hxxps://drive[.]google[.]com/file/d/1imWc3F1SkUfEmabIMjNh9iYtaon66l0Z/view

Analysis

max time kernel
160s
max time network
160s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
08-11-2024 10:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1imWc3F1SkUfEmabIMjNh9iYtaon66l0Z/view

Score

8^/10

defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
3288	ibis-paint-12-2-7.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
3	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\ibis-paint-12-2-7.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133755345220910542"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\ibis-paint-12-2-7.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
276	chrome.exe
276	chrome.exe
3048	msedge.exe
3048	msedge.exe
2328	msedge.exe
2328	msedge.exe
828	msedge.exe
828	msedge.exe
1152	identity_helper.exe
1152	identity_helper.exe
5432	chrome.exe
5432	chrome.exe
5432	chrome.exe
5432	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 37 IoCs

pid	Process
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe
Token: SeShutdownPrivilege	276	chrome.exe
Token: SeCreatePagefilePrivilege	276	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
276	chrome.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 276 wrote to memory of 4496	276	chrome.exe	79
PID 276 wrote to memory of 4496	276	chrome.exe	79
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 3664	276	chrome.exe	80
PID 276 wrote to memory of 4796	276	chrome.exe	81
PID 276 wrote to memory of 4796	276	chrome.exe	81
PID 276 wrote to memory of 3596	276	chrome.exe	82
PID 276 wrote to memory of 3596	276	chrome.exe	82
PID 276 wrote to memory of 3596	276	chrome.exe	82
PID 276 wrote to memory of 3596	276	chrome.exe	82
PID 276 wrote to memory of 3596	276	chrome.exe	82
PID 276 wrote to memory of 3596	276	chrome.exe	82
PID 276 wrote to memory of 3596	276	chrome.exe	82
PID 276 wrote to memory of 3596	276	chrome.exe	82
PID 276 wrote to memory of 3596	276	chrome.exe	82
PID 276 wrote to memory of 3596	276	chrome.exe	82
PID 276 wrote to memory of 3596	276	chrome.exe	82
PID 276 wrote to memory of 3596	276	chrome.exe	82
PID 276 wrote to memory of 3596	276	chrome.exe	82
PID 276 wrote to memory of 3596	276	chrome.exe	82
PID 276 wrote to memory of 3596	276	chrome.exe	82
PID 276 wrote to memory of 3596	276	chrome.exe	82
PID 276 wrote to memory of 3596	276	chrome.exe	82
PID 276 wrote to memory of 3596	276	chrome.exe	82
PID 276 wrote to memory of 3596	276	chrome.exe	82
PID 276 wrote to memory of 3596	276	chrome.exe	82
PID 276 wrote to memory of 3596	276	chrome.exe	82
PID 276 wrote to memory of 3596	276	chrome.exe	82
PID 276 wrote to memory of 3596	276	chrome.exe	82
PID 276 wrote to memory of 3596	276	chrome.exe	82
PID 276 wrote to memory of 3596	276	chrome.exe	82
PID 276 wrote to memory of 3596	276	chrome.exe	82
PID 276 wrote to memory of 3596	276	chrome.exe	82
PID 276 wrote to memory of 3596	276	chrome.exe	82
PID 276 wrote to memory of 3596	276	chrome.exe	82
PID 276 wrote to memory of 3596	276	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1imWc3F1SkUfEmabIMjNh9iYtaon66l0Z/view
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1921cc40,0x7ffe1921cc4c,0x7ffe1921cc58
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1796,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1800 /prefetch:2
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2036,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2108,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2308 /prefetch:8
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4260,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4440 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4704,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4744,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4720,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5236,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5364,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3636,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5468,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5464,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5380,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5040,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5252,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4264 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5804,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5980,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5952,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6104,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6060,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6652 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6636,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5452,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4028
- C:\Users\Admin\Downloads\ibis-paint-12-2-7.exe
  "C:\Users\Admin\Downloads\ibis-paint-12-2-7.exe"
  2⤵
  - Executes dropped EXE
  PID:3288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://apps.microsoft.com/store/detail/9PFDF2ZD4Z4N?ocid=&referrer=psi
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:2328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffdfe523cb8,0x7ffdfe523cc8,0x7ffdfe523cd8
      4⤵
      PID:4488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,12152052156802215268,14478794653612137618,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1860 /prefetch:2
      4⤵
      PID:1292
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,12152052156802215268,14478794653612137618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3048
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,12152052156802215268,14478794653612137618,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
      4⤵
      PID:2488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,12152052156802215268,14478794653612137618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
      4⤵
      PID:3372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,12152052156802215268,14478794653612137618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
      4⤵
      PID:4032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,12152052156802215268,14478794653612137618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,12152052156802215268,14478794653612137618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1152
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,12152052156802215268,14478794653612137618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
      4⤵
      PID:5280
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,12152052156802215268,14478794653612137618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
      4⤵
      PID:5288
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,12152052156802215268,14478794653612137618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
      4⤵
      PID:5508
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,12152052156802215268,14478794653612137618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
      4⤵
      PID:5516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,12152052156802215268,14478794653612137618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
      4⤵
      PID:5748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,12152052156802215268,14478794653612137618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1
      4⤵
      PID:5768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6012,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5528,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5588,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5828,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5648,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4268 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5948,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7012,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7112,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7132 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6964,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6936 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6952,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7372 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7456,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7328 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7604,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7616 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7596,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7760 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7932,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7976 /prefetch:1
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=8104,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8096 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=8220,i,11493425968649925709,4286527918208775258,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8236 /prefetch:1
  2⤵
  PID:2896

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3824

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\54f420eb-6f7c-4ecc-91cd-9bada47c9829.tmp

Filesize
228KB

MD5
7ed18c262ffcb8ab9e8ea0c5e34b79e2

SHA1
766bbd07d64352ddb9ecfcc6526cd0df788c3346

SHA256
b39a1f46b564a6afc60702742fc3aa1b134dd46660498a006067232ee26ddd7e

SHA512
82df76621511129c79520f904bbfa87b11d75fa2d85ed5959f317895e6fb217ce5a232433c654796b77b7116dc5d17d9470ae1a4114074b2cf74bd86e136fe86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0107159f3d0e45b2ee3abbc58cd0b844

SHA1
d3011814078bcfc7a01aec75d2775b535677ef24

SHA256
a2c797d2ccb447b32d670ef71d23442a65a6e358ad3c21edf17a953abd873795

SHA512
f26e5417ffb85de85b2f2701f7795a42ccfb04bfd1405ad6c9feeb40ef19339e3878fe7e97cbea1870e4e1d1f5ff5bc38eaacbc7a51139cc9343a76a1e6d7306

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
38KB

MD5
d4586933fabd5754ef925c6e940472f4

SHA1
a77f36a596ef86e1ad10444b2679e1531995b553

SHA256
6e1c3edffec71a01e11e30aa359952213ac2f297c5014f36027f308a18df75d2

SHA512
6ce33a8da7730035fb6b67ed59f32029c3a94b0a5d7dc5aa58c9583820bb01ef59dd55c1c142f392e02da86c8699b2294aff2d7c0e4c3a59fce5f792c749c5ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
16KB

MD5
db4309ad5ffe7fc2b9a55b1c0a27764f

SHA1
1cda4b7a646ea6e6a7b69b6464bd369a1b676a7d

SHA256
fccde017f4c101570f9a09e7fc88c97f45706ddda309799aa1ccb0a7e49e7a99

SHA512
c9d940b79f00e60e86a1edf407c00955cad6ae4d40dfe469311884ac1cf74e018ef0a1dc3ad6ebaadf181bae00993781038e44e9137448acc3aec638a535b7fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
16KB

MD5
a06add2104efab3ddf82c46cd1ff997e

SHA1
4da9d931e503bf0ffd02b3ecae3b08605598049b

SHA256
f00d64b58462446057e5093cb434ad1b5bad866d921598392b939e734f5eb438

SHA512
f3c39a5bdcfa9719fc95e4f518cef8af1f5169315ffab0b5d31d27289674ee2e3a0649f739890379d88ef0bddac9c6fd1a0f28577dd5152f73414c02ef0dc86f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
19KB

MD5
60e2a683bc5e5f858526999c40c13957

SHA1
374b6b979654f3abf254c2ea4f5c379b1cdea16b

SHA256
07dddf74edc9db7dbb7752c553e6d4b9acba00251b0bcc8e7f63338ee12c5e52

SHA512
c545f4200ea3bee68236cb8a31fb25139dc727b41596c3b21b61b6fdc250ea1ce5347b0b14b6cb215bf481a55b75e76e0762e282628a1ebf24c73c5764857a3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
21KB

MD5
c73ac20fef0b7b10b7e900c34af594d0

SHA1
8fe830a8c688af5117d0925133db238f631babb7

SHA256
36abbaff5b95f60447e6b291369cb78aa0b17a7bea17139cdd975d0c8a91da8c

SHA512
15e81f66c170c0190910ada7e7360c8b6be82b8d91b0fc401a08e117ccc67fc1aacd1463a974c0265954137b1130dd4553f20073702ff27f1ac466393805c411

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
23KB

MD5
5917a6e2e7b175b575e29ab39b903258

SHA1
f482f65041a61c7d18cfb49cc1002d175eca0e10

SHA256
48ed5572e82aef74acfe92fd623cb59b9446d832ace5c68e6c8ecfe68c7ec995

SHA512
fe53ae925e1df2b651b12c7f2f32aaf693c745bca34151de912f52f56ea146428323aec5605493678d70d4d553d8dc20d3360120bc1da4f4395ea06d1decaea4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
104KB

MD5
b2f8ed8bc39be1b3669f6681691c8f2b

SHA1
775a97e3aa920dae46a45d1b2537e913aff32f9d

SHA256
0291ca4fcb2bb70598ef4051d78d92fe68a7e6d83c74f0264a1e37d225be0422

SHA512
72051b4482b51dbb4b3c6e26737600a86901ab9abafd5e592c093512f6bd5a9254c2d47b251d5beefe20d605e39ff1313fd63b49ec6b46cbcfcc405941612fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
147KB

MD5
afabd736c6232299f39385af6db77d12

SHA1
9635e41d292ae51b36263cce63a1f71373919861

SHA256
e82e7baf178c0641859091b1afcf3851499384fef4941845b470d130d1613126

SHA512
dae4c686ac481cc60503bfe25c73defa66ecc58192d303ea2b98ff0a288adc93fa12fabdff4ca134162d73dcd0d5bd659ff2eca4e57e3a665131e6aac1c7dd28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
32KB

MD5
8f059530667fec5810d581bb22ede839

SHA1
ab7f008432fd9565d9589782f58b1c77cf8456e7

SHA256
82f21156709edcb6ef0626cb0288dde19f116d49849d213f36084fd1cf465227

SHA512
8fa1683cbd89df7e21228bbd663af66076654f433cfa7975b81a01a48a7b47958199ab07e5b7cd794c5f1d4035e20f94bc549c41d1a793fb2d54bbc0b6ff0f6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
23KB

MD5
d6deeef4a74d2fda85ac25f0f5f86885

SHA1
8ed9b9c7e1da06973b91310486fc1ae8cfac7896

SHA256
48a3003485c3182330675ecadc2d7f06b279a3e418c3966546a3043015c97204

SHA512
550e9da357c54cdc5623081963dffd57b320e98fb8463e41adeb37d523111359a18c442867aac75f14403e87ae61c0b4d215a3b92095de72e1ef4a95c2ee4204

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
150KB

MD5
88811a163face77de7537ed95663e1bd

SHA1
b3d8183327b062d233af1c8705d2b7de46d89245

SHA256
826d8ba935aadb481767f87caf7779ec7602d51addaae44112aa754d88b47ef1

SHA512
7f164bda81c3089a511e2027b27125cd43ac2edeb1376f972f2e766c6f226041fd3bf2faca6beee49db10ce9b23a0a16c9675bf98b6419f03d90c6050f97e194

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
83KB

MD5
239d5fe05556b12d21d025a10d5abbd3

SHA1
d2a09a46b77d7e5fe7c083a41a08f0eb6555c1a5

SHA256
7067ef7f7d1699cfde67130867a11ffa7c2196d428d45f3f91071d411a4084f0

SHA512
5eabd383415a0e8fa53374b3350046b28258105ef84e039c0b4da6cec147724caa48401131415d2c4e917e0c46f4fdcbef21cf5b372a957062269d279328a9ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
33KB

MD5
47df148b39a71e3602f9c9aeefe94dc0

SHA1
1b704c4ccdb457389053df2d32b20ab2259b8d9c

SHA256
f5c4e10d2511ef43e16dbf5d9c8d1c590a9ac98b3547bd073283a9e8c448e6a7

SHA512
e3fd9c9f408a672cd0844d96d3f5282063a712bb0ffeab56e0ee5f64e6ffd0bb5f54524d9b2feea73a0ada3ebf17210735bc9e21828e05d340132befe8d42a92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
84KB

MD5
79d1fcd7323a0904a40d1828e0c79d60

SHA1
aa3d082983f64f0a2427a2b32ccac89e09be3c0a

SHA256
dc965ba118bd7ce459b0346d6aa1e72258cb228131c6fd13d0660afdffdde725

SHA512
41a93883c32aa41683604cc0c0f38a12cf92681c9902da8bcea17c8a40ff9d8a1aa86fa486fad2f55c3903be0c9c282e50662201aa5598823e889b99e150cbb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
23KB

MD5
5d6aca9e36c0e391c8a18c29235baf41

SHA1
ed8f8150c24fe5d949360ae986eabd35463f1bfd

SHA256
d51342e2052e712f917979dc1e10b03616592f286acd0e85152a1d6029b712ac

SHA512
ec72874a859683e26ac05bee453a59e35f086230594308e9857c90ef7ae1ccb47a7aafdddd2be8d0fc795f8eaac8e8f3b7980d71486448832294745e1242ee6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
28KB

MD5
d155610d38d34dccd977ac213ab42e1d

SHA1
a343e08abb19f7d4110c64de08aee504cac318d3

SHA256
6ec5dee6a9dfb42ef97cd410c2e3387f53d2eff7d1fcf159f96b5ab129036ab5

SHA512
eb735bd87238215d54613f6065e61d48e1578908117af2a215b88dbdc3c4d155cd2b60e035ff2cde17605445bd89129de07aceb74ce8c16dcd355e4214986c8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
16KB

MD5
89a574ff00e6b0ec61d995d059ce6e65

SHA1
aea09e96808ab77165ffa712eaa58b8f056d0bb6

SHA256
e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44

SHA512
30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
94KB

MD5
a2ebabda0e4677dbf9f016fc2985bf5e

SHA1
ddd96ab3a7e84ea7ea3798bc5cf6067be50e138e

SHA256
04b5da674afda37d3b63f0bb03b4544ad8e6547b81ad3024c373d8b763e3fb21

SHA512
2f14d162164c99706eaacc8544ede1a74d31f6f3e4d225e31c970a7de4f25be90bb4e9ffc0f9e606d8e7918003836106d1ea677473bebbbda58cb324dddfc198

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

Filesize
165KB

MD5
9e16044faace930bf06f0c960057087d

SHA1
ee6e052bd1dbe9d952ce582c874d9439e8206bd2

SHA256
62013efccf3630dee1db654479c3a8253935987559502a8089bb5061f435f397

SHA512
e7fe474147348b578996619f9c486565dd209783c0222846e92ce297493168bb619815d0fed784590371e49e57ab2303f767284e684d3025e5aca7548af8ec59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005a

Filesize
20KB

MD5
2abd079be1223e68fdd6f520afe8fab7

SHA1
0f52ef825e632aa99b80724e2fc419fe1413ff39

SHA256
fc998bd9e644618ab3ece7ba644b58e43e6503e49b8ea2d19c6ee725c4676c75

SHA512
41d1bcc91961d70146f3434857c2265d2c1ec8cb81d388ddd187de5096e580bda69da20cf4ed56d72aac3d4e731f177b99daeec128e0ecd68dd37beedf4b3f70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005c

Filesize
68KB

MD5
dee46781c0389eada0ac9faa177539b6

SHA1
d7641e3d25ac7ac66c2ea72ac7df77b242c909d3

SHA256
35f13cf2aef17a352007ab69222724397e0ec093871ff4bd162645f466425642

SHA512
049b3d8dcfb64510745c2d5f9e8046747337b1c19d4b2714835cc200dc4ba61acaa994fec7c3cd122ba99d688be6e08f97eb642745561d75b410a5589c304d7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
11f81725bdf608e8c5b125ce3be45de9

SHA1
08e865d91d3f398a8700d3edc2fa476dd5142bca

SHA256
79a827913990d0649df9b77010a6cfc5b6628af363ed3730cb0c356522ef0468

SHA512
0561d742c60906a7009811e2d2edc16f109ad432c53e75ca923ac0e59426bd627e81ed3f134909fef8e7c397e25dd0b45eae8d23aef1794682e853b353d8f012

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
64cb9c66f1631e20585bbb26db868e25

SHA1
5f475e6c21919beaf41bae2ae09cc6dceeba7cd0

SHA256
cda3770915a10989e31e5d8eae6d7e1fa29e1d381c29a844deb6dce2a072469e

SHA512
96ab73ad0afe094149161731e1732ca99962d5892d2f8f4f44ba906387175af142b7963015dd374fa914b75bc11bf3e858cabfd0e487809a9f614eb61dba4a89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5ac83773abeb851556fb50b14a0230d4

SHA1
f0fd069e183a6b076fdc5568e5f6fe36a96fd789

SHA256
9cd1f91c484a78beed15e129c57b17a07b8fd0536d64d269a9c536fed041ea91

SHA512
9f15fad9dd71f8c471f88aaf6e8fe5b3b800f42222bc5065081a98315a7e5ca5de1a78aed8edd9ff5af1cfd30b0ffbf50e70934f250201c97918854845c8262b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
21KB

MD5
64e265a4ac95a9533569e235da0a2d8c

SHA1
821f94013738e3752f2b406d6b3059a40ff58356

SHA256
700a61906166535bd60b31c86039f766a82c9c1d0376bb44388aeb9014907630

SHA512
169ad5069a4e2a930789a23a43f4dbf17aa6036785f224a785921a0f29bc5c598d4e15f298dcc8e90c05f2bf898368940287699f6bc7334401521dfef12d7ec7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
24KB

MD5
d66dfa30571e3705f8c2357fffca1551

SHA1
d4e6f09f397512c5285fc06c0439bb7edad41897

SHA256
98972e09d63fa564538e16f946c71f60d903db5857bb5214918b1caa080bee6f

SHA512
a46fa6549a073264482194373c8ce8e7dec4e25f89404c0e852138bbf20a2138412dd4e3fc165a41cad52a432ebe9af3881b74fce28c657f32d7effd5c0a5327

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0ae1cb31fb36c907d2ef271dd36d081e

SHA1
8e1ba19f9d1c8569dffac252a17891f7921ca17d

SHA256
40ce139876300697c19f726f99e50e5766f37ec8bf407720abc8a215a9c92498

SHA512
55f30323c775e92b1987830e5977a4d88cb44fa1cad80e069e2339352ab2da81f38e34b68434c94925eefbf5dba1d36271d26306cf9be87357398d7e2e453225

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
fa90ac97902a2569c87b29d1ec7396e6

SHA1
b02fb1a446481fb23467c50c5dcc1a5f149ed37d

SHA256
bb166b5d9054048bea489dc914213e0c8feebb10dded5d6d610f16abb7b1cdc9

SHA512
93060dbf254df815f09fe2635f987bd4cb02f7ae93da6fdd4747e01df89b12c3bc02b9bd8dc0013a61fe63df710f5cb4814cdc0f57bb0762246e52fcaf72bc8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bba2b418cc895a6d9763915de195cd30

SHA1
5c8299e692c6a00ac6c456b282d28e091e545311

SHA256
c8069318a70d898dea886318c2d4c0529a05c3cf7db0880aca960645e4fea30b

SHA512
eaea4a6fa8b9ee76ec29d2566fbe66421906ee2830621d6f65b5e64b649417221f810d1a05000b0e19a6e9cccf51b10c065f7963e01ed259c32125f3eb89f258

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
3fcd42997aa4a8e2a03eac58a657422c

SHA1
831e3138a13c97f8b18d8ad6b9921aca08a2a015

SHA256
a1071f32466861dbe4f6bb94e3ae6a205fa26508f2e551d5372a318dba9ee17c

SHA512
a79c990c9a37b858a4d400671dc6892e69dd8f44580bb217132c25fac3e68022cff389e74d134d0a6de52d66e3d0b1e73ce4c9de408423d9e36ed07d1d2c8cbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
49cc54ac9e9bb03fa7e43ac1ed3c6253

SHA1
5d35bd2272856fb2ecb1c66aa3f5a2a941fbe381

SHA256
3e15ad6418d05b4c48222834a6a63baa955ba048ce8f7e6c528b5f633ce77917

SHA512
5e90941b3c51af198f7a13819708a7535d035ac23a90204d286b026c438bd228eef7b5a017e5b285fd4ae2556c03ae80cc1661df336c6b0343290ab5e2a8a4d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
417518cbc33b3ad94ba6d05731c81b89

SHA1
85ca28fa2699c79913d530f1edd25cefd73e1a46

SHA256
0316de0e233afcfa98530582269f3b9142393f35a4a919c07557f38bd7203753

SHA512
0d785a6f9a71ee6213c5be7643bd9e9b923c1a94be563628a915e336e019a12de65fbf4008e6a1cbf37209a9a05e58dfe347d716b95cca78b768f8efd0050f17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\ba827b27-9fff-4500-a66a-21f844533ba7.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
54f65f93baae52f95b6e053781f37749

SHA1
449e8f46868d44cbada8ba7609bf3b4828dde6dc

SHA256
442e83b1c2d54be65c88ed43f044dbe634927f2bdef474346e6277c685be6d6e

SHA512
842f5a3e67b52586e47a350359ff77ca0653370ad40819dced0ea4b10cc5f128d47f3022535526c85d155112c641e0771b4ed541f2721eae20f4ef1dde6413c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f016cc51e6b55d60b5b9b6b0c4beeb03

SHA1
45c31a4c8c366afe2d27a25c7af756d9bf036097

SHA256
9f40a6a6e6864672747890c5b730d38dabab2d0b68ea601beec2941ebff975d7

SHA512
12f05188ce99d3331a5f42d00487202cdbadfe23a92e64cd1c07898c805d2aa63cba293fec52dfc4dbaaaa524e58263fd8d9fb34f936c639a5d9a187e8949b5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3d24ad24ab4393fcba7792768ee59803

SHA1
d2b131c4401bf9161c0f0d7a8a5060491dfaedbd

SHA256
fe54cd91227615d6ffae1057c9439e4e899883093302a2f9949b2e55925488e4

SHA512
5e3bd9f3286ff01efdb8096772ba06323e08d3a64aa8099dad9136f48274226d1034da61eed631f2142571f1b54f31598b73333921206e82fa22eb9f70747a2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2615ff5752f6e823a715b131eb3e974c

SHA1
10747c54d391f2b29c1ee51fbfe281f3c289c715

SHA256
fc30e2a67dbf53295ad763c50d3d01c4edbb60a0e6782871db6600f33a295e72

SHA512
dbaead23878af67003a33c03ec79fbe3c7f51851ca3cd76ce226c4cebe35cd324b5b37ef406045f07720e39a5ddfa39cb902bc4b3e18bc7fd2d000315473dd42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a63c8712bb15eb817c93d1409984b1a1

SHA1
3b3b42837cf5bf14b4a9d790401df6ca0963a88e

SHA256
77b0cc9fe2ef2a553157f120d2014cb07555c13db230404d6fb352eb9d7688b2

SHA512
2640afd23a1e5c99c325c4787da8de977725f0f7f64f2cb4ad898c0c13a9fb04b0aff321aa979c02395c3d127395711436c270b83a326334ec756987bfa5fcb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e686dae06e8137b58eed8a0c48cfd7fd

SHA1
528299a3786eea09f5639181bc0e1dfd863c2031

SHA256
2e709919aab954009486e56662ea2287c5ecb301097e111ec10c73fb86a5abe2

SHA512
458dd37a6f42e20cf81689348077ece5f577d7e943555bb278725de719016c863a63c05a1333a347344e7f2e8ebb5b5327a14aa39cc5b1df6fae3203db4a874c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bca973d859c13bfd9e297353e48d9287

SHA1
d2aba82c67eb8cb34e91bacde8fdced8edc514d7

SHA256
43ecd07466b1e7287dc45f817cea17336ab8df63210c9a05e446d4b24610bcc0

SHA512
0b8198e285692605fb56045fe92fa580bc164fe215008e716f2a806182a1100823901657bc55c00faecab6c303aa6b4010bad2ad725e8af0c1f9afe70c2aee9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8bfddc44694ecb43a7111bbbddc93637

SHA1
900d2d97e1116e45acaa4518c069df510c029874

SHA256
7b0c824248aaf09a27c2abd55124be7d607b5d540e77f81f32d217279349081f

SHA512
43ea76055dceefe3b705e50f052c230ee4e05ef07305272d0e4a2b997b2a334de3b9e6a109837f6f9b877e1908b437663de0313037ad71e64e312ed8171af7e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
689db86fbb21feb2c29b5d3e00a001b9

SHA1
b22049e973a6cefcbc897ef5c3dfc20587205ee3

SHA256
8a1fcf9404fdb7eadcac727b9b663e8346671fcf3e58679a40ce706db3bcd1fb

SHA512
9a9ab9fa5b2fff38624a1f0a8c687dbef04774032504ef61ce7882054eb5a65e34c699ce4337f2171183a152cff4ab07b5ad420c75b62d637f851e8d701ee708

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ae53accb-d189-4eda-8603-b88ef5ab0e1f.tmp

Filesize
11KB

MD5
ea939d9b7877151fb815fa72431cb216

SHA1
0930cd746e7c493143fb344507e28e86cd4ceb47

SHA256
45c8ba93095be57ad461d1314d92150e3518cc6aa11ba1d8f733a29cacfb15e6

SHA512
08c03ea3e96246cce380a919734d81ce4d27cb3ab4d156ce187f994739312f7f0757e53c095286bb290b06ec836cb705a7144bdb0316dca084aa1d477339dec0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
b466f59cba563faac27be44b6cb871bb

SHA1
4247c57165dfafa3ac3e1331a9fcb3fb4a58db65

SHA256
60911bff246729cd51333b11a7ec7ca48d16977126ac03042df52d959220f2fb

SHA512
a7fbab51e93e393942111af31641626b8df4debc3fdafbc785bc8d2640b674a1c58670e717e23492c8a38ef93f381e4e62e1b7fba81edf6774cf3b44d683f881

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
8919773312bb994230341a21ad2c4414

SHA1
b76899fa88ccf513e1847c8c1a28265908d7d204

SHA256
918644c270274281f482d5f499eb9315619d3657cb15e274288cd46bed27fc27

SHA512
4bb177a209d2834cd15521db0d6fe62ded062cb46b9b65f852e48e1add48dbbe2d3ce7b855879dd302fb2231d5e85b4ae119a843acf8602f858b38f9c3d302cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
051a939f60dced99602add88b5b71f58

SHA1
a71acd61be911ff6ff7e5a9e5965597c8c7c0765

SHA256
2cff121889a0a77f49cdc4564bdd1320cf588c9dcd36012dbc3669cf73015d10

SHA512
a9c72ed43b895089a9e036aba6da96213fedd2f05f0a69ae8d1fa07851ac8263e58af86c7103ce4b4f9cfe92f9c9d0a46085c066a54ce825ef53505fdb988d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
003b92b33b2eb97e6c1a0929121829b8

SHA1
6f18e96c7a2e07fb5a80acb3c9916748fd48827a

SHA256
8001f251d5932a62bfe17b0ba3686ce255ecf9adb95a06ecb954faa096be3e54

SHA512
18005c6c07475e6dd1ec310fe511353381cf0f15d086cf20dc6ed8825c872944185c767f80306e56fec9380804933aa37a8f12c720398b4b3b42cb216b41cf77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
660ebbe5719c9a9383f2ad4bfdb12a18

SHA1
ad59cf4482cd68bcb2d5396d67671823487b2e05

SHA256
2492007dd574a1c4a41c397619452d3463b6badc820e739f0c80c198378e66d4

SHA512
6e6905f0662bc4f33c7c7bca4d9cc72b0e86abd2a776065abcf0a30db03e68d1b4416b759a85fe7e4a1284bd30a9e819fbafc518b1f6c92174a37c835416f1e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
258B

MD5
2c611a5e0570b35e3a86dbfb8a943254

SHA1
831b31fcc2ede459f33bffe011b16da64b593355

SHA256
ff8900bdf7180809bc7a96e48d2b2144cebc5b7a07bf28fba808d5f14a40d993

SHA512
cf36a01f8959acb6a74db5510717c12c9b17f67620a261590164c0e7b59e1dfc0602d05de4e80cd1a543829b7e01e863c54eec6a7f49acab7a707c085848254b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d076e2a2eb726f029a6ded0ae30d6734

SHA1
5e27838093396d4bd6c1b674960d1f1db40fdf8d

SHA256
3329c36b0f354d05bfa21a3e6e2c80e26e9e8e309edea0bcd8f1745b5527e13d

SHA512
c50e6dd2e6e7355cb771e7001ce351698f22b14c7ea68c7602df3ffb236634df4f4f36992791cd480b9aa46c23a20161381bb9ed2000dba181db6e1426591a38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bc4150a0e2cd5095e96afe35b7c76f20

SHA1
96d5a809800ef5924bb62e3545de9d9ab7fa1d9d

SHA256
0eb9410eb6e72d3f8ed758bca1a1a6f3ae29e6e3b998b73ede33214bdb2c09ff

SHA512
43342b6d15a9db01ffb10198a2f43c3499e9fb3b79605e97da531be9800510715d966ea7a81039acb685c0083b5440907c53f2366b7cc73882d2f5a979766ee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
661a5ea3ae62131e501eb1d006611c07

SHA1
b03bef091ae87ff65c7de7821a5c921d04dcc9b7

SHA256
9a2511ab390bfd837ee7b07bfc78cf0a005952e49a5a7812081916a4da0767f2

SHA512
58ff896fff960c90c11a42d715068449313f65440176e99d945aeaccae213013be09a02dd2c02d6a749411bf4bf92f9f1b2e6822d520ef68eee88e4e7b15be09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\d08d89d6-e6f9-4551-837d-aa9fbd248ca2\index-dir\the-real-index

Filesize
1KB

MD5
b4ae885370bb47bc146ed804c7eb2512

SHA1
81d21a49ad661287580a60f1ac841d2ea0e36ccd

SHA256
15c9d6876042767e31245bc3c38c997d685a6f0bbb40514474dc383a2f9be048

SHA512
e51cb6f05002e59dd62dd67f1bb9761a6a4cc7a430418f035638f66a8ae38db0fd643b6d4b2ff5fe7f4ee002f328e70edf261532eb01fc16699d546b6686b7c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\d08d89d6-e6f9-4551-837d-aa9fbd248ca2\index-dir\the-real-index~RFe596363.TMP

Filesize
48B

MD5
3446123405b08bd2f143c073efb8cecc

SHA1
a624717a1a3deaa56c0c10b6247f0e82b8bd566a

SHA256
2800c0dc1738483d7709ef93c9eb9a61d68c3177c60f6507bbe496fb48d87e67

SHA512
f8197c65dd260d51c11176dc95cbebc44272bb60dd12bfcf70796feea24a880cb9500a73259e4f76e841addfb5b0a72e93935cdbff6a64493f116ac9c6caca3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\d7810590-e0c6-4f6a-87e4-2d69445652f6\index-dir\the-real-index

Filesize
72B

MD5
6371cf6de6d32647ba8782b885547e5e

SHA1
03710ecdb1d2ab6f7c44aa44db8509070f7738e6

SHA256
0bf3b1287830c6ad68745f1da1824a627387bb43ed58736d3d4e434a1ec9751f

SHA512
9dd9c87371e48200d993cacfbf5a258858f5b6af7204e3153924120a599c9a73bb44dfe76e0f635f3f7c79fec0a0e149473a9b30a1de78d6d4d45a3d815aee12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\d7810590-e0c6-4f6a-87e4-2d69445652f6\index-dir\the-real-index~RFe596363.TMP

Filesize
48B

MD5
7af9ff1931fc76444844311e2e1ec859

SHA1
8734ba4cdda4aa85ab4ea76a618fef33edfcc0eb

SHA256
c7590719f90bb2d082d8dfc2a2276fcefd4fb3ce9cde0a72afc241d43ae7e5da

SHA512
0aaa6d1f7300e3f261f92598b9c5c2ba71637fe8d8cb627989e254f5f53ac6417181357f242fcc83c4cfc1131f39444702def4bf83704fb0f0d3ce3c589cb04f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
109B

MD5
2617f1eda34c8c395d2b4bec878ae5da

SHA1
cdc67029d3837695c29d156b978abaa1e44bfa58

SHA256
2c5b1c448bb6813a61ec606d5b59644c2d4810e8f6ed27ef2d7b7be0ce984829

SHA512
5a1be9255cfe4ff40df1d48beae74b206540cbcedce5937b95e6f77f1ceb8a7f6c81d23973f2293bdba5fddc4065fc47f54c09add5f22ced7284e046550d66a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
201B

MD5
a98ab77ab9ec5c9b70294de014cbdacb

SHA1
2351b30e4864db456721f032935540b76590c933

SHA256
e768e21b8c4916dbd183d3cf414c494987f28e1edd50025172f21839db277fd6

SHA512
332ebfcec9dd95badd319fc5219479252f0de3300cb98463278c3815e29b9ffa9f256c19a31f1c220d3dbb30f432b7c97def8f4fdc24efcead50fa1fb9c420b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
204B

MD5
878b87ff65187638f578a876d4f0f915

SHA1
dc76fad5ace6912f39edda4dc8d86548e38b95df

SHA256
f0747f00a1a5a73be46f62c566934aafcf19c4289cd91a82922e7ff7e8099018

SHA512
b178fec5c68eb2da8067a2ee3a2701bcedb3c1116f88f9c9f63dd531b4dab27c11b1d0755db036590020674e155fed3565679f7a4375f13d2774962fb86cb640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
f4e8b087f9bdca34b8cffc58eac523e7

SHA1
ac21f0803274c4d5f172153ab396be8fe902f14b

SHA256
c1f5baf548e3564036e2028e806774ccedebffe1bbd6b20cf88f401d1bead149

SHA512
1de5a960f068de958459c44444ed4b65fd92e55acff295490b34de532c81a6f63414c8c5a6c51f1a1d59fde50c0dfee9e0eba8d52004f8191f15641c9f50df15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe596363.TMP

Filesize
48B

MD5
eb278786c775e70dabb209523ffefc3f

SHA1
b3550bb4244ad717efc5aa015d357167165bb5bd

SHA256
ac9ee6c39e8f24f9cf69188e6e09c1a9cb5767a43129a85c16f10db8aa4e65ed

SHA512
e5596716ad943396a19ad3bb2d3e114671a9465db69f1caa648e14537bd282097d9df692352d1aa96dc901868baaec99476ea818c8049ae3a090c842bc7401ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ae0ae9200cce81deccb9b39f762333c4

SHA1
248cbad96ec2eea2e9974a5a84291bb62fc44108

SHA256
733f187f154a043d5432f83007a8226ac7bf54c3ae8b10b65f60ae7576dfbf57

SHA512
f7d86fa61084416bdf65692a1d151984dd3475b5f665fa6016dc945425b92b45e4d5fa3be213ec4bdcfff5eaab279ce8b85d8a994436691bbf431cb39f88eb0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
de3527c8da555d540725af549de57eac

SHA1
8397de54ada01f8f18e1e1626bc94c37f706931a

SHA256
ea74c04974de3838280a54bb3928fa3faf737b4dc3296d11cd8a9b9f42106ace

SHA512
2cc6cae8a02895b13ce696e3d07ecc60e1d43f11d73150c8d385d0a01e216254f069b4af13388bd42c4006d4c7b8f28dbf45fdc1adf8d37f4ecf8fa9b7ae625d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp8C0.tmp

Filesize
1KB

MD5
a10f31fa140f2608ff150125f3687920

SHA1
ec411cc7005aaa8e3775cf105fcd4e1239f8ed4b

SHA256
28c871238311d40287c51dc09aee6510cac5306329981777071600b1112286c6

SHA512
cf915fb34cd5ecfbd6b25171d6e0d3d09af2597edf29f9f24fa474685d4c5ec9bc742ade9f29abac457dd645ee955b1914a635c90af77c519d2ada895e7ecf12

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 286922.crdownload

Filesize
1.0MB

MD5
010deb0f6c5c47778380b7a9109a868f

SHA1
8109dde91f802054542a8ce6e22963847f3b9de3

SHA256
8a9fc935a8e5714d33a19eb99b45fd38890031b038c6589eea10f3c1033884a8

SHA512
b2d15c3ea9daf95c3c15f21057d7dc5dba78634b1b1c30d4ea8fc9bd59c6ab2b3d6ac3a2a655ec3d6c70505a91d13d9e67a0896de67c84c0d27d5f8385a677e0

Download Submit
C:\Users\Admin\Downloads\ibis-paint-12-2-7.exe:Zone.Identifier

Filesize
481B

MD5
1688de03b63598572fc61a4f45468506

SHA1
a0a45d85914cc433ddd96c4fe3a97723ae217b31

SHA256
1abdca2806d598bdab0c9106ebb972524a69ec67f7fbb4c7b8eca32b8505e0c5

SHA512
71e77031c5dcbdebf951f6dd480da803dba85e97b9c9d420592976d1c1a39b36099156021189641896ee1a316573cdbcd3536afd221a6e1bd419b0599851223e

Download Submit
memory/3288-538-0x00007FFE03C00000-0x00007FFE046C2000-memory.dmp

Filesize
10.8MB

Download
memory/3288-543-0x0000012A57820000-0x0000012A579A8000-memory.dmp

Filesize
1.5MB

Download
memory/3288-541-0x0000012A56EE0000-0x0000012A56EEE000-memory.dmp

Filesize
56KB

Download
memory/3288-539-0x0000012A56F50000-0x0000012A56F58000-memory.dmp

Filesize
32KB

Download
memory/3288-542-0x00007FFE03C00000-0x00007FFE046C2000-memory.dmp

Filesize
10.8MB

Download
memory/3288-537-0x0000012A54340000-0x0000012A5437C000-memory.dmp

Filesize
240KB

Download
memory/3288-536-0x0000012A542E0000-0x0000012A542F2000-memory.dmp

Filesize
72KB

Download
memory/3288-540-0x0000012A56FA0000-0x0000012A56FD8000-memory.dmp

Filesize
224KB

Download
memory/3288-523-0x0000012A549C0000-0x0000012A54A7A000-memory.dmp

Filesize
744KB

Download
memory/3288-522-0x00007FFE03C00000-0x00007FFE046C2000-memory.dmp

Filesize
10.8MB

Download
memory/3288-521-0x0000012A54140000-0x0000012A5414A000-memory.dmp

Filesize
40KB

Download
memory/3288-520-0x00007FFE03C00000-0x00007FFE046C2000-memory.dmp

Filesize
10.8MB

Download
memory/3288-519-0x0000012A39960000-0x0000012A39A62000-memory.dmp

Filesize
1.0MB

Download
memory/3288-518-0x00007FFE03C03000-0x00007FFE03C05000-memory.dmp

Filesize
8KB

Download
memory/3288-544-0x0000012A57A00000-0x0000012A57A26000-memory.dmp

Filesize
152KB

Download
memory/3288-548-0x00007FFE03C00000-0x00007FFE046C2000-memory.dmp

Filesize
10.8MB

Download