vidar | hxxp://nzue6[.]update-online[.]cc/download

Analysis

max time kernel
358s
max time network
350s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29-01-2025 17:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://nzue6.update-online.cc/download

Score

10^/10

vidar discovery stealer

Malware Config

Extracted

Family

vidar

https://t.me/m08mbk

https://steamcommunity.com/profiles/76561199820567237

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0

Signatures

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Vidar family
vidar

Executes dropped EXE 1 IoCs

pid	Process
428	Document.pdf.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 428 set thread context of 4000	428	Document.pdf.exe	112

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AddInProcess32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Document.pdf.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133826453397349120"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3920	chrome.exe
3920	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
428	Document.pdf.exe
428	Document.pdf.exe
428	Document.pdf.exe
428	Document.pdf.exe
428	Document.pdf.exe
428	Document.pdf.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
2708	7zG.exe
3920	chrome.exe
3920	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3920 wrote to memory of 4680	3920	chrome.exe	82
PID 3920 wrote to memory of 4680	3920	chrome.exe	82
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 3224	3920	chrome.exe	83
PID 3920 wrote to memory of 2864	3920	chrome.exe	84
PID 3920 wrote to memory of 2864	3920	chrome.exe	84
PID 3920 wrote to memory of 4984	3920	chrome.exe	85
PID 3920 wrote to memory of 4984	3920	chrome.exe	85
PID 3920 wrote to memory of 4984	3920	chrome.exe	85
PID 3920 wrote to memory of 4984	3920	chrome.exe	85
PID 3920 wrote to memory of 4984	3920	chrome.exe	85
PID 3920 wrote to memory of 4984	3920	chrome.exe	85
PID 3920 wrote to memory of 4984	3920	chrome.exe	85
PID 3920 wrote to memory of 4984	3920	chrome.exe	85
PID 3920 wrote to memory of 4984	3920	chrome.exe	85
PID 3920 wrote to memory of 4984	3920	chrome.exe	85
PID 3920 wrote to memory of 4984	3920	chrome.exe	85
PID 3920 wrote to memory of 4984	3920	chrome.exe	85
PID 3920 wrote to memory of 4984	3920	chrome.exe	85
PID 3920 wrote to memory of 4984	3920	chrome.exe	85
PID 3920 wrote to memory of 4984	3920	chrome.exe	85
PID 3920 wrote to memory of 4984	3920	chrome.exe	85
PID 3920 wrote to memory of 4984	3920	chrome.exe	85
PID 3920 wrote to memory of 4984	3920	chrome.exe	85
PID 3920 wrote to memory of 4984	3920	chrome.exe	85
PID 3920 wrote to memory of 4984	3920	chrome.exe	85
PID 3920 wrote to memory of 4984	3920	chrome.exe	85
PID 3920 wrote to memory of 4984	3920	chrome.exe	85
PID 3920 wrote to memory of 4984	3920	chrome.exe	85
PID 3920 wrote to memory of 4984	3920	chrome.exe	85
PID 3920 wrote to memory of 4984	3920	chrome.exe	85
PID 3920 wrote to memory of 4984	3920	chrome.exe	85
PID 3920 wrote to memory of 4984	3920	chrome.exe	85
PID 3920 wrote to memory of 4984	3920	chrome.exe	85
PID 3920 wrote to memory of 4984	3920	chrome.exe	85
PID 3920 wrote to memory of 4984	3920	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://nzue6.update-online.cc/download
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdce02cc40,0x7ffdce02cc4c,0x7ffdce02cc58
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1992,i,17828166348200773468,5623621307472409980,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1776,i,17828166348200773468,5623621307472409980,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2052 /prefetch:3
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,17828166348200773468,5623621307472409980,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2264 /prefetch:8
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3052,i,17828166348200773468,5623621307472409980,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3068 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3064,i,17828166348200773468,5623621307472409980,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4844,i,17828166348200773468,5623621307472409980,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4992,i,17828166348200773468,5623621307472409980,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5364,i,17828166348200773468,5623621307472409980,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4440,i,17828166348200773468,5623621307472409980,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5188,i,17828166348200773468,5623621307472409980,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3512 /prefetch:8
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5560,i,17828166348200773468,5623621307472409980,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4028

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4976

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1392

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3464

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Invoice-4Rk1mIaaa1vC\" -spe -an -ai#7zMap21285:102:7zEvent29236
1⤵
- Suspicious use of FindShellTrayWindow
PID:2708

C:\Users\Admin\Downloads\Invoice-4Rk1mIaaa1vC\Document.pdf.exe
"C:\Users\Admin\Downloads\Invoice-4Rk1mIaaa1vC\Document.pdf.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:428
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
  2⤵
  PID:2968
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
381b431a416008db1c8e7ed6d693df21

SHA1
3c4d7c8a7bf120f1391e2e981eb4a0cd8cc1a9f5

SHA256
bec31f34eac5335bb06932465b1dd630b188d20181b56b25fd7a50225e8fffa8

SHA512
f9f2faaccce21d3daca134cd78d19e471733823ebc76311a547c27017c5e41cbe3d9da98d30dfaa996e112909e326eab540b448484aaa0aaf32d93be51e009cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
214KB

MD5
ba958dfa97ba4abe328dce19c50cd19c

SHA1
122405a9536dd824adcc446c3f0f3a971c94f1b1

SHA256
3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

SHA512
aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e35fa19eaa1d5fce0c0efaebfdfb872d

SHA1
b30f9c31601df9f7b37d0df2b403a77efc9e9422

SHA256
87d2bcfa3f93e12063cece5bbec8f1e834376ecf93a7b97d14a9851db2a6fc59

SHA512
b132ddb684efd9f96190a84912327b00a2d3d401c23f8a82df6b372ea3be0848e73dc756a9a4fd2228592b02a0fd8306e139617a09bba8ca1f58635f6ccd0f51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
9778640d4290588b54fb97aa16415cab

SHA1
3a2d5d00b0d6a956b7a9b11b89cbc5554af18aee

SHA256
4493c5e59841b2075437545695c97298aaa968a394628356c0b6a64ca57999cf

SHA512
2bb04f4f5243a11f28e682b09a4a9a3f8891e2b60b4b715ec8143545cfd15915f4889bca81efe9aaf719b61d2fe1ffa8a24d041c100f6e09c280c2b5d46d9bd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3990ac00d08e820aa08302ccd9969ac9

SHA1
9ff51dfef678c7a686c4d90f1caaa8270e81febf

SHA256
4d5fae8645d8c01009c0724e01b63a1570ad58a2c3373bc0bef6ec1e53d38f08

SHA512
9123cf917b9d2ab80b50d0c55d633cd6174eb80f7a0dd62d54ae9f48921d0259841a36a7ef95f57fc92ffa15a9a526901a356259fe7e65376975b62c0e6c35e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a653bf7527a45eed38ce58f57faf8a46

SHA1
dc2740e2b7c2719abe783d9805bfade4ed49f660

SHA256
d53d5304cad38a8c8a6355b260d9429d6442f7a592cc391b9abcd8e2a6a92aac

SHA512
eb3abe6cd85005fbd376b5bff89f6f529d43fa10ac3e0c19a001735e10c520c9adb21d5f848fb8bba9800a169e9750dea306e7d9184e2bcd1643c25a780985fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f9cb1e00e41308f691a44c49b4a17b4a

SHA1
bd8da31124dc3cd55b5bcc525b19929ca327352f

SHA256
1f2dac6f00188ade9a5e0597c458b5f80ca06b9e4bc728cc10cecf0fad24f8fe

SHA512
9f04b0a3756a02a784d50ea450530bdc43200f9ca871760366ee6b7fdd3cd60de0e6ccd5d3c05687db539a8de54232038b459050e1bcf796a15078ade11ee466

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9a39ddf9cf663c4da7b38a8808ca0da6

SHA1
8dc1b4ef367bd1f6a8090188a4462e90861a8f05

SHA256
b30ed36e26fb35fd49295115ab7d96ce9811c9c4b3c40eca3e0f24fda95a3534

SHA512
7e772fb0dff654a4dab049ed0ca69aaae58cef757e71f092ca6ea442f2ddc5befc729fb81b25cf050bdf2ea7817318848609b65757a456f3e65e9062f91e66b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
10ecf3d1d58d8a888b238b75f6ce1db8

SHA1
579e8662e81443bede4e651ab5103abe9e61f81a

SHA256
a1c8d1fd1f6b8b9da66832673ce8bb021da9ad7ebc8085ad2e49f591fd5e73ed

SHA512
77302a3c6f82a028e005f285ed4d92e3d4ea6c792c2552466972429b79746db75ceb8b36338049d070eb13046600aecccf8b07360cc52326bc9f691ce76fa876

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ac4c313331c1b265b31311a139b829a4

SHA1
6e484ba7d371a571f36a623cba920637fe921b74

SHA256
dbdcc7a6585816467a9e0000736e0fbd2b1895a64e5fdc118b034a34da0fa820

SHA512
4a4afda32c0b80ae3a5806d02af7922cbc66eac8308f2535bcb368f4e1a642a73d85e5f8c665259b57daeba9b6fe4aecf5f7da63c5b5265934fc17f28f7404f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
24468ef6182996f9b04d6be8f5624c19

SHA1
260604b04460756cb2a15fb94ba94e2b0782f362

SHA256
56c2037ad0a91ffbb832ba92fa4d7924a61816b7f64de2f84f8a2aa73ed30bec

SHA512
57aa5966872073e2305df564d7d9cc213694d6ee2ed3e3eb1a717382d046630ea22f471501a0c2bd704c5c77ce4a1632f20f0e1005f14435b41cd33cc52eadb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
77416d3bf139a7b381129c6a195517f1

SHA1
0a16c7d81b18dbc118dfd871e052849754805f3c

SHA256
eec4d8a5077a4c7dc3566f2c6e22578fff6dead6133b9b2402d833b2028622fd

SHA512
2da9e2cded8020dc1d6c64dfa7c5f8625c16d1c9bb597629c37399fdb37183eddd04a8c2319c58a0b71eca017d6a139a0cbab84e56cca7ab60577d2728b1ce54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9f806f490bf02902e10f117d76a69371

SHA1
2295df0f5fa205bc4bbfd076d9f5f9af6d841371

SHA256
173b22fd22e1b5d57c259a0b41186b3881607b071c7ee0bfcba39d5f1e16840e

SHA512
6e3ad06a6aab61845712b7b90c2664d2a22d332db6e4d25aa5a7633bdd570bc89d9f2835da8dcf94cd5a502e9d00a4750b15f83a12264bacb5ba1af0a11b28aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a4f1aafdf70231f042a76251586185ee

SHA1
d604b0ea6f8f56ba9446ca19e8964fff0a70137b

SHA256
2ffdcac1008d91afbc996c211244cfa7f3087633a0bdd43ae969b90be11a1930

SHA512
d989bda0249d8834b2b86f44f543ba9d3caabc3442201dba2d49397ad9c246487fcb8cc7fe10a29d78b8aaae05eb8244cd010b58709b0e733a5d9e0dc57a54d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ee9707091da33905bdd62b3e1fbda931

SHA1
826f1e98d53c4d8b7ba977cc7860f3e975dade23

SHA256
b0aa3e272a95e587dc154c243ed4507c89bd8604ce780ac7c939b689240b4afa

SHA512
f5ea3d80bd577d878854a4a63ddcb3d3c46e33a9f271af513a73b26e0d3c4322a47c2747c89de09a87464cc26eff5e0e4c35a247896464cc902feafc0cf53b3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f1467741ebae3bdf929735d9179d9727

SHA1
3e71653c1a4b95f76fd69513e82d188357f3a72f

SHA256
b4163d7e6fc1bb2518c0d2ac87cb1825487949abf7765b4547dbb4a909e3520c

SHA512
9c444316b2d62b0359ce55a1d9a4d0679c389fb64ba07a63f693e549bd1c1c9fccbd09498a31b7ee20ada92a59c3babcbb76f363e42bc333ab215e8c161b360e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
203b5d8a4d0355babe1f9e0a3bce2a19

SHA1
06e0f308dd2de0b64839951c26ec1bb72a78890d

SHA256
c524cd0d6da12c0323131fc447ca1d46d5d7a3ddd1fd56e727e9402e129df7f0

SHA512
62f5dee4acc6688e4fde894963c22d746b3ddb4cc48bf4b8f468eb3a543bc560c0df915c37d17c3ac83700f55c098475d26841a4a61a28d57087840dd591a3af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
021bb82ff80cf4e47457763dd0395c54

SHA1
870df5b54d5fadafc281d6afa9be0380efa0870a

SHA256
abd36329b9a0a28fce8d5d459aafaf0137ba70b15292bab2c4f2b4b483b45f53

SHA512
b935845048f6008a71adaf91d5394d5a6b9a9ad349794adc9844ca05c38bc70d03b0d11aadbf6b4d7971f276a4d032b0b10054af61fafb978557defb6907b085

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a43a04f40328d93825fcad44e981c051

SHA1
0b606ae2ad85cf9dbe37a50c1a56aa4f7a45b57b

SHA256
1ec124e2deaf01230f948c227474a1777e2f7be1941615e25f23916118335b9f

SHA512
6c9a32c373d33b1203c6d92cd940b1046139a484f05fcdf6702de49686dd4757e9ea890f46c1e9d9d2c7ea39a4b2e1fd5a6d12189c925eca3f16f2db6e3dc517

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
630f11e1315c7dd9c064199f93dadd37

SHA1
4e827ef94d90e61d120a52774c51efc189f765f7

SHA256
0329db2e8912f4f87c6d7890444453784591ccdb8f7eb4fb226f028be020b34f

SHA512
90be803df800f7c519547e5f102d74f39f0c9540a9364f3228b8dccdc39ac11ce63c8cec241871c4a2cce095c64e343d0af4fa83b05c50f39a903cdd0c4441e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7954fed463331dac6599e787ef31a8b1

SHA1
e215f8126c0a741893d7adb5d39a9ccfc3da9020

SHA256
723244b5482f0fbbe75512b9c29b1c5e7530a0dcac73920575cae9f1875d1be1

SHA512
722cfc641dd17212c572ee333036607449f1dc11344e5c12a4f6bb1cbe4c02f5849e1342b30ce6573e3547439170ed6ff201cee70b962d069e634edbaf5f7002

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6aae4ea10cad0b5ada7657063ad6cec7

SHA1
05cbba691fef6b5ba2a41817f3b7504ef6c266e0

SHA256
48521a7502d256485f9bf27fd95566ce202c08d10528bc6f4fc0707ad1842235

SHA512
15fff0b85057ad780c965e2c4d511a633ddccb62cff9922c29ade510a8124c4476b2137d82d04819d7a832420858a9a8c044787d9e58215135f40fda59557111

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dca6dfe1aa485b6778f0e2fb82a28a1c

SHA1
23b62d7df9944ea9c5e351e41ac06169904a76d5

SHA256
6e5c19e43e0f26dd5bcdeb42d49358d67a8790326e4fa887fb3b395e56edfb91

SHA512
28cfffd92d1c418f814df69ff0a93e9328ad00093652903f79c0622ffd7d51be9902bf4519358cc6dec19ed2d7594ce7a331015156dc378022d7b4805d472cc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
791a5542b9c0a718e371f0a49b360162

SHA1
e130dc66e6826728e51f11a202fda0173fd1a032

SHA256
2acb948e8ae6869aff7034a5ac77a2c9b6c53eea443db521ee1b03908235bf3c

SHA512
fd98ee4ac65c0673d2fd08a0a2f5e73313e6a707f5eec1edd2c4afd5a260cd08b58dda67e387596ea30c42761f2f0020cc3631abaa8ca3f28d9b2303e81be13b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1a9efa86d178c81ba56f3c4ebabb10e0

SHA1
e1eefa16a48113b668dc2cc9d5cac337262568bf

SHA256
4dd7592da3807f27bb13ea385cf2d79a5985dc7ef67263d19e5d4561c5b2c540

SHA512
d45112dad53cfff25bbaa7ad0fd5d64e3cd62c8deb468187be7295f6a315582100410bc0632815e7f53b218d5885d318b1eb0d96ad2ffe9cc78d80fd65d4fb5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
206df8dc609744e5efb2acda3a598dc2

SHA1
4a96cb7d7f1626a8b349d494b7a1f095accdcc20

SHA256
30f0897419a2c1d685a49c407816b3a4b11ef90e43e419a619325bf9f90a9140

SHA512
1f1fcfc51a8abce9a2f1531d366b05fd3f739cd0adc934834f759c2b6279122853e5843c481eea940eb5dd04a3c8c38dba0efa0a8f91327a80d7fb7ea50ecc08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a77e7cc0cb3dc11dd5f358297772211e

SHA1
dcb70eb9d94dd141be876a15dec91d30ae74885b

SHA256
4db33202a257553bd184535a432829874e2adccca5245b52f3fa75d28d470539

SHA512
340d1de68ad34451ee54640fd70a12e17965c432be3e2d961834233488c573da177c0c6afb5c726888428a67fe1bb85117c29035bed9ec611306f6bb5d2eadab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ce4afbafbd1ba02243d1b06b8c05ceb8

SHA1
5c23e57fc810aa537209760f92e75639121729ec

SHA256
ff8713254f4398370827aff4097573cd7fade59d31e2203bbb31082f0aed22eb

SHA512
c77e83c838f4ba4f5ab725f37a4c32c675be47469e8d2f89fb32ac202aa422ec544de5c6c0d5711ae3093dc8268eb146689a4a9f2ab69cf87242e16929e13b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6e6d987b7a1ca609c7edd2ebbb7fd768

SHA1
7cd75e5b8c94e31f464e7ca03c5d63f0507dbfc8

SHA256
2298138d4ab9e86d2fb0e31411065f41c99b1601ff727afea3af9bae305d38cb

SHA512
9fbb8abff45f000b803d1518ff142790523fbb6fbb16c4ee58a0f06a9b0206aa307208d0b8c312fc73b9c93d038f9bb80ebccd9244f66dc2d34174d0fce1e9ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f4884965ff57c72f24684df082f831cc

SHA1
1a8bda4ba1ca255ae3b01815de8ccf1639a171ee

SHA256
edbfcc0a1490d88c7056166296206a6df64319a6e6aea89c7778f3a12bcfedb8

SHA512
88362ef061ef529e89220ed2456d1b6ef5d2ae6ddd03c30e13cdba5d2daf1bde683c39fe65ab996a0cc196f8073228866af879b64436e3b7fb97f34def81d3fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
01b050247472c3a49459e16b510e58ec

SHA1
991e6457471affaa3306bedc6939b7ee6d8e9ac2

SHA256
2a6e77dd54c0183558662ae46654689faf62feccf512dd0d8f9b4ab570f1f5a2

SHA512
694ce4f2ebb574ba1b7618429d75379cedc2a3e44e740e2fbcd4448bd767a016c19ccedb946dbcd16a7932fcafab3a5a7bd3ac3e994bf0a3294178b644f8dd07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a330fd1f-69ad-4f9c-a15b-cb70cde50c45.tmp

Filesize
10KB

MD5
2813cb0870b4542c8a7647be715462a0

SHA1
5037a0830b6cb40ce6ce94691a561b6f83920f27

SHA256
aef7e95be492ac20b72511b548b9784306c92d2f2fa6bc9d74b0efdfdccf01e3

SHA512
1118bb2dcac4243010f594262400daae2b909a67e0b12d0d8dbdb8f418bb4c234f90c65a00c30d6e1c9f5ccb09e886fbd76eaa62f5aa677e35010350c85c0ad2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
5fb1efebb5e79c7b64ff181477ebafc3

SHA1
9ac1b5c4010fd5a27bed8c558e14db59ca649d21

SHA256
24239f5ab24cac795e3f5611a5117095729d22edd70519d2b21266bdf7349b2c

SHA512
8265d2a58c24d5f23a249b0d90282b599d6c34ac52a252c23598a2d199a0d0cbaf4e1b9adddfa6e94d79ef2775f1631b3b33ebeb010a5bcf10e9275594125063

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
98195ba735e0275ccdaa00b0371945d9

SHA1
3580612ff646bccbea5e9f54a2fd5a843d95e171

SHA256
f5091639c17862f11c72c6194a83119939b3e128a3b4e9c90c5211a6a5de16ca

SHA512
6fbe606d6eb51102ca971e6ee2c80da93fc1542d3d863c6c945b35cad6016cc7299c9e871663be2266d9f2782810209c16e367e460bd29bc35ce0ac092e48b38

Download Submit
C:\Users\Admin\Downloads\Invoice-4Rk1mIaaa1vC.rar.crdownload

Filesize
14.5MB

MD5
c9f078dff78d08aff8ec55cb335dab00

SHA1
11357edeae8ae232d5402a6e04d3a09ca5560efb

SHA256
688c52fb3127dc968a850a916203851b43c73017c31f75f7997af50ed15d4137

SHA512
dec079f06309eebf94d0acb4b027b03d3486a2bde63a8c878793916a206c2508269dface7c8c63843d2369c4aa923746d90d7e00bb73b1d637dbac30a2e2a419

Download Submit
C:\Users\Admin\Downloads\Invoice-4Rk1mIaaa1vC\Document.pdf.exe

Filesize
14.8MB

MD5
47915ce283954fc3a0c4b50170c6a5d7

SHA1
caed1d6c69d502746432a4cf9b878b7f6ed38dde

SHA256
f856234ab2aa2db908cdcb373f750b1b33ae6d6e1ebfdd1ecb1ced08c82a47d6

SHA512
f297c8774d403a89a48d613e86d9563b9567e433ea863f2879f171b01b5a94cfc356d2c16022ff88e532b34ed39bfc7a60931170069b47e963ecf6f5320c9608

Download Submit
memory/428-324-0x0000000007960000-0x0000000007B06000-memory.dmp

Filesize
1.6MB

Download
memory/428-382-0x0000000001FC0000-0x0000000001FDA000-memory.dmp

Filesize
104KB

Download
memory/428-383-0x0000000001FE0000-0x0000000001FE6000-memory.dmp

Filesize
24KB

Download
memory/428-327-0x0000000074BBE000-0x0000000074BBF000-memory.dmp

Filesize
4KB

Download
memory/428-326-0x0000000007BB0000-0x0000000007BF2000-memory.dmp

Filesize
264KB

Download
memory/428-325-0x0000000007B10000-0x0000000007BAC000-memory.dmp

Filesize
624KB

Download
memory/428-311-0x0000000000920000-0x00000000017EE000-memory.dmp

Filesize
14.8MB

Download
memory/428-323-0x0000000006270000-0x000000000627A000-memory.dmp

Filesize
40KB

Download
memory/428-322-0x00000000061C0000-0x0000000006252000-memory.dmp

Filesize
584KB

Download
memory/428-321-0x0000000006890000-0x0000000006E34000-memory.dmp

Filesize
5.6MB

Download
memory/428-310-0x0000000074BBE000-0x0000000074BBF000-memory.dmp

Filesize
4KB

Download
memory/4000-402-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4000-403-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download