lumma | hxxp://youtube[.]com

Analysis

max time kernel
327s
max time network
332s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-01-2025 16:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youtube.com

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Executes dropped EXE 3 IoCs

pid	Process
4744	Offset.com
408	Offset.com
1780	Offset.com

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
149	raw.githubusercontent.com
150	raw.githubusercontent.com
151	raw.githubusercontent.com

Enumerates processes with tasklist 1 TTPs 6 IoCs

discovery

Process Discovery

T1057

pid	Process
3652	tasklist.exe
4584	tasklist.exe
4112	tasklist.exe
640	tasklist.exe
2976	tasklist.exe
1256	tasklist.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SentenceApparent	NewUpd[v1.1.0].exe
File opened for modification	C:\Windows\AbrahamPrefers	NewUpd[v1.1.0].exe
File opened for modification	C:\Windows\SentenceApparent	NewUpd[v1.1.0].exe
File opened for modification	C:\Windows\AbrahamPrefers	NewUpd[v1.1.0].exe
File opened for modification	C:\Windows\SentenceApparent	NewUpd[v1.1.0].exe
File opened for modification	C:\Windows\AbrahamPrefers	NewUpd[v1.1.0].exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 37 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	extrac32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NewUpd[v1.1.0].exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NewUpd[v1.1.0].exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	choice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Offset.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	choice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	choice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	extrac32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NewUpd[v1.1.0].exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	extrac32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Offset.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Offset.com

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133807395939625950"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1045960512-3948844814-3059691613-1000\{760BA0E3-8256-48E2-B7D7-E6E423918C98}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
4684	msedge.exe
4684	msedge.exe
3060	msedge.exe
3060	msedge.exe
2288	chrome.exe
2288	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
4744	Offset.com
4744	Offset.com
4744	Offset.com
4744	Offset.com
4744	Offset.com
4744	Offset.com
408	Offset.com
408	Offset.com
408	Offset.com
408	Offset.com
408	Offset.com
408	Offset.com
1780	Offset.com
1780	Offset.com
1780	Offset.com
1780	Offset.com
1780	Offset.com
1780	Offset.com
4304	chrome.exe
4304	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
4744	Offset.com
4744	Offset.com
4744	Offset.com
408	Offset.com
408	Offset.com
408	Offset.com
1780	Offset.com
1780	Offset.com
1780	Offset.com
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 3600	3060	msedge.exe	84
PID 3060 wrote to memory of 3600	3060	msedge.exe	84
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 1600	3060	msedge.exe	85
PID 3060 wrote to memory of 4684	3060	msedge.exe	86
PID 3060 wrote to memory of 4684	3060	msedge.exe	86
PID 3060 wrote to memory of 1156	3060	msedge.exe	87
PID 3060 wrote to memory of 1156	3060	msedge.exe	87
PID 3060 wrote to memory of 1156	3060	msedge.exe	87
PID 3060 wrote to memory of 1156	3060	msedge.exe	87
PID 3060 wrote to memory of 1156	3060	msedge.exe	87
PID 3060 wrote to memory of 1156	3060	msedge.exe	87
PID 3060 wrote to memory of 1156	3060	msedge.exe	87
PID 3060 wrote to memory of 1156	3060	msedge.exe	87
PID 3060 wrote to memory of 1156	3060	msedge.exe	87
PID 3060 wrote to memory of 1156	3060	msedge.exe	87
PID 3060 wrote to memory of 1156	3060	msedge.exe	87
PID 3060 wrote to memory of 1156	3060	msedge.exe	87
PID 3060 wrote to memory of 1156	3060	msedge.exe	87
PID 3060 wrote to memory of 1156	3060	msedge.exe	87
PID 3060 wrote to memory of 1156	3060	msedge.exe	87
PID 3060 wrote to memory of 1156	3060	msedge.exe	87
PID 3060 wrote to memory of 1156	3060	msedge.exe	87
PID 3060 wrote to memory of 1156	3060	msedge.exe	87
PID 3060 wrote to memory of 1156	3060	msedge.exe	87
PID 3060 wrote to memory of 1156	3060	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://youtube.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa303246f8,0x7ffa30324708,0x7ffa30324718
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,1433794440063268728,13245994069459582590,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,1433794440063268728,13245994069459582590,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,1433794440063268728,13245994069459582590,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1433794440063268728,13245994069459582590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1433794440063268728,13245994069459582590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1433794440063268728,13245994069459582590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1433794440063268728,13245994069459582590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
  2⤵
  PID:3916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1eaacc40,0x7ffa1eaacc4c,0x7ffa1eaacc58
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,15022833024153991851,18273999703297704867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,15022833024153991851,18273999703297704867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,15022833024153991851,18273999703297704867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2392 /prefetch:8
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,15022833024153991851,18273999703297704867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,15022833024153991851,18273999703297704867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3684,i,15022833024153991851,18273999703297704867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4836,i,15022833024153991851,18273999703297704867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4888,i,15022833024153991851,18273999703297704867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:2944
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x26c,0x270,0x248,0x274,0x7ff640db4698,0x7ff640db46a4,0x7ff640db46b0
    3⤵
    - Drops file in Program Files directory
    PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4424,i,15022833024153991851,18273999703297704867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5280,i,15022833024153991851,18273999703297704867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4884,i,15022833024153991851,18273999703297704867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4692 /prefetch:8
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,15022833024153991851,18273999703297704867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5548,i,15022833024153991851,18273999703297704867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5560 /prefetch:2
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5152,i,15022833024153991851,18273999703297704867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3160,i,15022833024153991851,18273999703297704867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5212,i,15022833024153991851,18273999703297704867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4996,i,15022833024153991851,18273999703297704867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5452,i,15022833024153991851,18273999703297704867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3304,i,15022833024153991851,18273999703297704867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4700 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3196,i,15022833024153991851,18273999703297704867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5924,i,15022833024153991851,18273999703297704867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=3224,i,15022833024153991851,18273999703297704867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6124,i,15022833024153991851,18273999703297704867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6032,i,15022833024153991851,18273999703297704867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=3424,i,15022833024153991851,18273999703297704867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5744,i,15022833024153991851,18273999703297704867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:8
  2⤵
  PID:2500

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1928

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3312

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3dc 0x424
1⤵
PID:3680

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3440

C:\Users\Admin\Downloads\Release\NewUpd[v1.1.0].exe
"C:\Users\Admin\Downloads\Release\NewUpd[v1.1.0].exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:4380
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c move Marking Marking.cmd & Marking.cmd
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3212
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    PID:3652
- - C:\Windows\SysWOW64\findstr.exe
    findstr /I "opssvc wrsa"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1284
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    PID:4584
- - C:\Windows\SysWOW64\findstr.exe
    findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3796
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c md 23316
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3464
- - C:\Windows\SysWOW64\extrac32.exe
    extrac32 /Y /E Sciences
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4092
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V "Scholarships" Automation
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3048
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b 23316\Offset.com + Kings + Zambia + End + Laden + Speak + Survive + Locations + Hospitals + Not + Performances 23316\Offset.com
    3⤵
    - System Location Discovery: System Language Discovery
    PID:868
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b ..\Feat + ..\Sheets + ..\Posts + ..\Permission + ..\Accurate + ..\Devel + ..\Bomb t
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3840
- - C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\23316\Offset.com
    Offset.com t
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SendNotifyMessage
    PID:4744
- - C:\Windows\SysWOW64\choice.exe
    choice /d y /t 5
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3372

C:\Users\Admin\Downloads\Release\NewUpd[v1.1.0].exe
"C:\Users\Admin\Downloads\Release\NewUpd[v1.1.0].exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:1868
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c move Marking Marking.cmd & Marking.cmd
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3004
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    PID:4112
- - C:\Windows\SysWOW64\findstr.exe
    findstr /I "opssvc wrsa"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2176
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    PID:640
- - C:\Windows\SysWOW64\findstr.exe
    findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1992
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c md 23316
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4380
- - C:\Windows\SysWOW64\extrac32.exe
    extrac32 /Y /E Sciences
    3⤵
    - System Location Discovery: System Language Discovery
    PID:32
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b 23316\Offset.com + Kings + Zambia + End + Laden + Speak + Survive + Locations + Hospitals + Not + Performances 23316\Offset.com
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4248
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b ..\Feat + ..\Sheets + ..\Posts + ..\Permission + ..\Accurate + ..\Devel + ..\Bomb t
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4984
- - C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\23316\Offset.com
    Offset.com t
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SendNotifyMessage
    PID:408
- - C:\Windows\SysWOW64\choice.exe
    choice /d y /t 5
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5088

C:\Users\Admin\Downloads\Release\NewUpd[v1.1.0].exe
"C:\Users\Admin\Downloads\Release\NewUpd[v1.1.0].exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:3744
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c move Marking Marking.cmd & Marking.cmd
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4772
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    PID:2976
- - C:\Windows\SysWOW64\findstr.exe
    findstr /I "opssvc wrsa"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4220
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    PID:1256
- - C:\Windows\SysWOW64\findstr.exe
    findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1352
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c md 23316
    3⤵
    - System Location Discovery: System Language Discovery
    PID:636
- - C:\Windows\SysWOW64\extrac32.exe
    extrac32 /Y /E Sciences
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3220
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b 23316\Offset.com + Kings + Zambia + End + Laden + Speak + Survive + Locations + Hospitals + Not + Performances 23316\Offset.com
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1648
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b ..\Feat + ..\Sheets + ..\Posts + ..\Permission + ..\Accurate + ..\Devel + ..\Bomb t
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4272
- - C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\23316\Offset.com
    Offset.com t
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SendNotifyMessage
    PID:1780
- - C:\Windows\SysWOW64\choice.exe
    choice /d y /t 5
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa1eaacc40,0x7ffa1eaacc4c,0x7ffa1eaacc58
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,10550954001669913943,13565111707554704337,262144 --variations-seed-version=20250106-180152.388000 --mojo-platform-channel-handle=1872 /prefetch:2
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2088,i,10550954001669913943,13565111707554704337,262144 --variations-seed-version=20250106-180152.388000 --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,10550954001669913943,13565111707554704337,262144 --variations-seed-version=20250106-180152.388000 --mojo-platform-channel-handle=2228 /prefetch:8
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,10550954001669913943,13565111707554704337,262144 --variations-seed-version=20250106-180152.388000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,10550954001669913943,13565111707554704337,262144 --variations-seed-version=20250106-180152.388000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3696,i,10550954001669913943,13565111707554704337,262144 --variations-seed-version=20250106-180152.388000 --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4872,i,10550954001669913943,13565111707554704337,262144 --variations-seed-version=20250106-180152.388000 --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,10550954001669913943,13565111707554704337,262144 --variations-seed-version=20250106-180152.388000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:5112

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4092

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
9e930267525529064c3cccf82f7f630d

SHA1
9cdf349a8e5e2759aeeb73063a414730c40a5341

SHA256
1cf7df0f74ee0baaaaa32e44c197edec1ae04c2191e86bf52373f2a5a559f1ac

SHA512
dbc7db60f6d140f08058ba07249cc1d55127896b14663f6a4593f88829867063952d1f0e0dd47533e7e8532aa45e3acc90c117b8dd9497e11212ac1daa703055

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e453bba715d7c7ca8702ff671ddb7176

SHA1
26a4fd7701047abc2d6290730ffca3b660cfe66a

SHA256
1a90398a4bbdd7981ae9add656d71860541d02f1cb74d62fddcfe5ed49e8a528

SHA512
2bb0a250692b97225fcafd504210abe9059147b016595e24c9adfe31549968713ce232ee79bd44591766ae74787d4083272b8e25dd3af34bd61333d26a5ea69d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
22KB

MD5
778ca3ed38e51e5d4967cd21efbdd007

SHA1
06e62821512a5b73931e237e35501f7722f0dbf4

SHA256
b7e1bfadb8d9c061f17a7234df012df7842ab1aa8fb6f9579fa3f0a3b4a75bc0

SHA512
5f6f02099ca8079305fb7e7f43ae4344d522271fe30379c0854d6a81b7d8adf408a50a4b799b5f52e6ed162ba6ce7fe97e24a2b9719df780e75683d3aa103d09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
49KB

MD5
7ca090d5f0c1a9e7d42edb60ad4ec5e8

SHA1
7278dcacb472ec8a27af7fbc6f8212b21e191042

SHA256
4039fef5575ba88350a109b2c8d9aa107f583acb6cbe2ac8e609071567c4cc76

SHA512
c4f2d23eacf74f87de8dea6e4532b120253bb9ad356341532f5e1aaf2ce90d137f46b50df7de5250bce4eca1fbfb74da088accd7c626fa853dc524abad7bfe8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

Filesize
1.5MB

MD5
2b6cae8f4fde2d1bc5d579b730ddf95b

SHA1
65d7af3f72c58ad20dedc446ad4832f22c0bc39e

SHA256
c0820db77b527f82c213d30ce2b8fe90ec92ffbb3baa060ffd31711576c4467f

SHA512
8c9add7b65ac617417bf3d3d5993346dc0a512808a9356499e39fbda9eeee7ffdff9046b308e79f909a178b56c16970b5dc6e7b0629378f64440eceb04a1bc9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
240KB

MD5
3b9c21e2248c68c89833d2f0e450e340

SHA1
e2e37635e3c4c574783c1cd582f10a437088c3ef

SHA256
5696ffb94b2b6795087573d31c4ea2a72856f29ea786af00988c08cf7d742bff

SHA512
b95cfa01308a533a461f0119b72dc292fc802aea5eb584060c8e1fde17c4355cf85b8858bc3e19595c8dc02114d314649e739fbc8a9f49744d7fc9417d4ca530

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

Filesize
41KB

MD5
350fef14b9432c8888714f9d69ba79fb

SHA1
f02876195e3b3628384124d63cbcb3606a06996d

SHA256
dbb362d29b9b4111e7722bae880e8a79ef8efe96db4cdf7869195f5cd0066fc5

SHA512
8fab4f3151a81a2cf0465aaf245d507da97c230eeb86dd6e9cee798e4d8d953aedb2e7e4cc004fdc8a5f7e8af0ded27aeefb4c626ad61c95f38572e13d49d419

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

Filesize
56KB

MD5
5a66e6083c73076dcf27b1f8f25e042f

SHA1
d17e14a67e9d9016c71cebfc23e54caead39f3b0

SHA256
bb5b01f3f0fce5cfdc71cfa5cfc6510721d93225d7e8f9669caf4197ce12a9e1

SHA512
d33208c415f1609e5e8e39bd3eff54e4f70dc8ef21cc65235bfb3e1f1651bc7ecf19dca61613fa086884de611616dcf82ee46264fe4cca003bdeba1b31fe0195

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
2127250dfe05394d25c28a06848bcf15

SHA1
1108c2509b7c2dd321903247601a6e6b142a79d0

SHA256
a9804fe79b2f54880beaf63558c85acc0a886113579ff78128699a5fd0301893

SHA512
238edfabe434ec26a8ec8c87861a1dfa45ba7c00a7dfd6d2d5e4695b81aaedf059d698819c7a3d8509b5c0a6ad451f04f3c096c30ebad5c56479283dff48cccc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
8da872e4aaf4aa71327b7097b4da9e74

SHA1
44513bc33f27db866189b38c7739aee47e25e484

SHA256
e3fea86b2fe95fa5865f2c310109b6d51c2cdb19ab846d4f8e7d1767ea36769b

SHA512
5398849e25951c0218ac9e15697e33a58a3af1d12e83f706662a524d78ba01ec93c28ab947f7b488465aa9a30c7a68002f3143751ed9bfbc183f36ad441bef7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e8cf133dbc96a847185613db7aafcc40

SHA1
3f0d1b4afe956361dfffc6ec475375134e40084b

SHA256
a881041cb231881be8163615807c7ab2daafd8690fd34969deafa0c168f54736

SHA512
4362c547985025b4c6b3f0c77ea2c02e7ed234991819af7e8308537ab438bb7963059978369a67b6729ec436aa24c7378704b16fc4a3aa86372e8b2ef42c76b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fce557fa952415ca545875a4817bb507

SHA1
fb5919d59d04ab507801af0b2fa7bd14d1153581

SHA256
b5ed715ad3c9a82adec488df91208b922ae74850dd6a76b40eec9dbc60f8964d

SHA512
9f3558c44903f7ed34c0bdfb813107bf77e6a407c5f1814eb2280687866c3e59d4308dd7b1e1e6cd13b37a0019684b320cd67923c2f1e816bbc7f4c20acf2572

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
024339eb3ee3cdf527e2f60a432c423f

SHA1
2fae16cf232ab09fa36a5bb9ef3b0987a693a67d

SHA256
5b23f8adbe1cc272330e265d6e8192c81a2c6062c187a8b666b7122b83e7eedb

SHA512
5f4f72b8e5b36b60b37beaa0bf6b9eb2c0bf23357b187d1f3c36eb021e37409d905666a883cbf1bd3d1b08096105c3ceea4f473360d5ac7d8467d154c2a51bee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
37341c61c757bfb2f7acb92def0a52e5

SHA1
e4b3336af2c200867475f6041d7b14b1821affb4

SHA256
7e797760618e22d002a45f998bef0b4576a8ffd55e90df3f4148bcc5152e465f

SHA512
0c927e2e4a888a796ce9e79e244613764defd5f18af983fde5779bbd27cab954c4bf616a53157c9aa9a844468758fc585e7582d6e26616c613e27140df5ff16b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
21KB

MD5
0bd5a5db12369787d67f7151f6ae28ac

SHA1
b781125a5afb3838610c3d6dd65cb0110b2b95e2

SHA256
911b3e07e9a6ed79646fb511f0f485ea99c03fb50f2a91e74bada8be63a72ee6

SHA512
65e176d5d78bf561d7b63215ffd4abde06258a5634999dd8a7e0d64fdb0a45dd608c12a668cca93404f693d1ad5ce0733bc9dde9f4437029e42b9752cf044add

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
19281d9a8d27958f43595553f41089da

SHA1
bb55806b0722ac4054aa3378f97456de6507c867

SHA256
7aa92cf5221c51297f5922de19bc50c3051520831c98c83f30b915c62ae3f625

SHA512
a2a57db56019b2f2e018acb90fa31b407b98d38b615afed25adcc0551a44fe91d7f6cb44a0630ab572948b850802eecc421921cf5020594f5df03118906a3a86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
21KB

MD5
5b4f3197d079ea6531b5dc56864b8de6

SHA1
a6122fbfab497c136c81b0f70c36c6b2dbf88542

SHA256
091c0140f52eb520fae0558cb03e204d71198acb4e6709b8eb152b6d866036b1

SHA512
450297a807f19b8c71e32e81dbec5dcc950698a07c6b8bded440837a5749cfc35d92f4e166f11a28236a0bc998edb7999d870d4303142f3264bc1f00b6e0808d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
a9aea2bf9617319f30c296a022bdf8ec

SHA1
b9ab0bf000390decdc6aeadbc4120e08a1178164

SHA256
c8412d73283291536a58b747d3ee2a7c55723fadad55b164f4f1f29c75349fd7

SHA512
8170656557c9e0c51fd4519c7a27cce2b9af040c6bfd3d48ad2e63dde49d8fd5eecab552332661e550ce66e77e5b5f613d9c7d91044121b52092a86c1509a99a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
20KB

MD5
4a949973132061e23d0fc9c98db1d862

SHA1
73f72ada192baeb0a05d496c47ac14e8da40a458

SHA256
edc807da3be4bc0e269efab6666f6f29c9aeb719c9b7880c4db7cc16c6448228

SHA512
3395a41d1466573ea95a085d47e2e5040ae29c888f127344c8a77336c40e3cc1c65a55357c820d51805b0f695bd3d591b740864acbdf00ee228b027762602000

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cf145753eca6d61669cee26ad1f5aac7

SHA1
e772b5498989a1349ef4892137e17c85ba006017

SHA256
7ff12bc372335ed81fbbe9c04e8348c53b624858690aabcd71114719bfb282cb

SHA512
dfc54c490e000bb06b87063fa4251dd6b6c525dc5ad7c7afe3bf0c8982385f2243feca57181a39151a5afa4b6eb0ecacf42b9b2bafb1a2981a360836b5a0e16f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dd5139e28797a5f27361d178a246f36c

SHA1
b2189c689af4e0964595efca96322ddbebe4fb4f

SHA256
6e62b1f2c2d3376c8b7c08eaf3655ede0c852a481b20449c383edd4a93de04cd

SHA512
c3a7cd65d79516520278171be2ec0da707863fac023d3739c3cc77b4bb32b0610392c1f5bcdb63535e0979bc260d395cd31f8ab9d644f89fbb136311e00b28cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
66905c55f1a9e5c3db17314037a835db

SHA1
0e80958f5cdb997ae877ea454b1902bc47dc76cd

SHA256
c3247d1ab24f68b8821915027e71b0c6ab398f436ed08a22ee2f526ed2f43dc8

SHA512
9a983a53a7da7079ce11150cc3f46b8789160a52f46dcfc459704a95acd958a237890a9f36beeb22744dcd3f829d16818a675d17853fdad9fc8fd4c455a2648e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f19bfe83386290abc7a98b109fa9ace9

SHA1
292f5f96ff7eaa28beed370caf45abcd1065e4e8

SHA256
d722477fc5961ac4c881498e16b74c6134e095a1dced18516b65658bb2940057

SHA512
a77c5ac6e4fef05d53a5ec8145112a0f2ddc080721887378de5ccc730368cf04da28c71e7527893dd771e3bdf298eac453f466a6a57f4f340ce404dfcedaf3d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7f3b875486b4139a594bcb5f59317e6f

SHA1
c3ee95a71ad3eb0ff819a34671250d8555f0275e

SHA256
a1e4095d5cd86a6c675184d8b4a20e3aa35112ee5ef260072389039747aa6fe8

SHA512
e49cac22cdf679ac0c8f9bbc9b2ae85b58f1e1d361c158d770b57ddcf89b52855acf15ae6139abb2565feaf4121684a13e5ae765257842b5313a1590a2a4d1e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
49e698a62c8cc689d4626ca86fb0ebf1

SHA1
3c5a72faf737f6dbc0cb5a9eaddd2df3ff993667

SHA256
a8b9bc338edd25144ea1fa51ef41fb1af95fb2e59a964c78461191121231a02e

SHA512
a8553116f735bab5805e4457243002e31d3d5bd38326e97a0a2d1cf72f6c401222f7f21875fc8d128dd8113a74a20ceaa390f16f2897bb309f32d49519b0eecc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
052921e2ff8ce5eb9d391929614ebe15

SHA1
cf4b69675c6433fe5c5c833e8b39ad17ac9501d3

SHA256
06314010708ba705e8f4cddbd2eeefe5a93834742cbecc79c1cb0924dc71d608

SHA512
3398402e4c1d40ccf26fa1f392f16b4240638bf35f1423093c052a394126e51b234ca4e8cfc34b87bc97a4a6a53f430ae804dfc4d8c68522c78ccc0dc41520f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
960aa4663ab6f03b18b87cef971f52fe

SHA1
22e1b85a3c7e67d5ce7514191b13485b7b4b1e26

SHA256
dbc603de0ebebb4dd636fe1e94e53a6ac84c63d4445f6fea44bb7339fdb10965

SHA512
1a235b3dcfe6a1c5c2c63f12ce5842b6c7af43e7a1bb1115dab69f4c116da72db9aed4cad71e73405091cb7e75137363c707bda25abf9075341c1340bf805821

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
2fdadcc1391f30cb7e6649c3ee08ff80

SHA1
daa95eb0ff64be9114fcc29c14658f65ca0a8d4b

SHA256
161c933ed28e37b14b1458f698bf484794231e29a680d35d9cef0e16f9c93060

SHA512
3cf72015c0bb7f4763649261db7be12afa4ed1369d2dbb4c2fb6234708f43c04b4f0312709feb3b98afbcfb09be4d934d380e9e3d6a1f558ac858223de9aa129

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5eb71ef6abdf372ddebce01f1ef805a9

SHA1
061770a58fcc5b3502200a6da5d2f54501907659

SHA256
80689f149d2b17583cb7064e9b3ec9bc71808e882ccf5bd2c3650505f38ca08d

SHA512
55f39d220ed1ec890eac2a21ab51d1e157acae24f9f720bed74a749510513f44f6a3cc00f18cdafe1ae35bb5b1511b8d58135f6fb1171d76761461d20889e30c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\f6b03e12-2cd5-4d97-b218-3074815a3ca0.tmp

Filesize
520B

MD5
ee234c574d79ff8c05da92b53be20327

SHA1
7577084244a53fa3535eafebd692e7dfe447b74d

SHA256
a3d191246a8d3badf9c92d8bb5704da976a806ccb48157c4286623d0db9045e7

SHA512
7ca97889cb4da509dd21a27d729768a5ceaa46bd99553bf930e7e0d5efb3c9a1a3d16caeb43de8f0191f30debe23f2ae1041de80c261fa8583f43aec08ac25dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a8aad6e0527c32eac501a536bea85337

SHA1
6145f3c8090f4889d34c8cc7b6ec985adb825b27

SHA256
299eca979d0706d98f6772f9881b5541cc01142e2df638bacab26192fbc56978

SHA512
37b6257bd7c41ccaebedac0897ab3dfd90e48937355526806ce529f0c6d8281a74df9226b8ccaea5516d70d0c07b57beae01116097165f81bcc62999234d2067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c9c0b58d0409db61fa3ce15b787281c0

SHA1
c021f32085e61af5d8c6b8cc7b6e1840f9e3eec0

SHA256
94fb3844e6321fd25df738d08dfa8937dcb1a2d24d6fe69d15695f67c1b88778

SHA512
6ff7c83cd9ce37a5e6f10ca598ebda9b40712de60dc3cc9d9939f22e785a7a834ff43278d7cf36892f5c9af613ec586883d762c328e014619687f6f4386d4d9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b5ab14dcaaa47a17ad41d1eb4c1a0c33

SHA1
779096dfd70498513af23c46e203eb40485ac882

SHA256
5150308d085ee1fe307a7ef25a3b4bef24968b33667528d0f07e163a475d53f1

SHA512
60ea1146cfc52c2c254fc25164909c8e7794f6a75ff80ae80db26e3483f192020c1b618385878d04ebf83094bf5e760a257dd06f5be720566f1d5ab0085afae6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4b194d1f9c71dfcafb9d351f7e786d95

SHA1
ff1097abeacc862c47ca15b54e280de69a317410

SHA256
e89c0bf34bd21340a666b4316822e09208220588eee3139862cf26290e01c064

SHA512
42d7541d66764bc59981d40d0da48f115db5169998390aa5e6d464f563c530dd1f1ed50189ddf776a53594589f7520703ba4a03239325928fcb79f6743053b36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
af6c5318b02ad4ce2f2aa69abc96fa83

SHA1
c791aa822bafd64e9491fe822230af4118922220

SHA256
a5c01f51645f91eb4a185e120f2fee1d9e41b86235e9bb1794af3c54783098ba

SHA512
41dc8ade55128ca2c85e8be4e5bd661f8d19c793d124f1d228b6d4324018aced9a6e91c44065f563d0618466598399244cfdeee2342d96fe7d1ea523fdc9780a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
83b5e8b013ef4d39589322e4836cf096

SHA1
f49579fb751b305f6d6de8f9dc41a67a21af0086

SHA256
b554a7424c12df9a975c274131dba86de53e70e52a37b2e8469030d290d0b7b0

SHA512
e5954e50f61c74ecc79c160912e5515ae7c8a137778e339a6f0b815d8db467aee03381fa9d06c0142ff833cc76f74fe47c403415222d58425c289f7f52a71cd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
152f6431f6c0154ee07239fc9459cc30

SHA1
579c2c5497e1e435b1003afa2bac1a80231b8bf3

SHA256
15e08075eb37abbe0c5954fc870fd6b2751bff837febc95f974435352f0e5ac3

SHA512
c3e258420c0a4c63219c1c1fc1d4ada3763d7f1d6a12372db29da245448bf8a072d4986ad3076f3257572f010476de6359c6f3b3cb82a68e6b587a14185d9196

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9202a653d825f03fefb15731496fbf2e

SHA1
2656f5d2cb734a3e16e7a44e0820157a5d954793

SHA256
551d93d99882c1b4ada7fb6fcb35e220ed8f4d59aa21ac245d8370ae97e30445

SHA512
a04dd573b181977c880dec95c544280cb0f977508028e66a86da0a2823716d4f2eb11d2abafc6be8ff8f7b2bdf3fa4fbfcf85151cacb3eef88c067a685cfaac1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5d84f29c6df3053fe582eea379d815df

SHA1
b4d25509ed787c63e229489a4656b0441b2bd94c

SHA256
bde5555c4e94028b8c02c462ee1eb7d6d8741f2cd7d93e1de3f20a8da541aa8d

SHA512
6ce328273d12f794301d4c6853ee96ad4d1ac0be434d434fe4abbe2ee590c9281bfb08f03b7e71c728971cc99b30bd9dbc415f3d3d0d67eda52b4266d72a3fa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
4d0e2601872824afd1af07115e3589d2

SHA1
a06e008b8fb93c6bbf00c50e37fafe7f6c88dabe

SHA256
d5d9c192f48c200461d4883250073595f226fae0f697cca48aa404002c990a6e

SHA512
0f3af59ea190de1c68a6d12d7a32ff215272d8d2b0eeca8ad59b1cba2c788f899e3d6ba6ba1c59ef8fd592cc62531c9c003dfdb57ddae5b212de3a2b8552c238

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
2174dba2f9019a27d79ef13165a45515

SHA1
19c731a5defa48321e8773411dbbfd9200da2e28

SHA256
b1d1bfdb40ae7d3c4a0b65087fee886afc95d15f0d07b634977ffa93f021d66c

SHA512
d58c431cd49abd1bfd2f43c0166d3fd43f3e0e16a26d0beb5cd4c01bcd4b6941ca5bca7a75d58c998af79b936a8071bca199de167b6d19d5173dde0551ff567d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
fc9e5c29451f1e8fb4a792872b0ea7da

SHA1
b6a83074d3892d52b298b982335de5ed64bf91a8

SHA256
f3245a669c368c5198c9ede7141c8829abaae4f2dcfb8ba5cf293cfc5a597d5f

SHA512
02331cfce21b686ea86b981ff7c08cbfeda2c275a9688c15e048f10dc57e6baead7630e33eea15e966d91f9d73c260ecef4ad8abb35a968b3d10d786b98f8171

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
b421b6c3d3f78945be9899ac42ccf245

SHA1
07f077ef4ade3acc19fc6ee9e25a877a8f222d07

SHA256
0e14d250530ddc1305b2dbaa47be6daa3039a7837195aa49271e4f835e74334f

SHA512
b3a33778f892f863a25fc6d9c1dfe8af97df8a923d410853fea791272e70f7f329fd0b81636220fb2765840e3a8a8c9c8865da726a387a41fb1c8dda82f7b5d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
815b3ea3aaa99029277884cb56914796

SHA1
83851c9f3ec598071d7029dbe0479eec40db23ac

SHA256
adcea83680c9a270a334c9a0db1d40417c27a43fe8459a8289b8687ef86586ba

SHA512
53876d7b2919a84e91bfe106b31c0f29f4868435cc43351032b59b1105a6530d1e24428b834b20854ee26eed396f507ed36a9664b84240dc5a9366ace683facc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
81c4e12c607a6be6423906ff411149d1

SHA1
babe9166da9f4b1e9d6438147e777ee1b611ce3d

SHA256
9d5f60f1cff6090f19d8b93f50728d3848368e58625d79d47e8b873e074b257b

SHA512
fa7f2dce41a249a00366bd537b05d323b8b77a277fe5e493b339fd2fc2d76b9d8a2b4f8cc81f158f44491058c906b33d78d8def3c58e3aa97d06f18a33da7c02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
b9067e829fce3af6749458a31a7d7837

SHA1
cbd91c49cc528c07f20206586f2760d374735896

SHA256
a8150fe54969af0274cb6aee1867196fbd38464044aae711f92830c5c6fdad12

SHA512
81393fc1613457d8a5eb5fc20e2c66f0f811e0b6d1040a01f21a8fe4407aff5fb528cac15ebffa59cbd5a786f87d0c9b45da213ee75d496c5da8b1bd100ccf64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
ae59e7f9a4eaecf0fd48924893479284

SHA1
06669f1dd4bbb19d0169d38aab329d07eb8ab6fe

SHA256
e6594d6c8446c7918dcc194577e646295e9b7bcfabac0ccc6d4302ec74193183

SHA512
cfd40ba4f725e8ee071aa506702e068de7a13621d64f18e99be47aff3cae14229e001c3a099ce34ff6f7b1b5d7a85a9c4eb0e7339b855ab071a02df5764b43f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
6ffb98a07c07a56bc3fbd280fbe29082

SHA1
4839539da12b3fe2fa62d4dff43b251eef7c6ca8

SHA256
33f1a9b772583e6ded0737e8826107db9024552dd396f691a36a8b8e5c1315f5

SHA512
18b1dffb713922529011c75107f3cbf54e6bbd3d054b818cc5f0115c3839f15030edaace675f78f1b548d44c71b130b5d48efc7795dcf40a40628c290f59c4ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
7a0cb9060b529679d8b24a5920b86d75

SHA1
3093ec5d5a01b2b363dc8ace87663435f7b4f2ba

SHA256
013e9330e6dd644561fd62951fb434823de1bdd0505733908ab63120abdf12e0

SHA512
d65674068f739b616de794d8c283c05c8f861f3c95cb8ccbc4e6b752793257d3a4a41cf6ad8670bdee448e620e98060ee19958962946edb7cd9620a4fabbd651

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
01e22fce1a2b1eea6424dd06d70f20c8

SHA1
6806a234343b6eb1f046ed3cde5f90854164a255

SHA256
b86db417259d2217e1b94a8b11d5997a52207c6f087dedd49fccaaa56de689f6

SHA512
abce370cd02ac8fc5f6968bb05653fdf3149044ebab6ebbf0e3a3694f7f71318f550e60cd05819fcf7c6ce0b57992825cdd5d90411ef7c11f3154906a48ee540

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
fdbaab82bbe0a295ed139eb8d7355238

SHA1
0121e8640891f7a6e9b2e5f293e46c9186deb820

SHA256
d7f71723ad133918edd7601f543b12295bbed9a4ef8682c7d9297c697346e89d

SHA512
f0507c1c8db2fe8945e56a26a879b64d9c3512ae0d6b1baed981f3b9c8cb9d4ce42985d2b5f52e2b6f16779fe360c10218937775e4ad92c7edd6f8daba6b36b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0ccc5f76-f63a-4099-b33d-edb09525584d\d3247946ffd64e5f_0

Filesize
2KB

MD5
4cc9398a8c6e4b483c064fa2468b08b9

SHA1
9064fb5b2dfed41cf04ed522b245cc5793997e96

SHA256
27aea450dd939e074ed5ad342455de8f923bab3c9c32de0060c120a2c8145f31

SHA512
4a6a95e583244b0967b5794884483651854aee6280785a149cd36699cc7104ae2c5108ebe9362433df7fa9b88439d2a7a043e73e9388c0b997e2059fccb4cffc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0ccc5f76-f63a-4099-b33d-edb09525584d\index-dir\the-real-index

Filesize
624B

MD5
90ce5b1e322a4ec0628fdd3804c5eaa1

SHA1
ea360809ac7f6470f2f5e7cea7723c0fb483f888

SHA256
ea09db87bea7dbf2dfdd377ed93099ab62bfa0e7801fab622a57a3de7d2d0ff6

SHA512
b85836b4a0e874183403c0186db206203a099a14b191db249e1dd7f68d9c258e5022250d4615b2e61ca798c39d7abf26a0d3755012410e06ebe3ac0e9e674245

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0ccc5f76-f63a-4099-b33d-edb09525584d\index-dir\the-real-index~RFe59b31a.TMP

Filesize
48B

MD5
89b165868b01e87c6b36062b58953f86

SHA1
fbee86870842483704f5a4b202f182d27866c26d

SHA256
faa54f563fd7e6de81d060c74cb06be12b907c1ceca306986e0cb68278da79ce

SHA512
747bac04707bcc6bd3c3943fe44a2cfc56888b17636db66013391b79345daafaa85c3e675896684d8cb497b9f65f9b66cd3bf9afda8c5eb79367e3162414834b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\25e5744a-249d-458a-a0f3-ebd0189a0210\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\25e5744a-249d-458a-a0f3-ebd0189a0210\index-dir\the-real-index

Filesize
2KB

MD5
b34c53dbf0645994d9de78aa8309c9df

SHA1
36dd52fa685b2d728965dcec9f66adb16ea52955

SHA256
6187ffd87bd5d5857b84c60a0d2062b5efb6690626f227709f816c0d533f47d6

SHA512
7f49919f612394d1662f3292484636ebff03a3d624b0086bc4cb6da7ca5a9428ce2a7cf04bd681ad78d86c8bbcc02b80ff19e0065d77b95bd61f52db3bf8c63c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\25e5744a-249d-458a-a0f3-ebd0189a0210\index-dir\the-real-index

Filesize
2KB

MD5
81b799f4d63d0929a903ea2bce7d6147

SHA1
ada5a890d80ebb8a26fb86192603e75ad8f63a5e

SHA256
2c1b6f7f60bf88c9bcc9b27bbe23636d6f7d86cfa58de01afcea6f6cbf5deec1

SHA512
1d453fcb4dba6aaf9e4a7fd493ac6572171105b9717e3468fe1fb61d4c2365017c33b3d4b7cbdd07bf7840ede1d44c311e014e1546b4c820d2e7bcc0781315ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\25e5744a-249d-458a-a0f3-ebd0189a0210\index-dir\the-real-index~RFe595625.TMP

Filesize
48B

MD5
ca732231fcd47706cece9e95fed99cf9

SHA1
060ef5ef53ab6ee4d161b960491052927739f399

SHA256
4db3668f1f14e17ad048a8366ba5475be54bd221eaa0f9012b0bfe06cadfbd80

SHA512
0dff5da376de4dfcb51416c3ead8f660496c5c0e824a1b977485dbc6c16c3ea1e72f0c7459834eaf2d64ec6392066afe2f3ef6d2866f86aeddd3fffeb2310b3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
0fe3fb31b6295799571832cd7a030a32

SHA1
142476631365a176f9bca32a84250e186b98fd39

SHA256
bb554f0e1e8842b3ddb576ac8fa787e95a4031084e8d7580a3595a70310f67a7

SHA512
7dd394b6ce147b1c74f7d93ff8c61f3cc80ad91d8b943a30afd52d97065ceb967488f786215e8205572b1b674fbb5a7a7b3b98c8063964b1610142e6d9a70c48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
3a21c077a30877c7511bf28405f54972

SHA1
7e7d7d52c40fc889ede7f1642414ce2cb3ef068c

SHA256
00034e9970fbe45e88921cbab5e9c0a4219fb95e2c43de665426aa1301b2e308

SHA512
8d8fa36153923730699f94b4c6108fd7c20990e27aabc481b54dbb90776ef87baa3bcec791a77d1368f234b3ca04c6225a89063c4149eef61c64764292a9177e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
247B

MD5
c5adefd70e50fe4fa92580c36e8e4a2e

SHA1
c526078ef504e29a707c019d6caa7d36f674dd50

SHA256
b6ab13b8e9d2d4ea0929adc27653ace668aa653a9e32e442f1b3acc39bb93b74

SHA512
f3956a84324468505581bbcfe56ad9f8752d46710b8ad821c6584ffc0ef02aebd0c9d1dbafee7478d41ce85573c735c9e4d99c913abf074f1284d1d55c3079c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
7949f18f301235fe0d241973b104d8fd

SHA1
1d6c3105b5b06ca6f37a77e60a5e2519adf52a27

SHA256
19f4e3e6de789ab562184a257c685edf613a66a636786b32a8f01c2021e31a8b

SHA512
a18360c5f7efafc5c0d5b885887cbbe06563c2322d17663f13d1606421e64aa3ef900185e4a1f5970c1d51e23f8d0bd36a18b98f56b28edd9802d6cf65204592

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
80e35f213389e8919b78db0ad78565e7

SHA1
05a3480739229e21c85c3c34b3635124c0b38e98

SHA256
3d015bf8fc12892f17c7a711f76e58cf753170c97ebd8431bb21dd7c00a19878

SHA512
551fad4f30dc861d4c4b0007d75eaebe50297a6ba9aabb9aabcfea2528c3241bca213be2477a794c2c69a586fcd84cae3e6e4fbfc2514d02695f6350bf2109f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
eb61a0c9d42af8761245d303d23e2a8b

SHA1
0136c77a834e10934a9375c92bae45568892bc3b

SHA256
43f7a6fae4624f6178191cfad42d22146d7fb249cd3c8484df7b5822616ab236

SHA512
614c7527447fb20d6e62ef47f12a5eb5f5e7604c1f8c2849f8fa76a30d0b3563e8714b1149bbcb7a07ce02ebbb289427c7233dc772ece011528541211712a0e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
d4bde3f7e17d67186d4f97fe343a22ac

SHA1
cc76c7540c8f3ae52a15044e254d28f77f0a45b7

SHA256
99152db5585436eb5b5ee553ecf61f2fbcb317b5c293fa6dca54b51866d06b6b

SHA512
f0db4866073831bc5b0bbcc88163f6f4acdef3dca85a4702959ca0f17e330d28e206e3a87d433f70af461be64491f3c9f0e0f34ee523ae50ff69b3befb7a1cd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe594637.TMP

Filesize
119B

MD5
6ee5bb62f68a10ed56bc931a2e1e7e50

SHA1
c6963c598a9aad671727a4ea7ee52423f26e8a74

SHA256
2b15682f9efdcd817eb429999e87c61236c3f29708de6b50b57b7a109fc4f694

SHA512
4ec47bb518c68353e0021cfb8176107a70c31ea4f977e34b8b98ee5076ab4f6bc167b801c6974bcce0ba580a20e4d052d4383b3ec89e17ae0e690e1eae42d1d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\67a473248953641b_0

Filesize
16KB

MD5
bb6f1a856f3542011e344d80e1cdb931

SHA1
25034d9631c4c118e9f4407825be3ebbb89c43d1

SHA256
df6b2ee7d14fcacfd51e25dd0dd49a19014e87e621408e41352d3b8511dc7b7a

SHA512
0624496223ef694fc8b9ac29d156ad9da1152754e8577a31c1cb95db112f93fc465dbd04ee02955692c3eaf6fb599589d2100e92ba1ec3fa35fabec3c895a3b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\67a473248953641b_1

Filesize
11KB

MD5
291be86e3c33ff6396dcb2905a421d7f

SHA1
00af4fdb03b71f72e324e89ae3c1c9d6c2eaf8aa

SHA256
8a364d501594734b4e47cb8e7893922b6ba7421ab01be4170c8be4241ad1d157

SHA512
cba66a6dd4ca034417fbf09f5e920ef949a2f07e01f1f4fd1d8f709318b1cc32da17c22c108c5c89902493ae66739ffd678417e8a8a97fa242fc6e6b3acb4bf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\fa813c9ad67834ac_0

Filesize
163KB

MD5
5dfbfe37364ab7f6fda1f64ea028eb5f

SHA1
8ccf896822883b2f2adc1f4036776124b4b0ea6b

SHA256
ce78fa8c55114409bddfc50721f92956a5633acc3b7dcd3128e9fa9b0b79805c

SHA512
b8e2e48f62e21e9eeb7defc2c96bbf9880870fa2348286c5a6ad3fbabb9934970836d6aa51ded4e781fd22240cd9e84e31942888adac717034c9886458312a0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\fa813c9ad67834ac_1

Filesize
425KB

MD5
0fd93418befc9c8ef7fcc49503a7b3b5

SHA1
ed4747b9b99040eb4fd00c177dfa6220f01c3b37

SHA256
5e6e950aec258e1ae83f89110816fd3aa5f1c6d73f48be50612c4cbd3941ab59

SHA512
4e31ae01a58ac3163dbd45249ce8a039b11feadb40b2857f025aab144274be62fc2774557a0a2e60d3a2a101d0bbb6b2ad9fab5d2640451012884d700588d0e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
6a3e637bec9f93583f0943b45499ef48

SHA1
24290b1ee4e2d443b25de6ed51e4195c1b78718f

SHA256
a6937abee3a89f8961f0a2a5d40330184114261c7e19205abf9605b74dd10662

SHA512
2fdcc37a0089a1d43b4f6f1a01ee89ba4007f60b1cc13bba272c0496c152714333063756e676bf333f4ca5476e6ad8bc3118836aa0b41d1219c01baa2f579342

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
8339f61401537eb9a7508b35bf0d321b

SHA1
e7a3aed389e0ade17e5055534c9b796719968b6a

SHA256
f9c6823acc3e0719a35f7e7baf137bfa25f1cb136cf6c321c3edab5a876d43d6

SHA512
9c2ea447e167a56b6086efef49e8d5b2c8717c3f91d8a79c37d66c4f4fbb48e73d6ef55cc23e442f6694715e7dfe179b2d84aca1ddac3d13b95783a2ca984bde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2288_1692343198\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
206fd9669027c437a36fbf7d73657db7

SHA1
8dee68de4deac72e86bbb28b8e5a915df3b5f3a5

SHA256
0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18

SHA512
2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2288_1692343198\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
529a0ad2f85dff6370e98e206ecb6ef9

SHA1
7a4ff97f02962afeca94f1815168f41ba54b0691

SHA256
31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6

SHA512
d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
9ba270a82750ce9e9cfc4f8d629f024e

SHA1
3e6b4c2c885d591a66f5bf1ba33a35af6b0abeb3

SHA256
2f6e153a735d851879b13177f1ea3f6430ddbc676f1ddb6cbdddf2c52e54db24

SHA512
b770d4ffae3efb3054004d2d629ffe5d9e629c43321a58568705d71110a0173b30eebf8e33552cfe5503fe51d14bdf2666923715542deeac8ddf93eac16fd8fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
530a75433aac7256a9d51bc0d090dba4

SHA1
e1b72bfe4aa34068364e43861869751f0bd8ed1b

SHA256
4324e90508b9e6b6ddd41591090d8cb688d5eaf6cfcea06860705f8f37ad9850

SHA512
d0bb58a2976885b5b3375f1510b698ffc9f27a77d461cc09706d632acb1ffeff43ee58d24d30e1301a6c9952e509c535cff33844d48f488520d80b8f6d92c25d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
cc019c44640c8e3152ad4b7c9c096d16

SHA1
52656c20324f4d1f8e59494a6f9042507ea7ba71

SHA256
dc1a23a0a6d76308d5e2bb1f07c3a4531a3c0b585f22a30fba5795f16dc6346b

SHA512
c03808e333f57c7f0defa00fac0e6352dd214dd5d1a045dfa66fbac34ac3b943d7e220388813369f7934c8e4c0e4dc58630b6813a0dcbfef7277e4f54455b201

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
f96e93b1f556ee1b9780fa69ca511ba9

SHA1
fb58f9f95129c7835f99bfa3f6217813e6fe86ee

SHA256
d37366cb89c79b309bf219e35098513a31de489f1d52cb3cc6a78cf5baccceeb

SHA512
5c0355a0581f7323e732be61dade3cd5234bb39f830e844d422795a7b53016c7d7d690514442fa29b2075bd99300bf29f165f0cd7f6de39e6d772c097e2b3101

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
dbcc5d2462078bdb95b2f206111e0554

SHA1
02925107f8e87e6d1814748ce9f9e9230ff06ab2

SHA256
05e5a3b8aa651a7fb027d6128ab9b565013870ad387c1a4a970a9841d9d8fd7a

SHA512
336b0711902a3f668b559e637e3f269dd4faacd4dd166fe8b4a87ad1d01e77e74755c62c0c44281b8ddee2314e445ee20d8a5a17cfbc1a82f415bae1ce43ba94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
e3525b1a415b6d7d82fd7cfd5fb94125

SHA1
c8dd96244030ccaf8189580568b39812d5fbf7da

SHA256
ab260dee6b8ee86d2617fb0a744d47fb7e31f6b1ec770e2532abec42a1202c70

SHA512
375809490e11bd0f5159fae4f5aa0bc2469729452c3a648922ccc64609913a1964bf4d2df381186095ef8f8f62631c34106d9f34f1d11a4fd1af98ca84c69c9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
b97263b38c6f81ee5df1e56bfa65f0a5

SHA1
c798bc769ef1f73494d7d4a3a6500f8d8663bb92

SHA256
601485ed70575f25167717ccaa47a7ae03a666a7053f7ee4e0f018f0823d0536

SHA512
88421c0430b26ec3242f5bfb726185bbf5148acbc4d1b4946af6c190aec67fc213fc65c090f0b8a6d219af88c60ab04be09e46262d6fed1a89fe48b9ed1c7c27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
b376714c3fc74cd7f27418597719275c

SHA1
297dde214080d212a1e061ef6c17b159131150b6

SHA256
9bbd98d8333012961df4a9ddf27d79ce754b7805ca25e60c214cfb01e561100e

SHA512
721b83bef72460999d4013630881df8e36b22e17e7b9c795bc6ec36bd79672815af77dfa3676b6b789f512980ec3977b6722fb0287afcbbdfa363a48c634c9b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
1a14b8e40ef186e61ca38cc958ee714e

SHA1
f8808c1383efebd5c92b4e80f3c2c2b95c450880

SHA256
4f1d2bf36735f182693b9e3ce921f7742322bf5af8dc37acc53f494d4ee5ed4c

SHA512
6010bcfc4c345e18a5094f4d95b6d1cdcb2eae61851fad247d1f3dafa141ab6c3ca07cc6a348b4a6b955fa7d532be8f2bb708b1c6f8dba8b4520c4016adc1dab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
f7beb6e2f5a2cf7c98b65e074b54ab51

SHA1
b603541470406a9972288c98f68de3853809e677

SHA256
525c9ac6bfc905bff6bcbdf2eb1068133d5d9ad9ddf340efb09164763d74c6b5

SHA512
f1ee2d540b3fb9917a1e398c1214d8ffaaacd16bdb72a69c48f1c8da43c2349f025e1e4195394c7fe9a3ea66cd47b8ff2d6849683f985831b8f21879f5c8493a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
713355d2e7d6e54867131f91c3041b3f

SHA1
40be4f17ef2aff34cd24bc163ab75f1bd891e51a

SHA256
b47bbb153d6afcfdf5904c2caaf316e4abfab1dee3181d86c56a27f706e4c057

SHA512
4ceaba9d208affea62951aeea1ed066a24d57ac1991968e043d955d9e7ea4e34d874390dbb25c9835f5eab58ad927b9eb73d4a22fef73e938a7aab68a1193fcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d29c44d074d1f47d5a1149ba2c64ffcf

SHA1
1e120d39a0d217269186da497fbc6a18f7c119fd

SHA256
3ddc5f3e21cd0021d66d5052737a2d0c41da78f575d45f8c84821f54193d7aaf

SHA512
6b52d52d2cce292ff990d4579d82eb4110fdd80c1a62ba09eb7cebf275552fea2967e3a8d6fea6b3a201e5e12eaa86ba58da08c064549793238c31bd042c3f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8bdf30f0555af532965749270a740ee9

SHA1
c8b844db04f286b848558d2f65459707b152807b

SHA256
073f06ed42e9dda69ce21793b5a3791529bc678348fdebd9f136f740371c0430

SHA512
47351c69ea10bb39b50a7f442784a66c5ca0a32f8a32facf0a3023f105556241b80975ea93a86778933436b55c36189b8dd78ef5b47047669a6e3699d4313ba2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fc8066104c586958e2e1b032d1cd0363

SHA1
dabdba3f058c2947c0a0758fc7592f3a26dd5d13

SHA256
4f790b74d69a8a6dba400aa85d0f948eb14d442fa83ba73c62666ef52e44bf49

SHA512
b96ef78b82bb605e7b4f6298dbb0c34d85bb9d77b905884ce035e74960a10c579ec32cc66a3cf6a4e86725a93d299342d005c43810c833ae3d9141b4e4978406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
889732afc3a8a2f6ad98b7288841221a

SHA1
f0529a03d2813774d1f8f521e93686c9178051cc

SHA256
6c8b04d6c4929c3fd22724e701e898b07139d07a7fee704f9236c12d36236419

SHA512
538fd10439a52032b2c0c74e77ec8c95c1e365af693cfd2548d7f2d1f839a4f89edae8b7793356a4bd17cad7011cdf472a2c5a2ad319a2f2b614d9c9e687651f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
aa1086cb7f07f601a0251519c82226a1

SHA1
0da11c4dcf398f3ec15ddb57a69bcb29b3307618

SHA256
cc177a7cb9b8efb838cd47aa289957fa2c0b83574a0996ee21b386d003d6579a

SHA512
d62bb2284567e54061e3338742809341215c53a674906b8b55aa5a863f6a0360e7d79d612c4a4a46e26a2294cde8fe74067fd5b8d14ad5eee4b07fe2e82d8cdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9e690960cad5162e5b230f4826bb6591

SHA1
96619a79101bc87b6daa71e805baaadb1a3a21df

SHA256
45a19ad26f7e38a73474f85251db6ccebbb18ffce95ea112767b122c792332a4

SHA512
43207d7bf8a1457dd3a293f05996f3eea5a858d28d3dc7f7e8f526efd4c77d6b85388a810cde0c3a4da4cc15ccffcd46fb61b9f41d24ff451d35d55297a9227b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\23316\Offset.com

Filesize
2KB

MD5
1b26d67a59b3b50706e967c75662c503

SHA1
3ce4ad4dbd03e96dd599d8a92e0d74780315f8c4

SHA256
b199d2a5e8ee416367be44823b9f51e9b5d8a2a4ed679407f4f63b4247b13fd1

SHA512
4eea6192018b59b71a77ecf4374229f6e822936879b1615b01d44466ab62627b138e84ada97f5d6252c6491706b99b9f49d56525471fa602f1b16b8b50704093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\23316\Offset.com

Filesize
925KB

MD5
62d09f076e6e0240548c2f837536a46a

SHA1
26bdbc63af8abae9a8fb6ec0913a307ef6614cf2

SHA256
1300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49

SHA512
32de0d8bb57f3d3eb01d16950b07176866c7fb2e737d9811f61f7be6606a6a38a5fc5d4d2ae54a190636409b2a7943abca292d6cefaa89df1fc474a1312c695f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\23316\t

Filesize
477KB

MD5
1d589e7906bd628c2f3ba8c214fd571c

SHA1
20c412816cab93a1bc4f6d488f76f20ea70d5ac3

SHA256
02858784efed79443c4ed459900ed6225a36bab12d96ec4b7f4794f09157c405

SHA512
9c46133e04ac35c81a6ef9296911dcbbc87252c35441d15eb2921db71c01c2506936299aa0b749b5104abc12943e6ba1ece008f274eb767da2ac82cc40eee5fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Accurate

Filesize
87KB

MD5
65cc5d89e908b585fa393035866a4df8

SHA1
478574223d9c53ac2e0f5075179bcd4e9474ed18

SHA256
db11816db1910f5c2b70e14e644dac9c0ad9ff2b94a6f8c7284d9447a5f1971c

SHA512
b7cd567c139656a0116a6da4f5ef6dff5cd3335e64a7df7fc2475d2ab53436815aeac61842f3a450b4efb08ba55ad07401848256d35858456623170a45962f25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Automation

Filesize
2KB

MD5
8a2600ac378174d903edeed4e7e11cc7

SHA1
0daf87080bc36495d34bf4a582c3b0a3f53d9780

SHA256
a47be4049e29ce51b9e9c3acd96c77e31af69a342a32f75fce9e798b3ea9a8bf

SHA512
35058df8281e8a330765bcb0ff3c1cf27177495f2ddcd87417ad72fa46c81399ae2a220da30a6c4837bfe6a8b2edb114e320bad15ef716ab944175f50a9d481f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Bomb

Filesize
41KB

MD5
88e09304b1d5e060578ddf3b055eff0a

SHA1
85e72a67b6d3b2a356b53257564a9408fe89ff00

SHA256
a51eab36171c5b189eed48294bdac8266cad9aa408d017264504e75834d6e7b6

SHA512
58c570cd0be201889592464fb8c35da9868ec82af77f093b8526ed082a5bf9ebd62e67e7f4e961b204c46aa49d017717291176e9e06df61727b2fa02dc3b2fd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Devel

Filesize
79KB

MD5
ad6dc27433645100935c1b2e23e8d2d1

SHA1
7c73c6de085e1ad0eb13eaab6646b266f0f97646

SHA256
f7e8614dc5d6427e8ff63d2d67a7a1625c2cf07884382e8058520c84fcfac33b

SHA512
d7dc84a0122c486750ab8ccfe6db6929caa822cfbc758853a4fba24566f836c525e701ee80d648f44da94805faf01fe34dc76e75da78be29cef300d6d6af4307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\End

Filesize
110KB

MD5
c58be8e554bb589cc90c36f8f6f0fab1

SHA1
92a5869c2b5f1e2dcf219467bc482d45e6779e85

SHA256
e621e793c47e8d0f6ed18073c49c9821ed040926fd3ca3548549e296aa6d1046

SHA512
be5388aa1401dadef6a0336fb86d31fd9f7b4bc44df255df38752335ac59d190ff9089f03a1a494c5af3d573bbe937ae4912a9b2aa36d1d3e842fa6179c2db67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Feat

Filesize
70KB

MD5
f70a792770c338f1ade0ab8fbb5ee65f

SHA1
a6d53e66c17b7031971e2a2b804b177260f1d5b8

SHA256
564bfd7b81f07dec75f64e6c110c0de72d329677420eb7aa041eb4696faab83e

SHA512
7ea78f28f0c17f58b9ca35f1bee335cf50b1675136680a982f4e25ee9808aacf6a56cf62ff7bdd748d22ad0136dddb205adcfd581f1e93ae36625d9dfb31c92e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Hospitals

Filesize
106KB

MD5
d583715d3061a704eb6670639f41c64f

SHA1
3ebb37fc92905ef6e16bf8382bc1d33be6e4a33b

SHA256
a48a0c0d3bc4f00d804a851b248c3535f2b6aa9a6863a275b02f6544c33aadd3

SHA512
c98f12f5977badb347c48f523f17f90304eee90d6692d8b6beb53e440a739404dfb037f1ca689394e841bfc908d4892202d18b572b0399e8949e24c0e81cb0d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Kings

Filesize
116KB

MD5
afa6532c897e80eaf2c2c4109b2d7471

SHA1
729abdf584c50eaf606c6a91059e42861ad332d7

SHA256
82ac33f2f2664e9dca836810aa977a652b3b484e8a0baec8c6154f4db38d7282

SHA512
5bc6b3c50d7b5a6b9fe663a3a5c480899b5d92974bac0d5ee855d35f64be0c9e9654aaeb36cbb3a0786378126c2723b3267d0ca89de1c167ce3c5f6156df6490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Laden

Filesize
51KB

MD5
e4f48673abdd1e06259533ff85014c4f

SHA1
e5e38d59bb051c4e45289615826c22013d22f827

SHA256
b9f802f62678d9652cfdb8c6d59586ce5bc0ecd8da708cff1720218512b80d88

SHA512
071a1a0489e4cd1da0ccd580b76a70ebeb74ac04618926fe58cd7ff4e687a13c2d630f277934a522a91fd4e38bb443f8bf91f8194625e67c53fa78bbdff30015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Locations

Filesize
92KB

MD5
3815e4fde11f477450a57849d355e740

SHA1
9c0a1b59213496b8090176685e88307d823085c0

SHA256
7fac1b193f7b77df68a48f97df4c5d2906479832624ec6e0e24023f41cc5d468

SHA512
c909c3a13f77ea9b042f5a1e6a4216ed41cd56d6d20c7b765acd3435296d6834d4e4ead65e340d0089efc0281dd8472fdefba8b05ae6bcc8eb3eab271f5c5504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Marking

Filesize
22KB

MD5
42b96f012a94e467cfe1ebeb0b30f063

SHA1
2fe1dad4d467eddf06f18b99bcd859dfeb95cb5b

SHA256
dc98abd02ce96a0357f641878f928a1a9f7a8104b953beed16b909b0ee3199b1

SHA512
56445819a93b9c1c69d5662d613b5881222374b33f1ad7cbfd393579013601f4bc430353120cdc6ddefb40a0378500ab46185505ad43199ab34eff2a9bab6b83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Not

Filesize
123KB

MD5
1aeb4cc5e8dc607f33019b15d938e0ac

SHA1
68c4e56fc0ef23d05102c43cbb6b1de287cfc70a

SHA256
fdb8dfdbcb2b8a7b1d8668dee0ed343074e4486e5c1b5a888e9f9d55115b940c

SHA512
f5970221a702f667a7d45182f7e1275ca0947ff07152238d65c6857446a5b5d5732daaa35350f30374775d21d03745a931422487c333606639efad4aa2baaea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Performances

Filesize
77KB

MD5
0b8b78522bee87fecc57f04e9dcaecec

SHA1
691403f486f612338bc4ef99bd480e9792d72a14

SHA256
f5bef22ca941a6f3e9006e8c45d83bfc334c0356a3c54ac39e4d745ee2727463

SHA512
3179e72a1cf410afd7b633d54abe76b6bef447d2ddd1fbd676e351a12c095b4bfb077acae413043777962bb36729b175ae1ed6c829e2b844d396c6f35623c49b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Permission

Filesize
55KB

MD5
4dd1cdb741912a2f6b6939ee16e9b167

SHA1
5bf8c72020c088715645b9f9923100497e1b348f

SHA256
6fa043b8d86bf59d94a2ef10b1d3c6ba38e36c045cf429a5c8329cd814f12403

SHA512
a634d0f87b8ad6f1fc9148006b434e00e61dfff1c76959dab8857139eb114c7e112b125434a5fba2657fccfcadfcaa69a60c238592c65950a94178800cc0643a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Posts

Filesize
72KB

MD5
0ede46a2cf2ba60fba10f3c6fc512fb2

SHA1
9b4b8a7dd2abb20629f266595b6f8b08c2c096d2

SHA256
892d048175e19f7d223cf3f34e308a07c10161c3e9195d7ba4450f9da1393dde

SHA512
e254231d89cf798f4de08d4d0cab3be557dbf3ae01f5268efe62df49cba96ad3124225ba3f60c98a60918f55e7474f839ea4053473ddd12c61d202bfdac0d743

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Sciences

Filesize
478KB

MD5
f629e42ea6fe015d2bbdc308f2e7ddbc

SHA1
389db665fc1a8bfc694522def8f6714f66974d7f

SHA256
acdec32205112f3be05e6b3e64fc8404f465c713092f4495431eba89e265a289

SHA512
f2c7763569166d0a4b03ec44a35f9e1f821a92600ae1d4a430753dc3eeb8a091745bab87004972dc83b5401d1b651d0469c8a67faf0f95cc6ad4fc21f2633ed2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Sheets

Filesize
73KB

MD5
0beaf08851b130578eb1f7381ef21326

SHA1
4756f2c887d4c995c1d07db3a26965331e022667

SHA256
952d540196e3e3b49e4385facb19867008a381a14e20d732b040f0a2c743f8cd

SHA512
2a38d5eed285895660b6913c222b0ed8953516be3a6802eae662a7fee35832009ff2c66fdefccc8cf307de95f7bf41969a4488945945db23d1f5e91e07d86eea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Speak

Filesize
66KB

MD5
08e5d9c136e79fa5f9cf5b638f5ab58a

SHA1
43fd8b29bf14b8d14f68e9fcc6cbfbdfdfe2987b

SHA256
9388e6509ad6c1f1d6236e508425cfde660ea6a711996568e79f780d1055da74

SHA512
f583d5988ead48d9dbb8bc4b2add216dc8416a10d7a0fd65756ec09738dd14efa9088f44b4f9d718b1b26a91b3d1df75aa06a5cbfde98471b8d6088b65aa30f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Survive

Filesize
109KB

MD5
86d2e2f6e38e10d505ff89a5c11c7f24

SHA1
508af9da96c14a72bce9633bae586ade14bc7aa4

SHA256
0897c7ba4d631503566934f2f6938f2bc86921462d2fb03d8e370edcbfbe32c7

SHA512
1eb615d176be18c42c69014c2b39906e56b90c735d55a2231734188d9791dfd16f0068a87859232c2fa710e68f88b3ec5ba2e3802a1e7b374b78b85060247f14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Zambia

Filesize
72KB

MD5
90dffafdc3faf25fab067eaffbf6ed2b

SHA1
a214cf04f71f6f0617aa56c08f9322826767f7f7

SHA256
6d2261df767e06ab17abacd59ed42e6179c5929a483c1f99f7ab62fc80e9cd75

SHA512
115cbb56e8df5dc9862dd11447d3f2b76fcee639e4c25309e7ab1a7dbcdf0053a7582b3b2f9a883124eaa76ca130a30e8d14df25ea545e92ce7ccd102b1ca51e

Download Submit
C:\Users\Admin\AppData\Local\Temp\e72f1fa2-c269-4c54-9731-c2590ae00a8d.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2288_1501137834\5e14315f-e28f-461d-841a-776979bac8a4.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2288_1501137834\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
memory/4744-2566-0x00000000045D0000-0x000000000462B000-memory.dmp

Filesize
364KB

Download
memory/4744-2570-0x00000000045D0000-0x000000000462B000-memory.dmp

Filesize
364KB

Download
memory/4744-2569-0x00000000045D0000-0x000000000462B000-memory.dmp

Filesize
364KB

Download
memory/4744-2567-0x00000000045D0000-0x000000000462B000-memory.dmp

Filesize
364KB

Download
memory/4744-2568-0x00000000045D0000-0x000000000462B000-memory.dmp

Filesize
364KB

Download