eec8598a29a582b073df5c4832428cdd5cb276ea4cfb05a04e4de58a421717f8

Analysis

max time kernel
402s
max time network
1051s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
03/01/2025, 10:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

lossless scaling.zip
Size

3.5MB
MD5

be7c366057794a7b9dc9974dcf7f15a5
SHA1

2eb91fb059cb9c5ba2348f75c6f4ab2d92885fda
SHA256

eec8598a29a582b073df5c4832428cdd5cb276ea4cfb05a04e4de58a421717f8
SHA512

59b14823ce8067eb67a2090030c3ffe8755522633cd1d3e1f4ba91742a6b7a309ba4901c3bebc05e13e7c485126fa75fc89544c3ad62b3fb92cdf52b7a645912
SSDEEP

98304:lB8MVAr/rJPdVEPL6V619uA6FBk9EVpgw56Nhrsw5iU:lKkAjF1VEPE619J6FB2EVp5s2w5iU

Score

10^/10

discovery evasion execution trojan

Malware Config

Signatures

UAC bypass 3 TTPs 3 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	powershell.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	powershell.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	powershell.exe

Executes dropped EXE 6 IoCs

pid	Process
2280	Lossless Scaling.exe
672	LosslessScaling.exe
2084	Lossless Scaling.exe
2272	LosslessScaling.exe
2108	Lossless Scaling.exe
1456	LosslessScaling.exe

Loads dropped DLL 1 IoCs

pid	Process
2280	Lossless Scaling.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Command and Scripting Interpreter: PowerShell 1 TTPs 5 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
980	powershell.exe
2648	powershell.exe
1412	powershell.exe
2272	powershell.exe
2924	powershell.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lossless Scaling.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lossless Scaling.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lossless Scaling.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000090db5308381294da7c4fb027bd0e2ed0000000002000000000010660000000100002000000085a35558316b71694541f9380ba444cd90dd82e44be7fcdda2e7649551b98a5c000000000e8000000002000020000000ff4109cff1b24e1846e75a070c95c272299f69abb665a61b1e56199fcba49afb20000000d23f4e9ed827b4bd75b5f2a6b42d146196382918536483b9a7e867e12637c34940000000dc313d4d497ab6289f6a1b40c6674172c8a750421a23b2166399f6af57bb56c969c9d87857df6d3635d8d6dea39dbdfc175d79022f490561058a1536e04924d7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90d47d97c85ddb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\Version = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000090db5308381294da7c4fb027bd0e2ed000000000200000000001066000000010000200000003305ae32f6afa41187a0f7dd1bff7be73107c103754b85cb5f2d48d0bf4f2a8f000000000e80000000020000200000007db5000b2862fa3ea29bf47337dc6a022fcc305f5a4f512d52bd6e8c6f4d7f349000000024c99c75c8d5387dd6b6cb6d663dc1ce8cc591da0bdd220bdc7a62ff781af405aa9fe5eec90e0faac03a98be2294e00739d3bcc9d8ca42e676d03724bdeea0432f3e463fb215f3c319d2580673f9130133a2d1e87cdefcb35da32f0ba155c949f2ea66a72fdf6b41cbe0c796fd7a548020d5db8476fb1c14a21a8e516e2e73932c136bea543cf75497ddb65d4fb11f1140000000c0ecb8558911cb3c10b717f72787aa69023439da5f10519beacf4cbf5014aff8daf153f4336a08f5fab3df0f5cc207aaad8f29dcc19f08d7053146ee8d495747	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442061259"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CD752AD1-C9BB-11EF-9982-6A2ECC9B5790} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3D0921D1-C9BC-11EF-9982-6A2ECC9B5790} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "4"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = 20b1b420c95ddb01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442061448"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Runs .reg file with regedit 1 IoCs

pid	Process
2440	regedit.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 5 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
596	schtasks.exe
3028	schtasks.exe
2764	schtasks.exe
2972	schtasks.exe
2380	schtasks.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
2648	powershell.exe
1412	powershell.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2272	powershell.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2664	7zFM.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	2664	7zFM.exe
Token: 35	2664	7zFM.exe
Token: SeSecurityPrivilege	2664	7zFM.exe
Token: SeDebugPrivilege	2648	powershell.exe
Token: SeDebugPrivilege	1412	powershell.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2664	7zFM.exe
2664	7zFM.exe
2192	iexplore.exe
2192	iexplore.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2976	iexplore.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
2192	iexplore.exe
2192	iexplore.exe
2448	IEXPLORE.EXE
2448	IEXPLORE.EXE
2448	IEXPLORE.EXE
2448	IEXPLORE.EXE
2976	iexplore.exe
2976	iexplore.exe
844	IEXPLORE.EXE
844	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 2648	2280	Lossless Scaling.exe	32
PID 2280 wrote to memory of 2648	2280	Lossless Scaling.exe	32
PID 2280 wrote to memory of 2648	2280	Lossless Scaling.exe	32
PID 2280 wrote to memory of 2648	2280	Lossless Scaling.exe	32
PID 2280 wrote to memory of 672	2280	Lossless Scaling.exe	34
PID 2280 wrote to memory of 672	2280	Lossless Scaling.exe	34
PID 2280 wrote to memory of 672	2280	Lossless Scaling.exe	34
PID 2280 wrote to memory of 672	2280	Lossless Scaling.exe	34
PID 672 wrote to memory of 2192	672	LosslessScaling.exe	35
PID 672 wrote to memory of 2192	672	LosslessScaling.exe	35
PID 672 wrote to memory of 2192	672	LosslessScaling.exe	35
PID 2192 wrote to memory of 2448	2192	iexplore.exe	36
PID 2192 wrote to memory of 2448	2192	iexplore.exe	36
PID 2192 wrote to memory of 2448	2192	iexplore.exe	36
PID 2192 wrote to memory of 2448	2192	iexplore.exe	36
PID 2648 wrote to memory of 596	2648	powershell.exe	38
PID 2648 wrote to memory of 596	2648	powershell.exe	38
PID 2648 wrote to memory of 596	2648	powershell.exe	38
PID 2648 wrote to memory of 596	2648	powershell.exe	38
PID 2084 wrote to memory of 1412	2084	Lossless Scaling.exe	40
PID 2084 wrote to memory of 1412	2084	Lossless Scaling.exe	40
PID 2084 wrote to memory of 1412	2084	Lossless Scaling.exe	40
PID 2084 wrote to memory of 1412	2084	Lossless Scaling.exe	40
PID 2084 wrote to memory of 2272	2084	Lossless Scaling.exe	42
PID 2084 wrote to memory of 2272	2084	Lossless Scaling.exe	42
PID 2084 wrote to memory of 2272	2084	Lossless Scaling.exe	42
PID 2084 wrote to memory of 2272	2084	Lossless Scaling.exe	42
PID 2760 wrote to memory of 2788	2760	chrome.exe	44
PID 2760 wrote to memory of 2788	2760	chrome.exe	44
PID 2760 wrote to memory of 2788	2760	chrome.exe	44
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46
PID 2760 wrote to memory of 1420	2760	chrome.exe	46

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\lossless scaling.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2664

C:\Users\Admin\Desktop\lossless scaling\Lossless Scaling.exe
"C:\Users\Admin\Desktop\lossless scaling\Lossless Scaling.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" -NoProfile -ExecutionPolicy Bypass -File "C:\Users\Public\language\en-US\hiberfil.ps1"
  2⤵
  - UAC bypass
  - Command and Scripting Interpreter: PowerShell
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2648
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\system32\schtasks.exe" /create /tn administartor /SC minute /MO 2 /tr C:\Users\Public\IObitUnlocker\Loader.vbs /RL HIGHEST
    3⤵
    - System Location Discovery: System Language Discovery
    - Scheduled Task/Job: Scheduled Task
    PID:596
- C:\Users\Admin\Desktop\lossless scaling\language\uk-UA\LosslessScaling.exe
  "C:\Users\Admin\Desktop\lossless scaling\language\uk-UA\LosslessScaling.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:672
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=LosslessScaling.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2192
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2448

C:\Users\Admin\Desktop\lossless scaling\Lossless Scaling.exe
"C:\Users\Admin\Desktop\lossless scaling\Lossless Scaling.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" -NoProfile -ExecutionPolicy Bypass -File "C:\Users\Public\language\en-US\hiberfil.ps1"
  2⤵
  - UAC bypass
  - Command and Scripting Interpreter: PowerShell
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1412
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\system32\schtasks.exe" /create /tn administartor /SC minute /MO 2 /tr C:\Users\Public\IObitUnlocker\Loader.vbs /RL HIGHEST
    3⤵
    - System Location Discovery: System Language Discovery
    - Scheduled Task/Job: Scheduled Task
    PID:3028
- C:\Users\Admin\Desktop\lossless scaling\language\uk-UA\LosslessScaling.exe
  "C:\Users\Admin\Desktop\lossless scaling\language\uk-UA\LosslessScaling.exe"
  2⤵
  - Executes dropped EXE
  PID:2272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7149758,0x7fef7149768,0x7fef7149778
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=1380,i,17785064808685601872,11676512017018878827,131072 /prefetch:2
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1380,i,17785064808685601872,11676512017018878827,131072 /prefetch:8
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1380,i,17785064808685601872,11676512017018878827,131072 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2244 --field-trial-handle=1380,i,17785064808685601872,11676512017018878827,131072 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2252 --field-trial-handle=1380,i,17785064808685601872,11676512017018878827,131072 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1176 --field-trial-handle=1380,i,17785064808685601872,11676512017018878827,131072 /prefetch:2
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1420 --field-trial-handle=1380,i,17785064808685601872,11676512017018878827,131072 /prefetch:1
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3664 --field-trial-handle=1380,i,17785064808685601872,11676512017018878827,131072 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3692 --field-trial-handle=1380,i,17785064808685601872,11676512017018878827,131072 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2604 --field-trial-handle=1380,i,17785064808685601872,11676512017018878827,131072 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1244 --field-trial-handle=1380,i,17785064808685601872,11676512017018878827,131072 /prefetch:1
  2⤵
  PID:560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3396 --field-trial-handle=1380,i,17785064808685601872,11676512017018878827,131072 /prefetch:1
  2⤵
  PID:2820

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2168

C:\Windows\system32\taskeng.exe
taskeng.exe {69F236F0-7071-4177-9590-84CD2827F5CF} S-1-5-21-3551809350-4263495960-1443967649-1000:NNYJZAHP\Admin:Interactive:[1]
1⤵
PID:2240

C:\Users\Admin\Desktop\lossless scaling\Lossless Scaling.exe
"C:\Users\Admin\Desktop\lossless scaling\Lossless Scaling.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2108
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" -NoProfile -ExecutionPolicy Bypass -File "C:\Users\Public\language\en-US\hiberfil.ps1"
  2⤵
  - UAC bypass
  - Command and Scripting Interpreter: PowerShell
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2272
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\system32\schtasks.exe" /create /tn administartor /SC minute /MO 2 /tr C:\Users\Public\IObitUnlocker\Loader.vbs /RL HIGHEST
    3⤵
    - System Location Discovery: System Language Discovery
    - Scheduled Task/Job: Scheduled Task
    PID:2764
- C:\Users\Admin\Desktop\lossless scaling\language\uk-UA\LosslessScaling.exe
  "C:\Users\Admin\Desktop\lossless scaling\language\uk-UA\LosslessScaling.exe"
  2⤵
  - Executes dropped EXE
  PID:1456
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=LosslessScaling.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:2976
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2976 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7149758,0x7fef7149768,0x7fef7149778
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1360,i,14728345132542286608,2989183813567133134,131072 /prefetch:2
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1360,i,14728345132542286608,2989183813567133134,131072 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1360,i,14728345132542286608,2989183813567133134,131072 /prefetch:8
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2144 --field-trial-handle=1360,i,14728345132542286608,2989183813567133134,131072 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2152 --field-trial-handle=1360,i,14728345132542286608,2989183813567133134,131072 /prefetch:1
  2⤵
  PID:284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1460 --field-trial-handle=1360,i,14728345132542286608,2989183813567133134,131072 /prefetch:2
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1384 --field-trial-handle=1360,i,14728345132542286608,2989183813567133134,131072 /prefetch:1
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3772 --field-trial-handle=1360,i,14728345132542286608,2989183813567133134,131072 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3892 --field-trial-handle=1360,i,14728345132542286608,2989183813567133134,131072 /prefetch:8
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3064 --field-trial-handle=1360,i,14728345132542286608,2989183813567133134,131072 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2484 --field-trial-handle=1360,i,14728345132542286608,2989183813567133134,131072 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3984 --field-trial-handle=1360,i,14728345132542286608,2989183813567133134,131072 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3804 --field-trial-handle=1360,i,14728345132542286608,2989183813567133134,131072 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3900 --field-trial-handle=1360,i,14728345132542286608,2989183813567133134,131072 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4072 --field-trial-handle=1360,i,14728345132542286608,2989183813567133134,131072 /prefetch:8
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3864 --field-trial-handle=1360,i,14728345132542286608,2989183813567133134,131072 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2672 --field-trial-handle=1360,i,14728345132542286608,2989183813567133134,131072 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 --field-trial-handle=1360,i,14728345132542286608,2989183813567133134,131072 /prefetch:8
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4056 --field-trial-handle=1360,i,14728345132542286608,2989183813567133134,131072 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3984 --field-trial-handle=1360,i,14728345132542286608,2989183813567133134,131072 /prefetch:8
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4048 --field-trial-handle=1360,i,14728345132542286608,2989183813567133134,131072 /prefetch:8
  2⤵
  PID:1980
- C:\Users\Admin\Downloads\ndp48-web.exe
  "C:\Users\Admin\Downloads\ndp48-web.exe"
  2⤵
  PID:1596
- - C:\ea4ef33e90eb3ed11675e2\Setup.exe
    C:\ea4ef33e90eb3ed11675e2\\Setup.exe /x86 /x64 /web
    3⤵
    PID:2236
  - - C:\ea4ef33e90eb3ed11675e2\SetupUtility.exe
      SetupUtility.exe /aupause
      4⤵
      PID:1504
  - - C:\ea4ef33e90eb3ed11675e2\SetupUtility.exe
      SetupUtility.exe /screboot
      4⤵
      PID:808

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2060

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x488
1⤵
PID:1060

C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Desktop\lossless scaling\Registration ('Crack')\Double-click, confirm to merge, done.reg"
1⤵
- Runs .reg file with regedit
PID:2440

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe" "C:\Users\Admin\Desktop\lossless scaling\Registration ('Crack')\Double-click, confirm to merge, done.reg"
1⤵
PID:1676

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\lossless scaling\__HOW TO CRACK.txt
1⤵
PID:876

C:\Users\Admin\Desktop\lossless scaling\Lossless Scaling.exe
"C:\Users\Admin\Desktop\lossless scaling\Lossless Scaling.exe"
1⤵
PID:2572
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" -NoProfile -ExecutionPolicy Bypass -File "C:\Users\Public\language\en-US\hiberfil.ps1"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2924
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\system32\schtasks.exe" /create /tn administartor /SC minute /MO 2 /tr C:\Users\Public\IObitUnlocker\Loader.vbs /RL HIGHEST
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:2972
- C:\Users\Admin\Desktop\lossless scaling\language\uk-UA\LosslessScaling.exe
  "C:\Users\Admin\Desktop\lossless scaling\language\uk-UA\LosslessScaling.exe"
  2⤵
  PID:2424

C:\Users\Admin\Desktop\lossless scaling\Lossless Scaling.exe
"C:\Users\Admin\Desktop\lossless scaling\Lossless Scaling.exe"
1⤵
PID:2068
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" -NoProfile -ExecutionPolicy Bypass -File "C:\Users\Public\language\en-US\hiberfil.ps1"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:980
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\system32\schtasks.exe" /create /tn administartor /SC minute /MO 2 /tr C:\Users\Public\IObitUnlocker\Loader.vbs /RL HIGHEST
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:2380
- C:\Users\Admin\Desktop\lossless scaling\language\uk-UA\LosslessScaling.exe
  "C:\Users\Admin\Desktop\lossless scaling\language\uk-UA\LosslessScaling.exe"
  2⤵
  PID:1716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6690436c978346322d45e9e955c3d504

SHA1
cf2dc8c39716d2c9d625addda9385eb9c63823a4

SHA256
fe557ba9f2fc8e95a847e0312e6bcbbae3020541889566e42162c5eeb21cbce9

SHA512
95ea76304d948770b234ad11d3e6d293ca282c1fbe77bb5c197406e0edce7996c31bc2f581fd4389e4cf3c4944a380724ca3cd779dc3edf3085716726beee255

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa68067f5dbc576e7a5cd63d275d1512

SHA1
7fc968964f111802f5b2a0fc07b0bb0f30bc29c1

SHA256
a1fe39d5594ffa9a843887cc382677be5db730ccf0d585bf0a5f85f1ff37a241

SHA512
3b29671de1b58a9fb854be03fa7524dcd3b1da94a649b3a89c123d99fd7b7150bdb8228705b4f3fc9f630f5369594644cf913888d611fb453234b26754f3bc4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e07fd51258574bfb84d626cd5ddacea

SHA1
ee63779c2b4d908c10feea6ae080b4e217be14f9

SHA256
0b984bacb62daec3deefc16b560f4539e6038b194a648169b51846a42a687aec

SHA512
f3f6941720c2dcbf07504a118bdff3c4fa7be5c4641f5aa66d99fd2fd83a1c5ead5b7636e655a1de20a19d2cd063d3947236a681792ad38c50e66c079fbbc70f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
efa3bc0408b1bc408b84b452cd11b340

SHA1
170cc7b43ca87a1f47daef996881048aaa1577bd

SHA256
66bdb1fea922cff61d14525943076d556c0e5c6aede4ac56f5d85168ffe3a033

SHA512
606f5b1b53c1755eda36ec7d14d3ff116677f0f9e9d3bf562682e1598cf56e095a6ad67f3d1bda2a502593e4a1519ff5bbb7c68de08164323421fd27e77d45d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
22ceb578b89f996576a2c06da0cef393

SHA1
d8e3cc0e9bc3c3f6f4442ab1e8f08a170eb6cab3

SHA256
88b3d0a8c7b84e1213cc0b2f5c1a2bd399a4d6cae7a21ed7eba07f29e007c210

SHA512
3913774925f82a8bc86fb844ef7c9f1063760dfeebbc6fb87ee07367c63dd8d8934156a47dd81ed226caf2d6e79720b311bf6fa1b50f1047d93c4097cd647f04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b5d71f2ceb1560274d02a148b87f38f

SHA1
70c6e6a5ed84dbe5f16409b889b3c005426f675a

SHA256
588d75e379242eab17a2267cd2de3acb79608b25ba67fd7cf361d2bbd7c5ac2d

SHA512
ed3fafec80901999ed0b6e5c25eb688a81a1241e057153b3ae9b563a1b1ab0d42be5888a1bdf50954e1ad333bb6cb9016dae317c64abe6fe43595c3f88e9f0a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6b2a8dadf9e17dbc44d0238aba9bb7f

SHA1
0ccf92885a67ccf1b19b7131d4faaadbf26bd156

SHA256
d531d0f374c3ccaf3e128e168035536b2b04c6ac2dea2b4dc646b7243437879c

SHA512
aa5f5f69401767399524927651edf3857681824ce68aaba1278ea10be450216ab59c7df33481ab2127fa364d95b91365c066022649b590aa242da9d4ebf84bc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4653a211bdca0678041e677fb25b85e1

SHA1
a25aa0a847c4565fa4696b1f67b1b7f15ac53754

SHA256
0f7f97b96ad2b5ac6cc5530f6c6f83d078bfac57b3c0baaeb7367908f06a207c

SHA512
626dcb334482b942138ad541b3d59fb1bd95cc4063a871cf2b8b0009e31764093eb008e990ed066f41c00c7aa6075a48fce86af8efe8502918eae235749f3440

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b693ea847384ab469c72e7d012cccf4b

SHA1
3880a97f6332513fa3a140cee9d59c65d9b5a14d

SHA256
16d73ecdbc4067e47a4baa636503899ed4c26458cfb094ab6f4f6aba0148e778

SHA512
8994e3b8fbff53034535d743dc8d2223b845ba7eefdb1718845b2fd4315b7c82e456f56242418afb0846d08dbf46ef4e01619176d1596218da6d47bed62a2a21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4cd85938f2a02e89494521bacbd161e1

SHA1
c730b7002ae3bc28cfac12b5f7f1351059027a09

SHA256
1eff8196345dd56c0bb25c057e36f70498f47b2a2d5777b738ddfffe7f9cec7d

SHA512
5df300cdf5dce399771d706e9adcb1e521c2d87bedfc00d0342f4286828dc7732e55a09c7f51b621281fde01c4674675296bdb67f14a22a0d2b6da33f056a639

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee8d822280d6d38ad924a9db382676d7

SHA1
b4337e816173f001931f2d0844d6278d6b188ab6

SHA256
bf203b9cc73a7376c184ff99af99403ca051cd4597563e1399d75567aa7d2aad

SHA512
6a305082c2b9823f04ce049b448dd99bd2e931f3c730d2787cb48cb0cdf90e7f94949bb119e07c1b2d6a8f737cc735adf5f7ac071917e35df3cfc807b61dcb34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4cda2a1bc2b0ce0c5c638e49c0351b7

SHA1
b71509490b4850c3dde6142e632455fe2fee4913

SHA256
420efdb0f496df7eca5fdc5268f31d450b4e5c691b1a408fdfa48fd11643c88d

SHA512
15bff928cdd6d0ed5abe4ec95b3aa03ac3d60c62d42fe476c55bca52488c633f1dd3bd2e94304d4b493f45036bac58217965555e220eafb3c26f4b87b8b48c28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52c3aa55da576774bdaded14083e994a

SHA1
51371fee45ca2490dc124f6355d077feda7ec510

SHA256
380b7ea2fa54b3055009331be794403d2534c56dab6236358454faca6e2b6f5a

SHA512
05726b0f7ae718a3232795d416c152d7d4eaac3f85db84eee8954b23471b703cad1f44fd9d5cd86bb0f29e7444aebe802168ba0a5e04d90b10c60ca3b190e3a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06b2e2a764c1c1f1399b59b7f65f421d

SHA1
a2d2ee662769dda4bc2a8d9d26826fbfbfdda23a

SHA256
c40076a913562f7af1936ca704f94c75939576ab1843ad81be7b43be24e73b65

SHA512
8eec0295f7f4734d5237212ee1c36195de087adc1ffc98988f3a37313997220dac8e5b7d87b96133169678db61c20a4573b4c70adffd09ccb98429d16788003f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
930b7a1a61e25c323f369d75b69e44f7

SHA1
93658850da220d141aa21ea3fda53d2a91790ab3

SHA256
6dbbae3275fc4d0d3233a9cec064a531a9c155d8142470f99af385ed0e6a8a14

SHA512
585bc5f11ae9f79bbd90891b3e15d971b3b500b1261a24b638175e0dd0778d86cce5fb4534c5a589c97623651d409933afe50f52a94cddd990d77d85def148d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
392d83ae28073db34f7287b4343096cd

SHA1
adac56b3b228dbd3e1b9f5b28b594875e7e50a90

SHA256
9037637a514c44f3109ad35044be067a2f1a3506decbe6641644776f8ee16d2b

SHA512
18447bb8732e57ca389c0debed3b905bac22e72228a6687f8f10ccbad77ae752f13355670cf16e2bea51c0ef4933b7dd464b9bacd14d358cb410fba8a6aae66c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
feb9d6259b305abe3ba9f2945142ca08

SHA1
c2c14ab1e00bfa296473cd1b8540acf4455a105b

SHA256
30c153b0f6e45f1552107a75d075c872b088792a0e57f58c5871ec8f39ec215b

SHA512
4332cdcd91e35e7df1a6bf8d9ce9aff40bdfbe9d52840646edb31bc0a08d0410a134bc0043ca3456b02c18fe82a79e03372f1d8ca93d4c680a7ee265399ec879

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cdae8c545de1a30389f31da86bdddffe

SHA1
db3855fb9ec379eb44228ca36c0f2e5b1c4986b7

SHA256
bdcca4e7fde5489cce1819ad95ac4fca90dda139e93078e5039e4ba61b61166c

SHA512
163519cf8e97d645cfc3a312533d6e803283acf0bc4ae3389c1202c26f38a0f8ff3256647d044b372848c3b61cc42ea35136179afc677aecdcf2862f732fc140

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f582b324a2966986b109d8939a1d8ee

SHA1
6c80f17efdfb52ea213d2aaa1530db50a7013dc0

SHA256
61d7655a5efb059fb9378f61496f2576868dfe9865e662d8288b5c6874ab765c

SHA512
baf3a73faaa559b0205d23beb49fa3579f840325acec0deae2ec6b6c933bdaaa70317aa3856dbb8ee259ccfaafd6016547f416b9e1d31bfb4adf67c22c0832ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a64e2811c2b5282a614d538750beb3b2

SHA1
5e3c27cdac2574984cdc812b14b519d0f39dead3

SHA256
ef524a96b16d09a177be17fe60390af96825558229fa17ed2957abed08b7baed

SHA512
55ddf14c4790f323a460ab1d6d1fe74a0b1ea1a93921e5be1d7b435216e73bc69fc05ece8e969d3081d11aa72fb78f2d79fe3681a70b20297f812a02aea43144

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c0ae50403ccc6fd28e007bc68129123

SHA1
b03cf491db1def10d50964c82b29bbd226e2cbab

SHA256
ec89481ba00dd68a97c787492559cbf2cbccc1f5dd7c8b5b533ae0f291f89969

SHA512
88eff85513498c92928a679c9f639b5329a338bcaa7de7d4b5daf7361281cc7b600938cc3f51f97a1e7dd4609a712b117df4c8d64d48356078ad3bf94a6f137d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8cdced5c338b8c5085259a679fc30be5

SHA1
45f671fc1a7f6f0dd2fecbe72f170c032b136220

SHA256
79d520b15d8d79c74b434de3ad7c03269d7c0113c258ac7e7a8bfc9643eae1e3

SHA512
dab5220da4330517e85106125f43d72bba3c181f2f2ee40a8b5a560b8d9074ec6945b55d055fc0987065cd40ebf1e2fb086541d377164d6f647098c7e9abed52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ca09b606d2ffb849d15c9e2cd79ca30

SHA1
dd7331f8411203113b9af6b30c88dffeeed03b76

SHA256
f169495f360edb15708153a3cb4f8eba8605718d2744bc84ec4e1bd6dcf71584

SHA512
d3fe8515dd5296011ae3e2ee18c48cac05e8a9180d45a977472b239365d87dd0890cada18c3536691d22d3d3da1a60c5ce044e9fc3847e43918cb5621a7bc4b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e8731a8effcb9fff2f704d188ed15699

SHA1
af33d8ee47b5f3cab06f0d02cb7b2a473eeb6926

SHA256
8cb4dca77613082c49028451b6e0e528d74490fa6af22441865d62c88ee5e0fd

SHA512
8fa6bda11670920ea2b6b692f2cd1ebfb99dcedf46a381bd71c239848112b28ba16b447fd840bb0749a2333c3c3ed6c809c425fc2b0f6d9f88a8a14f1b788da8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d14583881beb8fc88e05e8aedc04592a

SHA1
bca04f630d5cea28075aa56f01dfd0bcce1346d7

SHA256
219046bb8859e7512426dad776986f896a78a67de2711c748d1ef710643632f9

SHA512
748e8cde28d36b8ff76280a096eda1c623e7d13a6804b5a92975b64b41676ba4b6a99625eb29b97890edbbf4da0d875a81871a214a60f5fdde26ac0d34e2ff8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
837828f0a37cff5206e44a7b61dc6e37

SHA1
974061406d0c02c20c998d280b02ba48d8915dc0

SHA256
5e64ba303b89986401519e1837304db0a99963087e72a92d89eeb718dd64e494

SHA512
2f4ba74336deee3c882d7d36bb20287b5d44f6aabca7225e0980ec3eb1fa03595570193aa23ec04222ed08103e4a757863113c31633c89a9d6a68ab412104f61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c5994c2c8c649a68c5b187a0e685a25b

SHA1
4e8aada678a6f22aaa224c4245e01bd90847e2fa

SHA256
780b928db42f8e167bd3b2072b93b8b4dbf02b4fa8432c3bc5e3aa671076ca99

SHA512
8ba799fd49912bfe35f35a21c3bd255df0975fcfbd1cf1cad400875b27d69b4f0763970aa5880c8438084036d4ab84e2f052c532125d4778ad73d52f63dcac92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eea3138f19bdf5249724b195c04b8e8f

SHA1
5c5dc19ecb08681c4b5e12d4b7aea7dae06089d0

SHA256
662fc1c3e635fbdb1766653482fcdbf0e9c466e8c50552f275676a1155b42b50

SHA512
cedb6e21e2f7c625996e7b8df2eb38081afb83444cb358d2f3b255e5b0b857ec5e964e952a201fdc2246877bdb6b142c2d205ac209072313544bdde7f20f0197

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a33fdc594d1a65c9ae357403d590374f

SHA1
acc2f991a79db18b231cbeb31475b8000379e63c

SHA256
90bba877fb66337af1efd06afa6a4a5f3d974dd358eda18dd4cd0c2b6acb28af

SHA512
d7071d355de828878e47a2f8295c895446ac313c5781d03b437154e030c4367a1760f8602416a44fc8e42a7a65c57ce345485aeec086a9cdeda012cd06c482ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c71203fa6ec44a277f7c8a84cdeee237

SHA1
ce45331b0972ac0ac98549274940bb7efd41f4ac

SHA256
68d439b7025e60a1e03de19438d46acc504fb01207b1fbf70a1b9440b7aacc21

SHA512
93aebf287e61ba84a960022bfde0bc42c923252f09c2cfb8a892a96e9ae116d65804ee1b549f2057ff69fde0c1e7f29cc19daf0278e2daa22ecedf6cfab43901

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1756dd89cf576f5a74a279bf60a79b7

SHA1
9a34df3377ac1ec477b7c81c33cb2365b13630d6

SHA256
db7536dc2d727f64405a2acd12de247919bc7cbde5949e11faafeeec1819810a

SHA512
b96d3cf92fd4896f4ce57eed191656ce5d6e1098d7b3fa003160530cea90bb180fc7a65f1ddaedd447c1c6a907b618f4a8698ba380445fcba328108000d811ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cda531b18fff663c2d4a944d2a643db5

SHA1
c6cd8dd465f805311e5efad7a7467cd1245f935d

SHA256
ff01f8f49c40b32f70054a82667562b8be703fa3b6046b48fa2c074f038c38f9

SHA512
bf5965b7ab665ac9bffba94776b51f295189fc2a2bc026fae4a26641fb7171b77e06d55e891cc66b03e77c6035ccf79269a79ea946f0e76596e0e33ac10c5c12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
edca380c499c776dc6a418a9cb786992

SHA1
0514570d2b0164e903348052e4bbe7e4e1a2bf57

SHA256
1937116bc6a490dca15344945d5f9717b3ccb9c6a817f0723187520849316ce3

SHA512
b68e29ee23fd03a3e0602fd2ce347a5c1dbacc86e052f25594e2d2b19083ea590aca5137b5bc8231aa0d47946dfaba2a004ca9cda6ee313677aec8b68fb8beb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
618a86fb9cbc7b62bca18a20b5b2215a

SHA1
bc81a7151edd98e555621647c9919d8299a81c9c

SHA256
8cf121ce575d164c0d335f1d36965997c18def21106f097fb17587b23c8eb071

SHA512
e8ff3b8853d385751fddf8513fdde6757df218a3f681e1b405b0d52e18e2f1b6102955b0275876434c6eb8f9abb23a3920a4038a789e501de60261e3c6bf50dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e768ec6b311401f2f501b0ebb651649

SHA1
6408c260537a34468cffccf2cf49daa718de543d

SHA256
5b4538458579ecbc7f0c00f854a80b7f12d6d6cb79fed14d3faadea0674cf2a9

SHA512
dc182343bb009a0a65faa538f6cf38f8be90f36d0417c9407b57bdd65ca02596e1d641c6a81c08209ca2dbc8a09733f7b7c37f5fcfe6350627d244c6ab0807ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5fa715aeb975941d1c15772d74d2b735

SHA1
c07a227045bf1584594e37902abd6467f4fe828d

SHA256
4190d7cfb66d6494e534a9f34630941e7a9dce5c84975bccffaeae6b8a7cf990

SHA512
22cd2755dee2100f3b5419e74e491b6b45f10f09f1eb9e8101ed73e0a8e29d9071ea5ec1395d4ad20bb5bfa8f3bc239bd8880c246ad0454f6d76e59c0682502a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89394fff25827ee31c1f13dbdb6ce081

SHA1
4a61b1699e9700a5fcaf8f4086478e9ac8a8dfd6

SHA256
2d56219323a0a8b5ca815ea7c7da68fc3017307af6c87d5435d1778060b29cfe

SHA512
f8fbeca274d30b68beaa79452864bc3ad7478ea138ef227d5b179e38d3326b5b9711d890a6156d8696f02720856e7d098420e3142aa7e9567484b65c72e9d532

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8826dd4e6580e7b2ab850e4363458a3f

SHA1
06ec6d3b45f7f078fd729e57da90f6780c9af8e2

SHA256
0dd66bf5419670a40c01b818e101368cbc3df71a1111e815d456085b0990f162

SHA512
34ca8b5277289289199bde0e2f7e32cbdc889c83f64884f69d6fc43ce993927eee25b4954448ba9fc4ad9d8d439728041693b60a4c3d0fc3290da77912c1ca54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96a0809011444ff9e3365df6fed8c9e4

SHA1
cd9b5b9cd1482ad16ad807670cff59beb81ed9b9

SHA256
0fdeb4c3737055653d63802c4134adda46c6fd7be11573b8a1ff2156af7db7ef

SHA512
eaf38f289326616076257996456e9306aa8b19eae7bb9c929a94f335a2178acb2423113f8d19b0da6e4361238259fe135edb261b5a6c8b089b4012ff5447c96c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7fb30f0dbc460c274a1394a77b64e9e

SHA1
094efd8fab43f7c3bf1e8104fd024d3118bfae01

SHA256
f6a7f52cb3fc103aa3feaadd5c2bdc150255630a1cae32399348498bc1ec1bbb

SHA512
dfc9dbe7c5db9cdce99ff012ae746a3159baace5aee33272197e5600727aa1630cbf1200476ad8809d0973c7bd98858f5efce519c6afa832c49da6fc2b9cf06a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c4c88debc5bf45169457d5a4eea6b018

SHA1
c49d63a1b2eb49026b1b5e04dc5060525cef480c

SHA256
74442001625cb17725e5ad268ccffac037c00426e76e1c59a9d0add5f158ba3b

SHA512
c99dfb48d5168c0d4d208f28ba29b03da201e9956380e8b00a86f2bee29bc5729551b2fc226aed4268a9927ff6b9a58b0105b8cd0f063d9a97f142eba9156920

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe6615b2af33670671f35e60f169025d

SHA1
6e393683422e557b5f1167267a92575327affbb8

SHA256
5f860d243c9900e82bd7727c42917599f0f8f93d01a22f45c049c942a9c1a2e8

SHA512
5f92492db13d43a02ac7c0b64960bbc5a2e525a62471a81712a0a6c2f4f8a8c61bfe02fd9b42d46e8d69f5bcd2495bee4067057b6382cafad09137a9042dc906

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
1d534e0e8bc87b205a709ba867ba471f

SHA1
b3fed1c440819be30eb910fc4757728164cabe77

SHA256
7696b4f7f3fab4d24b048272e8ffa2a71d5b41f71717baefdb93333cc27291cb

SHA512
de0022e4cc68643c1d037feb6d542d16cc8deb63888b1b81dac92fab592dc8be853ef9b7400ff75a437b86d5e48e15458e1e0d904e74c08c838c67f6d0137997

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\09c71109-1670-4970-b869-a58bc0ff22a6.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\62fd2b20-4785-4e34-b1f9-30227bdac09d.tmp

Filesize
330KB

MD5
88456a41575b4bfceeb47b4dfda4b2ec

SHA1
213e91101ced86f0ccf06a7c7fba64afdf45c4e3

SHA256
edd4dd50f550d7567797b6b5acbe02d5bfcc4d3156a0f9f4af9dc8a40b7bd214

SHA512
e40f186d0f7780783246a49548b5a09697a6d0841658cb8d1f80fed04f710fc61f3902bdf6721974a06eef9027172a624200ba10866bb540af2ddfb2c0a5f0a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6440e5b4ea3156744e4a29d42c8a2bd7

SHA1
da7b625fdca100cadf355ded3e112a57f8d25866

SHA256
c06f6986514f9e2a2853949c3809aa06a2d39594470ed4ffc77b5a9552565fb7

SHA512
960de88d405bccc917ad98c1cc04b9a3cb2daddd7a53ab5934e27e3bb2b1638dfa81688239db0910b53af711521a998a788ffabcdcaecf36caa0df2a31582d7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\70872e28-afcd-441e-a57f-e5da220c53e5.tmp

Filesize
5KB

MD5
0482ea4139b019d9c4f0e8261d38352d

SHA1
1a58ea95e4785ff842eabe7cf4fe56e16ef4d9c4

SHA256
dbeea6f65b4eafcbd9249079968387dfc1e32b09a71b7fcfef96230b39732be3

SHA512
4e2f33b8ae4a2e0b0d5c1ba0c7d840645d11a3650bc26ffcaa2e2960dff388949619dbc2b79a595faa861d70c3082dbc3df0e8b3bf76c249906444e3ba0a4b16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2d62f54a9f132af6_0

Filesize
280B

MD5
a911a62f5df338423698be0a0a6ab413

SHA1
5c5874befe341caa8e4166237d018bc78105972b

SHA256
5dd812733e71d0483294fa359ff12ec9d2eb0fa6afe0d55af2b4e5fe0e871809

SHA512
f2fc651f3040df7cc23a7c466c10f52f3e72ed0598b6229e145248ebe098b4ec7da074b5be61004e337f71975587d3c0bbeeead3b33b932886f27bcced0af396

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5cb34e79b332a0df_0

Filesize
347KB

MD5
52c19a1b65c1b3e0cccbedb22f6bbde4

SHA1
a677cc6d17e69c63b2ded432798da1858cf5949a

SHA256
46a57d9d44bffa35fec31ee379394fecb6aa597c9cce3849e8355ac51d247dd7

SHA512
b3905350c9ae6993dd9d7c6c034a3822eb3609d64692109b371c717cd9e24b41087c2f28bbc78482824d2ff0c68de0ffc57762e348e7a94752a3ab0c92f8d401

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\74c9cb9773e5ba53_0

Filesize
19KB

MD5
790fd7bc6a198e49fc3a9be371352ed8

SHA1
bd2815dcd78789522736baa6bf24db3fce729ca9

SHA256
58d461549540e2da0ac260ba040273858ae425a482518ca63d1f7bd9387ddabf

SHA512
0ffc2ae6e39a9276d19a6d82308177a2d4e2ef15144d4b9c0ed9c85fbd3eff5de3878a264f055a6ad9a39d4cf849ee372c21ab49c6271127008292749b252ffb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f3ae0d23e488645b_0

Filesize
289B

MD5
10c5bbe91a7ccdc6ef852af400b95035

SHA1
3b239dbac2aaa130e8d0f416513a2339bd066889

SHA256
694f2399217618ef53d8ddf4c7e7439eb1c19ec597910e6da720f1bc41eba090

SHA512
c24dbd7a0d576339a6b15b0813692f0e95cbfd71219cfd44771370f20c4caeb5c4c83a0757cb520f7bab3bac0b96b3e664e9e9566a3a97ea5443c55978d937f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
1fdfa0139bf1e288b3c9220b6af41b4e

SHA1
6e27f6f3d1f540a40cc35bff3d85276e7eaaedb8

SHA256
7f8c599aae8ddc452161b7a9a262819222ba292b46c4a899f14b227bcb66a289

SHA512
f2eb240037690edc6ba0d1b6c89a0505e597688f8f50c1d7dcd58cf7066ddc4f561d34e6c911734bf4de763c7040f7caf008c33d9aa97a0be44953e6a4ad9ba1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
d62db6118880ea7356d6c6a77e05e576

SHA1
2a3adfb0b15e40fbfda9f9ae15288d40b17f9eb4

SHA256
8a4b65f9212d4526d8ddb93dfa4bf6ef4b44fbd04dbfe21855d448490c6df8bb

SHA512
88d2fd1661d9d595c68cba94a59d2975ad456c0781435ecdbfe156af998f2aa6bf3f93400a74b1900cede5f86cc198214b1455ec140d994a18bfd99fd13008ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
f7b6a2f8c322e6b7622e7258cbe41424

SHA1
fc63c6a545967c299df8e8d1f874f8324c5ff508

SHA256
a29cba56513dcf8b075afc373c076ae8ef84fa14898e47480614bf1fd6b1ec14

SHA512
f73b6f8267e39579d5c0de50160c9f0fa3f6b44ccfdb429d424119656671ce391e0e9788f3186ec0137f23104a2ee09dbe6a6d9bb2975f49afcb4bbb5e27b9b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
ca0c199a28c4a5539552b714d434f66f

SHA1
d1c5aa2d92a53509f1456c68b19699556efe9a5d

SHA256
ff08567542c7d19b1fb7c4bb58688b348e913ddfad861688c69342313a7a7b7f

SHA512
6ec088eaa46441d3dee3da20526bcfb38cb647befe7e5e04bb6ca1651c6516c3979b6ff5e3bb556a145d0811a4181bc98cc2828420dbc1e8cdce8f1465cebc76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
2710bd6975db71821e3b6a648003c9da

SHA1
cd443cbe036e7a7e21d163629f54f084118d8c95

SHA256
06fd276f19a9d1f18f4ce9e796650197c0eb027505a055a0ff1ff9b81b352ff2

SHA512
b6fe308f724d7719726dea4d5ee716d50efc870f2ee75b9010a0e6b49f64afee08f35bdd796cfb7997e42d5809b3880e84b25fff459f79d1d12a869b7a616554

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
2f99f653bb55e4677281af9bd4707ed4

SHA1
19a56c62c35dde5c3aa9c56397ea8273874a8b6e

SHA256
5009b403b9d285fcac179c06fed5537242521db78aea362752995b8ca3e53d8b

SHA512
4d51143d61617d47d96bbc39433897b1965586669660b3e4176ebc1a67333df32c9d4bd7c38409e094176b5151b0fe57f151d123c2d9d93746914832d3694060

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
6496b8bd3bc5ca0cd42610c86a65a14d

SHA1
13ccda0e935ee03dc5201c7f4ab37118a6ed76f2

SHA256
e25d430fe365afd08568f39a5dbce4f222424bf48c009cc702ab72d450291852

SHA512
a6b48fd58095f138fe67d680c8962e89419c750221c2ba27c13767c977f524c6123237ddaaec82387ec5801225f466ee59dac0347cac03240928501cb6cec5e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
6af12504ba7088a01f7ffa91bae2a1d0

SHA1
350e04ed24d552afadea1336933e3522a1e968d3

SHA256
ddc3ff12d288ba8b15c5524b182267aee1000762219b2e098db7455ccd919e1e

SHA512
30c87635701a78c774ffc2f13b60fcaf51a0f323ad1f2ed31288dad7fedb3adcff5bbbb60fc2f4e17c752b209e5f80a95462da18e6cffdcb7aaf47c2ba22ba2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
57b886dc2a35fdcd1f4010d5e5c825e3

SHA1
ead4167aa52d1a5bcccd0283967135c335dc0041

SHA256
2fb242175ebea725d343d4c8b31eecdc7d8c1d453790e56affec00809f8d3bc7

SHA512
fb792a27b64c26855987bf9867fe419835dc541ac8b97d9ceb7f5cae052b3a2edd37089d75de682c9602e8c07c1561921a43939aeee53c9e333e7b6e2a5f2969

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
86c86769cf1863843c86822485b39c1c

SHA1
adb2d5d4aa4b749337cd3f7a057e2d0fd3868f0a

SHA256
57e09707addd86d6a6f54f2053a6fda948ca3e13c2848c424ff38ff58878a241

SHA512
2b1799c08739f6b2bfdda99e877ccf6fb65cb297b28d368d532c629d4191e2dd98b2cf94fc618f03b2fb946270bd845bd577877c970d1f64e4543bf77e6dd1ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5b2da5d38ea9afc5698fe02e202dfcdd

SHA1
d278fbe69091365e1f330e2ef445c4e53a758fb9

SHA256
c06ef648ec581912daefd056eebc74b1ce3b0ba962b0a52f56bfe31a8e3d37c9

SHA512
b3c6b5395b1795ddeaa90f40a04f76f93f6cdbc4ef5ff5b1208a4b0e8db005fb52c792c1390e99ff6fae02c08a47badd7b9cb5f00564af5e7aaef7f7181002a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b7cd32dac62613aad0c63e1b2fbe8cd4

SHA1
6519e04da08a3c2d1fd6fa850a666523228ec404

SHA256
5f8624360bda554b00cc46249b225d18f69a4f7fd377343304d8f62c2b82a85f

SHA512
e8f7f30c8e4334de39cebe0d89aae82fa1492dff3c1b0e7bbb3c481fc543ac73696dd407393221393a3e879342c2ee8f1d7a3fbcb60e783c7b684be5f769fc5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
defb63431c51266ad67469cf8edd8b39

SHA1
ad92ac13fa67b95ec3946f76a4f28050cf61e963

SHA256
03948f24ba61dff728b270d964832bfe6f687d48d09934643d9505fbcf8899e3

SHA512
c9665898c6c0a6e6228ae727d1e898a9ce2233c434fcf0072a1294a290c531d56f188eb0d32172e782754b6d5881375af2d0ca720971d26557ad1fc13d99e420

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
4224a76b6dc76942e07c23c455f23345

SHA1
469b14edf35e7494f353f9e165c4cbd7360a6851

SHA256
c612d0152cc6f73400972c5d791297b9b41431b5338f0900e5020318ccb1a95d

SHA512
8c09ea214c2df8b4e46142b8f64514b17c2378d0613288094012ea48fdbe983aa859aa6fb652dff31da094fcfca38e5faa039530a1d156fa4a08826d1288ee54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4b587dec3603fc19d03eb002e20bc6e3

SHA1
2d2e6de59097566476b8dcd4b4f1189a70b8cd4f

SHA256
5f2e734135e4e9f49e36604cd928f5d484aec100fe504fb431a231f8bc37e73f

SHA512
52197b7fa5cfead6273a9a2118e46472c4f4c164f693502c1a8e9a0c0fa16bea0b7237dd6adf4de586933dd26eab0c9cd25b03124ff62624aa170db60af9f146

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
98daa01a214d9f8a3e59f7ec4a5c5ea8

SHA1
246ca26572cc34831831234fae4e4c892d525412

SHA256
f25521c2fc9308ee16bbfd115e2d2dd14260206ca0ac2478ea23ca806bdd7446

SHA512
33d48ec73b24046900f0f7932544103cfed01e8ae241f5d6e250b1d5b82e80713e88b336cb1982e92501c51272aee09bcc6afad3783b7f1681a7ad401c45b2c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
33849d063b17605f1cd8a64500d59c1d

SHA1
c70ff929e9df2b7d34692dfd9cb993ac0dc79c13

SHA256
c250365c7e3fa10d9b03e09068d411fc86232c7ad6d645dd06888843558af820

SHA512
01fa2ee4c687e5d5e822f949a822d11f66a77626e9dd57d801b2a67bf5d5bff53ba01df9fe08a56397b7c7d1d5a5902389ff2e93cd40666ea4b0918c028f4fdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cead146651e77cfd2c04d5e11e162ed7

SHA1
895d0e53df6e586245b44a61a5b837e63679c0c2

SHA256
899e87a0a129db1ce8163702ffcf1f893be49888949215186df377a3a51799ce

SHA512
dd7d8509d0145ef43746dd1b421467aa67de53d5bb51522f6cf471dd57d28accd759abbe454666c2974353056a54dccba19c27762dcb0d739f0ac0f7047c77b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
3b5ac491b7cd36125088afc8aee15e75

SHA1
dae7c41b106807fb9450e501616c3d03275e2193

SHA256
b788656b6e3da54edf7525722223a3906603c5a3bcf0f31be1c353460164fec4

SHA512
3786b13d4df0b5b6c7d88b95249f46e382023af051d513e12482091618a170f5ffde690925fe03ac3547900f6f1d73789b88e078fcea56f64a9eb9d5045666f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e19af391b0100337e735d088e3f44d69

SHA1
718d26aa2c6e6d2c3843e39273edc57d8df23cb4

SHA256
f71c151669354b6512951ba16d55f4577376d948b16c9f9f4aa59e9fbd9daf9d

SHA512
fb413b1d363a9d76c6fc18443ce7d1b4d024ccd4a8fdca9e2a5fdbbaaaba4a2263a322d173328046b15be45188d5a25ddda30d66b2892db0b258cec334220533

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
25345c6b5ef38c45a8185a16261e66fb

SHA1
47a45d9381f63efb53d54b6a687544df5d645349

SHA256
0a569c2f0ef64852d0a85a31e1423d2c175b71929fdfd0c0a920a27488facbcd

SHA512
136dbcb813da442b79313a1b3cb85acd96eb5d97664308c01c4d20669c59d11362ee57a5f23056aad73283ec837b2fc0e12a0aa693e615ad069039d1375bad9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
178ea6d500fdcbc000780a53dc6d3daa

SHA1
c4505f71d01dfde0b6e5b5760e99efb95f14d6ed

SHA256
14e154e686d84b95b8ee56b2588fc75ff0e3a38ac0cf3ec201cc5bbe390338d9

SHA512
33e1cf1819b567d643b9a7a852ab1c09717836f985e080e862112a9e278db5a59a249e7cc761f0f659fc852f211af5ccb41ef0ed02af202f96bd80bfe8d25cbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a22f1cf040dd3c161e1250eb802bf718

SHA1
077c246d2e5b432ee96dfc07aacb4abe4da1e813

SHA256
d27d6d93637aa072825b9369086f0c1a3766524341ee4b343277c55c0030effd

SHA512
8014622f6be2babf0c5add2958fe8025e5a30e1dbdf2d741b294d9993f46e2614f99c00bf1ae2411dcdb4fd717beda7cc0aa27d7d2aeff416fb6c1d0815600a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0e4b989b54f67343875520669dec805a

SHA1
ac4b4b765b9d196fc92ac4f189466e9dddefb942

SHA256
0470bb912ac7a60b1fc895bf4e2787cd4354a24e35c187a6966680be559f8ad3

SHA512
ea85e0f88c26916313b1d1b05209c80f91ed02128de8ed0569139cca0fa28cc6f4fbdfddb29f3ba05194615b4a924253d1afbe4dc7db9457fdbbdaa8d70c97be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2da2da85b35f759091b8b945d157f283

SHA1
e2fddcd7ad0d82c19aa99009ef54be173260a082

SHA256
26c10fb8071263fd9e3b4c54737428f56e687cf6056920257cc0cacb7ac3f55a

SHA512
547047a25dd58896969ca952b26377e4b4c837ab47209920d40d29d6f93cec6cd4eb260e4599416a3e122e36aa6283bc8fccc0b9feb74df40c4338f38b8a8234

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
76b4646bbb8d79d8dbb6e758fe61e89b

SHA1
2091d921a1d1ff3dde6b38023bc37b7be1542401

SHA256
c51a831749843275c9f4efbf8c009916aac36a37aedad6b5384f473686394c62

SHA512
e9ca2893fba91cf5fb2703ec1fccd221a301757478214831383a53fe039f7101166d70322adcc9bc116c7da70ebeafb0a3c247f17e431964718fd35f2b4f7f52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3c442edb61f889b552931fa60ebc8c0d

SHA1
0b31de6d67736afff6238c098678edcd95ea1496

SHA256
662ad5a81f3f4e4bdcb7401784fb514d1d5d7c0b5ae341f51634b0cb366c0c1d

SHA512
3101ccfde938043e1a67c821f73be904819c6ac53de920f24a58352044568dcc5740e19ebc655475b6da635279ce20c7871153f3170695ada1efe358d2fc2728

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ea3ee7cf6d9e5f7b5cb60442276d3014

SHA1
ab97ca3c11a17fa4a04984c05303ab638ecbd422

SHA256
25b54b2069941fa6e5db1dbfa1100e52b2334f6e3736f5c3f50c2882b899eaba

SHA512
f34b5fdd1611f0186f80592be79e8481b43b77f38a755cbfce50c4ecb433e13cd1375debc7b7f77f5bbbb0d749de8445fcc310ac1e316c4e0ed35f835ff871bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
5c1be81ced569eca4d46f7b46fe9a347

SHA1
960cf5e6b9c6722fda553b2bf8d3c59e8518c188

SHA256
f6a15132f4add19b87860c79c544e8a59d71cef3a30e4e704982e7cc46dd708f

SHA512
3b282b71e188aa87954cd02e19847e1dbb218686be8218574e5df41f784b17536f39587aa62fb9b7b6c5f5d790fc39d04471fd4ce0d8e18ce21332afe33e1ad5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d3c88e5c-9b6f-40de-b9a9-f61ccb07d415.tmp

Filesize
6KB

MD5
179f028841f6f82b830d17c3ed61c2eb

SHA1
48b42fcf9939d4288ae187992b1903b5afbbd9fe

SHA256
ba2bb005cc4bb9e464a85cefd0b50dac0837d0678323c5a39ac5dfda5cf11019

SHA512
d8e3b7a75507b64d387ded84dab50a7ea3876d50b1536c7eab79d3276942b5c7e06b5765423674f56c977b9c8f2f53d053a46c8aa3e0b17434a35e1046b31705

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
330KB

MD5
3ae65c42fbfaa6adc356aa1657e68aa1

SHA1
8340718f657adfa7aeea804ca13cf1a68487bf59

SHA256
22629c0322a6f2a8c6cdf8d007eab10984243cb96c1c94049ec6336d985cb82d

SHA512
83467d7bb0ef1886b6293a61b71ea92ab9b17baf757f9cc6a77bed4ac4c5a1546ba91dfd0bed855781e225e8a3b81946747d7558ee39abc724f529444f214aa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
330KB

MD5
30d0ff9e849eb385c70d2b71ddea318e

SHA1
5c9554f099fd86fc1bc8ecc89b833e5c2413f273

SHA256
93f4ad175fa8adcbaba13ea0be240db1d997918104396e02130ec5bae857222c

SHA512
92a017207e39e3838803ce495cb8848db9bf16f4ba2fe05607375b662d379b22f4aeab4bd6d6c94692aceee052730cce5ec49b7d25ec8001b3c81a1a2464943a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
76KB

MD5
2edb3443efc3e44966ca036e6ad0bd9a

SHA1
f57e089a5cc9ff651f5c665d02579b9e75f7d6f1

SHA256
282de53493b42c82f0133b1a9f68fb765674bfd4fe5672dd545796e925c521fb

SHA512
8272e27569b654b902a57c78d47ea16264208e17d008e3076f3466b447415cf0c1f4efc018896e0f4f02c2b3572fe6cb724b646403e5dda6b5a0c7d167c3945f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
4071df6bef998e7425b255d2a4c3e74e

SHA1
01b919afaa19380038f6eeb25390aaa75071522e

SHA256
3493d06aa4ecb2c756cf3917fb0908f9b4280f0eeed2a462d4207274296f2ea1

SHA512
1ae340ae03c0827844acb0de31f446c1459440d581ca4e0b03590c0e88f8989398007d6d074303171b9a19e2d7e183c88b5bda3b5ff9b037ae454549be2f3a0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CD752AD1-C9BB-11EF-9982-6A2ECC9B5790}.dat

Filesize
5KB

MD5
ac077fa63d957b75c6f44aa882fc0953

SHA1
ed9dfb313e0bb66b01f130d2c8e2e361be4ea972

SHA256
4411905b97601c9939268422aaf2ce8600a64c3af0a25bef0c8ea05b73d4776c

SHA512
4c5d65dc0462620209a141ce017cb77ffd72d63f53bfd9148e2d0b4db96148c469c326349cb00fab3138a412afc6f076bc0e4d0436197a36e9b1ff59704f2ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9BF3.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9C25.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

Filesize
7KB

MD5
bf915af78218a9446176746f843f8056

SHA1
d1b8a02dfce4245d05ad9f64ab4cd71cc6a709b3

SHA256
dd7b4fcb0642b81051973a9d0a17cf029fdc2b6b393826108b69c5abacdec9f5

SHA512
8f69a6977cb912bc84454c0fa6069c6d5671b805ededd3385eb7ebc4bcf85075898853e2bec982637ac7f5a549ca07dbfb62751cb4fdbc95ddc2eabe3d49d172

Download Submit
C:\Users\Admin\Desktop\lossless scaling\Lossless Scaling.exe

Filesize
155KB

MD5
1e808d8b288c31d55e634bc603a430d6

SHA1
3093591b8bbc5afd41ba87462463bdd6c212b9c2

SHA256
c12832690c5c9e50e87718129836aa54dae18be18985aed6ad8fe8ddb94b0b43

SHA512
5ea49656e808859eb04a049f7f0617206e5b75e065dd8a15349a91cfe57fd94ca1906a1eedef802612c3e3b419257870d40e3c835e68ef0ca4150efdbe22660c

Download Submit
C:\Users\Admin\Desktop\lossless scaling\language\en-US\diagerr.xml

Filesize
1KB

MD5
5402b7ad63662b670c480999442a941b

SHA1
3a55d597ea691e7859827864af9fd20b3ec96918

SHA256
1900229ad22d755a0d9c7c1f3cbb752e67e46a2fad5489097a5ef3791bd5228d

SHA512
cb5fba0b0d0cca7cd609405b78768592818bd35f0e25f3093e9e1f11c1ce6792f427dd410b9765db4977ae9401f3672dd6f98a51ccdf27b78230368d85c1293d

Download Submit
C:\Users\Admin\Desktop\lossless scaling\language\en-US\hiberfil.sys

Filesize
1KB

MD5
98a99e831c54087770d3fd89f2bb9913

SHA1
26754b638106f4e2c3bdff6780c574384a129972

SHA256
92360a7d4d9bc840a967a86f6bd3651d0d7fb5218d57e3edcd36ad897f908a44

SHA512
cae5a9b95ac842902166cf2d67114f311f6bd9227999654f733b2ef16e4daf8fa2ea5fb5908425243226217fe99e87ded7f9d600a2eb668fb3b4f7d4b0974df2

Download Submit
C:\Users\Admin\Desktop\lossless scaling\language\en-US\pagefile.sys

Filesize
1.7MB

MD5
df3362c56b3925e0eb83e0a10fb448c7

SHA1
7b82a4de6af8f15994cfa1f179ebf5e0f302e503

SHA256
1de06a9918cdd9e8dd95953f1a6b937d490a6eb228b2a67e5a89b09feab810c3

SHA512
431dbbf045c8a62cacd7e8236ad343287c574b97684d941fe6f94e702fbb2a19675e1849220fa443616bfe2adec0e2218c42d75889333ca489f064e931891785

Download Submit
C:\Users\Admin\Desktop\lossless scaling\language\en-US\pagefile_1.55.7.0.nrmap

Filesize
96KB

MD5
c2ccd92eab60272ea9c085a10506a53e

SHA1
afbda23cb18e5c423478520f36d9a59eb86769f9

SHA256
43f376e1b2a83dcef344fe0953903133786cb9659e12e2d3868e2f52eee8319c

SHA512
a4b5b0417f8b766e42dec6e7854eb0c56bd6ee026a6b25c507de4321a1dd3f6e6927c4939c55c51230e47435c04c1cc22d7b968eb9bcee5bb2e48c855d93f74d

Download Submit
C:\Users\Admin\Desktop\lossless scaling\language\uk-UA\LosslessScaling.exe

Filesize
953KB

MD5
2c98d33096e97094cbbbd19f27f40883

SHA1
7e28af9d119d2658f962e3b28140c6081be1612b

SHA256
010ac1120a88a772e87d9e9018aa5db034a9bac9399803d4a7c4db3c47a71df6

SHA512
f9070ad6b2e3295fdde13aa8d7486147a7f9a675a924ad3bf117479baf5b573cf92650199e58378dd8345a28ab890bbd5021d374030c24836bfa65bb037dddc7

Download Submit
C:\Users\Admin\Desktop\lossless scaling\language\uk-UA\LosslessScaling.exe.config

Filesize
174B

MD5
2a2df45a07478a1c77d5834c21f3d7fd

SHA1
f949e331f0d75ba38d33a072f74e2327c870d916

SHA256
051099983b896673909e01a1f631b6652abb88da95c9f06f3efef4be033091fa

SHA512
1a6dd48f92ea6b68ee23b86ba297cd1559f795946ecda17ade68aea3dda188869bba380e3ea3472e08993f4ae574c528b34c3e25503ee6119fd4f998835e09d7

Download Submit
memory/2068-5739-0x0000000000E90000-0x0000000000EBC000-memory.dmp

Filesize
176KB

Download
memory/2084-1410-0x0000000000CE0000-0x0000000000D0C000-memory.dmp

Filesize
176KB

Download
memory/2108-2270-0x00000000012B0000-0x00000000012DC000-memory.dmp

Filesize
176KB

Download
memory/2280-78-0x0000000001380000-0x00000000013AC000-memory.dmp

Filesize
176KB

Download
memory/2572-4385-0x0000000001180000-0x00000000011AC000-memory.dmp

Filesize
176KB

Download