vidar | hxxps://gist[.]github[.]com/imcenlupaad256/de3c6845267fc224505a21be986ebb76

Analysis

max time kernel
113s
max time network
172s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
06-10-2024 10:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gist.github.com/imcenlupaad256/de3c6845267fc224505a21be986ebb76

Score

10^/10

vidar 962abdb0b49579401d25d63a1f697be6 discovery stealer

Malware Config

Extracted

Family

vidar

Version

Botnet

962abdb0b49579401d25d63a1f697be6

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Signatures

Detect Vidar Stealer 24 IoCs

stealer

resource	yara_rule
behavioral1/memory/2500-950-0x0000000000400000-0x0000000000675000-memory.dmp	family_vidar_v7
behavioral1/memory/2500-951-0x0000000000400000-0x0000000000675000-memory.dmp	family_vidar_v7
behavioral1/memory/2500-965-0x0000000000400000-0x0000000000675000-memory.dmp	family_vidar_v7
behavioral1/memory/2500-966-0x0000000000400000-0x0000000000675000-memory.dmp	family_vidar_v7
behavioral1/memory/2500-1008-0x0000000000400000-0x0000000000675000-memory.dmp	family_vidar_v7
behavioral1/memory/2500-1015-0x0000000000400000-0x0000000000675000-memory.dmp	family_vidar_v7
behavioral1/memory/2500-1020-0x0000000000400000-0x0000000000675000-memory.dmp	family_vidar_v7
behavioral1/memory/2500-1031-0x0000000000400000-0x0000000000675000-memory.dmp	family_vidar_v7
behavioral1/memory/2500-1033-0x0000000000400000-0x0000000000675000-memory.dmp	family_vidar_v7
behavioral1/memory/2500-1034-0x0000000000400000-0x0000000000675000-memory.dmp	family_vidar_v7
behavioral1/memory/2500-1038-0x0000000000400000-0x0000000000675000-memory.dmp	family_vidar_v7
behavioral1/memory/2500-1039-0x0000000000400000-0x0000000000675000-memory.dmp	family_vidar_v7
behavioral1/memory/2500-1055-0x0000000000400000-0x0000000000675000-memory.dmp	family_vidar_v7
behavioral1/memory/2500-1056-0x0000000000400000-0x0000000000675000-memory.dmp	family_vidar_v7
behavioral1/memory/2500-1083-0x0000000000400000-0x0000000000675000-memory.dmp	family_vidar_v7
behavioral1/memory/2500-1084-0x0000000000400000-0x0000000000675000-memory.dmp	family_vidar_v7
behavioral1/memory/2500-1099-0x0000000000400000-0x0000000000675000-memory.dmp	family_vidar_v7
behavioral1/memory/2500-1113-0x0000000000400000-0x0000000000675000-memory.dmp	family_vidar_v7
behavioral1/memory/2500-1114-0x0000000000400000-0x0000000000675000-memory.dmp	family_vidar_v7
behavioral1/memory/2500-1116-0x0000000000400000-0x0000000000675000-memory.dmp	family_vidar_v7
behavioral1/memory/5544-1159-0x0000000000400000-0x0000000000675000-memory.dmp	family_vidar_v7
behavioral1/memory/5544-1160-0x0000000000400000-0x0000000000675000-memory.dmp	family_vidar_v7
behavioral1/memory/5544-1170-0x0000000000400000-0x0000000000675000-memory.dmp	family_vidar_v7
behavioral1/memory/5544-1177-0x0000000000400000-0x0000000000675000-memory.dmp	family_vidar_v7

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar

Executes dropped EXE 2 IoCs

pid	Process
3832	Unlock_Tool_1.9.exe
5496	Unlock_Tool_1.9.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
2	camo.githubusercontent.com

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 3832 set thread context of 2500	3832	Unlock_Tool_1.9.exe	119
PID 5496 set thread context of 5544	5496	Unlock_Tool_1.9.exe	128

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 3 IoCs

pid	pid_target	Process	procid_target
4372	3832	WerFault.exe	114
5592	5496	WerFault.exe	123
5308	5312	WerFault.exe	147

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unlock_Tool_1.9.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unlock_Tool_1.9.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
728	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133726843751044152"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\link.txt:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Unlock_Tool.zip:Zone.Identifier	chrome.exe

Opens file in notepad (likely ransom note) 2 IoCs

ransomware

pid	Process
2624	NOTEPAD.EXE
1620	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
2500	MSBuild.exe
2500	MSBuild.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1504	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe

Suspicious use of FindShellTrayWindow 48 IoCs

pid	Process
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
1504	7zFM.exe
1504	7zFM.exe
1504	7zFM.exe
1504	7zFM.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2948	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4660 wrote to memory of 3220	4660	chrome.exe	80
PID 4660 wrote to memory of 3220	4660	chrome.exe	80
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 3816	4660	chrome.exe	81
PID 4660 wrote to memory of 4740	4660	chrome.exe	82
PID 4660 wrote to memory of 4740	4660	chrome.exe	82
PID 4660 wrote to memory of 3132	4660	chrome.exe	83
PID 4660 wrote to memory of 3132	4660	chrome.exe	83
PID 4660 wrote to memory of 3132	4660	chrome.exe	83
PID 4660 wrote to memory of 3132	4660	chrome.exe	83
PID 4660 wrote to memory of 3132	4660	chrome.exe	83
PID 4660 wrote to memory of 3132	4660	chrome.exe	83
PID 4660 wrote to memory of 3132	4660	chrome.exe	83
PID 4660 wrote to memory of 3132	4660	chrome.exe	83
PID 4660 wrote to memory of 3132	4660	chrome.exe	83
PID 4660 wrote to memory of 3132	4660	chrome.exe	83
PID 4660 wrote to memory of 3132	4660	chrome.exe	83
PID 4660 wrote to memory of 3132	4660	chrome.exe	83
PID 4660 wrote to memory of 3132	4660	chrome.exe	83
PID 4660 wrote to memory of 3132	4660	chrome.exe	83
PID 4660 wrote to memory of 3132	4660	chrome.exe	83
PID 4660 wrote to memory of 3132	4660	chrome.exe	83
PID 4660 wrote to memory of 3132	4660	chrome.exe	83
PID 4660 wrote to memory of 3132	4660	chrome.exe	83
PID 4660 wrote to memory of 3132	4660	chrome.exe	83
PID 4660 wrote to memory of 3132	4660	chrome.exe	83
PID 4660 wrote to memory of 3132	4660	chrome.exe	83
PID 4660 wrote to memory of 3132	4660	chrome.exe	83
PID 4660 wrote to memory of 3132	4660	chrome.exe	83
PID 4660 wrote to memory of 3132	4660	chrome.exe	83
PID 4660 wrote to memory of 3132	4660	chrome.exe	83
PID 4660 wrote to memory of 3132	4660	chrome.exe	83
PID 4660 wrote to memory of 3132	4660	chrome.exe	83
PID 4660 wrote to memory of 3132	4660	chrome.exe	83
PID 4660 wrote to memory of 3132	4660	chrome.exe	83
PID 4660 wrote to memory of 3132	4660	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gist.github.com/imcenlupaad256/de3c6845267fc224505a21be986ebb76
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ff9fa2acc40,0x7ff9fa2acc4c,0x7ff9fa2acc58
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1760,i,5661045208839031441,17088477260537543649,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1768 /prefetch:2
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1392,i,5661045208839031441,17088477260537543649,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2172,i,5661045208839031441,17088477260537543649,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2380 /prefetch:8
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,5661045208839031441,17088477260537543649,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,5661045208839031441,17088477260537543649,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4552,i,5661045208839031441,17088477260537543649,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4568 /prefetch:8
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4612,i,5661045208839031441,17088477260537543649,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3160,i,5661045208839031441,17088477260537543649,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3236 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4556
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\link.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4416,i,5661045208839031441,17088477260537543649,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4288,i,5661045208839031441,17088477260537543649,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5036,i,5661045208839031441,17088477260537543649,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4596 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5708,i,5661045208839031441,17088477260537543649,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5412,i,5661045208839031441,17088477260537543649,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5744,i,5661045208839031441,17088477260537543649,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5332,i,5661045208839031441,17088477260537543649,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6008,i,5661045208839031441,17088477260537543649,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5324,i,5661045208839031441,17088477260537543649,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5904 /prefetch:8
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4976,i,5661045208839031441,17088477260537543649,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2100,i,5661045208839031441,17088477260537543649,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4676 /prefetch:3
  2⤵
  PID:5760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4756,i,5661045208839031441,17088477260537543649,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3532 /prefetch:8
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5472,i,5661045208839031441,17088477260537543649,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3488,i,5661045208839031441,17088477260537543649,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5492,i,5661045208839031441,17088477260537543649,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2096,i,5661045208839031441,17088477260537543649,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3732 /prefetch:3
  2⤵
  PID:5304

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2936

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3680

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1896

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:1504

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2948

C:\Users\Admin\Desktop\Unlock_Tool_1.9.exe
"C:\Users\Admin\Desktop\Unlock_Tool_1.9.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3832
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:3224
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:1936
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:4504
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:2416
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2500
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\KEGDBFIJKEBG" & exit
    3⤵
    PID:5876
  - - C:\Windows\SysWOW64\timeout.exe
      timeout /t 10
      4⤵
      Delays execution with timeout.exe
      PID:728
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 304
  2⤵
  - Program crash
  PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 3832 -ip 3832
1⤵
PID:5852

C:\Users\Admin\Desktop\Unlock_Tool_1.9.exe
"C:\Users\Admin\Desktop\Unlock_Tool_1.9.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:5496
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:5512
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:5520
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:5528
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:5536
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:5544
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 276
  2⤵
  - Program crash
  PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 5496 -ip 5496
1⤵
PID:5568

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\Defender_Settings.vbs"
1⤵
PID:6104

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3756

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\Defender_Settings.vbs"
1⤵
PID:5288

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3588

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Readme.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:2624

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5536

C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" English.ini
1⤵
PID:5744

C:\Users\Admin\Desktop\Unlock_Tool_1.9.exe
"C:\Users\Admin\Desktop\Unlock_Tool_1.9.exe"
1⤵
PID:5312
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:2416
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 232
  2⤵
  - Program crash
  PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 5312 -ip 5312
1⤵
PID:2288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\KEGDBFIJKEBG\FBKKFB

Filesize
95B

MD5
f246bf2465b177d492506954be377c3f

SHA1
6feaf291a50c33203d6e98356d47758158bbaa1f

SHA256
5cb592843421ba6fda5fd5cc143b214b94d402c2d23a025dfb872e98a755278b

SHA512
3eed854638582c981ce746a5b68d7f81d2faee38942811486ca5bb228d649bef6c0fdb9d1524c3495d62748b13d17e652d82587282bb5be069bc5ac899851214

Download Submit
C:\ProgramData\mozglue.dll

Filesize
593KB

MD5
c8fd9be83bc728cc04beffafc2907fe9

SHA1
95ab9f701e0024cedfbd312bcfe4e726744c4f2e

SHA256
ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

SHA512
fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

Download Submit
C:\ProgramData\nss3.dll

Filesize
2.0MB

MD5
1cc453cdf74f31e4d913ff9c10acdde2

SHA1
6e85eae544d6e965f15fa5c39700fa7202f3aafe

SHA256
ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

SHA512
dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
bcf6e0ad53787b270a7ba369df7f4351

SHA1
559140624e738b33b03d0d10a77f3371bf2b3d01

SHA256
234a5b785bcb0952c8aeb47d4a58a00288265a67e8875ac5b36de80e925b5d14

SHA512
dc4bf416c1a6fd087f48f653b06e5fa6ac0b388f190046bf61a5ddb07d2d809ae7f1cb1bdd912732f6f61e42f19927e7d94139544e133d3cdbea83b00ca6efef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
1b99c624ebee07194a401199f38c2f94

SHA1
c27049d4c89073d698faf98b7ea4342e56a58885

SHA256
2c34a7e4bef03622b1204d6b26daaf0a5b32f8d8ddbae2cc776c1b8a9c84c326

SHA512
8e34066500c866de200f40e267b34c55e29771923851175e5d45d065e453dd2e30139f1947382a32482fb22c0bbb0d43ed91f16a09a2eae6755a8422d09291a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
5fec8a64970182614a8a464cb2b058e9

SHA1
9f00004066db641c158fb093e83e726161030142

SHA256
1ed631492a87174d5d0f806e72512104b61fa2dc423a963684894573fb82496a

SHA512
acc3508d9559edd899c8661c685a4f88ede0b347235598c6cdd03fc9cee1b4ecb4713edd3570c8a70601448b7a22bae61cb39ee0ca4ec6fe26e986edb2cd01a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
ea854a996a8c7346a73d51c76f667cae

SHA1
64980b83b0a2b482ec5d58cd91f89ef9c38f9333

SHA256
71853584c8aa7a8bc531fc4d2e4efbeca7d1080389ebfe431f40ca180f58c341

SHA512
1c6127173d73872b08414e226444a9286120157fbca680341c2b065c6b9a7415f1eb3547851c2bdfa92f8edd3a7d528583284e1435b6b319715cd8bcfdcb1eb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
5fb8487e5d6094d8f0501efedf8c6180

SHA1
96f8c1f430ae3d500d8029b36b4d651992dfece7

SHA256
d8ca1f8eba96aabff5db43b3c2f8e381fd97e17a8fb59d0243d58e6b295140c1

SHA512
be3047e44a204f6ace68250b2882ac002593788500fc5e018a262fa06e5efe89e40e476f516007ca5adc0950fa4e39f517a649d2c7ee31f2de363f61490915ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
21KB

MD5
f1841a11ca0e16ec536e787fc111e694

SHA1
43da21eb38460f29ec4f4c98d3387b0143670b2c

SHA256
f3c10fdc84e6007903b41c5545eea290aec9c4fec14e7f9771eea1cfa394107d

SHA512
c9cf25c8077a2d846d4b44e60c7ff7a440c2256e04e56b4e072a65074b5a515637cb60c04a050a88f6a7f26b5179a079533501244ee56b294b3edd10498e2795

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
17KB

MD5
5b6b50047dbe6b7029122a60e721e96c

SHA1
5664420413d18e7447c534c8d0e09d3137523757

SHA256
8cf8fc5ee397a8b6365e14a7f2ac840b6bf964bd776ce13cc986ee3393a4e874

SHA512
692b31f49765383fcfd7ab954de4f16cf61057abd649f1d0173323aeaa1a1624c885799b674344690585c49d2b3367247580299855b2643389675dcdc611223d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
37KB

MD5
1b6703b594119e2ef0f09a829876ae73

SHA1
d324911ee56f7b031f0375192e4124b0b450395e

SHA256
0a8d23eceec4035c56dcfea9505de12a3b222bac422d3de5c15148952fec38a0

SHA512
62b38dd0c1cfb92daffd30d2961994aef66decf55a5c286f2274b725e72e990fa05cae0494dc6ad1565e4fbc88a6ddd9685bd6bc4da9100763ef268305f3afe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
20KB

MD5
a6f79c766b869e079daa91e038bff5c0

SHA1
45a9a1e2a7898ed47fc3a2dc1d674ca87980451b

SHA256
d27842b8823f69f4748bc26e91cf865eceb2a4ec60258cbca23899a9aef8c35a

SHA512
ed56aaa8229e56142ffa5eb926e4cfa87ac2a500bfa70b93001d55b08922800fe267208f6bd580a16aed7021a56b56ae70dae868c7376a77b08f1c3c23d14ab7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
19KB

MD5
7eab02c9122098646914e18bd7324a42

SHA1
5e2044e849182f1d3c8bcf7aa91d413b970fc52f

SHA256
d58d66c51a1feb9af55ba4a2dcf2c339b7976dd011fbd5d071ca86b9d7f58a42

SHA512
dbb0f94de62d7d77d4bfe6c298043c559a0d4bc117bd7dc1d627caabffa8e712cec5e3adb4a737b350429493ac0ebfb81c8759aebed41b30218d0e7ff6f3196f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
37KB

MD5
b171ec9a4afec36d9c5c223e74809096

SHA1
07921ed2473ebf493aa779e4147c5ca3a3e464f8

SHA256
02fbf77fe2d810cdad165c9050e7743936cc489b103217c36a1362b93f5a5235

SHA512
8f52e4c14b386580932b123007d0cca715082ca2fd79e6d5c1176f08b598b5a32aa262b96e877c51522a1ea867dfcfec574f19e8510f57fae22d935668f66085

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
59KB

MD5
a214ee4c8729f2e26a7225bbe67b3bb9

SHA1
5296f880ab69325a578e7ec793e75ee0851215a4

SHA256
bde9dc60456aa92499092be020668a84fc5a8ffab28cd98cbe8b5fb66bb089c0

SHA512
1343ffe9a0d1193c953143eec6d6a3b23c3e7d88aaf0acc124a9360b1cc1ae34c69070ee7eb6bdb9c2b7326e79c40888cde6067c8a6b9376f2a2911999f86175

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
37KB

MD5
88d9e59132511ea7d6319d20ffd7c29c

SHA1
aa3488ac6e9ef93c8dc9da4e100e581a99cd13a8

SHA256
df73e347ad4be74af9f6011eef551b0703f21cc8abc91278a0cd081c76351d8f

SHA512
2162d53b55166ee3a9f871bbd89cd933b4b22d9620e1f51e16ac96fb3a866fafeee7668653291cee3a4a57a3d63f4b014da31cc40b4d88487443010f2d4c6386

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
53KB

MD5
cfff8fc00d16fc868cf319409948c243

SHA1
b7e2e2a6656c77a19d9819a7d782a981d9e16d44

SHA256
51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a

SHA512
9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
88KB

MD5
76d82c7d8c864c474936304e74ce3f4c

SHA1
8447bf273d15b973b48937326a90c60baa2903bf

SHA256
3329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8

SHA512
a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
99KB

MD5
b6b2fb3562093661d9091ba03cd38b7b

SHA1
39f80671c735180266fa0845a4e4689b7d51e550

SHA256
530eb1f6d30ce52b11c3844741721eed669decc69060854ddb6666012c6e9e20

SHA512
7c3f88910bb87eb58078104290d0a6fc96bb34705974bf93e6dffd928160a9f28e34d879f015f0a05754f56aeacc462e27ba3f332e9dddd6e3879c5d97db5089

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
36KB

MD5
5d4b59fd50d7663c7d26b41dbd8b8488

SHA1
e167e4d844acb94c341dea6c76f5479137fe6a58

SHA256
3cd0cd5deb067e07c310bda5792eae29906c18961909ef5028202754e6189ff9

SHA512
3fd5b027c88d3d920378d755e6cb9bbda328f1870659e1b91381e05f8838ea44bd53307b59fa5790d226bf522a13126ecf0b4a7d1f38f4ef3d947c50f8c3f108

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
62KB

MD5
9666d74b18f57389ee2d3dee5073f71a

SHA1
1830bc2670e616a1da1af27157159e6677a5ad63

SHA256
6fcb1e788f9a12b8ad937172802c41475f2180906db38d6507a3af6a2b721cae

SHA512
69ea6d6080b3ac00f4c4fcf9e00c9e16bd2c3373073f7dde3b1735fabeaaed1e7f8b76113e5ed2b9df08d089ca33ec367c595312f0c2f6e0fbad364464bc989b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
41KB

MD5
abda4d3a17526328b95aad4cfbf82980

SHA1
f0e1d7c57c6504d2712cec813bc6fd92446ec9e8

SHA256
ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476

SHA512
91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
70KB

MD5
49ecfdb61d01dc71924fc7ba2f317faa

SHA1
74ef077b87ed4043ca445ad2d5ac93cc8e72dd26

SHA256
a4052317c5b734d9275a6566b37101462718ec4ead3d480fdcaa0d273e762db4

SHA512
759c7d604adf14a281a011b9c2b3f87c540252e43d4086e2148a3873fc78828f50db1db8b055696996b9eb985b5699937c4acc1ec9f46361a30e7e0a9eada86e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
92KB

MD5
719718a3c7f8d2e9217376f07401f1fa

SHA1
efe312f2206469b1084537dd16946949c00a058b

SHA256
c849f16b44b3fb22ea5c3c616620b09bbfa138cb5124dff17b1eba4c5193f24e

SHA512
8dc3f40cefcfb58fa511e9873827e8f1a48d31e6b7222d67a011868698f3f9b3b13f7bc95ae0562a8a4eb7a2ced50b6e11e7c758332f78715921dbc731bf05ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
137KB

MD5
eb7895ba582fa7cba9531ab42d9ed8c2

SHA1
740b43a2997f24d6859896bb46541ba2ce208f8a

SHA256
4966326cb66eba65e26b589887981530eeb795373529563244f4f29f18cab78f

SHA512
b405fe99fff3f9fbbc2849f4deac45cb3cd252a66e7f11fb20ed16e93aa0d63c752569bf42961910adebf0915388725fdba531283c9fc963b7b4221e066a357f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
32cd22af14ebae730e808b15ee4b4d34

SHA1
cf9d55f9919ccd4d02cd2282c3109e8ec5e0414e

SHA256
16a3a7a6a1eacc29bf83c7139efe8b25842537041ef26d66d7aef523a70ab587

SHA512
997cca33910903e710f6c9544686bf7ae58597308b623dd190356c051da5e9ef502c9a2a25f0b7982c683a4a3a98b69744d1445b49896d5b12f222b8b769613c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e265b103ad34d74af096a6fb7e7ff3d1

SHA1
c76c3b10794f6675813d7d3c7804bcc95f8b6da6

SHA256
ef1d18f8ec9bf5fccf50aa8c0f31cf99d3d2ca455d36fa02191b04344569746e

SHA512
4825df0608133a29eaa55d1faea0ea69ac51ffa587cc58629a8fa3946403623f8e47214337346262727edf4631474c74eb77b7ba55c81da2c0e16410fdc6da04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
3a544fa113695fdc42146f3650d88d14

SHA1
ee82c77aceb9958939095084f78faf31b5fe04eb

SHA256
5618592e1626df081207182b80dff2513a5859a2184e54e9cb88ff75da5f8c9f

SHA512
6ac46ef625b2ec7b97b74d5826c67460e698d8b63c84ad27fac133b4fd353c135bf86963ba5c649bded10694710a592b988fd2f2b7d4391d99f1614d0a1c6a92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\4493842a-fbe5-4844-8d8c-bcb4c841a1c1.tmp

Filesize
1KB

MD5
2c401d74f34844b6d6a0a8285e2f3062

SHA1
4115fcfa7454783f406a68fbf93b42e95ec1ac75

SHA256
09ea3985eb6a85d21edc082dda3aa9810d6ae13b3a7143709802ee698f9e1de9

SHA512
c3799c5acdbe9ec3b833e0fc7fc7db7b5ae52b9d4d31fb97241c46addcf125857f892335aaa68984a09330c2c30d869f5d578da7fcd638fcfb3164b43c12d96f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
6c1f641f41e4b250647b114d4bee1a0b

SHA1
66d5ec2359e6336875eb1fe98fd6de5cd8151fad

SHA256
99d888b346f076a54fea0e2386d57c62798bc511cd3cfa61b7fe0c2429af1589

SHA512
90e4d1fa951e335fbffbc0dc5073263fcd600476b6fb1734c8e2ce27cfa8a65b8eb6d8f1159031af37b9b9f24b7d6114936028c8b00a46daaa9e8a63c5eee51c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
a7fd7ef1b4ba830df287521734d69117

SHA1
f1ec04f6359d77a762ed0fb2e5145b1f2228755d

SHA256
65080f84619a2738754f5d2302f87657537dbbe65c772cfff204760389c34ed8

SHA512
36102378bb89267210aff94280814840f59360830b15e3529737a813fa90133d3bc82ab35f1da476d419ec21db8cbde87b8e8f71b59cca5ec01d7ca56ffcb86c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
0c920ef1f13bf4ffb615608658f773cd

SHA1
1251c5b0fae654de614cf2429ef67fc1f0e5b663

SHA256
292dec2f0c346f19e96ec2aeed27d41b8d537849b146f3e855534c5eb1c9da81

SHA512
799172a3371545f7fa938fdba9739fb8a6d907161417838b7b71ab19488e152317fbea2a59e01e95706199f4bd41ccfeb0cd3147813aa41cdc92052b4df33d07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0fc017f53e83804ecf396e5a43908c25

SHA1
1f42bbd3c5615f5fbf86f2dc416651f1530e12a3

SHA256
f20bcf1769ae5b3b783547f2742cd58f2c2b9cafc4b9056866dee40c62c431cf

SHA512
c91668e83bce1cee9a9aa541e6fea2031a24c88061bcba948adfeb18a2f45589d61427130ef9482da1bb2efbad09b634e9b8a587daa26e89e7c7ca34d1bf5ffd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d26c4f56f954a12a33a291d7060c4021

SHA1
8749dca86bcb8f2ad3fdfb0dd6ec27accd435ac0

SHA256
34953d8d6b16aa47a65b30e7ce24a8cf85403fe9030d5b92f145b6f09db30eac

SHA512
774c68b2cce37cd667ae560ef43f8fa51be2ee6d5c7aee4b31bde368a5a59d87dcacb355556880fa44e3b7d62fd863d5c2c4230e37b5df73118780ddd2d99fcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bc4f3f7559f20e333041e5d94f6296da

SHA1
e44113e1e86c55957d09c7cda4e10eb5a5961d73

SHA256
0dbec664362615a32c398e041a6eb45fd9042cdf0fd70281407facc3ab6c9ede

SHA512
f1fad5717cf08e7df33a9ead2f3dfbf87fd25d5d3ec0a10f94399f5e694aaaf12a21d897ac8dbcdf2142cf58e9b7eaa2e6d9ac205997adedfa9fb80994b5c446

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c4f6d501fc41f6f639ce84155a1d50e5

SHA1
68627333b51fef9839ea3bce427dd75f2e28ea4f

SHA256
f88f1ab4bc22b26358135eff0a3bcca8a96a6a546f00751584bb339495c6e3f6

SHA512
81a33b01a682ce03b39c2175ed26db30d37903507fd60a62aa8a5afffab5f1cb2caae100023a598b48ae4d18a757cdc4895e12f9f88c5d306ca6de4b2c8f893c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
62f7738cb99aaa3f84cf68fd97f41179

SHA1
34da93579bffba7c57083fc6fc5c35beadb993aa

SHA256
e6a45ee7973bb30436a6495ee711834d1fe3d374b377dd618d5fc09e2574097c

SHA512
efa1687f6d19e3a5b64b81709cc868261415857cd9efe75c0b4199eb2350a9e6cf54ca51cefa2abc942756fece7bcf1ec638e57b6dfe26ab815ff21f81771931

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
755950a71d9546a8590b08e68fe2b893

SHA1
8ed903cd0673831562ae72da62d0d08f1b8f4762

SHA256
f0db9125e5c5e62856e59ba95f00d25c6f9e4d07be4fc095e11245d2ef9aefc9

SHA512
0b19be5ef124826ad379ddc6eba943ae6b8ac8422b10ac9e2536400e13fc251fc1426ce20147b5215344dd52f6b30c0a28d683415d7bf74895bf4d7bcf5a4eaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
63b94f4a80bfea51d7d9731925aceabd

SHA1
7e8a9f64ebdd6d2f48ce7d966aa684a614df4dcc

SHA256
b387c232ce2207f9070795cdc1b0a6b699463310474a7709c42d43f066365e71

SHA512
038e9ba2aaecbb1b28498f57626ef21d79966a90ca950b20555f53e6ebcf8f44a60c616c8879a6611d94c69f74d213770e6478b8af249c22fe4a5da92049a206

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cc0bea9e96135ed89c97e5aaea212dd4

SHA1
685dfdb6962f43685719e0b81accb9f9fe7e9d2e

SHA256
2d4aefccbebf96e29d29e1fd3996565e17c9728438abdacdda02a00d869537a5

SHA512
32b664f092c64dda7dc5650b5d88abd636afd84eab2742b04b159561bf5372a65979285f2fcfaa37a5fb1dded0e81b8d836871ee7c6100d28f81f179b8c2c36c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8c7f1b2745d26dfa6d36355836a12d1e

SHA1
ed006e76785b39d562348cb21d7e6e7e21143140

SHA256
0562b874f822c9a61e8aba75901e7fdfb79745c44bbd9a8c84ceca60e893ffd1

SHA512
825e6e40f40bdbee2ff2dc2ca5080567a74b1b674f6b5f8700f46b7b10df86d5716ca467bac845fc53382956dfdaaf8e111df417897acd42b23abd5559b51eb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0164b3424334a609335e23f5aaffa8bc

SHA1
a21a772c41fab847b59aa58368d0d2c8364565a2

SHA256
cfc5c1e396d1b2bfb6cfabfd31e1f8be1f4d05dd771cafe49f602c1a7c197d29

SHA512
c41c3b6d0004081d28f176acf5e9e9e6b4b48de133299404e2c51470a141caac5f721e6d9135c984c1b194f7389807dd12e66938e644d6007e93d940a1368539

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
43036eb6969f4a5eb4b5282d4873e44b

SHA1
0c9d2cd977e446797079539bde3ef3244720986d

SHA256
9466d79bd096ed26abb6fc3cc410e28a04b32f9f2015107af24c722e23fd3b10

SHA512
d14fb9cf5a6e9f55d9ba49e3822ca181da91a26fce4003b922367e9bb86b7e68d107163f1b08c3c529a160fc67a94c3c309bbf8710fd8a539627ae115173b662

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c129cd63188043a03e94b4dcddf3fb65

SHA1
1fec100aaf93d88f60334ac5689399399eeff41e

SHA256
471b8064bb0a55ac5f426207ccf3025c047b760acbbff60e6ac4f1b03da8ff8d

SHA512
1ee86c360a55cb41e27d75f8115d1e905ff7e2ed764a5b65360fbb75ca0bff99f3bcf81124bfc5c21457789319c7c655ef570e9f8931032b6e54ef9c5549a759

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a6a4c5525767e3bf0b780434d4423509

SHA1
92f4ec160d44748407c1d3b3eb2a974d7effdaac

SHA256
20b6f9aaf81a588222e4e167ef81c18fe7bd158767b4a0c38c96ece1330e5494

SHA512
092c9e1fddda2b9ed5c6ab710952de1d0562c50ebdbb8371463b4447b2543cfb30213bf19e9b952b753c1b9a3841b39c1e3186d3aa1b6826e39b37dca54dd415

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d153d64728c29f91423975cda48e5452

SHA1
c7c29f9e2b266e666aae2a29a42eb7a5e2a2db2c

SHA256
1c7bbbf284b7da1a8579f110a33437d33729d0b227b204c63c15e65b8ec386b3

SHA512
2113966edce4427e9084dad2b69c7154f100d25b2b0bdefe5cfab114786ef1c42d200e90e1a220c09fb379f3fd3844579ff7bd74bb2830c2ba96b6ef1b7dbc16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
5e5eb34e7d8b1807d87ed33bb2ab1fb7

SHA1
861c50b58f7a42c3b82250184de44d387a5ec5a0

SHA256
5ea572e1db057994f8a95e79d69cdfc8874b2dc3efc9338958b81a0276e4a1f0

SHA512
2f78bf3d6ba9ff34e3c3c9b21c9c32fd1c4cc275dfaafa52497468f116838a3c5c6d383cbadd6162ed8b37985201e28b843a6dc11888457d0039e82dc9fff94d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
c8ca48fd9150b70a7e7f6d6a80896a94

SHA1
debbc32cc568c04ac431ac484503e6e095601cbe

SHA256
36278f06805fd7f3c83f39f6219249623a96deef44b06505e024414bd3fbf51d

SHA512
7f018cb688e2a54a4b28615c05add9bc99ed15cc9a46be1719893fb312ede07bf7a0c6bc189afa13dcb6ff91e9f838e7dfe7a4b6ddf4d884739d764256aff35e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
9dedabad5747469b75d7e8d2e1a9414f

SHA1
3d9b6446488e035a72f866655a7547d95c77df49

SHA256
10513441f267f045674ee01cd7512b58ea766cd4a5523ea8bfe631acde2555e8

SHA512
32419811252a51ce5bfbd150cb92b74b3ae28db3e1048e892d0f1b78223dd1b314f1402841f14c9b2300f97f142bb38e5437c274833475418059694ffe342524

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
880dbc1ceb3b92ec4528f01281dbb43d

SHA1
bf8a5c66f34f271f97679dd8e862798229671cf5

SHA256
3f7cd623dac6eca48dcc4d535db4e479a7e36dedf20d11b1bb2ab731eb95346d

SHA512
469e163b8e7dae34af52afb4194873a9bfd562d131a7d8cfd9e8a905760199bd204e64db635541b72bdd781f387e510ba88673ff55122f94624587b596ca7c0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
b98494b7798d2f55b9849d7000045165

SHA1
d6cb915965d0c9dcc8c0babe59e875103f7c4e8b

SHA256
ed8beda4963e04c915c1d4ea47c9f9fd9609624c833374ddf1be57d8ba894cd6

SHA512
fd68a66d584d220fbdb181acc0ba1dbc84a7ccd7c73545552c457f906b1058ebd02b9358d8c1ce5f9c4fb518f8ca89296bc60b51b79db0a5f68bb473967fab80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
755be17f27a51e25f93b12eba5d59e0a

SHA1
553b0f22cc98722b7e1c1702444bc8889036e1b9

SHA256
787187662bcac310152c5c90c6fa7ab9ba54624b2794e39dd5e7e911ac43601e

SHA512
2f5813b7f262d209e278d55042d22e86e68248c0f0435994906c8cc3eaf58978bf6128636b6d912b650beb628fa9ac2cb877ea65726178376cbecf6d60683207

Download Submit
C:\Users\Admin\Desktop\Defender_Settings.vbs

Filesize
313B

MD5
b0bf0a477bcca312021177572311e666

SHA1
ea77332d7779938ae8e92ad35d6dea4f4be37a92

SHA256
af42a17d428c8e9d6f4a6d3393ec268f4d12bbfd01a897d87275482a45c847e9

SHA512
09366608f2670d2eb0e8ddcacd081a7b2d7b680c4cdd02494d08821dbdf17595b30e88f6ce0888591592e7caa422414a895846a268fd63e8243074972c9f52d8

Download Submit
C:\Users\Admin\Desktop\Readme.txt

Filesize
102B

MD5
f51163c3955ec88a0c4bce0ebc4d8a82

SHA1
b98238512f90108237f253dcf3f971990dc8afbe

SHA256
94f003697e25452a2c3b3e723a5d3636d6866f73f7f45fa3fe84c4e1ccd0002a

SHA512
bc51580e68d9e830620e9039473b5d89f3ab498b1f2b6a2d309e7b10bddbf89eb676c1cb86c00f95a75e4f64c8c183938a2aea2ff4ff8962a2e65bab108771dc

Download Submit
C:\Users\Admin\Desktop\Unlock_Tool_1.9.exe

Filesize
569KB

MD5
f8cb4da82ec4542402924057ee21760a

SHA1
84df82df3e30c1c5d8b98e06d4b266525b7b5b73

SHA256
f3f89f0de3d1da4f12c1a0abd75dc4db85dcd395e1f1b32c4d9174aa6dbc0130

SHA512
a8eddd1e217371f47ba20efdcb025967fad3a626a568a4db940d38f93e939e762209241837f82ea34f0c0d27e4aeaf542d4fa7c8ab04718e4413c7183392b23f

Download Submit
C:\Users\Admin\Desktop\langs\English.ini

Filesize
107KB

MD5
525ce1c02ca53f9c63cb697ed3aae899

SHA1
9ddc2763d9dd663f3cb0febf0d580e21c52c2f18

SHA256
0f9d467f6bb6f682c0d1351b26038950c73720f2bfc0741ec1c7bfab2046d75f

SHA512
734d599d839b1266c42f340e044243ae30d1859d314eed7738f72f59201d19359f1ac6ee0cac8bfef4a0a2b8f2232a4f1f33336770c8c43f929c1bef162d2317

Download Submit
C:\Users\Admin\Desktop\locales\resources\Data\level4.resS

Filesize
128KB

MD5
64d183ad524dfcd10a7c816fbca3333d

SHA1
5a180d5c1f42a0deaf475b7390755b3c0ecc951c

SHA256
5a666340f42f0f985772024d90a83d15c9a241a68d58205cd4afbb1a31f1621a

SHA512
3cab59dff09981f49d1070fba06a781439bb1ea2dae0cfcb937d9875bbe9e866be2c951cfc6a3ca4a92aea79dd3e9c4792a765f5a06f230a57dabcab2f0b3c1e

Download Submit
C:\Users\Admin\Desktop\locales\resources\app.asar.unpacked\keytar.node

Filesize
691KB

MD5
c5c99144e2e1589628e14999ba59ad73

SHA1
9c80f8de6b5cdaf38677d5368b5287bacb9e465a

SHA256
90e35de89ab5e5f9290e4ff1bbadcf221a82b2aa0d9b922187dc980adff3c831

SHA512
0bcb99953397c6604d8e08bf2ba89248ee82f92436c2dcc779157b65227b0e1350927273a1b6d150a9db914d0a8830680df05ef651ee291b40657a3025a721c5

Download Submit
C:\Users\Admin\Downloads\Unlock_Tool.zip

Filesize
43.6MB

MD5
0a8d7bae2ecf1feda2e708843addc017

SHA1
6c051d228351ea9e94e05f08f40e3ef13bb291c7

SHA256
4dc1b446e571a032fd85293306f4142b29fdde874d29dd1cb29e278e75261347

SHA512
9fb70dc761492973ae0a6ef6420f199fd68f78d09f4484a9899cc5a2a1f2173e3a4e6f05f0ef86f42035b5a9bd7884aef00d4194564081ac1c9913cf6b3e588b

Download Submit
C:\Users\Admin\Downloads\Unlock_Tool.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\link.txt

Filesize
139B

MD5
c60c22715cb29a8310b0d0712b395733

SHA1
c01d25e0cd6118d77e80b69e84ced4699db498ed

SHA256
5c652ae8bb4fe83f367c0aa8766cad27079a5b690313bc9fe7466cf7124f5aa5

SHA512
8562de8bb49e98d3e8908d1ee5c65f54058eb4ad2acc792e83b67c3e4c3f30ad578c385c253a0917dbbb1725baf32a0500ba4a13768586e8d3307c9ff561dd4d

Download Submit
C:\Users\Admin\Downloads\link.txt:Zone.Identifier

Filesize
156B

MD5
9812bd1891e51ad6d40681fd63408305

SHA1
65a1bfd2ac065540a9a9c11a2f27101b31ae3356

SHA256
ef698c11c7515e7ce8b8f566542b669da03a73f459d335d73d0910ec9adee96f

SHA512
c7a5946bf65f5bfd2c00885c618e5846867e6e3e915a28704b6195735c5b6ac3a86c3f1ddff79fef38a8fab2c649a79393b7115bc6c833c25a0ca6b03ab98643

Download Submit
memory/2500-1084-0x0000000000400000-0x0000000000675000-memory.dmp

Filesize
2.5MB

Download
memory/2500-1031-0x0000000000400000-0x0000000000675000-memory.dmp

Filesize
2.5MB

Download
memory/2500-950-0x0000000000400000-0x0000000000675000-memory.dmp

Filesize
2.5MB

Download
memory/2500-1083-0x0000000000400000-0x0000000000675000-memory.dmp

Filesize
2.5MB

Download
memory/2500-1055-0x0000000000400000-0x0000000000675000-memory.dmp

Filesize
2.5MB

Download
memory/2500-1039-0x0000000000400000-0x0000000000675000-memory.dmp

Filesize
2.5MB

Download
memory/2500-1099-0x0000000000400000-0x0000000000675000-memory.dmp

Filesize
2.5MB

Download
memory/2500-1038-0x0000000000400000-0x0000000000675000-memory.dmp

Filesize
2.5MB

Download
memory/2500-1034-0x0000000000400000-0x0000000000675000-memory.dmp

Filesize
2.5MB

Download
memory/2500-951-0x0000000000400000-0x0000000000675000-memory.dmp

Filesize
2.5MB

Download
memory/2500-1033-0x0000000000400000-0x0000000000675000-memory.dmp

Filesize
2.5MB

Download
memory/2500-1113-0x0000000000400000-0x0000000000675000-memory.dmp

Filesize
2.5MB

Download
memory/2500-1114-0x0000000000400000-0x0000000000675000-memory.dmp

Filesize
2.5MB

Download
memory/2500-1056-0x0000000000400000-0x0000000000675000-memory.dmp

Filesize
2.5MB

Download
memory/2500-1116-0x0000000000400000-0x0000000000675000-memory.dmp

Filesize
2.5MB

Download
memory/2500-965-0x0000000000400000-0x0000000000675000-memory.dmp

Filesize
2.5MB

Download
memory/2500-966-0x0000000000400000-0x0000000000675000-memory.dmp

Filesize
2.5MB

Download
memory/2500-1020-0x0000000000400000-0x0000000000675000-memory.dmp

Filesize
2.5MB

Download
memory/2500-968-0x00000000227E0000-0x0000000022A3F000-memory.dmp

Filesize
2.4MB

Download
memory/2500-1008-0x0000000000400000-0x0000000000675000-memory.dmp

Filesize
2.5MB

Download
memory/2500-1015-0x0000000000400000-0x0000000000675000-memory.dmp

Filesize
2.5MB

Download
memory/5544-1161-0x00000000202B0000-0x000000002050F000-memory.dmp

Filesize
2.4MB

Download
memory/5544-1170-0x0000000000400000-0x0000000000675000-memory.dmp

Filesize
2.5MB

Download
memory/5544-1177-0x0000000000400000-0x0000000000675000-memory.dmp

Filesize
2.5MB

Download
memory/5544-1160-0x0000000000400000-0x0000000000675000-memory.dmp

Filesize
2.5MB

Download
memory/5544-1159-0x0000000000400000-0x0000000000675000-memory.dmp

Filesize
2.5MB

Download