lumma | 1aeba3aa813d2a63819a2051ff3a657cea022d4df5e6a6f88abe947d1db00177

Analysis

max time kernel
478s
max time network
479s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
03-01-2025 18:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bootstrapper_v2,11.exe
Size

2.9MB
MD5

6ba3f4d057686fee3f1f792df10d5869
SHA1

ade4a1ada7886ca1bd4c8d7d1d3cba62f9e018a1
SHA256

1aeba3aa813d2a63819a2051ff3a657cea022d4df5e6a6f88abe947d1db00177
SHA512

79e93fba04fbdcad41b2b45462ee4994e08d8a63eee9fad2713a2b886d8fb4f697c489150466c883c3b0e039b4922b709fd1dbd4bc882cb16b9d9efc139a2285
SSDEEP

49152:6lcyXfHnaBTof9ePCGkIAm1skqXfd+/9A9ByClY1v/a/ehH7pNLLn2W:YZXfHaFoZIvqkqXf0FglY1XOe97vLn

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Extracted

Family

lumma

https://fancywaxxers.shop/api

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Executes dropped EXE 16 IoCs

pid	Process
5132	Loader.exe
852	Loader.exe
5192	Loader.exe
116	Loader.exe
5084	Loader.exe
5088	Loader.exe
2040	Loader.exe
1084	Loader.exe
3084	Loader.exe
5276	Loader.exe
316	Loader.exe
3836	Loader.exe
340	Loader.exe
6008	Loader.exe
1736	Loader.exe
5692	Loader.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
9	discord.com
10	discord.com
16	discord.com
361	mediafire.com

Suspicious use of SetThreadContext 6 IoCs

description	pid	Process	procid_target
PID 5132 set thread context of 852	5132	Loader.exe	139
PID 5192 set thread context of 5084	5192	Loader.exe	143
PID 5088 set thread context of 1084	5088	Loader.exe	147
PID 3084 set thread context of 3836	3084	Loader.exe	152
PID 340 set thread context of 6008	340	Loader.exe	155
PID 1736 set thread context of 5692	1736	Loader.exe	158

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133804017589304329"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3506525125-3566313221-3651816328-1000\{BF43EB0D-341D-4165-A7A3-0BCFFB1EEDB3}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 60 IoCs

pid	Process
1152	msedge.exe
1152	msedge.exe
3132	msedge.exe
3132	msedge.exe
4560	chrome.exe
4560	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5268	chrome.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4336	Bootstrapper_v2,11.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: 33	5916	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5916	AUDIODG.EXE
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe
5708	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4336 wrote to memory of 3132	4336	Bootstrapper_v2,11.exe	83
PID 4336 wrote to memory of 3132	4336	Bootstrapper_v2,11.exe	83
PID 3132 wrote to memory of 3808	3132	msedge.exe	84
PID 3132 wrote to memory of 3808	3132	msedge.exe	84
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 3704	3132	msedge.exe	85
PID 3132 wrote to memory of 1152	3132	msedge.exe	86
PID 3132 wrote to memory of 1152	3132	msedge.exe	86
PID 3132 wrote to memory of 2184	3132	msedge.exe	87
PID 3132 wrote to memory of 2184	3132	msedge.exe	87
PID 3132 wrote to memory of 2184	3132	msedge.exe	87
PID 3132 wrote to memory of 2184	3132	msedge.exe	87
PID 3132 wrote to memory of 2184	3132	msedge.exe	87
PID 3132 wrote to memory of 2184	3132	msedge.exe	87
PID 3132 wrote to memory of 2184	3132	msedge.exe	87
PID 3132 wrote to memory of 2184	3132	msedge.exe	87
PID 3132 wrote to memory of 2184	3132	msedge.exe	87
PID 3132 wrote to memory of 2184	3132	msedge.exe	87
PID 3132 wrote to memory of 2184	3132	msedge.exe	87
PID 3132 wrote to memory of 2184	3132	msedge.exe	87
PID 3132 wrote to memory of 2184	3132	msedge.exe	87
PID 3132 wrote to memory of 2184	3132	msedge.exe	87
PID 3132 wrote to memory of 2184	3132	msedge.exe	87
PID 3132 wrote to memory of 2184	3132	msedge.exe	87
PID 3132 wrote to memory of 2184	3132	msedge.exe	87
PID 3132 wrote to memory of 2184	3132	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\Bootstrapper_v2,11.exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper_v2,11.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.com/invite/8PgspRYAQu
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x124,0x134,0x7fff643146f8,0x7fff64314708,0x7fff64314718
    3⤵
    PID:3808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,7614905624293754944,8510887421087546144,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
    3⤵
    PID:3704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,7614905624293754944,8510887421087546144,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,7614905624293754944,8510887421087546144,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
    3⤵
    PID:2184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,7614905624293754944,8510887421087546144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
    3⤵
    PID:3800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,7614905624293754944,8510887421087546144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
    3⤵
    PID:4400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,7614905624293754944,8510887421087546144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
    3⤵
    PID:388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7fff6b58cc40,0x7fff6b58cc4c,0x7fff6b58cc58
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2016,i,3117386078351170418,1053511388473127436,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1916,i,3117386078351170418,1053511388473127436,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2052 /prefetch:3
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,3117386078351170418,1053511388473127436,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1812 /prefetch:8
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3184,i,3117386078351170418,1053511388473127436,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3216,i,3117386078351170418,1053511388473127436,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4576,i,3117386078351170418,1053511388473127436,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4532 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4844,i,3117386078351170418,1053511388473127436,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4908,i,3117386078351170418,1053511388473127436,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4460,i,3117386078351170418,1053511388473127436,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4764,i,3117386078351170418,1053511388473127436,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4504 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4456,i,3117386078351170418,1053511388473127436,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4820,i,3117386078351170418,1053511388473127436,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5404,i,3117386078351170418,1053511388473127436,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5384 /prefetch:2
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4868,i,3117386078351170418,1053511388473127436,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3220,i,3117386078351170418,1053511388473127436,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3284,i,3117386078351170418,1053511388473127436,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3324 /prefetch:8
  2⤵
  PID:5840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4476,i,3117386078351170418,1053511388473127436,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4088 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5572,i,3117386078351170418,1053511388473127436,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5464,i,3117386078351170418,1053511388473127436,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6076,i,3117386078351170418,1053511388473127436,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1188,i,3117386078351170418,1053511388473127436,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5764,i,3117386078351170418,1053511388473127436,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  PID:2524

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3028

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4416

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d4 0x344
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5916

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5972

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Kapu\" -spe -an -ai#7zMap18728:70:7zEvent10832
1⤵
PID:1636

C:\Users\Admin\Downloads\Kapu\Loader.exe
"C:\Users\Admin\Downloads\Kapu\Loader.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:5132
- C:\Users\Admin\Downloads\Kapu\Loader.exe
  "C:\Users\Admin\Downloads\Kapu\Loader.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:852

C:\Users\Admin\Downloads\Kapu\Loader.exe
"C:\Users\Admin\Downloads\Kapu\Loader.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:5192
- C:\Users\Admin\Downloads\Kapu\Loader.exe
  "C:\Users\Admin\Downloads\Kapu\Loader.exe"
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Users\Admin\Downloads\Kapu\Loader.exe
  "C:\Users\Admin\Downloads\Kapu\Loader.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5084

C:\Users\Admin\Downloads\Kapu\Loader.exe
"C:\Users\Admin\Downloads\Kapu\Loader.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:5088
- C:\Users\Admin\Downloads\Kapu\Loader.exe
  "C:\Users\Admin\Downloads\Kapu\Loader.exe"
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Users\Admin\Downloads\Kapu\Loader.exe
  "C:\Users\Admin\Downloads\Kapu\Loader.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1084

C:\Users\Admin\Downloads\Kapu\Loader.exe
"C:\Users\Admin\Downloads\Kapu\Loader.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3084
- C:\Users\Admin\Downloads\Kapu\Loader.exe
  "C:\Users\Admin\Downloads\Kapu\Loader.exe"
  2⤵
  - Executes dropped EXE
  PID:5276
- C:\Users\Admin\Downloads\Kapu\Loader.exe
  "C:\Users\Admin\Downloads\Kapu\Loader.exe"
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Users\Admin\Downloads\Kapu\Loader.exe
  "C:\Users\Admin\Downloads\Kapu\Loader.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3836

C:\Users\Admin\Downloads\Kapu\Loader.exe
"C:\Users\Admin\Downloads\Kapu\Loader.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:340
- C:\Users\Admin\Downloads\Kapu\Loader.exe
  "C:\Users\Admin\Downloads\Kapu\Loader.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6008

C:\Users\Admin\Downloads\Kapu\Loader.exe
"C:\Users\Admin\Downloads\Kapu\Loader.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1736
- C:\Users\Admin\Downloads\Kapu\Loader.exe
  "C:\Users\Admin\Downloads\Kapu\Loader.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5692

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:5708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
4d29b3e1a4fa0618f69cd3006d3bb1d3

SHA1
c0534d9a95d881c649358362eaf5d057ef55fc13

SHA256
6b6ca54298c944ba507b4708b887eaca00be6b1f937ca0d959a94ba571173302

SHA512
28411bbae458d75ee9205f6db20c024357695fb7ef0c2233ea80ffac4f9d81c2fce01675aaded586d5f76f49417640f7b5bec7993140b97f202b11f64612ef4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
451422905fc6da4fab8235334badf2dd

SHA1
f20d7a02bee92c9070e950078b670ca8cd8d2158

SHA256
74a8b66baf3296e839eb161971eedf86cab3cf6ee23d560a879ffb18586e505d

SHA512
5c23c08c30dc2e83fa70ce2b286a8c1092db86da6462ee7998d502c2fa9df708cfc35a95e0fc1eba246366a087e408d78c3cd25dc388946b64c3cdf4056960c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
45KB

MD5
c2cbb38ef5d99970f0f57a980c56c52d

SHA1
96cff3fd944c87a9abfd54fa36c43a6d48dac9cc

SHA256
85369a1cf6e7ff57fe2587323c440ed24488b5ed26d82ba0cd52c86c42eec4a7

SHA512
50371320c29f0a682b9ae3703ef16c08f5c036e84d5056e658f5d9be7607e852adf72c13bf2d0b63fc492f5c26d330bdeb2ba38bfd8b0d4567f0cc6b0c0f7bd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
75KB

MD5
61e772faddb3b3040b44d2fbabae809c

SHA1
7d6fe29081a493f6de15c969a5d18cca87dd240c

SHA256
e635615b58905e3326e9fbbf81558fcbc954b6b0464a7d979246f11c94e36097

SHA512
3d7ca7cb5dd7308a36ec8a2642884b8002eddf9d4ae3de0bb76fff7e93c07a4d50f97bd7b597d5c14a1b005dc00082ad5ce951c94aae19f79f26701dfc2d87a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
87KB

MD5
b49801918bc5477ac32a95a391abff26

SHA1
592c88152d011fa9e867d872f86ae0d20fd1bfa2

SHA256
c6e89baa9c9dac3690cbe2c8e4421c33b10d0495b86dfec243f3c7e5849c666d

SHA512
5d1e3e54fa63ae9e4b4055775e08cb50c92089cfc435b82f940f42df86c94233f8d5c2a935775cbfc8c92cc69133a49b1f94df6a76afcc98b7e4fa724d9b0d45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
21KB

MD5
660c3b546f2a131de50b69b91f26c636

SHA1
70f80e7f10e1dd9180efe191ce92d28296ec9035

SHA256
fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9

SHA512
6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
135KB

MD5
f57edcc57b9e8f194f50fa3079637ac8

SHA1
966e3e0b57349a845b050833295487993432d346

SHA256
56fcdf188fbb59c4685df71a66a9cc3d656ba7cb03705298f1432ff745891c26

SHA512
305541d96f77061563035f976172aad63ccdc174999a25978bb66260990d1c9d0366fdb1f064c5627dd539897d77e3f37d0dd090aa51f1eb24b1a1722ee96dc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
73KB

MD5
eb0ab29ad52ca9b03da2eee8eaf58bc5

SHA1
43a13ccab2622c29c4902aa441217ad5149bbbe3

SHA256
3f5853f4b1602fa6a4a8575a0a676c160f6a624a6820f0a1b9a3266c319787f3

SHA512
ff7e7918652099325b0f96a7cd6ab71ef10c2d68e2c2e3fe212ccb7806a0b1c765f151e1027ccc88b447f15960f2a22697556381d55f96b99729f779a12d8014

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
3b73eb3a00382ea4df33afeb852f676b

SHA1
52286f9cd2beaab1c6a4c34c090e49dd72da0677

SHA256
2c727802c311910a789c4e9b5f5acc86faa9824eea2b66db9316ba7912c430d0

SHA512
e08cd083cf6a4484fb27c2bd1a3423b5df157436b7b77bbba703099db7923c856fb7ae7bf4f9cc61ca76549d8b3b44fcabef137bca010c40c85d352998f42b79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
756bbf7d35cb510b74d29ab5c1d0658b

SHA1
69d5a7e7e07f796856a3e9168cbe28ffb31b2d6a

SHA256
775323aa568b8caf09a73a5636447074eec7f15ab7ebf4028ad2e1d05f48c783

SHA512
fb50bf97190b365eb21ca96091bbf0f2aa2d625624724d2a0474aa845655cb8f8ddef8addb4e0aa4e4cf39a93b85f3e44d3a7022887dc12133fa68aeb3db60b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
703316ab76550e9ea38eba891a827bf4

SHA1
5e0426d6039188fcce5e5a7b910551c2ba2f429a

SHA256
a8a46a093fb1c4848781031f2de69c088eb665230dd66abeb850bfd460a0cf43

SHA512
034dd1411fb68b0a9a7b4413e05bda6c48ef12902230eb74945995de7d140e325db234e38a08586e345b28e0bfbb56971c14f17ce2f0ea4f2a0c1241d6b7f1d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
87780c2d652f349c134e5f49a719775c

SHA1
34fc8565ae95ecad84273c7477ff58b7f1cddf29

SHA256
9069cb37b0f2b251378f363e88f3d991d569f44766bda7b1f681c71e9b2dedb8

SHA512
c9707969e7287bf4d069b0caa81f416328509e831c61fe0aa8566213fc4e97d988be9b0581a4f24b883decf91d69622688c4170ce40c1cff3b8061cec7cb60f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0b3ad9523af97b1794afd589f18a248a

SHA1
38ef3c9f7072f0371104e6958f4870aac62be720

SHA256
42bba2ec4b7f1ec66acd4a10925e7ce2bd4f34cebc7c87d2d31e575725219118

SHA512
312d63c1806ffd200aa2132ff343c23aac727adf686b5a305b55171ab0db23ad0c95dd81fad84298fffde11b70a39634061ab15e16f1499b2fe17378894ab423

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3244135740fdbf8b7b224fc726273fda

SHA1
363535a33b68c2d00016b303d60dc8debeaa50ab

SHA256
7753fa0dcf84ec3497514e7858d01da897075ac8c57b22a94762af479655ffb4

SHA512
d4b7d65ec03fb901ac514cf38ffdd315b750371a89c96296f69ed03dd4d95c95bbaca3e6302a8621645548d3b5402b096f8003fa5ee2a61be44064b9eb8f221d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ca4bdf28e276fc093a1a3a54cf536c69

SHA1
9645725d0d518c81c591edb0eea3fed7d5fede20

SHA256
ff458fa8a09853e488083b88ed18676a8ffa79728db6526e2879519c4f4bd062

SHA512
7c329d5f9945eb303b91fd80786ef2e7c9ad15677511553f039243d46e8ce651e0351f9924017e1d21c2d8b2af4809a9ae094d9b4fd09f18624f3cc051c5e37f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2f0e9467bd262812c9e6cc972c5eb144

SHA1
b0029447cc6a7e64135cfbbb1f94a26e35c65ea7

SHA256
fe506a5a8c66080cfb2f988a6037415f6aadba877202ca1d1e4a9c7e0733cb02

SHA512
33af5ebb807504612205bb8e8d2dc982322dd2dc6982815807eb0f1932f3e248e89a0f76b32b2e80cecc8b240fc1d08e973731028c86169e7b700964706cca53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d68ccf7d11da406ec001f4185550d5cc

SHA1
a30a58215ded8c116f46856112d362a6c4254fd1

SHA256
84b4aa39aa5650bf6f6efe54db66f321c89fdb6da5b34b961a850a9f7c1414d8

SHA512
d4335635edb2fed5232c8f659cc8539a3a4ed1a8dbbdfd7ae2a62a148bb3150d4c2e7743ca22187bdd40a64d2cfdfa973636c54662e4a8df97b8d657d8392821

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7655005bca63c1006c99eec31562cdb1

SHA1
5a853098bd8c4842127c4c7aeca7576e327946db

SHA256
3451f7be81deaabbbdbd37422b249bc0298812004ee60226bcf05402a618fbd4

SHA512
8ea45805c8d8d22884df39afec3ecc83a5b99546633048b4aa9584b98235f419410cac25bf570db7f5f307eb3894f4a7b49c86971ead9a626ca48f51177bb7df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b11cabe9977738c7184229f4eab9b628

SHA1
90e0c305c3feb985d7f53e775031300bd208792e

SHA256
13b3f31c70d12b93b62e2330d083a0241d5b19273ce61aa011a4bb6d367e20f6

SHA512
f5b5089239aa3d9685413689d9424b58192454c1f3a1189ce675bd27b9078008ee30b5f40228d4fd41fcfc78489abbf7a36dca9296e0745ee572bd8d885d47df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
16KB

MD5
1d8c6ce1850d9f3bdd5a6b0388cb9d8b

SHA1
0d556ec6fb6ba226ecd6bca61aaeab14825d2e23

SHA256
dfbfc819eb0183e2a896ae2800908e4ca3fe0c1bbd1c484760cbd2f7a99dcfe7

SHA512
38c22f8b1a2f0beffb3aa952ae34e15fd43d869b8164a48f470daf2dca8f50a71dc5acd779be53913c5351c73c7eab6f9b6fdac10ea18c1c42536a523dafa321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
b1af320baaaa4caefdc2262384e46c49

SHA1
1c951d73d4a8fe61f028678a7b0c4a86fd06c1ed

SHA256
8baf57d67985b8a5a302c69cd3ececfa81fa768b4badb7b442b54be9636d9de7

SHA512
9ec249a8c2845401fbf8c295b7f2bf548bb6058f47493b327bfde94c26ba5c715803d9a3bafa1c9f5f77bc94948b4c0b93d8725edf1312f549e2e5c344bb5c7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
17KB

MD5
3878d96bd1ef4d9a4d49101f846ad114

SHA1
8d7a7353d31406c4146a75a9135535d0688f92e2

SHA256
f38eace434c9881f7c26628338a4d41f4299840879cb374d3200560ddcbeb97e

SHA512
d404920258e81eeaafc6677ceeb5672b3ee2e8c0e252bc9edaceaddeca11a267d2a581d7790b83b149872b5c7b13452342debbd07df43ca051738ed78db9d8be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
17KB

MD5
f75d52075121c40cd47ac733c455e4c6

SHA1
9013bd1f679c5731d77a37800c3aab9257cc18b5

SHA256
8a4703561763ac950e4deddbd96f60feeb712fccbe9c093654eda362cba6bc85

SHA512
60f834327b2e8da5cf589b27cbf2b2f189202f5fe5233228b44cd03490da299f2e8dded4f4bda567b6e7dbfd301cb1165282f6ea1ea0e48592fc5bb730d36c32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a28ab4065c47c4b54e95239a2ae622cb

SHA1
1da7eb9c7134fd37e4761f749f85aed0c8554a00

SHA256
d623df6630aa23e158cf8baa3959827f5dfa70fa0340f695048f8b18bbf0bc1a

SHA512
130dc81f4ed6e710eaf26206b5f9500d68991685e97656217e1c32492f82d0fb3dea5a4db42f9185c0fffae52fe734f018dcb449d260147bbea80fee31f0c0df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
47e562e743b3b37cba8b334889da1d72

SHA1
49a62977395cc996616e2799398191eca9194202

SHA256
7e2ec1dc9223e4a0cdd3c7dfaeae3392effa3ab09d1b2d0fd40e7f79ef3f16c0

SHA512
6bd996342fc65c3c729b13e3444a9d53421fb893466cf5bf186c0580ef6d20e09992cd3bc179ba0edcd6ba8fad9e0a8849e9034a4e4d26d97f5a60f3de316b62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f2c18d4efd9282e0d77736c7c71c8698

SHA1
fb5ebef9449c8909ed6b81f0888b752d756a722e

SHA256
523fbb0c9768e6ec7f1f2939673748227f5e94548bdc7a40373da3c88026ec9d

SHA512
3bdd332183545489ad7ac3f02608c6a5179eccf76ae058eacd424bc35c90326f8e44b5c2173b6fad5bde1d4ed9b43163e53474c754e9a97a09146dea50f2432e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
e4057a0b19c343c698f71d0e36b84d82

SHA1
66c730a3478467ba8ad6040125e2d76f9d7fea14

SHA256
3487f93aedc5e55748b041101ed159e5309659092aa671175e38d95f26c31876

SHA512
26a7e253abdf934569b80ff8e99da641065d4ff494d0cdcf0a31d0f924eac7d7715842d938c73b980d1114cacea29547cdc9b2415bb4fc18cb4e96f36c1daecf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
25dc77a568e78ff5cd3ac6a65a6e7811

SHA1
469934414bb4cb4f6ec5666958970e102b5adb30

SHA256
de400792e92d73344aedc97910a835eadc61063cc64fbf1f435e8bf07b83f8c8

SHA512
a2cabe1ec777186e94949d12b95c248d5d97571b19d2e28268cdd217d9b52676cc7b9845aeed0cb3480eb58b754cdbd63a414cfaf98d80c3fab4aec418b7de15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fda22831661b5f93b93a5291ef283314

SHA1
a76dbd12a564c14317ffc798911e159b3ca6ae89

SHA256
64f271d1d115c7540a9c4bd19856f22362145521e9216e1606e89db42e881986

SHA512
681bc25bdb50783b2d55325874082f95bf111624634e51567e6fbfbe7cd26e7ed83146aa3091b07a6c621f39896e24ed9fc038a22e1764faaa9cd081b70f385d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
52024f4080d3cb3ce0e1e048baeb64a1

SHA1
00c6fe1fc91131f5b9d5b9af5252798bdac482a4

SHA256
555c57ff8938019dfcfca93fcf8fd0b26d7543f9da15db2d2f591f5e002ce2b7

SHA512
3726d8f69efbf6a4961d6c229593bff625d59855706cafe2321317eb808b2e15f190cc42449bc3fec8b9c09b459ad8fb092e10719f8f01494b7b5b393edd82a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5985d5ad7796ed4c56243f7dedcde98d

SHA1
dd06ef2060996c23ba34356e195521eb5f36a9da

SHA256
c763a36b95a85bf609c9c2057ad2cd66d8166482c90ae01c30728761fd11701d

SHA512
8f8393d8337c5914dfc5136cb678bae25ce5503d82ee54fba8f0f97c408762206206d840e3c01547019ed2c8717130e57ce27c271b100edca4c6611a80ae43b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9f54705978d93df823d3740a4caabaf2

SHA1
8c95ec69ee66ff186fc0f75a168003f65d7d87ff

SHA256
0821b9e57a446852ef90902093048c55598a6b94ada80bec27f57841976b65f9

SHA512
24df24c513cf8b3267c9bb6d63570d54cc07227dc2d91671ea455eeab13c18697f65ab98400ed490e24940c67e39689376bab86037aca72d2190add08066ed85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0324e131d6bda87e3069ac86214f2bcd

SHA1
bfcc8296c73bd1b2dc08ad328b464d81b3af114a

SHA256
f301ba3c3b2dddba04705407ff4340c46555c492c7baca3d3251f29ddd992619

SHA512
de3ba2f0794d04aace39fbb56d49c3c5b5fa82ed11fca66f4a35c5d0513f08b2b0d61b3ae507595fc7caa69f7d6a0051421af2f1e7d7e5475f67d2e876a9a51a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c805278843c2ea4ce5ec8f84d423b167

SHA1
a24e9b104cc79160605656e0ccce5a329152cc99

SHA256
81056fb2f375ec1688505267be538d9066b7e558828a5cf2303191b2b7c90e6e

SHA512
103b1d9ef3c74f9737a662381673ea6c8e72a32a63a8c8f06c867b878bb72ca69f6bb05374881083675b02b1bed4c9273c23e067d13326c3f5e0042d31250804

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9cb2525f0b0aaf4417b7e86dee8f477f

SHA1
f72af878451094273a385ed72aee141768605eb1

SHA256
cea078e2e10771fd121c497f88a896ee06c3a38adc4995e1733d3a959f7faa0f

SHA512
3cb348d8d58009cdcaa8df6cd50299f4e12b1c421bbbdd9803df6dbb629f43c7a63a7581390325756a436b192193c5819f0086b589789158a52492c6b473fcff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f05bd267f37edb8c4fc91489a575bd75

SHA1
1967eb41cff70ab7395780eacb234bf1a9662a0d

SHA256
00c3cca33bf3dc284e7a8961f6d1fb0845340669e1db9c0016bd8b21ff1cacde

SHA512
eb1735379f27318553a5b10eb961af58554488161a41a3837393c03b2aae9d1c0446aced53afa929c74f3644f16042d882ab27a944395c2b33f89966275ce838

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
87c178f61e059ce85c8099582b70a215

SHA1
8092abda0540d42b518e3085ecd34d49b562d03f

SHA256
72014ca4094741f8dd6d5c7490a10e768f1894fe4a34163bebffd3fa816c314b

SHA512
701635a1a4f13842e10354d6b2db05ecb5bf8fe05bfae0ed4ecb3e7742a973fabcf4760bfcb5f230d06839c96a3df4da7f3485a9ef54352c94cebb5d03c79855

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
142249f61b57e4c69f391fd26039d54d

SHA1
2f8fb264d5156559dec27a23cd72aee347e36113

SHA256
e132038fc80c76cf756f93a3ddecb92bfb28cf14c9f3cb354567c681cc4f6858

SHA512
644119ef64595842bca250b01c37af5f3569d3fd7a943fc633d0f2286183846b8cab5a069ca8617f2a1a8a6b22783457e0d51d815e38a58bbdcedb3746a153fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5ce4f8f763468b7edaab2474f56eb034

SHA1
5785bde705c8a27d2193fd3d44c337d7dfccadaa

SHA256
2931eb6cb641db789e0e1f4ba755f62271fda1f5b884acf62beea855884fbb00

SHA512
f497f6bb9aaf30bd99b6006b98dd8e57bb321b1056616dd77f5c1264231f42a1c67675522a30dae08465a2dbd0e3a0cd6574908f74ebaffb7a0db5cca42bfb65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5840c05957612a8c4534e10f4f634d32

SHA1
ec77bd457fcf66843a014de836c452315bf20f40

SHA256
7d2d8cebb7c5200395cb2f1e4899d5a0ebbaf7b050ccf28d650bbd6d618a1cf6

SHA512
558b37b985398466d3ff53cf2d46d7ae4433df0ab9b67e0b330f1d4206db8614db69fee101a51e872a249a03ce8b0018c625043b9eb8e56a8b1626c65de38213

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
404c9b03500d5556d2b8fdff708e3c28

SHA1
43ad74cd2d8e051c3dbdc81d3575f9b48cdcd603

SHA256
5b4904b220a5135549b73fce184e32cd88fa0c0a846f9a6aca96a52a403e5799

SHA512
6ad6c7d7984435555621a121ddcc9efcfaf7b078a80558df1efef0ff3005616c5f780c5986ea389e3bf7ccb48178d89d409afdfedbd73385525c3c7588c1b989

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
889421fb18b9886ba05cf7f2ce3a9236

SHA1
3780542e14c2047c740b872d165e3a917e5ee408

SHA256
9d5fbc6160d6536336e372ca894e1cd28d609285578766d26da40c829f05508d

SHA512
95cae0cc274c37a24df6a56ac8bb4b66ea903d57b6137bf0174f487d996b1f79836d21b333733bda22b72e4a9664776002018b90f9318763676288cb64ec0adf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9d704fe50722155a76bb28b65e5fe5f9

SHA1
d432593a738efe90f4c0bcac4d3b9e1d854aa42c

SHA256
7f489ff1d6127f92162c89adadeeb898334cb06cdbba32930438acfadd51efb9

SHA512
3106bd13e4e3077386f05dabfe247972aa034a16ab93d12c5c2accf3cae83858f385ef49ce4ca47d4664c9b311c339d9acba622a55797ff9e6b9f2bec4c66602

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
05417e285dfc0c66e687f618b1a7b493

SHA1
63987bf861c5d4b985073b7ba94f8667d39221af

SHA256
369e2fe3455e30922dfbc17629295e592e571f2de9801db54fe89b4026536b53

SHA512
04d63f9a38648d1fb84bea9c86340a079f0d608a07859c69ae9ec35b59e51e2e054272028fc1df5cf0fb1b61a666b4dfc445346ed737dc64ddff1eb2d83319e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d136a0f1f404a9f627c1982dedcee316

SHA1
ce732334dcb85eac86de96fe11da0fe11f969ef4

SHA256
fed5b021a4e3893a6eb2a6b95a6e24387a62dbd9ca93a13089f3d07a1d22854a

SHA512
2d42d26cc34c0d1f8bbba53973868c191098d98b08130cc7c16caf0a4de1c1933d1163586262d9b22730cb90b16e09383e680bfbefce26bf0dfa9def76459ad5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
89f52a25e0670fafd851d68fc5565adc

SHA1
58f889a061bf4e9b5489b3df08e600e4b85066c8

SHA256
d001f86305e7525648b4544889af0648cfc112265860b535c2a73d573f7b4f76

SHA512
bfccf434a4427c6b377ef1150e7355a1f73a7e167c9fd4b0c226a76f7bfc0dae1b9e32fdf31784c359f172b7fe338d4aef9c02781fc4b20dd6c5d65ba17e45c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6ce2d98ad7721a1da51974e9289b312d

SHA1
23eaf0710733afc1b8ebb6c120c7d51c71cf2b66

SHA256
25bac6bea6e791d4083812047b7f6cddf5ea29be7c44686123804f62b6d3de66

SHA512
f8e5f685cefe24b0657dbaa7ab9f3d80e68517cd65974300b5b6fc0352968f2e83bb12b8a56a829ad2391fc5c7656f77f6bd32f4b94bbff4e0bf7fb3a361ba7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b83caa7e6eb9223a4ebac7637669e0c0

SHA1
328feb85a59cc6bca33c448987524a235ac99e1c

SHA256
0563ba08d3bddfb9fb2ba70c8ed6741674a16160a2abc3279a0f03e2c55f6d3c

SHA512
f81d2147b96fbaec569fcd177272a40c2362fcf08256de7c7c75505f47a139904c8488523f10dd8cbebe601cbe1614fd59d826e23bd07739b8f8ff468370c75f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1e688e12a2f74f4e0e0d09e921ed2e05

SHA1
4c97ffb182dea6ebf571175dbf6abf818ae69ce2

SHA256
fb7343ac4dab2f3abeb5a632d9e1eeed0e174560399229fa29c033165a12b2be

SHA512
0ca9500d90418e22e03e165f44f2a8d9a56f57fdb44468baa02ea7a447ba41d5c3f0cf2eba1a3cda9b1ad325823d7dc6ab19cb432b135f8119d957ae7087129c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8961517391d0f3dbcb34b327b20db7b2

SHA1
b6083679180c9c4bf01b5c7fe99739189ff083f7

SHA256
3dbd57c106145932698cb591d057001327261cd2fb775814c75a53445fdc5aa2

SHA512
c54bff8dfac8044b686ac3ca801aaf5fac0071c4728bbb26af70e9134eff2c10f6011400d091e491d68eaa1640ca11c37bd3902fa90a78726d42a35d35aac21b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
62fc12f91d6fb1c31d1ee85336ee44eb

SHA1
2f327cc7eb05b23a035b48e713ca26c44e3ce466

SHA256
1e14d03ebd3337b9b6b3c323480b05d5a6ca25e7781decb2bff0fc2ac13b6052

SHA512
8d7cf22973ad96226748b822e8e1483510b849a1b151da8bd20c710783d5b0b0cb09ba0f2cb6eaaedf6dc44a71d293b0aaf991d604765589f29aa6edb0396703

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
068581c1e2f46a07cb85209ace2dd393

SHA1
33b7aa6b1dfab3ebeb66d45145da55eca27b2db2

SHA256
d1f936ee4c4c2c2e9a2713fcdfb7309cfc8850fc6ae9735e9c1cedff54c8436b

SHA512
b97da42b032be4373969a914ba56aba6bc6f363e662136d3814ae7d282183a76c5011b6ad27bd026c9cc5f4535796e937e3622145c650a383c54cae93e3b138e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
90f7329c5e681c4a5190638c6f120a65

SHA1
213c030f44e902323a11d113431aa36f8898969a

SHA256
402add89416401c099e14aec7d51560461bd6b55d104819dc4bbdce40bc26c1e

SHA512
971dbbecfa0432f0423cb0036ea7616ca5dd18aaf5c5d164dfb99feb94568ea9e67d2c533acb6834d856c1f28e6860fda0d40a719f61da4bb2e54ebe3462486e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6e202499274a2bd4302cb0b5fe426591

SHA1
268e5c57821db5aeeda758f53cc0e02a091361b5

SHA256
a9c1dbae468077b327cbf785dd0d45310214485c36e0c5941b8814c3e532d499

SHA512
de59310f9f886efa5b5c0d2dc406760c1323f4641c9ab5bfcec5ff9746742a35cdbc1a57be07309c0991d4ff94716b7867da3806900803fb4394ce3f8e16b0f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7745eaaa87a1492c712f0ee07cb1142c

SHA1
ffc47d1419554a74679ef0903138eaa889659e1c

SHA256
daa4597ff33a706ca8deae806dcb2ad80d9c47e8ccc1fa9ec7d29343213b6b98

SHA512
3944c7ad2d92047cd27bba68631cc3bc28343c6939e2715a71b000b41bcc72936c37a97cfae3d8f5560c9080cfe50183026f08317d98292f5f4f7c3de82f73f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
551b8352ab3b51f71c08ffc007a839e4

SHA1
580a7d7087765f1841b2650edbc40c8279bfcec3

SHA256
76c3b9a83a8101a69960937c9e217949f4a7bab2fa2aa94359346728717c774e

SHA512
c93a6f52ce7151032be32702d45523783aec598d5a1ebce9258e9fb7146ce6200f26728fb8fba5ba2b159e3460413a7d8fc648a0a89033d27451e3cc2f57f1be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c4352c706da34f42a498cc1a62446fb8

SHA1
071b69b1e8e1f740017f3471d0ce8fc4078fb1b2

SHA256
c2bc15a918b2174965d99dd4c5e1abcff2fa83806bfdbda357299ac76faa4146

SHA512
c3e0d97ecb5d1c03a83de93d9be66cf2d9b61202507d7562c2323171a7df312418eadc0f595fe788c66216397e3491c9a4e908b9c4cec63083bf4014581e1f4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3418aeff0745470757f12a9e0010bc44

SHA1
c734e8febb8b3f2de38c86fe32d450365dcecdbf

SHA256
70f423f605b22a3c0f1e09c1812f8811e0af397f95d400d7ca2e4e7b054fe77b

SHA512
339b63cb964daa37b76e597f0740b273d06706d62b9f4d9e606b10744f2f3b3f5bd520f3194b3f498440ba4923467dc878da25d5d857549ca3b9645c7f713a5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
901c2efc9b9ea61d5e5215110cc35d6c

SHA1
527b599f894d405cd31a33e28d00f34f1207e8d2

SHA256
6b469a0c5909cddd9f632672db3807c4e8692b66bc67bf3c9bae96dca8fb646d

SHA512
957859cef338a6aebe399ba48336604f55a56fd40b164cafb33f0daa366dd31428e8b9e3cc00a76f8f96f8186c0d9f5528d78f197d95ff27eb8efa087b305dce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ec921fa03e201b39dda41fa0fbed77f7

SHA1
30275fd1c060f62913cf6d4e9777bde2d68c7128

SHA256
8dd9bb11ee011e01a62d8332ea652404e2d366afaae51e648e2642f58b855b0a

SHA512
5b9cc9d6d21fba8fe5e5177c8a1259aef9cdbebd58c725ead04a33415205c55348a1db5cb6289efd0211e38a8b4dc3f1c06a1bf0545b5f67494fdab9b731ceb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\39f8b4e8-6479-4ca1-b13a-61f6c46bb6f3\index-dir\the-real-index

Filesize
3KB

MD5
aff0c244ed47336ebf5734286c20224b

SHA1
edf360cfb30143867d95a8d83e352414f681755e

SHA256
a4005790d0ddca61221b85a6350f1e4a1ac45c3df5e698277d12801ac932c4e0

SHA512
6cefd57b2fe1e92f703d7d0c771862cc0637a433f9cc29a9a080dd401d757a66057f23290d9fe4cd4e6309e0d45e47ed02857f02d40c59f9743ff1449af04066

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\39f8b4e8-6479-4ca1-b13a-61f6c46bb6f3\index-dir\the-real-index

Filesize
3KB

MD5
928db724e8f5378cd239d59e9e5ab217

SHA1
e7e3d6d87cfeb5207d90e9db4357a079b9f87d5d

SHA256
00f4a4a277dda990ade2dcef258193c9f0a4a0f3977fb4eb322f751446ef0cdd

SHA512
c747f7d38671280b36cc7d7bedf5b70552bbf1bafa497676f6e822e8bedb70b99f0e023a8b753a2783def029de159505997f32139830e8ed7c1827178a597a43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\39f8b4e8-6479-4ca1-b13a-61f6c46bb6f3\index-dir\the-real-index~RFe58f112.TMP

Filesize
48B

MD5
a33bf11e400e733282314e5a14765698

SHA1
dbb2e5c83f9666d616594718cc3a8afc357feafd

SHA256
bae9eb45df1ace42e69d8635442d3ace75ccab398df82fb091a4223236a3bf21

SHA512
d5d1e3f2a63c51d607ead069926d44764b0c27e5447fd367a0b3b8e70a056dce8536a8896571d7e96bd3d6dc28b5060aff6739424aff0a81ad063292946e59cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
e5a32df1c7bc93b14ffe96e1e6e2ce1d

SHA1
608e5f392d37f54aca24e5b23ba9d4918f9382da

SHA256
128dd19326ea13d8334629281cfb92871a7e98a372322e85df72e4828bc71bc6

SHA512
4df4a3c9b32faa154808afbaa5825ab6d05fa5269a2a1bb977e6e4121a905c33ef745b192ba2dd4d091de9bf2fd65396c4ae0a2c95e3211585e6224c82a157df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
e942edbbade33e7b30a0055b066c99fa

SHA1
6b16358e88122d4a61434e7ca620f7f8499d2164

SHA256
e474862cafd3bba7f34ee48ccf2cd40bd2147ed940f9c051f04d9c8b05fde9fe

SHA512
a598cb9baf7620d6af2743a3c1152b9a7bd11a7b6363becc7439c7243cc7ef4d17ad7f5a441e4ea56b5650c02c8737ac48265b26e6dcfe5994a38c01d88357bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
4a77b889b52883e1e7ac9363e46cb4a2

SHA1
ec16711c328e8f1d81d0ac04e6ef0bb80f4a0b84

SHA256
6f22afc1b77df96ec27675d657a1d872c43c55d125c6894abe52f82e90ffcd0f

SHA512
ec9353e249d5844ef51fd6a4ae7a3b10662f1f8bc461cba652376ea2c6902641c998cc3f0457675b1d32aaaa34c72ef58eb78a054f8003713423a9b042068ef5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
5cecac0cad6eef835d5637dd5cf53495

SHA1
18d8194fc0ea68e9535a0eaf52cb173826167839

SHA256
6b5635456dda4eb044572160ef23d85973de05d6e8313ea891fa1fafab9fe5f0

SHA512
499ebbeb1f3b32f6816cc812bcb948d127a4ac425477f78f09d0dec442250d9689393df09c21692266645fe46d5094e12124697d76dc5bae3bd0782b7fee87e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5833ec.TMP

Filesize
119B

MD5
ee898ec46fe437ec8a20b40ff832c716

SHA1
74eab62d1c80a33bc39532f743d5f068dfefdddd

SHA256
6566731a3a1320218a8271a374c5bbc3f06cc181092ab8bc4b4a66dca229357c

SHA512
95d395f3dd3a8c9aad9051937a882ca5dcfee0108b2c8195dc3b725ab2e6daabf0f443a7d17a4a0b52132283339b90988c86ffebed4ba800764ea98c75d1950e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
1ddc7839d4dc6aef48a5e85b2c1f53b8

SHA1
febf1c7c83f7fcc8982bcea39f562c91c909d0ee

SHA256
20a5f7243fd4b3d22677431d61e0712060d42646472b08f0f5126e0286a152a5

SHA512
4662adaf09e06f4ce3f70b7b520d87d0461e855f1b66424ccc61c4eed6adf743a5ade5482934a5fac60ecfda058ce72abe7b67d38569da3ba0b0f480f0d1f7b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
a64db68118d2e3f22225e9ff59fecc8e

SHA1
4efd9bcc8573e5d665826fe19097eca37fa7fa4d

SHA256
e25a5c80e5234016f3acf62a10527fbd352622a5fe61ac76083bdb8c19c399ab

SHA512
707d03fe0e7cbdf08841e572fb550ab2eb13ada391076312ebea91ef214ca7f0ff320df09ccd2b1e00dd0c1f4d62c232507e2835a21b1c3d7d785dd563d43a61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
026a3ecbb53bcf8a8942eecfd5e0b2e0

SHA1
a5860cb1021d210226c01b373d18455797a77dc3

SHA256
270c484f6b2bb48166825a89f3ef2f267dff37cdf4d49e93a2f84bf6cdb7142f

SHA512
c26798d49d3ca4332c26090012a7cc209c569f272a53e052b519a4b601d11c197e2149a33cd51663da7502ac3be4599e6c94137a8bf181c623443c73fbf20ae1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
ab39041f1470042d644bc3a8fb3f85c1

SHA1
faf847cf0ddb4484d68af7fd01e129d7e857ca50

SHA256
1adfee76feaca22ad765eb42225eae543178bc6de889482905233d6fc9929694

SHA512
d5c34dbb09b375c3589c160472c8a4bdf6938d56a51af71e49908ae2b12f387bfb504390b7fb46ec99a253c377e080354968beb7dc4be766ac1d2038cbbddb36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
7230aefb5f9e4bf042c0eb1df4876475

SHA1
ccb58b784f97fff07d26a330fe66b507e6f1abbd

SHA256
0e345bd722d8c52f136aba7f01c052907dd4b258ea6ba583b6b1392061398942

SHA512
8f63d6a27ba5d425253f5360bb9b506419dd1a5a4713dacd91965697e7c79fa4fff4b7178feba61f6a5f8729c8289d5f6b0f81d0dffd55981be63e363204f839

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
ab2f13be5206e05db5befe9ad9e2a22f

SHA1
c316c72fa6426a774bdbee84604be593b2002be4

SHA256
237af2555ba8492983d091f65e8a0b66374160a6e280e084aa707d611cc93214

SHA512
22a496346e37de4118009c8350ec34b1115818cdda454a6cc36ac450f1981c40e5f902ef5518c2eedbef2d2dedd2a456ae39918e3b72078ab1db262841191d8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b712a4c83dfb3c522d032cf900e863a

SHA1
4f5bec4be6f4ebfa959e899ceafc62309bb1f141

SHA256
31da2a41a051db11559c47feb923d4baad32a384f530013a435fa884dad64493

SHA512
03b24d9307623b3a341230805f3ea662b0107c314650a51ae7e89d901cb3ad212d4219bab4d763d0aa8d50831aa0e6d4e3379573cc2f724873804578e8642898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
24dada8956438ead89d9727022bac03a

SHA1
09b4fb1dba48ec8e47350131ae6113edd0fdecf0

SHA256
bf1e5c7828e4672982b16451b5a201e65e812e98a97b87c9f2f7c22677cb4ec1

SHA512
03f092a4b20a4d8cc111220b35fbf5470878b7723faeddee65b1d9cf327167053792c77864103b4530b9b9f819e32a5721b44189291dfdb5832769835ea5dd94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
59a4146f4226496f9d1b36d4c14cb18f

SHA1
a48c4b23b5406f3c6a957aa1a96ac004fb4dec0a

SHA256
047fd1456ac8f7fcac364b7b36693d10614f560a75af51797176ebeaeaa2ae92

SHA512
8229143a6e11df15c157253a17489ff4864c29b40c2f4fcfa88ad563fb9375cc3d58e876d91f50e3daa0ed72516be7f848b7ce3a438beebc070bb10eef081b3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2795e827415ca6e859b91394b5a90694

SHA1
b5e2018def30b1fa0b928905ca4dc307df467414

SHA256
022df60bcf3463dd820b1ca5495d5ea000903b1b481ed759e7111c2647b89139

SHA512
c6b557d8275e9c08e81ba1ebd5b2684878ca627244e02a11bf39cff9b9f82f182eb742e00426a8675197f8cc3bdae61ab617ad49614a942c7fbcfdec5aec698e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
85eca930a791cbcb1373f5fdaf17857b

SHA1
ffea7d54e9803374a484f1e4c124766e80024efc

SHA256
fbc990061790350f00dc28f2dda277aac81bb8385a6e92e90a20101436c3312c

SHA512
2ffe0de3f80ac60f2ffa55f334026979e6be328b7c69f4603aa3c5d1bfa6c3b3744d86ac2a34ecf904d0a41b36bc485392ece58f6cc89d7ffca293d02efe5bed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
778ee6083f905ffaca93f8bd18b585dc

SHA1
c1dfdcca43b59c0a539303a322da2d46f35d1f28

SHA256
5f01697aabc71d12e2c2535d1062e87b7b23ed86952a0c5d5ecdfd1b946c9c1b

SHA512
3c031dba60399a1487c1d9419fe01ef3691b4e01f9b2ec360ed365fd0238ab8d0ee0d6a59d09052f5d8e3d3dd2c323cb055a46019bd3cfa59370822157177b05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
3082907639997b60b5c5fb460bee5e9c

SHA1
4aadba0ef19486eb32f7a244a5e2e7e2fea882ac

SHA256
ab210932065903d25ba085544bf2f6a467879312d2aab2e7af0afbbe7829b6d0

SHA512
ec23ddbda1cdde763cc024f7aad446a6378a4d466bfbbcb13feee25922cefe149df901d411335283bdae6c7cef42f8a4e6f36d43cb04cd157f3373ba84f191c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\ea488f60-6733-4602-832d-3de48d424656.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4560_697320659\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Kapu.rar

Filesize
1.9MB

MD5
ba5e0c9d36e26c53cfa81677a61b64fb

SHA1
2ed99fdd7461904c31904f1867fab42ce8e8492a

SHA256
536e673034daa75a6067e4ed96ce8ac3c3a38fe8fd34e29598aa6a03f041b86f

SHA512
3a5304aee10d44b17638c366618800627dd7b130ae82b0656a7b4ad1b3914dfb92d428c0fbcaef243ca926c098cf0b8021f987a76f447490be092b44e1eb0003

Download Submit
C:\Users\Admin\Downloads\Kapu\Loader.exe

Filesize
525KB

MD5
a2c984080959984a95dd3866cac12eb4

SHA1
60c97b6517c3cc9c2929b21671fd0be57c3ee2b3

SHA256
4846078ccacb8f53da9e076f0ca26c03b30fef48641bc041b5b73b4b7394fdae

SHA512
957cc63ecc132601ad142a9c97eb14e74e803b3ff5c0535eb15c30d3a946e5024ba5faa689ee80c6c00de4a940024c444e1a79240c39a2b078c3105ff73136f6

Download Submit
C:\Windows\System32\xxpvfx.exe

Filesize
7.2MB

MD5
f6d8913637f1d5d2dc846de70ce02dc5

SHA1
5fc9c6ab334db1f875fbc59a03f5506c478c6c3e

SHA256
4e72ca1baee2c7c0f50a42614d101159a9c653a8d6f7498f7bf9d7026c24c187

SHA512
21217a0a0eca58fc6058101aa69cf30d5dbe419c21fa7a160f44d8ebbcf5f4011203542c8f400a9bb8ee3826706417f2939c402f605817df597b7ff812b43036

Download Submit
memory/852-1820-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/852-1822-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/4336-8-0x00000291E8690000-0x00000291E869E000-memory.dmp

Filesize
56KB

Download
memory/4336-239-0x00007FFF6AF80000-0x00007FFF6BA42000-memory.dmp

Filesize
10.8MB

Download
memory/4336-6-0x00007FFF6AF80000-0x00007FFF6BA42000-memory.dmp

Filesize
10.8MB

Download
memory/4336-234-0x00007FFF6AF80000-0x00007FFF6BA42000-memory.dmp

Filesize
10.8MB

Download
memory/4336-7-0x00000291E8720000-0x00000291E8758000-memory.dmp

Filesize
224KB

Download
memory/4336-9-0x00000291E99B0000-0x00000291E9AB0000-memory.dmp

Filesize
1024KB

Download
memory/4336-10-0x00000291E86F0000-0x00000291E86FA000-memory.dmp

Filesize
40KB

Download
memory/4336-235-0x00007FFF6AF80000-0x00007FFF6BA42000-memory.dmp

Filesize
10.8MB

Download
memory/4336-4-0x00000291E86A0000-0x00000291E86A8000-memory.dmp

Filesize
32KB

Download
memory/4336-236-0x00000291ADA40000-0x00000291ADAF2000-memory.dmp

Filesize
712KB

Download
memory/4336-237-0x00000291E4F90000-0x00000291E4FB2000-memory.dmp

Filesize
136KB

Download
memory/4336-140-0x00007FFF6AF80000-0x00007FFF6BA42000-memory.dmp

Filesize
10.8MB

Download
memory/4336-11-0x00000291E8760000-0x00000291E8786000-memory.dmp

Filesize
152KB

Download
memory/4336-12-0x00000291E8710000-0x00000291E8718000-memory.dmp

Filesize
32KB

Download
memory/4336-13-0x00000291E8790000-0x00000291E87A6000-memory.dmp

Filesize
88KB

Download
memory/4336-3-0x00000291CADB0000-0x00000291CADC0000-memory.dmp

Filesize
64KB

Download
memory/4336-14-0x00000291E8700000-0x00000291E870A000-memory.dmp

Filesize
40KB

Download
memory/4336-5-0x00007FFF6AF80000-0x00007FFF6BA42000-memory.dmp

Filesize
10.8MB

Download
memory/4336-1-0x00000291C8F20000-0x00000291C9200000-memory.dmp

Filesize
2.9MB

Download
memory/4336-0-0x00007FFF6AF83000-0x00007FFF6AF85000-memory.dmp

Filesize
8KB

Download
memory/4336-16-0x00000291E9AC0000-0x00000291E9AC8000-memory.dmp

Filesize
32KB

Download
memory/4336-15-0x00000291E86E0000-0x00000291E86EA000-memory.dmp

Filesize
40KB

Download
memory/4336-139-0x00007FFF6AF83000-0x00007FFF6AF85000-memory.dmp

Filesize
8KB

Download
memory/4336-2-0x00007FFF6AF80000-0x00007FFF6BA42000-memory.dmp

Filesize
10.8MB

Download
memory/5708-1886-0x0000020661BE0000-0x0000020661BE1000-memory.dmp

Filesize
4KB

Download
memory/5708-1891-0x0000020661BE0000-0x0000020661BE1000-memory.dmp

Filesize
4KB

Download
memory/5708-1890-0x0000020661BE0000-0x0000020661BE1000-memory.dmp

Filesize
4KB

Download
memory/5708-1892-0x0000020661BE0000-0x0000020661BE1000-memory.dmp

Filesize
4KB

Download
memory/5708-1893-0x0000020661BE0000-0x0000020661BE1000-memory.dmp

Filesize
4KB

Download
memory/5708-1894-0x0000020661BE0000-0x0000020661BE1000-memory.dmp

Filesize
4KB

Download
memory/5708-1895-0x0000020661BE0000-0x0000020661BE1000-memory.dmp

Filesize
4KB

Download
memory/5708-1896-0x0000020661BE0000-0x0000020661BE1000-memory.dmp

Filesize
4KB

Download
memory/5708-1884-0x0000020661BE0000-0x0000020661BE1000-memory.dmp

Filesize
4KB

Download
memory/5708-1885-0x0000020661BE0000-0x0000020661BE1000-memory.dmp

Filesize
4KB

Download