf8cdac782

SHA512
20c1021200ac63ec5925f27ab713e9ed29265da6af3f0723218d6a9a3e22182d0a0c1761091d6895818f0f82231c37770b28b1dfb8daa8d3ed9d62c98fdcd7a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
57bdcbddaf03adfa035e3a25e810805a

SHA1
e50a8e098107827c4f9ae387fe48b2bb832fbe73

SHA256
5ae4437d0cdfe93b2fe1c7bb30292a7f3bb46733e9c14031e0ab523518a82693

SHA512
41221af725322e15166e8fe18899ff3a7dbd82e4453cda295777187f4bb1b734cc30e3adae29ca9a9892f18b09802f53ac99019546c07cbce8541cf0536255f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a2d9797b379c4ac7a9abfcb5cbc7116e

SHA1
83a518c39ad62c1cfbddb892b356c9a21374b42e

SHA256
a44ac7cb9b1c03f44206d8a658819a371c08438c2873a5f246e8defcc7f063dc

SHA512
5a626e15321b43968b139ef78e04df4b69bafc746fc467401c0556eb7b9f88ec6ca4439bf0a382c06b2698dc174014872b3e693d2cfe7b056f308e1a0122c362

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0bfc9b03c8ad95b08edcdd5498e6d8c1

SHA1
8895d2d8f7441079729c44803c7b858be14b66cc

SHA256
bf17a065b9b190151a9edc0c34b36b043d66925189edd96d2f89569a155d1184

SHA512
c462d34f5db1e0edec231b3e85877fee940303c4c4373d487de479f1d4ed5bfae1162019d6bb63b3375580ac3ca4c3286b2bd071bc8e00ba61c3ac1d6b4db050

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ae89f76207a26ca56ee6ec9361bb012a

SHA1
828b81a5ce87968815338e2f1efaf02bf27fbd73

SHA256
fd67b6c56e133f43f424fb66a27d7a373bccf03752f96605e8b712bde0c30d45

SHA512
e3be748ca593911d1f6fdf17588afdc8846d6766b2cf899231d43a80f95d507bc409a9411bbe69af6002dff81eb2e8c011c02d81f61c0899ffc56aa4ef989e9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
eb05bfbadc095d6373b4e9d70ae4d799

SHA1
62685a49f132cb9715a467c3b3b0ece42a83ab71

SHA256
7a1f05642c7f1ed5657a80c6081b0a573c6768b1d546b0860efdd0cfa61c6865

SHA512
d6fe8d5356c8fe3c12dc7399357483f4a116baee9508e245d44c9c029ac0d2186db8d796e3d839f2f2670e3b7e63e2cb903c1975c9bc764ea02543c266376f0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8340cbd03c7b8c19b811914d942d5c1d

SHA1
8963a1b463cdd3e9903092d777509b8d20a4e417

SHA256
3f14c13c2517a8de0d494f1bfb8995e9a519b1980e35651dc6c8528f7fa703e4

SHA512
f86412f373f747cfa0d18d37bbfbb0081dbd211300f21b96522256df2bf8cc8db5323ad07e04356a6b3815818d67957841af635906f7ba7d4edf9566406e4f09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0939d33d7f642f6ab3876f9ad70fd86e

SHA1
597c8b446a78f8dfe9919bd46175362573a47a4b

SHA256
4f04b8b1f9409b5e9010d848953db6beaefd5413cbf9d662e606736a36325e27

SHA512
250df802290cb3825b9cc53f42cd2de84abeaf0dd95f87ea248d3f5feb4cc53340dad0c8656228d8212cdb2e1da3cfb6a07574544f6716acb35a8b18dda6bfb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3d27c8f8292cc940a785ba5d3e5d80df

SHA1
60996f6526bb2f504a306fb75029224c6cb8ea50

SHA256
84b6144149ea76376dced3a089c9e2ce110f32cf561704cf9ee048513b455104

SHA512
b46f268239725565eaf49fcdd26e78769b1599568f96f0c52a12c855468128964883bb7914c288c0bf680df8c634f713f0afef47dfab6ca84a376ebb4182335c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3eb6cd6d8f749ca750e73afddc4267d7

SHA1
2fc192180119ccaab2b644f32d985c718ccc5166

SHA256
9400a2d5d8d389add283fcd651cc27f10004581570df0369cf712762b4e10149

SHA512
ee8fa450b34237097b57c1d406e5921a9a08a915096c9c964a0c576cbc2e3352d3223621355356f1000279161c0acbb7a3c4355424266647aa1eae620de75c8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
58101fd2a205169b16687daf7d4fb655

SHA1
cdcfd9fd97fa2b869a81836a231067632ec478aa

SHA256
91f977f8e05a9e74bd8cf27e854abb50b646accdca39efe7ac4eee78d7cc1923

SHA512
2f807b545e318c09fc52504726efdc2475088e955b403641470f9c40f4adbde18db09035b04dd8a1270427ab472c862682095ca0b4e03f5b00e1079175a88510

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
15855e7f1524ac8a692670d736351d6e

SHA1
45431a729a5cc24ccbbe0e987549751d16722a27

SHA256
d8da4d9ed05231e0aa68d38100cbf57b5575b4eab499e2406dc0b2f7257133ee

SHA512
fc3b5657c22eae135e3956f35bd91c852a7a0cccfb135cc92bc521b16e0166edc05eaa4f23eb800e1d43b8ca141fe408d4f460d837f51cda73ceed0d85318004

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5765de3674b3afac6297aa370617ae34

SHA1
a7a4fb5744e306a37ac479eda723fa23b7aa67af

SHA256
cfd283ae65fa1069b82e456704e2c86df7e2efcfcd0b415ca27c270dbf08f15e

SHA512
f474e4ad4c00c0ab3d41ab40106bc553468e3d4d3c2a19f6f86432af9aa21d82b074e0ea77c517677f544e81648521976e2fa694062cf0d66f326e1b6d546c93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5bf2a87c74850017f8f891345533e99d

SHA1
c829b8b91c08e45bb41ba65402a931a78ee6682a

SHA256
f73bb6ffce33ed27ab11e706daec094ea4048b6b649b3dc5cf78b814317c3c6f

SHA512
27817bbdaef10aa3eba86c6f25f86d9b6e6f99ffa63b2bf35d44599b133ee22d0cae939ce7aaf1071e8f4314f5e8b41a0a50874faf764fccb593ccd05a4413cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
cf847dc7a0e48be069c3b978ef2cd05a

SHA1
52de9f1b72456cdccc5a76c06594b07fe16576ab

SHA256
19501e3843daaf800f20f62e28f0d26ec965fd32acc3453b96b5a11d61de2123

SHA512
aa85ce04b495d21e87a054bab5889be9a7f7735a4e5df21c4058b46f9dc190b7504bd3664804fac5ac40b633d0d346cfdf5b9f85a10f04d3a360e3e9ee19ba08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
591da58f6655c342f85bc55f1b4b29b8

SHA1
a722aa2034d32f739ee82e0358517976e3f2f7ef

SHA256
d154860cec743f3c695ff8fa83105219c82e3a27acb6d2d08a4fc677db145b18

SHA512
9406d83eac13225cec302b13c78c3986921a8a67418d5ae572078becf2e6391cacaaa54f344d8478966a9420f6cb1583bbae5af37806e391f8797e3570d242fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
09c6e9dd851838832921fad3538ebc39

SHA1
32ef2b116f26bb0b78c0d617807f630591aa0eb8

SHA256
49a77f801b557417895761a3d804d43d44f0ac4af867498c8946c8b3febc2cb8

SHA512
d8a026765eda1e388ec107722beffd3a98203277473b48085ab5b983ed94570db1d65baaa5d2e933e3dea41d19e443248e3b7ee36557389c022cff42026a8acc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b0beb686b5f9e922a25076a77a41f029

SHA1
c208e830749ee3c5cb7207f8850d8ab13ff187d5

SHA256
cca36851cee5d0987f2492697a862cf4f1e9b71f2950fe41c8453f85e231c4f4

SHA512
24cd203896ac15919c3cbd5ae1e5462503ccb897a31b7f9c14431bd3fc5d058adbdfbe265a8a982d9740b17098baad5aea80d668ed8bc61b41f793cbf479209c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8f14e41605c62e920b3dc69f0cde2a97

SHA1
8bf1543faa504e633fc21c1030de42a5ada175d8

SHA256
a65edb0a38c5932a4802fcb605c8ec64253cda46ec286d2f5bd56862dfce6ddf

SHA512
83271044a6210ea64a5cd36434be82187c9b0b80f10ce2d1c76044b305d2cdea508303dc550c3d417f709639743177c0786736b978913992b020c813665022e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7138a407ff5b94b754cda113a34b9426

SHA1
46c2017755e58154f0f9a0fa8df471ade9562e97

SHA256
bb9c031eeaf4963c895637ec47a3fbbb8c892e7adf65005453dd6737b1ff4d3c

SHA512
de46a70120fcb985742a84fd2591df6a36dcdbcb4814962dd418796d6118f3201eb66c68b22b4eeb911a2fce1ac27825c5c7fd38c9afd57c8844ebdd3ad71f67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9b3fbfd50374bee49a5542146290563b

SHA1
3cefbbce5392c416a0e05503806ae41a6fb6cba7

SHA256
35ae4d20f336b35db8b1e6aef2fba803d25172f8bd3a2a2e322051bf424825cf

SHA512
e7489bf650b1d121d35408eec5bebfd7d287ab7053646e3673b98c2ff5e29fccb5598f95227a9cbd4177a2ab3c4d85dfd1806a7572bd078fe14b42a3e5ad725e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
98e53737e45b1f3b4fc8066c6fe371a0

SHA1
614521e4b70196282bbc1037532541ebf2e44597

SHA256
659a700b181838c94b97c906b00e65f857c9d3096b05178d602acb3fcb681148

SHA512
6c2a655275c088f7c24a0cc3ae5b256204906ae947fdf71dc5c9e4ced74e299afb4aae138896ae5d47ea74ababd5560f9d90c0940adeb736fcb9b20966db31cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
25e0da632212e39d3590f2aa5d514648

SHA1
33aa44e888c24156d788a32f2292974988ced132

SHA256
93dff30b039ab19f049402838c00ecc3600aa5a063c43328006fc143747ec527

SHA512
89feccc4685b797e000d94f7ed311d5abfff526b492242522d956822947c3b69320d5797b3d62ea92e1dcbd2f9d7c1abfcbedd56314aafdb2ea72b7eb251fbf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bdb8a7b87b89b4291e46ec77a645f9a6

SHA1
7ec5bb4e5aff77b69fae4ebdc83c46681948ce80

SHA256
679d0ecf725b1e80341b3f237e7bb6f3a4b9c18b096c83427f84020485601838

SHA512
ff0c874cea3d965c129b7265b06f420b0d3305f46bc70d4fce500c9ac6b82f255d4026e95b909ff5308d065742f79448d8bd30bf345b6c907fd7d69b81988985

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ee118a157697e1e55153b43536bb82ae

SHA1
b0ea9e7b3b52a82c49405231f8d431b257d974e6

SHA256
796923d491434eb030bc3301ff2110959a6dd711d42eebac7e67e9e3b356f720

SHA512
9cff5107e8c7b42e89e52e4686a0409b620f0fc9f83ee3dc92c6e29f42b7c3c4051b88af584e33ed3123b9c386115c4dd2f4390b0fd97cd8072792d8c3ac4821

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0ae8f1514f13a8364982ffdd96ce7560

SHA1
08f1611aed709d016b2d0a363279d193d80d3402

SHA256
3d1135464144b4e6f3fbed1194b46b48dd0f00cc77566a84fe2fb25f3b75460f

SHA512
7407e119c74c4030c801bc7de9892a4524a9b50be45a3e73d7a346025aa0db8c09f520b3576c4fdaf84c8dfd1654325bdb83cd1600059005346aced93fb64b9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
34d9317dc07803c071d7ff43dc1ee48e

SHA1
2733ee3f99af7906ced4223c61bc08756b6a60ce

SHA256
292c8f1fe9ab55732a94b4cb67284a48f290e6a3548b83cc3915cec03bb87928

SHA512
ddf3421dd1ccb751f69eec546858cbc93bebfd61f8d6b048008cd6d79e08a6cab710f976fba0fad67616212277eea9c7d3873d0e1c8ec27785a6e88a898f7631

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
388fcd3865a37dd33ebe97847d9d202e

SHA1
ad94592d54ed81a28fa15079ab1089d099eed11c

SHA256
c50ada75272ebdfc0efe9341815b743e337fb02d230ad28a262b75cb5b8377fe

SHA512
38093cb2dfdf84dcb500ebf76f006ed4793edb17fcc6de579c59406683d1d71790af11055ebda06ee6ce1d9e94007a1e6739412574f13638d20a78031749b7b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b672239a016aaca9d129340ebf739866

SHA1
aad6c7e548c3bb30e941fc4da17e761daa4cc4c8

SHA256
4c00ae2207aa1d0fd67473f9113446fc0183741f27fb394fe8249e76d30c3407

SHA512
39970a356a5f1993ab8258e11197d45681b6a307fbe80d1214cb4e63ad2f9c94f05e254f6ff2cda1d202a2b1b3e9ac5b5ae4ff4df679210f17a7939d23040ff9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ff0ca9acab49693c7b6d9a1d2693704b

SHA1
0e742e725f13a0c77872ecaf321f16ea5d79f0eb

SHA256
61d835cb057320f7890a04751710c87cbf2a02aa8baf7b0fa223c085fd441274

SHA512
7ce438eb446ede746479f2d18def2918a1aa021235ecc56dc73324cc2c7c9a70e771372677fa617e3d53916098d73969f761386af935d74dadea31a30751d92f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5b35f2f62ddf05606e87382c8a8a7722

SHA1
0cc82296b51645439521d87251c3e50f880cc719

SHA256
da90b54b5b10fc86e56c95486a1bd88964b640eaed214efc982430d9d29deead

SHA512
708b279567780df905df2836cf8bdadaa95f5c225a8acedd42974926db0f3ae9e40e2c900c09554ce2b15d166f880dea76b4d69a30f44586e72e4da183df8008

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
95fd157d2c24cac173809b39541421c2

SHA1
ff1cc3f046b22e11cce7c50f2449f76d8d1aef95

SHA256
5e62e05096285f987f7f5b68229c7aed0972165b50ffd10f7731d0ade19d9ccf

SHA512
6928ca73278069c4a10caa959d6c54005ab96e64cdb311669e33a6413646196a49d05799081836b18457696f7dad587ea4bf9ebb1e6dcfa7b79840037543519f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3a405f2e15252d732e8122626f543179

SHA1
d8300374b695c94cc82d4f43a2ea480f43e2a048

SHA256
93272307e1bc6632b1abbdcc8aa7fa6e11f9caa16b756d0d36829a5293ec9f96

SHA512
99be9f0bc981ad6294756a7392631a6972f3061896a0759471657bd8047607bcac53bddeb38057e9d82b5ee4940224e2377d3825a8dda35814849a8a0a6a14b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
258c3987fb54d00d3d5f4d7b1197a5ff

SHA1
1fe330aa743b295676c3fcc403e506becd70fc07

SHA256
8c14a855e431b3605ada6e6ee9081420453dd70fdcbcf2634730de74d185739d

SHA512
2f18b2d5aecef4e2f5eaae8006b76a4c02b448967a0169daf5430fc7612cda8b910dbcfb7417e9dda2dc83c65943e1da960e8dea6b5c4bee95c597ec3e7ced24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2402fa74b24fffa926ed920053025c78

SHA1
265dbc24dd4df4911de6136690bcecf6a9271f25

SHA256
eb0772258d4483c7b352f3e5bb9b50ad65b35b2cb112b786ce4b879cb0af640d

SHA512
9d1d90823441fda47b12642f2c83ccd0bc5b0969144faf1cf227c7ca5f600c1ab647a5490a9e9be7b4e7492be505ee3a561dd22f636ac82b30a14ba8a25f00dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
13dbc1b9f3eeb27a07c7d95c773ef18f

SHA1
6bdb9d6ce62348b8d9a2e95110353dbe4d8e77b6

SHA256
238cb5afe7bbf1e9bf1222c301202a1746e08d34baf54484381329aa700848e1

SHA512
bc4e1f9c835beef5799457b822ed492ee4c391b9abae68e162f9f16eb48f73fcefe3b3a40392eeed27e66fc6918a36df5ad7c3a49e6128098fa874493349c077

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
70d707f4326a6a440f8acd3efcf66f88

SHA1
5e5ba193fd00ed4e766b31284aa446123e221683

SHA256
6434d6b0e64939804a670467a615b286a17da15f6ab6f7389fc0a5efd2dfcee3

SHA512
372b03274810cfcae0b481eca31a3fdb498544949d89df45cb786191272b9ab9cf33d1cb2ebb86a1c786eb7067b6ef4153576b3f61de6803c22739b0582e1131

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ec4eb41f78043dc7af9e423d7b239b0c

SHA1
759289d8087aa767308497618b880accf2bfaae8

SHA256
ef7cdcd0f0a8347f669cb09d40d6e88f5d35e426f20f162501ffbad3170d3949

SHA512
c9b559f74304ac1faf7794f2d28a67ae0e323e5466dd23f06e580f2bc6e000289b89b58f6b4edf9a72b6f194614d6205c5e4fb5855381e43726b8c74310496f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2e4f73dc00f217e156e5e095afe0e209

SHA1
094f99fb8ad553336bb459a09af2e1fefe50f1e2

SHA256
71d87c380dcb061cb8f5986c0a43f7ecd398784d515719bc624d35fc4f620801

SHA512
44c2dfc06b1e551f4f9de54d969b56ea10e958f07c3539e80d88db4d0dd4c6515111713387f0ab960e2094ccda94bb9192393cdf530d76eeefeb0f6e39f68cd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
903e4d6d54b6c7124f1e63a2f70a22b0

SHA1
d59d728fdfbbf04ce4dea9b6e1493bd2796141c0

SHA256
112bd11d4ea4c3586dff6a400df33c1c1aa2defbbaf4282687458652b5223285

SHA512
6c8c141cee2236512a9871abeddded865c9665ce351f380be3338345d26934ac0145e2b5142f3509b85fd7dd85b068bd41f43cc47b5661bbefb3c939a69a8cb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3aff115921b4689ca3fc57cbdb597806

SHA1
6f742219b61714092ed75fad50c4b994631bc6bf

SHA256
21a07f88346de0ed1298a03600b1c7d6a6cdc584a2a272ba67ecb9b6d258aa54

SHA512
99e7ba232061e8a192d6c39a59b8b4ae5b09c589e51f4e29300b62954802c0048a6c45e717b08c526ca78a10b77db41cebb27a90cc7019f0bb3023402058a4bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6d617ec4363450ae6fb59bc4018bc9f0

SHA1
31a92e44faa0522da7fb04c6c90d5170bcdc512a

SHA256
908ec259e0dcc17888bd483c56d9d4dbbdb4b5cc3bdafe672b5fcab90739a7e4

SHA512
85e6882bdb7b5d9d4031dc659d7b35e39013ad6bb9514c8933136b91f025b4e544fe562241c3bc919ee4f74ce67caa99633de4c3167a0bd9610a7d22f9b66c12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8217827d607592aa8e9701424ea7b6be

SHA1
e53b2e4c3ce0fd5a2c254f7e03972468e96c4a06

SHA256
150d172609b44e59a49bf35aabbb96fd747b657e79f7b13e6b3bbfd1278c74df

SHA512
06b87087640055a1df76adc469db3d71e46ff206339781f4050915cbc7de8ab0d3ce5f12f6bfa073c59b92fd56cb2264eca7203eaf9aa92a961897efdfe915ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e695c685ae4765ac5889d2ef18375166

SHA1
66487192b220ee41deec73b6e14d65bd95371a23

SHA256
432bd1cb3f935447860f92945e4ee58d2c3ac9ef1bf0e30494434572ec7635ee

SHA512
0bbd3a0ca794ef1587f909858b574356aaa3ec30d5e375c029b269a0315352212b90869a3066ef125e94332e7df14056f876813969beea1e0d693b8ef8e061d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0a8485105234a573563aca608767d238

SHA1
cb4f7ca360b3e34871d1b35f88cfb0a21ee21164

SHA256
ab5a0a48bc73ba6a1594b42d420743df63d7283acc87f0f71fd8ec35c68d404c

SHA512
639cf1976b84502de1f0023db8538d894ba12dab5ab6f516a68b47746152e6291d0a7fffdddcc5e0b3fbce8db6dbd4b3ad4c5c8f61bb72e4283758837eca89c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c18fcede3d051c3d2f3e64facaa78b11

SHA1
087aeef3920e81c6fe75ee6987240e328830ec64

SHA256
c8c15bcb3f6ef098c873c6c1ab28f61c567bb2e285b3275344ca6a72d032bd66

SHA512
6165321af3409e841ae78600009ed4ee16fb7e792988007ce883f09c120fb34842c4b8c613078b83176af6591d3c6bc58d30f650321a9fa1064281400d7f27ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7662b1fb787f931783a608ee8c9aab33

SHA1
14e0035a328ca48cb8a0345a5a00c53e444261eb

SHA256
1228e61e993453cd1bcf1076489068dff9f64e5645cbad634695465b48c6bd8d

SHA512
adfa915210d148e967c3d6d23d8a184cc82d666d84ab1e289f71469fe263422a79103cc310972e62cfae45fb25fd01b0e11ebd5dd0c8258798e24a6b8467cb01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
46aee31f741355a169cd91ef55d1bad4

SHA1
cd96bd454400710ff18bbde65632702f33fe4435

SHA256
a6bb63b9bb928cbdc1cebe65c6bf2ed4555488cdc5fe5971b3eef47d1a76ac34

SHA512
8c22ea6de997058f1a76a7bf7030d82cbc39699518716864c7f0e3dbba49bb00680657f56039d97910cdc054eedca79cbdb16aea8e9f131a13071f052339e941

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f6cbb750106e10daf8df0c5d41d2cb4b

SHA1
bb070d26903322d054c67b683144a8d74cde3d9a

SHA256
b84a802677fcd092187b79c7c7aaf55daba6a5ff4a8ff35930b6922bc078fb2e

SHA512
d39be5071e9dff4c8d020955790dc0333e253db403e6da57b5500e0870ec3ed2209ae22006a20f53a0b04e8a81083243a0197b8b0806713179d108cbcf322698

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a128ff629c275d6cf7edb02059f9ef22

SHA1
5746d428206bf87b4fbb5a030792549a490c1943

SHA256
8b3b1b469f324518714e140820c648c3c9f3925a331f5b4b447c0a14f6625634

SHA512
ff7cdcaa25c372415b525f894e7ae357b7a3260aeb2fe991c7b6d6d052898cbcd7a2880b91da83fb0d491f6484bc4f27b8dda367821314bda219309919c928c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5351467e6dde4f66f103d6dca48f2511

SHA1
83bb68f5885bf0138279d17b589dc2fac102e344

SHA256
3934152a68790a7a5d341326bcc7dd54a212c77d50d3777ff693b5cde861ef78

SHA512
974ad8410b8991e41898c17e1538afebe30e40bd7654123da2744e6303a91f7fb012573b415a13b3f42b4326d318ab00fc2179297bf5b62626fc4882d16d55e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3efe93046ac1daadc8e05442346ded42

SHA1
0c581095d7b7844e905916132aaac0ea1a398f13

SHA256
6f8224cef47a16be2a3301c83f6d2d13e33674983d85a7e7a15d6ac0cb7a77b0

SHA512
fcdb12860400c888a2c2e7e47aaacf266d04e68ae5f11394c945add0c7a0ffe1608062a15e9a4ee26846483bc31b6776eb7781b4220215bd4e63a82529343b62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
207d10793587b98a58043f1f19c66d1f

SHA1
61255e01a8e25296b6c012478b89820f55dc5ba1

SHA256
d3069b4b0d79d26c45db8674412922369ef9a4189c7ae646a7371547e1c21ab9

SHA512
a7fa2048aa5f678c898e71f506f31a4fe1ae06be51d1cbc8f6b83e7bc300334845faf133d8dc900f60bd1b345ae1d0901188ba22da40dc803b00ed64b56e656d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
716cce508c2a63b31c6b8fd45b1fd3e1

SHA1
e12ce5fac9d83848aa29da032e65caf107bd8023

SHA256
682534fb09580919ad0b36a823b54700cb6febafe7c65ceb3853f61aa73adf97

SHA512
30b50a49f40be63794d455572a05913a2cbcc4a819495617edeb4d6265a7fe57662287e92cd72a598587779c6bf36cae3c4008658cf9906eba558383e686c5d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9c2c13af-32d7-4a35-ad53-669f099a7d9d\index-dir\temp-index

Filesize
3KB

MD5
5823d270dc12c268d6ff5bd0683e726a

SHA1
2585cc508ae50169a65a82dd263051c2a8693c77

SHA256
b65d937dfda29d61144c38df30df813c89b3f4cacf4f788ab25252100cfd802c

SHA512
7d534fa49fc96d41be070d6f4946d9a0c115fda66d3d07f5085970631e5ab8b97400114f07af5b8f133d00e36eaab536cac21bc544e6131b9179b1a2fde467a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9c2c13af-32d7-4a35-ad53-669f099a7d9d\index-dir\the-real-index

Filesize
2KB

MD5
666d29195bed744ace85e1bf4599721a

SHA1
218704cb56876692d285b6bc0306c3005b95eabe

SHA256
6a3e458bcf912d8ae98328a106c3eae38bf948c4964a845473e3e6c750c108d5

SHA512
53a2d3a356e1dd2053b20ad78217824e14fe62886057b7b5f3d80dcc223192b8de6922111e06761f34c6724ec91a0d5c87ac7e92279d2a218b0c1edec1ffedcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9c2c13af-32d7-4a35-ad53-669f099a7d9d\index-dir\the-real-index

Filesize
2KB

MD5
2a18ca9d4a2b426db49f0e333b379d9a

SHA1
2e132d03d1b7d263fadfa03a895c0a670719bf71

SHA256
71f0ecd5c946d9adb542f58954b0f30c1b2dc8eacfabfb1792c407e6fae2399e

SHA512
589f607099f3ac94f37c46e3ecac82500bc4454715ce6511790b11d9fd18f4f1c6495489ecfb6e913a8fef09da6df6cb13458b655c6bd7dfd725bbde794152f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9c2c13af-32d7-4a35-ad53-669f099a7d9d\index-dir\the-real-index~RFe5b6d4d.TMP

Filesize
48B

MD5
d4534026c60ec1b22442fb0d7743c7e3

SHA1
405c19620b38bed98390313e7878b4cd9de288cf

SHA256
89aa7a8510e216479765c3bbf4c76817f7c64ac0bf9e84bec1773f705ce4c3ab

SHA512
43abd65fb2be30f92b51333d5c6728a65369acd4e33b7f2ab04e06d0c34cf91108eb29cb11b1b3de4a031fd6f1c975edaa227cfcf051c808bc626d3e1e1f117f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fa1c41f7-83e9-481c-b016-757f0dbba797\5a8eaace51b6026f_0

Filesize
2KB

MD5
3b2c77b0c3de29553ec25e76efe65b8e

SHA1
1e3a90842dc2675518a020756f3c712204711de5

SHA256
c9ebf1cb159165ec96c7bbe701307eaa0d8edbd4e593d7d0a82675b531cbee0f

SHA512
0b0f59729a2f9e769fbdcb965f7b5adbde709b4124f7fbe62466809ffff86ff6e7918cfd304e997f3a8d2af7b1ec574cf9d089bcc7f95cd7da219e3acaf46d17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fa1c41f7-83e9-481c-b016-757f0dbba797\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fa1c41f7-83e9-481c-b016-757f0dbba797\index-dir\the-real-index

Filesize
624B

MD5
890fcc1cc8f7e67ece58d82e07374eae

SHA1
476698cd321e1373b6d7e700640c1ebdae72db1a

SHA256
1bc72072b7f89c4eaba068cf8bdacb532bc111a58b2fd5fd81b2183cc74c108a

SHA512
187afcd7f7abf82c1cccf8c70c72d77bcd5e612a81d731656db9d96ff664d25aa5c58d54527a3935650c085b11994a838d3555156ea8d5568e2c3e743cca5bae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fa1c41f7-83e9-481c-b016-757f0dbba797\index-dir\the-real-index~RFe5bccf1.TMP

Filesize
48B

MD5
5669ed54f9fd6969aa6bb57f858be2f1

SHA1
79d2abbb8b31241ef22ae32cf44122a69b0abbfb

SHA256
449165290dc1a7c9b0e969b03d2a5bb78388a76fc12d54e6359c200355c7e0c2

SHA512
75970a4a57e733657ab6a27c510307c2830e393dfb3a49590d6adbfce5f5f715b45e226435fef551f097f23c475e7ad130a994d542b866ac3e056292db41158c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
182bddf8ab74b156895ce8f09d13905d

SHA1
2dc7f5622852e22862ba5e5e877b3ce1223a3185

SHA256
af9e0485a7ce61cc3a869fdf86bb4ec6b3a4e4f4f2c0afd96e3065f4cd3bd8a3

SHA512
3548d964266c689e68d5b779652ac90a658e48696309f397a67ce2bd574b365866151369e4c59bd5e14bc9958305746c00fa1926e57937f39899a97fcb0c726b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
653548105839e43397234a7b618fa218

SHA1
ffb4f15bac3aca3cd15dafa705d10403f515acfe

SHA256
07c92007e0042edf5b4c1ed776e95a5ce46fdf5c6a84b3894aac755b3c5bb4b0

SHA512
e22ee9cc60f4cb3ca0044c10d9fce69b735c484410477de47b0f29a99428b13bad4ec3c129c01d688b0b0022db40166a36ee29c6a6a8847c7ef0ed2f209eb5e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
e22c889c365c0919e8a567fa448d02ff

SHA1
103de9467e36d8aa18cd7f1c62807b257c2edcb8

SHA256
607dacc7ba29222e39c12fe985801d4132ca8d69c31181665b655f2b5cea127d

SHA512
6619429ddaaa5e144be5306399f32e9986ebe441fd3e111dde894922dd0331e4b6e0ae73eb2b722aeb6f29c052a1b750430591627f3f99ff2054e1cc599e498e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
59640d8074ebc538e847ac8a8d023ab4

SHA1
246062b5a46d55a61ea53d206b882bdeb494a52b

SHA256
d779fa034d660312caee11b3aed58fd11e20934c8aee065821fbd451a4f32c6d

SHA512
f389961ed8e86c6ef3247cd1e72a3094d6000e98bfff7f7cfb79368602619e5e6fc409fac7ecfefbb79168aff28fcc02c14605ae707a115f8f0068ec45327022

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
54a9868e87ee0f87c28bd03250730a9b

SHA1
66feeb95be609a033bc746a1bb3a8fcfdc169687

SHA256
4ad71a7a390da0e872f3e64685e2f50d434cf743179d0c7c12dc14d3c6ae1c71

SHA512
90871f57637ad46aaad176158a56d492154fc1d345a977dca954e31caa9046c64926c054d5be3341c7355ebb1bd84ad00c5935cfcd06bb2597c2ecf8d89aeb4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
6b1219334ddb5997a36cd494f2a45d98

SHA1
1b0c14a6ea8e5d5991617f933a0957e5d0ba73a8

SHA256
002e158b5d50250c20a477b9e571158364e08dcaeebcd740afcee5ee87b29ceb

SHA512
2ee6df9796cbd834652c801352f4a3f62faa349de174032466ec880f18da4208682c5f5098823c178b79563d400dbae21053d314cd7b0de744cc21bfd5580765

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
a54046c6dcc6848d84cd246bc4307107

SHA1
2443fe2dc8b1428a878bbc697bc504577fa13a5f

SHA256
feba0652f2fa230292eb035e013bfeb53f3d3dda3c9bda13e7b509e8bf476581

SHA512
eea56b86a9366d6e5ae6a0d44ae39cb899b7e19e100abb5133d312edcc69cfe7e8c6c0997843c2ba0bbac6681eff6f1dcd6af6a291c6acfbefe5153e406e2b80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5b5bd8.TMP

Filesize
119B

MD5
665c003371aed1100bfbf992c5b0accf

SHA1
21a28af99f90a66e10bc4428853b1afd90921fc9

SHA256
d40ba53ebbe26ffdc53afc4938f2b0d4091471a2dac43622bf1986e0da2358c3

SHA512
ae42b071088dadbd6d52482458d9da3a688973850383d3bbe18073b74a0d7e48aa1f18f51ee3c5d7be7a5e5c763a0636aadcb057c04928b983e2043412890480

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
43b69858898071f3975a3225fc958fe7

SHA1
e61324c0156d22dfa688d17af3ed12f6e90f744c

SHA256
bf5ca9da6c43c1b1572bae82993b32fc5e1688d659200b638166089aa9ebe342

SHA512
c62f9e4b9e38efad4c9a5b3a6702877276daf2c575827a38c2a87d2964999e79941ed4d196531d2a93cfc62fa21fde91e13a97523db8d6f529ad6921f8648bfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2848_1277244108\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
206fd9669027c437a36fbf7d73657db7

SHA1
8dee68de4deac72e86bbb28b8e5a915df3b5f3a5

SHA256
0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18

SHA512
2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2848_1277244108\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
529a0ad2f85dff6370e98e206ecb6ef9

SHA1
7a4ff97f02962afeca94f1815168f41ba54b0691

SHA256
31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6

SHA512
d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2848_130554064\Icons Monochrome\16.png

Filesize
214B

MD5
1b3a4d1adc56ac66cd8b46c98f33e41b

SHA1
de87dc114f12e1865922f89ebc127966b0b9a1b7

SHA256
0fb35eacb91ab06f09431370f330ba290725119417f166facaf5f134499978bd

SHA512
ce89a67b088bae8dcd763f9a9b3655ed90485b24646d93de44533744dfcf947c96571e252d1ad80bdec1530ff2b72b012e8fff7178f1b4e957090f0f4c959e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c53ae5fe-5510-4850-aa50-9b5231db56c5.tmp

Filesize
11KB

MD5
016c828b2dab178155b4af17d4fb6d36

SHA1
6374078b9bb1db9fe661d5f54d131c9b7ccd2ccf

SHA256
1dea1b3f8beed9017afcc81f5e151eabd922a09cd23243f65fd0b2371711fd0f

SHA512
adf75afdfcfef6ef7a36232a54a79c4bc205af95cc47467c84d588e386d70bb1ed590054d4d11a7c98990ea3e22ef0560a286bbf41c9b3b37e6e5b55a8fe567c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f4eac554-26dc-4d55-a467-fedb8dfe4cf0.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
dc93c32eb0988de6f4958e92c3596504

SHA1
2471736f2f7c2cda6d1c0a8939129a32a61c16ea

SHA256
ce0736d72d0431d50944e3d2502201f4ed87280547866f2178fb55c04ba61e3c

SHA512
76f4e7bb0d539057bfeb1f5014ff6036a57a2bf10bbd37adbe7ec43d4423347f80a0e453da77ae46dd399fec4b9bcc6f7494ef258445d6a9b29c5d8b0dddc752

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
0946a32be643e0f020a2eebc79e20b35

SHA1
a645ec8b44fc694ae181e0cc41f8e4a922a32b1e

SHA256
bd59f8ac1c82d20d3202c6c6d4a0d02cdd00a13fdd2eb6983a003e9e21846257

SHA512
61695195c0cb1fb4a0c66c38e8d66723056b1b3630e02021286082c6fc7ecde3df867c5ddeeef6600f18fc7534f0f73f76fc1cb6859dfe70be7dd9f4b43ca6f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
f2d44a9256d58228073bc197be81a934

SHA1
0aedbe5394d6bcea136c7e1b53459f66b9310dfc

SHA256
9351747139c299cf3d44bbdd11ec87418838e817536e12690cad5026de34d98d

SHA512
ca9c900f5aaa6443086e6af32fddb16de1111e933fc3305d8c64c001dc02ffc325f70964e11c8e13fdd3f495cff9f89463f545b5895a41162d856ea3407723b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
a476a819ee69e0f1d3e13c46a634a891

SHA1
ff8a325931d90100f94feb38d44c5d1a7c4b8757

SHA256
3f0fa793d56777d7a157690f6e6b38f943a5daed161d1350e4bcdd790a89d590

SHA512
9d05a99531035653b22b5f4a97b03401edb1c826d3c3bf5ff21b8edc68d853d1e382eaeb1b4feb029e457f3b683e3a16684241ad4b98702772a5a27b51f92991

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
8b62a31980367c597f4371d45ab7fecd

SHA1
cf70b2a5d7011974faa6007210fe4b8840ec2f33

SHA256
6f4fd9c6f01e63917e182e1cb5693c050b8a63914689f83109c47a5d187e49b2

SHA512
9addea1963c77f08b4ce9a743be416c58b6ba2cb7133f5c8832e2a01048406ce066095ed1374a5ccc237ebd44504e8b3cf6a66f1d7209ceb80dc68050fd48b03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
7027925bb5257cbdbd1f0c8b6ccaf54e

SHA1
ba18af20af4c7b2854be72180bda0802ff59417e

SHA256
da7b2388af9a6ed75fd242b4c857c53a7529d754bd2714dbc35e2c1588224601

SHA512
c9af58d2a975fb7512c63c9b7d85f1a050fe5d745bf3e9ee2219fd74715b691aed8e2149c203283189d52ca77e260d9ea1ee14dbeca18a3bb05a6b510b5eb0cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2bc1e6f22e98dacaf68d9d8f1df78264

SHA1
5cad6fb37b8b1fdf382397fef0f52e3563b49361

SHA256
d4512c8a7eea666a2fe7f2105030c0a4efd6b88268e6baebc7c79479056874e4

SHA512
fa164291c43953e0ef206466758db7ab38c20dda7fb9416fd2403851b3a9a669f7e4508435941fb4cc75925d6fecdeafbe7fd3cdaaf27ec356e00ae72c5b2b39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
4dffd8c32ab1a9400b1d7e1b7e492d90

SHA1
3074b70349d2ec1f82291500fd7f3f2f61aeb5e8

SHA256
ad8eef630be0fb4f4244ea23c817222cec4611a457653e9dbec9dba4469274b8

SHA512
04d45d1c0a3698ff78e776f89eef10ee1e3c17a11277e2a24d5925324900ac79bb864893778dc35987bc834229f1e46626b93380cf5d59487f75cf7f9cef4c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
24a31f72c267134d12c356ff290ef41d

SHA1
5238ccb23de90e1e6e448e59048b81b47933164b

SHA256
33b24b7eca59bb108ce6dfa117a5b78a9ed6ea06eed08118ae4beefd573044f4

SHA512
58361406d894c3987005d4b7928a7736780fbf464b187977331576b94638b1f032097b02de2dfa139ba11c546f2ea95e09c60464f807f2532b935cf79800e5de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
67KB

MD5
87191e0c52e4fbc88eb8fa54464c2273

SHA1
390685ad0dae284d0662e6a8965cb35bd00df127

SHA256
2f32388f1d0aa4d06f4672596cf97d7e0469c9baea5478c453af2f06d36feeb9

SHA512
14c1d282bba9749edd68f0a6c64794f42e718b1e01a512c3ef4a957d7c4ce31dc9959b6e9e5e2bbbab3ac377cd39b0f79dc8d97772cd73c63077c2407770a850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
63KB

MD5
65bb5967ef755c2776a9b986c987dbb2

SHA1
fed276ef9e5468dc670b584e5c56ca0722d74401

SHA256
940226e20713fe948611343c9a9f981e4357bcdd080d37599144dc862b7ee47f

SHA512
ab20ece640a223d0fd6839ff91133302faf33254593e89b1c9b6c26d8991a591a42c98b5134d3d40f995a8dcb75fbd6f67ff88bb1a5e2202fa6b7c87664604d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
63KB

MD5
11f3ba1695a8e70d8c1fbe788963fdb7

SHA1
4d4a8997a0eaf2489894b0b7dceb884c8a3185cb

SHA256
7de81c93a45df93772c922e3f3fe4e16533047a28e1c3b72e0b044ad7cb284a5

SHA512
33a0b79d7cc908afe0640b7fe5963cbbf131c8f9da502d05318f6c612427d0f9ef1ec39add09caefb562b2bacf367c6a0397079e638fc5748774a51b8a443ad8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
62141beb0a5e1dcc4e95a56cde4d64d2

SHA1
2bd93a243734029aa1e25bcc98fdc9a388d0144e

SHA256
ad867cccb59edf274ff72c740f0b5503a459f0256a2ec8e9c5ebafcbd0f20a11

SHA512
ad5176fc1ad358168e64d1c90d8ec1286cea364869cbd070afea71cc9ae809c6f8447b4214c32879d2831bba170ad7a6e23c2c93415a7c13fc1334a814b5d61a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
11KB

MD5
5d18683426a77e162eeaa91de3024683

SHA1
710dc52ca3361f9ac878d31e779abdf071c524bf

SHA256
df0f5c135c1860bbedb8f3aa6b376870e14701e1f614276dcf4b6fb07e1fa014

SHA512
4ab9a86fa1244a0162a4ecf803bf9c22d6d7804b5f66ede929c73af91c2673666fcaa21a2e17de26bb3e0ea24d7c5bde4dafeb44fa35fe37a61a84132782c354

Download Submit
C:\Users\Admin\Downloads\cs16-main\cs16-main\GTlib.asi

Filesize
212KB

MD5
d2c33a3797541fa069458e03c8b4a9d6

SHA1
79e61c62fe0d467e4cd4d940f2edfa53a38490de

SHA256
069b2fc91649a621729146d9431e4390ed5029733650eb320849923621ff5281

SHA512
ced0a4effaec53777c75e7864580f720b657fa631e870e9d2703bc31a6a393532e2b4f03d4da9c639331feb6b5ca92c0898a6bef76223e9255b78ab700507149

Download Submit
C:\Users\Admin\Downloads\cs16-main\cs16-main\cstrike\bin\TrackerUI.DLL

Filesize
1.2MB

MD5
9c41c566c030b8055c44a63d9fbe4cf6

SHA1
c2c138aa60385ebd05d06ec7cc51aa186bd2224f

SHA256
8b3ff2a6e4a16870977add79dbf7d566b4cc2708ac1d7064fb3a403dd45528a7

SHA512
06f7e277c763794b2a29aa0deff9cde07d8f568866dfe5f42b4285f6d5ef69b97086f3ad95990cadfbe2c4901d8c79fc962bfe69a01a6b8164700a82c403b645

Download Submit
C:\Users\Admin\Downloads\cs16-main\cs16-main\cstrike\liblist.gam

Filesize
302B

MD5
904e68167062636fc0a623f4d5842f7d

SHA1
e3ff132c72fc6f8e6aa2f1ed63ba5212b318b7c4

SHA256
5a5174d58512e1468d42ecec74472090a77cc72b5394f8a1d1e5451495520556

SHA512
c1e22927bf60788e4cd46f49754b1236833fbacdf2dc6382b34d88401bc80d9230b2a63a85fade59f37c006041d9ac183ad59c8690bfce906a93565548351092

Download Submit
C:\Users\Admin\Downloads\cs16-main\cs16-main\cstrike\userconfig.cfg

Filesize
116B

MD5
3f3eb7d0002e62efa5b1863c585c9d89

SHA1
1083e90740efb0d80cb1a0f97e259f4762601d8e

SHA256
4bf6d795e89bb912cf0472caf0d9687500df13be12c1908e378df417108fcee6

SHA512
602329dc26ce6c9c73dc8383ea32b2000247c869986026045610681581b237a6ff6825b55f70ddba65c411db2c099330caddeabf6c65c2accf0aec8753c59231

Download Submit
C:\Users\Admin\Downloads\cs16-main\cs16-main\valve\bin\TrackerUI.DLL

Filesize
67KB

MD5
c0afb4fb5b66b921a9cddcdec29308cf

SHA1
10bb5222ade8a83a0c8732e43d24237f21eb7865

SHA256
81257c08b8d05251a25fd2d841665ea8d16a3c0ed9e59d4248dc903edae70280

SHA512
674c300808029f0346e0f01ea93089b8b944f617f3220899c9cf0ae269cad6a7a709e03aecd86985e6df61cf6e405f4bba5d04c3fe59ff85599d8fbda9e58e97

Download Submit
C:\Users\Admin\Downloads\cs16-main\cs16-main\valve\liblist.gam

Filesize
248B

MD5
efb70b27d7b7a0768e4c95219485a4ec

SHA1
c75136415a0f745a8592dd7d7f91bfe0dda7733c

SHA256
528ffe4996688efb83f3bb857e689cdbf13b1ffa85a053fc4e3ccf258f8d99bf

SHA512
508be967539a4831fad8a2802e37d5d358df61a4e0b3dc7c65e260f159a113d948d2acd2deb309d7f42a4651eb266b6e5fcb288f107d16661b4f243a32df6176

Download Submit
C:\Windows\SysWOW64\CS16Launcher.exe

Filesize
219KB

MD5
002569d719a892cefdee47b40fb9de9d

SHA1
c87baaf1db6f143eafceafb0e10be366a729cff7

SHA256
a8b816e969bbb052ac822e0dcd4ef7021dd0e14bde5a17e58f9756cfd4209746

SHA512
00f19ef8b9ef56a889f31896bfba7171bb43e48a2fc2d514a38952c6d1ce122b53a516b2425cd2ff2313f2aec834bf5a438450cb12248719200bfce89e128321

Download Submit
C:\Windows\SysWOW64\FileSystem_Steam.dll

Filesize
120KB

MD5
18d55998df6a48193499f859f8bfebd9

SHA1
1ee59996d6ca8eec43caa7488bcec58c7d4ba5f3

SHA256
dc9bfd575a29abbe1d542ce41143f388cd56b2280f25af64c1699b43a04c1125

SHA512
b3818e7fea8d2042466774ecd9c8f2bee6444ecfb0f7f56e73e9c9854c5360969de39501e5439bc50dc894aafe5113ea1001d67280e267b024c6ccfc567261c0

Download Submit
C:\Windows\SysWOW64\Mss32.dll

Filesize
343KB

MD5
f520185e02e8a5d85860669176bc4adc

SHA1
cea8e9ff14994c89ad86cf891c89fea42a39250a

SHA256
fe62f1eb6ba407df77619d16927abbefad3c726014f6bd1f8c37a7c3d6b781cc

SHA512
b434e77a17cdac0109b698d0fccdd25dcdb15090a9fd0427504cc7f616673fa6c7307f07fb22cc2fc1e915887c0f9dc025aa8d38f51503f91df6a9ccee5ebe58

Download Submit
C:\Windows\SysWOW64\cstrike\valve.rc

Filesize
356B

MD5
49b89267ce7c9daee488b41c7ecbae66

SHA1
8686b5c577bd192e68a5a7bcb5b08c8395d27812

SHA256
5b1b2dd68c2ff1fc6cda3f415cfa7087884ca075c371574aa19c1e4474c4d540

SHA512
9790a5b972e94f1809f56c73c27d622a3829a182c7710cbbc4c5f9039337d2f498cdadbfe1930b2b20ce450234638e30eef5873a6e10411555c3ce4181a60d47

Download Submit
C:\Windows\SysWOW64\hl.exe

Filesize
84KB

MD5
2098ccf443433129b556c2849fe99e26

SHA1
074ddbaff48c88b3b5c8f881c35d2be2bb19a249

SHA256
4a899986a879ffd4b7e2d819c49b47cb362d849e86917da1f1931ef476b414af

SHA512
fb4dcfd5371c89af775367d9f2ba72bfd42f8b483ba31b0e839b66f065e5e7a1ec34bf4504aaad17e38502be6917f0b3e415add81dc84fc6942996c0a8f95a10

Download Submit
C:\Windows\SysWOW64\hw.dll

Filesize
1.8MB

MD5
a0bc2e53bb55121719af9386ac2ff588

SHA1
1642aa1bfd63585fb324b8d23806efead856a3c9

SHA256
7802a1fcc2ab1749399e455faae907c0df3194386160dc4fa0164c427662fdc2

SHA512
e3a2b2ed965d15833ded927c6566a5facf11d1d654b65f2bbce70405013f2fe13009fe61b5488821f0846fd6cf0a5c5f2fd15a1a93c61c97540c917bd5040c92

Download Submit
C:\Windows\SysWOW64\platform\config\MasterServers.vdf

Filesize
257B

MD5
79e8cbef4f9bcae4515d77059f2a5cd4

SHA1
29f708d3dd29e1a47837b75c4bd40d95661d563e

SHA256
127c6947762873f0056b613de689c6788d64d311cb8d6c48076ca0c9986c173d

SHA512
849d7dcea9a2f3adc7204903530c9cc5d254b9e32135dfb0afa070a845f51daccb45f1ff6d145b942e918c51caa1b091ee331b0f2f10fb26fc6b9b888032551b

Download Submit
C:\Windows\SysWOW64\pn6RjmgL.dat

Filesize
40KB

MD5
e1cd35bbc28f73b7481e8835ee0f0b13

SHA1
ef40d489c61b178b54f8116548662ee876e0133f

SHA256
6ecef9ef0f62491d595b2f32c69b53c53a1b3a8a7c9dea39d56c6861f5b93bdf

SHA512
baf6f9063f95e6d699088ec4c0611825e030382ff913084feb7f913cc8f011d079b6c7143359391d8e30a5e26ac5a5358882b20e3ac31c5afdbe8867ff6f62a3

Download Submit
C:\Windows\SysWOW64\steam.dll

Filesize
322KB

MD5
94d9e620da6bd5fe5a4d20aebb15ec6d

SHA1
3c63d12fd2fda36048461c3a74ef228bb58da61a

SHA256
88f7c7fe458ec238599dc57063a69b6417902f1e3591c6239af7c400954f764e

SHA512
d1fe188954b45d2db40dcb06b44fb60dfe09fd0e0118ddebb27cb294202c2f59b49009e99d28e200078b22061d48d5b3de6251f255426087337c9fc462a74af7

Download Submit
C:\Windows\SysWOW64\steam_api.dll

Filesize
65KB

MD5
fa11b8cf4197e8de4a9e04f97bc1b159

SHA1
aeba89ce6faa209587a7a91c6f5f68fb6a0ddf00

SHA256
a903b462678281ec5a796fab528f7258b18455dc5e42b87389ba96d2359e4777

SHA512
0df1faa6e3480b1a64451d4eac8b9c17c0bbe52138314ffec6c1d968fb4c06570c24c4ca532f7f4261aa295fa8e7dd15039c62318eb3cb562370bc14e61bc32c

Download Submit
C:\Windows\SysWOW64\steam_api_c.dll

Filesize
68KB

MD5
6baefb250616105b06438d6742d1ebde

SHA1
bd5b8f0113ab76dd8e35d6c446ab0286450f5666

SHA256
02fe1504d1ff75a0ed34e4cd8000639711d0481b9ad888dc96ccf8eadddc4753

SHA512
4389235cd5077f5fa9774f5ef2b4a2122de357c897b30658ad3c581e8d8991cf987159849392fd6776a80bc57ab563eda5b0c1e6e167e4a61954e117ac963a45

Download Submit
C:\Windows\SysWOW64\vgui.dll

Filesize
344KB

MD5
d44ee82601ae62ede3e224269a0bbf53

SHA1
2d00b1d5e052584c6c86ec08795d56d2181a91ee

SHA256
0d4472d21443de839080860a300cca6b9436508f329d33d712e5c9bc07d4d998

SHA512
00dba1a1d88bbc8f77f86ac45068d3f071805a13bf30c7f5c3f3168d3b799e773a1a3a7decab7931a9104bfe91dc8d60cc54b9e82a12e01b29dfe13c4fd1d398

Download Submit
C:\Windows\SysWOW64\wwwupdate.db

Filesize
12KB

MD5
357fa1189fa3104be03cf55422cb408d

SHA1
f63997c168c2a111f2d5665fe381fa9b46d3c1ff

SHA256
5c95522e7018f5f8e7705551f64430206d9d3e20ffa8a676c4ddc04e9c736265

SHA512
1a5101a42ac1970aa57a8d7fdba8cdc0bdcce85a50f9fd41b2541e23e4176317133d6ef61f4d3f239be4a36f11fb7408b00d70193c9bbb3e68ed2b9a1b47448e

Download Submit
memory/3028-2383-0x0000000000CF0000-0x0000000000D05000-memory.dmp

Filesize
84KB

Download
memory/3028-2412-0x0000000000CA0000-0x0000000000CAF000-memory.dmp

Filesize
60KB

Download
memory/3028-2376-0x0000000000C80000-0x0000000000C8F000-memory.dmp

Filesize
60KB

Download
memory/3028-2381-0x0000000001320000-0x0000000001378000-memory.dmp

Filesize
352KB

Download
memory/3028-2416-0x0000000004F70000-0x0000000005AC3000-memory.dmp

Filesize
11.3MB

Download
memory/3028-2386-0x0000000004930000-0x0000000005B5A000-memory.dmp

Filesize
18.2MB

Download
memory/3028-2391-0x0000000005D20000-0x0000000005D2F000-memory.dmp

Filesize
60KB

Download
memory/3028-2397-0x0000000004930000-0x0000000005B5A000-memory.dmp

Filesize
18.2MB

Download
memory/3028-2420-0x00000000013C0000-0x00000000013D5000-memory.dmp

Filesize
84KB

Download
memory/3372-2202-0x00000000009B0000-0x00000000009BF000-memory.dmp

Filesize
60KB

Download
memory/3372-2225-0x0000000000DD0000-0x0000000000E28000-memory.dmp

Filesize
352KB

Download
memory/3372-2211-0x00000000009D0000-0x00000000009E5000-memory.dmp

Filesize
84KB

Download
memory/3372-2227-0x0000000004930000-0x0000000005B5A000-memory.dmp

Filesize
18.2MB

Download
memory/3372-2223-0x0000000000DB0000-0x0000000000DC5000-memory.dmp

Filesize
84KB

Download
memory/3372-2215-0x0000000004930000-0x0000000005B5A000-memory.dmp

Filesize
18.2MB

Download
memory/4448-2441-0x0000000004C70000-0x00000000057C3000-memory.dmp

Filesize
11.3MB

Download
memory/4448-2459-0x000000000D8E0000-0x000000000D8EF000-memory.dmp

Filesize
60KB

Download
memory/4448-2444-0x0000000000F10000-0x0000000000F25000-memory.dmp

Filesize
84KB

Download
memory/4448-2442-0x00000000010E0000-0x0000000001138000-memory.dmp

Filesize
352KB

Download
memory/4448-2455-0x0000000009570000-0x0000000009654000-memory.dmp

Filesize
912KB

Download
memory/4448-2454-0x0000000005BA0000-0x0000000005BB5000-memory.dmp

Filesize
84KB

Download
memory/4448-2451-0x0000000009300000-0x0000000009459000-memory.dmp

Filesize
1.3MB

Download
memory/4448-2457-0x000000000C530000-0x000000000C570000-memory.dmp

Filesize
256KB

Download
memory/4448-2453-0x0000000005B20000-0x0000000005B35000-memory.dmp

Filesize
84KB

Download
memory/4448-2447-0x0000000001320000-0x000000000132F000-memory.dmp

Filesize
60KB

Download
memory/4448-2461-0x000000000E0E0000-0x000000000E128000-memory.dmp

Filesize
288KB

Download
memory/4448-2460-0x000000000D8F0000-0x000000000D90E000-memory.dmp

Filesize
120KB

Download
memory/4448-2466-0x000000000F250000-0x000000000F2AA000-memory.dmp

Filesize
360KB

Download
memory/4448-2464-0x000000000F1F0000-0x000000000F249000-memory.dmp

Filesize
356KB

Download
memory/4448-2462-0x000000000F160000-0x000000000F1ED000-memory.dmp

Filesize
564KB

Download
memory/4448-2468-0x000000004F170000-0x000000004F180000-memory.dmp

Filesize
64KB

Download
memory/4448-2436-0x0000000000DA0000-0x0000000000DAF000-memory.dmp

Filesize
60KB

Download