gurcu | 026ade51b2c8c528de21dae3cecb8c81530d08b2e28038e526c4747e0ea43ce0

Analysis

max time kernel
319s
max time network
319s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
19-02-2025 17:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Aimbot.zip
Size

1.8MB
MD5

9fab9e892dde96da60d8065a6687f32f
SHA1

d485fb05ed93a44ff57803103b271c5fa3882e79
SHA256

026ade51b2c8c528de21dae3cecb8c81530d08b2e28038e526c4747e0ea43ce0
SHA512

5741c905e86ab9d322b8752c8bc0ec1cf6ada750e8c9064bb5a2a0b6e471f83751a07c3516404afa41cba9f4bf2ec18ee35bb8e5d8fd67be33bbf5811cd0b339
SSDEEP

24576:7awwKusHwEwSDMn6iGqK3idUSeMITCqgcfyr4Py6K22i+i8rtVs1ZY7jQY71B:bwREDDM6AdHeMxWrP+beY7UY71B

Score

10^/10

gurcu redline discovery infostealer stealer

Malware Config

Extracted

Family

redline

65.108.29.210:21638

Attributes

auth_value
ad39d6a8ea7823f2a92f57ebaa4c98a5

Signatures

Gurcu family
gurcu
Gurcu, WhiteSnake
Gurcu aka WhiteSnake is a malware stealer written in C#.
stealer gurcu
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/3976-1662-0x0000000000400000-0x0000000000420000-memory.dmp	family_redline

Redline family
redline

Executes dropped EXE 4 IoCs

pid	Process
3960	Aimbot.exe
4292	Aimbot.tmp
5188	Start.exe
3976	Start.exe

Loads dropped DLL 1 IoCs

pid	Process
4292	Aimbot.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 5188 set thread context of 3976	5188	Start.exe	140

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Setup\unins000.dat	Aimbot.tmp
File created	C:\Program Files (x86)\Setup\is-A752F.tmp	Aimbot.tmp
File opened for modification	C:\Program Files (x86)\Setup\unins000.dat	Aimbot.tmp

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Start.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Aimbot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Aimbot.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Start.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Start.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Start.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133844613776886362"	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-112184765-1670301065-1210615588-1000\{2580582F-BBF0-44BD-9848-2587E0733A25}	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Autorisoft.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
2328	chrome.exe
2328	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
3976	Start.exe
3976	Start.exe
3976	Start.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	956	7zG.exe
Token: 35	956	7zG.exe
Token: SeSecurityPrivilege	956	7zG.exe
Token: SeSecurityPrivilege	956	7zG.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: 33	2776	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2776	AUDIODG.EXE
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
956	7zG.exe
4292	Aimbot.tmp
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
1280	7zG.exe
3468	7zG.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3960 wrote to memory of 4292	3960	Aimbot.exe	86
PID 3960 wrote to memory of 4292	3960	Aimbot.exe	86
PID 3960 wrote to memory of 4292	3960	Aimbot.exe	86
PID 2328 wrote to memory of 2576	2328	chrome.exe	91
PID 2328 wrote to memory of 2576	2328	chrome.exe	91
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2004	2328	chrome.exe	92
PID 2328 wrote to memory of 2368	2328	chrome.exe	93
PID 2328 wrote to memory of 2368	2328	chrome.exe	93
PID 2328 wrote to memory of 476	2328	chrome.exe	94
PID 2328 wrote to memory of 476	2328	chrome.exe	94
PID 2328 wrote to memory of 476	2328	chrome.exe	94
PID 2328 wrote to memory of 476	2328	chrome.exe	94
PID 2328 wrote to memory of 476	2328	chrome.exe	94
PID 2328 wrote to memory of 476	2328	chrome.exe	94
PID 2328 wrote to memory of 476	2328	chrome.exe	94
PID 2328 wrote to memory of 476	2328	chrome.exe	94
PID 2328 wrote to memory of 476	2328	chrome.exe	94
PID 2328 wrote to memory of 476	2328	chrome.exe	94
PID 2328 wrote to memory of 476	2328	chrome.exe	94
PID 2328 wrote to memory of 476	2328	chrome.exe	94
PID 2328 wrote to memory of 476	2328	chrome.exe	94
PID 2328 wrote to memory of 476	2328	chrome.exe	94
PID 2328 wrote to memory of 476	2328	chrome.exe	94
PID 2328 wrote to memory of 476	2328	chrome.exe	94
PID 2328 wrote to memory of 476	2328	chrome.exe	94
PID 2328 wrote to memory of 476	2328	chrome.exe	94
PID 2328 wrote to memory of 476	2328	chrome.exe	94
PID 2328 wrote to memory of 476	2328	chrome.exe	94
PID 2328 wrote to memory of 476	2328	chrome.exe	94
PID 2328 wrote to memory of 476	2328	chrome.exe	94
PID 2328 wrote to memory of 476	2328	chrome.exe	94
PID 2328 wrote to memory of 476	2328	chrome.exe	94
PID 2328 wrote to memory of 476	2328	chrome.exe	94
PID 2328 wrote to memory of 476	2328	chrome.exe	94
PID 2328 wrote to memory of 476	2328	chrome.exe	94

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Aimbot.zip
1⤵
PID:644

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3388

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:6008

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap10930:70:7zEvent24759
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:956

C:\Users\Admin\Desktop\Aimbot.exe
"C:\Users\Admin\Desktop\Aimbot.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3960
- C:\Users\Admin\AppData\Local\Temp\is-5S5IT.tmp\Aimbot.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-5S5IT.tmp\Aimbot.tmp" /SL5="$3022E,935482,845824,C:\Users\Admin\Desktop\Aimbot.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  PID:4292

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:3912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffcc46bcc40,0x7ffcc46bcc4c,0x7ffcc46bcc58
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1796,i,6145214158467051312,5089591069316001236,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1792 /prefetch:2
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,6145214158467051312,5089591069316001236,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1348,i,6145214158467051312,5089591069316001236,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,6145214158467051312,5089591069316001236,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,6145214158467051312,5089591069316001236,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3572,i,6145214158467051312,5089591069316001236,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4444 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4604,i,6145214158467051312,5089591069316001236,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4608 /prefetch:8
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,6145214158467051312,5089591069316001236,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4588 /prefetch:8
  2⤵
  PID:5576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4668,i,6145214158467051312,5089591069316001236,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4832,i,6145214158467051312,5089591069316001236,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4784,i,6145214158467051312,5089591069316001236,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4320 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3276,i,6145214158467051312,5089591069316001236,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3388,i,6145214158467051312,5089591069316001236,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3324 /prefetch:8
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5152,i,6145214158467051312,5089591069316001236,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4272 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3352,i,6145214158467051312,5089591069316001236,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3380 /prefetch:8
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3376,i,6145214158467051312,5089591069316001236,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5972,i,6145214158467051312,5089591069316001236,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6104,i,6145214158467051312,5089591069316001236,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6096 /prefetch:8
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6100,i,6145214158467051312,5089591069316001236,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6268 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5948,i,6145214158467051312,5089591069316001236,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3756,i,6145214158467051312,5089591069316001236,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5572,i,6145214158467051312,5089591069316001236,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6116,i,6145214158467051312,5089591069316001236,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4448,i,6145214158467051312,5089591069316001236,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4204 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5280,i,6145214158467051312,5089591069316001236,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=3260,i,6145214158467051312,5089591069316001236,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4480,i,6145214158467051312,5089591069316001236,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3444 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1120,i,6145214158467051312,5089591069316001236,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1036

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5288

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4880

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2776

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4364

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap22340:82:7zEvent278
1⤵
- Suspicious use of FindShellTrayWindow
PID:1280

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:4004

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\New folder\" -an -ai#7zMap26910:100:7zEvent880
1⤵
- Suspicious use of FindShellTrayWindow
PID:3468

C:\Users\Admin\Desktop\New folder\Start.exe
"C:\Users\Admin\Desktop\New folder\Start.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:5188
- C:\Users\Admin\Desktop\New folder\Start.exe
  "C:\Users\Admin\Desktop\New folder\Start.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:3976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
50KB

MD5
c5e4269c76773c28ef25843e60012c2c

SHA1
fa01891e99e620df1cec402da799d7b7346b6005

SHA256
c09f04bbb3edaf382fc31c36c7f4210c21f5e73b6454143f7eef0157bfce20cc

SHA512
531e622604146df0cba1dc0b81c55a30946052a2be4dda921283e6fa95acc2249da7c26bcf9357e32da7de958394f191a1890beece07ee91e3600c458f52e666

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
643KB

MD5
8fc054a03b85cdde94636b566f6d1e59

SHA1
370e3c18f2f25dc8e10ec5b3ba726dd3e9a28bc4

SHA256
4c15812453d4200624678652bcb4571b69e8ea225506fa0129a153aef094e689

SHA512
d14c6afc038ad141af416f36a19c563ca145797aa2599db3da71e06ac614e8fad27f8fe6ffae07701eb50a1658c9508fb44b93951fbeae9642e5cd66f4e8ce36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
34KB

MD5
889187aa2828b91778cd8ddee66bf8ce

SHA1
4991e5753e12ef12246dcd6b93e0d3bf2f3e3598

SHA256
19ee98dd79b77c14c73dbcd7b3914c3375f3933489e268503f440450837bf070

SHA512
18afc68fc8df81c9e909497d9eaa477ea2826efda972fd9642c6d5214f672767472824df9a33e81787f8bb9d5615567525794b9e96d4360919a62f332c2b9832

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
34KB

MD5
47822ae401ce84614d953ab12b1a9b4c

SHA1
6a3a33c107661fe61ac043530c723d2c35d33f58

SHA256
29e00bdf1508cdca009731111d42bb53e7099966027d018dc00cfbef389c7882

SHA512
e48328d10375c00d4fe150751b5e88de8da2c406c239a92da01204de8dbf4d02762deda2477394ecb0e645e82fe400966743dc27f6f7db411e7af428a7e9d150

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
22KB

MD5
778ca3ed38e51e5d4967cd21efbdd007

SHA1
06e62821512a5b73931e237e35501f7722f0dbf4

SHA256
b7e1bfadb8d9c061f17a7234df012df7842ab1aa8fb6f9579fa3f0a3b4a75bc0

SHA512
5f6f02099ca8079305fb7e7f43ae4344d522271fe30379c0854d6a81b7d8adf408a50a4b799b5f52e6ed162ba6ce7fe97e24a2b9719df780e75683d3aa103d09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
98dd8bc282116a09985444536f4908dd

SHA1
cd071eb0cfb2797e09f13034cf92bf4a0065d20d

SHA256
a1ed54688ef2fdb78ef27e376ebb294ab97b5cbe68b5064abbecfd05591d6dd0

SHA512
b9cb0abf4d686241caec6e662100bfa0ed3806df2a45a964f0588efabc7c813709587593ac7d174d9e964f344e4c9a0eaa55e5e76222eb4dd0e5762c660aa55c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
956ad614003e109844deccf8222eea86

SHA1
19310ac670200cb3d7336e9433a90aeae607587d

SHA256
13210d5adcd2366d9bdf1d156b6d1764f72a07274712bc80f2c78bda9b0e61ec

SHA512
30f6faa2b7364a03e1fbe528384dfb2447bcf1230a0bc99fbb42f2b047bfe891e2473cde44d6bf8d4faa611326de2970569b844d87499b85b93191fea18fdfdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a5af616f752e1cfdc6faba2f1004dbea

SHA1
0e502065bfdc17e087a68ba6c5d5c2efa1456157

SHA256
a117ca969cea8cf7dc832ee7a1369d30db80bc6490b7c7dc79c94c927aff4ae9

SHA512
a432cccbd1c795cd963b22d07a20b7865cda1deb67fd46289fd1ba49432d4124cab195d80dca8d6cc4e5381c6f290bf7c71969d6d661f54f5584a627337de5bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
059086049b663d0c2cb0052c1a6b1ab6

SHA1
a976f4b2884711c0a42321c04c7e095d3b03797b

SHA256
ccc3b7809fefd77edd919293395726ef9e1bcffd32dbbfb3175d2baeb6a69343

SHA512
9bf89e9a6ef528cb4d56ca4e924c866d54cff0e1e7d30656a0afd1dae1acb37c7d1da6bf0cc4450a5608702dc8875a6920914796ece9ab1db0c433ba3023c213

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
18KB

MD5
969427b30466ee15c6da7d911b2d8e74

SHA1
49672d34d8ed096bdcb54c7ba563381bb2c9f65d

SHA256
555c8f75f63e886cdb67c00be5310cbd716771dc472399fd83bb939b88cb61a7

SHA512
e200435d6fb3a8bb8ea5100b392ea333221d0c0d12085618d5f354d76fbdeca8bae3d5e26dfbdf704640c0d43b4ec62bdc0d224280526923692d2c38dffd4092

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
17fdac70d20d9467f6fe604ded21da47

SHA1
75a9e4e5644e3a97b862ea6d348ff8913b7ff1a5

SHA256
5c9e7db7aca8d8e4536f2cb3b790899f7fbf0f5a0b1f4a1f32616d5cf9460ae2

SHA512
ad12747a7de4aabdc60305379da938c7b6da2197f9129c98bb02a17ed4eb22d10337aec6114d5481b792c48810fe96287d90618545bfb60d1404f715493810e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f9e01740fd5f99b1385efc25cfcdfe96

SHA1
6184a60f31008678d284c5b02bfb7bfbfa4c80fd

SHA256
6361da893244ae53bb5be7762eb2395c183518b240cc8df8a446f89ea904ad30

SHA512
f1eba171478984d5832422df0eb9c13261c23674fb91d156e9b02d5deb5ee5336bd80fc74039e6ba80a24e9d1dc4843b6fb7653d0140f11590cc70342d5d54e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
437e11b96129ed862bd0dd497632bbe1

SHA1
e091bb93fe0e0853cf556c52804598d81de4794c

SHA256
bc05220c10d0ed9743032a048cd0d5fc0c863827db4b83c319071a6952809d00

SHA512
00b3b0159685d5e5a66c222a1d0b9b9b47f6e0f32508af4e2e42d41e840fb3567e58278fa30a6993caf630148cf82fdcce72d7c420899c409ac236099ddabf9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
7189e6302b5fac1a1be2d08ed26d24a0

SHA1
f06a4e36c7e88e3c44f1060cad0a5123567f2bda

SHA256
b3e94249ca6a0e0dff80b3372edfba8d40007e425716a2d9dbbb0770356b1d14

SHA512
9c91b4d930599b034ef4a6e2ff2e1c2090461798d62d9d1843daba310ee4435773f9f6ef5926b8518f6d56b428ee2156a856b803af06d468a3a6687acd8828f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2c2709c20b9c82be4115d98085eca3dd

SHA1
29e7d0b9c69ccffff58c76e5d180fcc33016c66c

SHA256
adc31c0807b83b990fe8c1048b823d5638c5c7aeff2153ea132a1cb86595e1a9

SHA512
b53b2fadfbb2435b457dad127aa560b85f36cae8ab5e6ea11b44276934930f063160c121cdcaccd1d665d1af33ad030bf30fec83ace5a8d34cc4e2025deac5e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
84a4b8e906e8c76894e485480518f474

SHA1
55efcb04946318c09b93e72893fa7f44c7f54e7f

SHA256
dbb22a4de89658af79bde0308fd2085c313bf35052671c1f0f4b6a027e06a320

SHA512
fa82fa117d0f7657985946e9848fa2a460e25c76c23c7eb87929dc2e6b439d9ccbc52d65352820e6ab7843c9ee5d68ca8f314394c20f2221ddd0309b0e992259

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
49dd118f06fa2de81f23ddc2982e95d0

SHA1
cd4770e5004d1f4ec152fbd0d35610885982d3a0

SHA256
8cdba2f1151be43637803c82d653d7078249e4176ba021ca122c519f04b39d44

SHA512
6ba827d29deab217a4a82813d9e8fca2cc75e7f09a48c0668bb177100fa89ffb454031b352e0aac06614f794b17a690d44cfb543ba79b622173643c2e37757e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b172dc8c3438f1685871dfb3aa2104e1

SHA1
ff33fa5472f16a71109ca1b13e8fa0b7b54b90c2

SHA256
0fd6e105c5ef9cc8e4d1020f0ab6b54ecb7a3a112f3afbf2efbf32d4a45a72f2

SHA512
6c8378fd22bffced3e86bd3f9fc71157b7f3d87efc92067b45ee981dfe7da65fe8ddc943ccfefe030e615671ecee9d9ede9a47547eb5f1ff3e0ce5beefc59f2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6b2f8f502b6f2ca9d7981224a227c170

SHA1
32d0331233c29216464967acc80e74ac254ea226

SHA256
a3f991bbe04311df7182029069e8521e7ae8bc717a6a1254a724248e6b3104f5

SHA512
181ce8a0b7b8a8eda7edaaae8d9331a8aa8a8aa6a0b88e66c1658f038254eaeea9615f9990b25a38af7cd13dd950815eb688ef81d17a622fb06b3a6dbbb8cb4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c411daf1ce6801cbb1cfa6d22f9bef88

SHA1
eb75cad36504eafef7643fef1e1d87c4a6a15261

SHA256
3b578b20612a9388276cc961565fb5fa53b637b442a040ac3207e92d29919979

SHA512
fa17cbe3ef25570187e41e3e48dcbd113987a644e9cd88ae1d453817dc306a39344358aa049df2be1feaeeed3c51695223b7abb3ba2f4b00b88bbb3d338180cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d48665d11feb955c96149b8fa9ec8b30

SHA1
a1a54a3f750e36ba3e08f19ac6dacf81bd3ab3a2

SHA256
b558a1887e6e542cea444cf3a419a5e8e1e797899b7cd30b24233781742f39ba

SHA512
1101c50f33b3469db76594706444d8618b8dfe85c085d4006e495e211f1b906492a3c5dd99ac498c3bf1819606b3be759b4d7ee959dfc74693ec39230c4af2ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
85a8e13e44b0a836299f72f2ce537e26

SHA1
4b4d94ee8376f276a7b6742b299856a833bc95d6

SHA256
4c11b2739b3b1ac32bb0495fc84ca9a56c2d2a03a31eb2d74ab70395a3f19c19

SHA512
14219fca685fd71dd2d0b920406d7760d5ab1d427cd0a9ffa879f9ff3fa3e4757899d8c7e264d1d3f10e0e77994174d3eb4d6664e224e2966a826af3cddc674e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
79ee83e20acb179552093ba48002355f

SHA1
2a8093d7a95b281ed77c3e38736c2850f47647b0

SHA256
ca9ebd84a0f92cfaeaf203fba76bc2f370c3eb55b6b01a5013e57169c79ba180

SHA512
1a7e719126ad734a6412c9ccb8e78f5ebc8fda2a9bbda05b336292b19a3b09c133f43dc6e4d04a198dc36994887462125f10bcfda7cde89d904d0104026ab80f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4c95f1b06c1bc0e3a1cfba0e1c1371fd

SHA1
249c7a80ee4b369f4693bbfabbf427ac046a71a7

SHA256
19f2e7f4aa24545391bdfe5da8534105429cb1408189165bac1967278f795515

SHA512
4aa9f97b9c41a5a1f9e7dd8df7cc18d0c9f6d6ce675800ba04fbffd3378ed7dbb65301cb067160d05ec1f3c17554c520fbe82a07828165ea0901949cb2e8be00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
22e95c23a4824d5e73e8025ff48a31ca

SHA1
f6d8105bcf47fe78d198875806f32b4221074e5a

SHA256
8bcba8dc12d205aa4636e2a24c66faf76ccce809d667919491653f596e23146a

SHA512
a51c9a47842a5b0a12b6ecdf71e0ef17aa51ca57c930ad681dcab8089a3c18bb33ed5bc35093120ba91766f99d359249dbf32da44b806d9cd7c5308ac8f6c193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a0cabce7d08fe9696513b79cd2092ee0

SHA1
39002a22e5d8d094c9b4a7396866d33e07053c40

SHA256
55e3bea84fd9204f320c57b89b0a75f5f4687bf0f6948e42c4fa16a3472ce9a8

SHA512
16db420fb0ffed8a0f336307751e3fe3dbe7702daefdb88f9a7ae5faf83a6e8a467dcf53ce526d9f79e0acb58d2ef10a6f2d5c7aafa3281629ccb44991ae0313

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4777f6ee209b459b1bd7eea55866d769

SHA1
e9a8c983bc2f28bcedfbb34f00229d6de14f3cc6

SHA256
00f4e41ea6d6ba4f5b7227594d817b65340cfd7bde0dc129f1ed39c7e64f1226

SHA512
1cd63b08e468854e8fd84463dbb0978a1730a485b03c281329c4bf38ec553c7935d840db6c826f96a167c9c2c9faeae3a6d5b9037d189e6dc7209c4043943918

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f2577044d9a6bc1876432ebc9b8e7653

SHA1
814ef87e2b20ff3760828fdfac6ed4045f1e6614

SHA256
71da485a9850c5821557bd92357419430c26ce47b095f25a7d22014a2837549c

SHA512
5fe0ad7bb49f8f6a4f62d6d2a6f66d38229c2478ddf8c16ebe5df315095eb20257c450b0b9235466d389df4520dd109389b6142c3ebbaba4982bdd4d65d9b7e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5feb62b5086f6c3168535d0cf65cf1ef

SHA1
f77c5f66d11cca6a0d66734d2f12959782318a81

SHA256
53ea555526ce12361bba78f9aa5dc86bb0971b5deb5255923872f73e41e36be7

SHA512
8db49cee15697cee015a20d6ef9bdd3007617bbd29aff223b3a6610fd3a0d47665e9f6f7034abc3c300efcc983a95fffd66008bac5034392caab3636f11f1fe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d77a7ede7bf24414510c4711c919a761

SHA1
a74a2010334dfa7fbbc624bb34d43a942a92d8f0

SHA256
38c8caada09c469fee06b324dc275e5f3f1a61fd1e997b724fd0e2faa2cb590c

SHA512
94e1bc712ff0124006c38e750541518c7698c2142ab173f99e552d433e77d944c870dae2f0bc65e5e88d6bcd5f857e1dd18a43dde6473e777f95205276d60fe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f29a0a06b83fb36134f6f16117cb6676

SHA1
41d4a76bf835aa841bd20118b5e24bf0bd963150

SHA256
c46df872e22a245e75fbdf89b18620639307d8fadf9e970ac674dc76b80f9c21

SHA512
c26529311a146c7b9bc6f2353d3f8074045c2bb251ee34a9f62f313a38510db797b9a26fbf84f0df9be8def35ad143a3b88bdbaf06dda92ea6e581005916ede9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
49f8c1ef22d02d1a49f09482bfbcb9d2

SHA1
176e4b61fb8436bbedac8ce92f0dda9d2621a81e

SHA256
b378d40c968c4889d385108650b371a11f7aab67e627fb2c54ce5b7438f44ba4

SHA512
63eb530182768aeb604cd5640b33466b0087bb7141df993bb0111827d8a57fdb75fc4de298a76537e2aff4fbd2a7c6c5f11c23361eb7043d0a11a90d1338644e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6ed07ea8669a56395bca00d65582cdaa

SHA1
023b53d75b3bd31203930200d059df307a12e42c

SHA256
25ffac9cf5c74dfd7b25ee4e788ae551b6644bd45adb6147d20af6eb67ee4b31

SHA512
e0fc3bdf4a248af9d817043e002821f17f0831319b937082c5550b6e3ce52167503006defdd835538f1bbbe35c243ef386cbd05f03b8c062e73ef5aaa7559ae8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3aa1fbfc-5691-4c03-ab25-9d270e2c327f\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3aa1fbfc-5691-4c03-ab25-9d270e2c327f\index-dir\the-real-index

Filesize
600B

MD5
c1461873e84b34c3b234b91750098f4e

SHA1
299509748bf80d6e01c9bf966150d75ac5660ec9

SHA256
a62ef6ff2589ff72e65a6aeb6041a48b3750c4cc18cb9685d77879a0d94410f0

SHA512
28436f31343cef6123bb838e0abc527bce6944e0269d21c3a61378d6e93cca18b72260d61a9303149d9613ac78dc56a81eade588fc5e9fd31f8c5d2ef22a2159

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3aa1fbfc-5691-4c03-ab25-9d270e2c327f\index-dir\the-real-index~RFe58f2c7.TMP

Filesize
48B

MD5
0f2048f3b364283917be6b8a59870bc5

SHA1
f88c7d0d79e0ae5968dd67ad9cbdef9810ac471f

SHA256
8801450113b28e95f253f96367be004de9b6d1b96e2c7c9b8e6492f55fff39d2

SHA512
3d3504374f4b3d17f6d99b6acd55e5ba4fb856e700a87c5f2004e0500ec986bb37e01b651b0d8e9de82a599fd6c3d21df4bea34e66a95296130e2763dc2518d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c835bd38-dc34-4354-a238-a7f2e416b9b6\index-dir\temp-index

Filesize
2KB

MD5
8d3ec631314ba6fc6698d08ef8e855df

SHA1
7b13f357449548b01ff00371c10e4edf891fa4a8

SHA256
0fba8178a1934fad8e992dd29e800dbd31bee39366642cca89467968578372b5

SHA512
ace825375d630dbb660646246c6b1fe5d34b885e178cfa296cfcbda51351f2dc434a568fbd408773c4123b7b2164df52d7acfb70bb68c02dffab3aeb83a30601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c835bd38-dc34-4354-a238-a7f2e416b9b6\index-dir\the-real-index

Filesize
2KB

MD5
27e3d8fdbc83ab66c9096e85d074737f

SHA1
bbdc7cad393a95c5df386884a00d3ca2577f6df9

SHA256
31457a07ec8f842b938c5b9a64e574db72453ba11b8d9bfcfc76ffce6de781f5

SHA512
41885146d324a8855f6d579f84fc46307d28690cef6da9c4863b623facb60541f4888c3942891d07bd30a73ca5ca9f12bb4309674d71b513c278e8ead407eca8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c835bd38-dc34-4354-a238-a7f2e416b9b6\index-dir\the-real-index~RFe5897e6.TMP

Filesize
48B

MD5
d81ec96c255f8b2131a9822f0656a20b

SHA1
a962dae9baf55831e74a6169bb410f1061718ee5

SHA256
e571eff1fd98bb563626204d458304d0ac78e18528532cbdd451490947bd7484

SHA512
f6827af7ce32fbd76204769faabc80d1e84ca5d970001c69811e0aed04c27199a345443869d4aa1ba699a6f8c300265989e4eef24c289216738c4b345ace68e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
b916c1e290843457bcca1dabde68a756

SHA1
1e26e471172aa092490e68f77f2b2161a37f2e0d

SHA256
97303a1319fd94eaf27ce5bc5c58e07fc50638f927664df9caab9b058d3ebc58

SHA512
e6c622ca69261834e0522e254a23146f960d95fd89a0e4367ac55910234a5711b8e1e2fcb1298af9e0fff67753c56b4df9a00c566299202204129afc1f810a7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
b84d59f5350062485267024c08d9b78a

SHA1
9d43f9242cf34582b713899b528a902b376f9c4c

SHA256
e51ec561579727143c0fe64ec81940a6214ca35b9f8770fcf986edf1429e8661

SHA512
5123fe8c40cda944c1f0ad38c02941f34caceb1df9e076ecc3bc34bd8fcdc6ab0dfbd4736483b4984115c58e7b779e61cbed581b5214754235e212064988077c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
ed78effb2bb40af279867a2e951cf870

SHA1
786fd5167db3fd1c0675ddc6c1d3be030dd7873a

SHA256
7aa421c84bc33b152886feb6fd26c950c6888b3a42d41833e1f9f907d380baad

SHA512
d6e76013ecc6eb109df61987341f4123cc2d7f752a81e919626bba93b667cca4085fc7559a7a734afed02098258e20b16e090a670da465e34cb7622e30e1d575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
f02b1203d614d36df687163ce302a7e5

SHA1
8e7c7a0eb74468e992af9f473822f03e104ba9a3

SHA256
411627579556f0880e5d84ea38d689801c37cddf4692bc74a5271e05090afad6

SHA512
4219ec19f084d9380da8cbfa51b7c6907bd48a5a0e463399b632488187017e0638accfac7def6889911cafe40d2f3071cc22581fdcc02244ab683db0e4288972

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
fce534ef52f46f0b41f19a13f6c33a68

SHA1
d41219db4341ff04d6923a16f7d2399de493f424

SHA256
700ecb045953a2369c0958648028d37a14a03dff2b6a5415d90536e065d1c561

SHA512
2070f16e7a37114574135a6d8ac59a095442b7764ed7b2df0d105b820e7833b313b4be6c2fdc8bdd9b3189a200836fd2824a06db7077d6fc4a7ac4fff0a916d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
dbaddec651b84c92f9a28f346e33026d

SHA1
2dcae0f60c6ef950cd251761873cfacaaf32adfd

SHA256
0b46766c2e1d682e6f0ac751f128d30d76d4a10ace36960eaa7a04f93a93e4bd

SHA512
f0c7fb902ea39801a063bc10fa469592783da040595a99161056f0c6aab213e3cf0e7b2b7ecfed0c5a81046ede8960e25bc9d74b389d344355112c0050c29e96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe588596.TMP

Filesize
119B

MD5
3bd6b0e0cec1dca23519ea79f5fdba7d

SHA1
c509763b803e77d3be89cc44432c0bad3bdb1a70

SHA256
85b1a8cf3013c5f978cc0fb15628e8f56d3afb3c4119c49d7dc867011be4dfbb

SHA512
33a515a7f64c5c9f076e9e40cd984c13c3cdbda21227c7689ae23631ba6b27811a417765aca1a73524b495f5e75253cfb49497b3246a7f496d9474918cbdd4cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\44a22b5cf7d4c3f84906fa249ee119b0ea177517\806a717d-7120-4666-9197-e709404ee55f\index-dir\the-real-index

Filesize
72B

MD5
24dc7d4daf8599caf534ef1120ca626e

SHA1
4bcbf9b6ba4619d1ba7093a753e823b18118ab2c

SHA256
62a86055b202000e9bb7ac4008edc3d210dae84d4325736402ae568819857208

SHA512
5cb92ee6aca0678b586d0f066dd9d5873219f00a30c815bf1cc6a4ed07c60be5bb9a57ffb394f5b0560c129a1c78a33c71e2ac1683cca8aa3a73240f36be4a13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\44a22b5cf7d4c3f84906fa249ee119b0ea177517\806a717d-7120-4666-9197-e709404ee55f\index-dir\the-real-index~RFe59b656.TMP

Filesize
48B

MD5
6dde823288fb11aae1bee7d8f6495506

SHA1
bc7ed22f40c25669f93fa4bf96edf3ccc971cbbc

SHA256
587dbc0e44e12e3ea0cfdae3da3fcc187b21f42a6e391b60e363f7aa120d9ec3

SHA512
bf57ffe30f2fa68689e370f3b92957c14280950be078b964b890111bc9f060a5a8e2759c70cf9a6bc54b30bb75430ad66b73265a4ead6def5e4800e614cd5618

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\44a22b5cf7d4c3f84906fa249ee119b0ea177517\index.txt

Filesize
142B

MD5
fdfbe8a6b827408721360be4cd65a5e4

SHA1
3eaf88aba1a86022be7288daa7d50f19c081fdf8

SHA256
9f413a08bbecf59712cdf5942400afa01420b9f6287485cc8923f42364946cd1

SHA512
66d4f7f9b5903a619f2d9e121b6f512dd32ab7afbe7950bb30d73508b4d293d62f7125177999cb48ac8eb253692e29df619f919fda6f0547b8a93d4783ad2ce6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\44a22b5cf7d4c3f84906fa249ee119b0ea177517\index.txt~RFe59b6a4.TMP

Filesize
148B

MD5
6df532854feaf3414f5594a004445a39

SHA1
791196ab1f66a1b9d582f4d639b6e612747bd821

SHA256
842ad3f40c3db7c05ab1111ec52c55660e88dc824644260f65ae350671a37795

SHA512
4df81bdd31ab58bf54ec04e6a83d95f1aaee92eee244d6cc39eb951a80234de26da64aefabdbc03bd73512812aaca98d7551f993d421cd64d3c0b0d964461169

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
bfa08ab4dffc32dd239743ea127daf3d

SHA1
2781838ae7d9a13f9c08e9899fd4606f3901f2f7

SHA256
51c3aaf5c0b1020e825c6971445013353c23893c0d50072eb7609ec48e3dd9b9

SHA512
8e4fc453d1b5d55bdac9b92f0d309d76842dff00bfe01c4b16c1d50899233421b9d34a742615a4259fd580076aa02420a242845f09937c275af5bc557bbd616d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
168B

MD5
7e77a17304c522cd1ab0e7f9c5e7865e

SHA1
71d11158fee1c584dcf2b5126110c6ce171a6f19

SHA256
fd4a5419847902a8fec3d57a2dbcf5a38b8176ebecf6473c58b1cc9cb11f505a

SHA512
4712457b2d39d18191e835ad03d66d2f110c6cae74c454b1fd1bdff31b55e5ca4d19ff615704fc30e91cce77a28569aa08c8c0387ed76b9c44d3e705ee616503

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
528e9dbd9942aaf02cb3816dcf16477e

SHA1
8e3d4df46ce887ba95bcbfb799b12315c7a9044b

SHA256
85ef25708d3682f96ad62b57d44929837dd55fa85f275df4da3e6caf361ea41c

SHA512
d32ce969055ec896b7f699c23460682ea87af44988570d6790a09bcbd63261ac7b72a539711e96593ea5410d7c7d9a2272e132492bf4ad589a21b396a73b232a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
529a0ad2f85dff6370e98e206ecb6ef9

SHA1
7a4ff97f02962afeca94f1815168f41ba54b0691

SHA256
31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6

SHA512
d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2328_28875054\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
206fd9669027c437a36fbf7d73657db7

SHA1
8dee68de4deac72e86bbb28b8e5a915df3b5f3a5

SHA256
0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18

SHA512
2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt

Filesize
76B

MD5
46cb7641be727eb4f17aff2342ae9017

SHA1
683a8d93c63cfa0ccbf444a20b42ae06e2c4b54d

SHA256
944fff1dd6764143550534f747243ef7d84fdac0642c94135ab40f584520f63e

SHA512
dc1b5f363e90abff5c1663a82764296922c842820d2819805e87da6da1081f1b5f2d8debc83ac34a26ce289b7b22588b022433686b19b039074ae184968b9fda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt~RFe594c80.TMP

Filesize
140B

MD5
4a5a3bdb4e9c3927e7211b70d5dbdf96

SHA1
95a848a17b7c042364e635a4f40ecbc95ae849cd

SHA256
2fe34375d12fc2eb61aba966c07c36e5a1d3d63423fef237dc77ad04f9894514

SHA512
511fb1b821e707ddd9388154173de0c834dcb103fd0fdec80990bcf52c6e5f290f128f275efcd7946f696c42ef561201a61e1fd2183ed552db5636c92f5f1655

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
823f9a9b10581b15b45e8a868e74e7fe

SHA1
efa5785fd941e736807f35eddc7b9a60f1de9689

SHA256
f2d1aabf0b85689b0925d3742c56cd944adb780eafaf85fa53ca6896b488d102

SHA512
cc217de6cf8f80ac56867c5b08c8110f0ec284e7a96fc41a0b42a3503bc38fcce924bd1c42aaf989017c76ac62b18953d620094199e72ec52fa2ba5110e14dff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
90d840dcd553e83b4436dbe535fca55b

SHA1
6929b19b59ffa50cbd3f5cacec3d9c97d091f7b1

SHA256
cacf5999009ed9ad62f23d657ed674c7375b6600f908bef81720d12ee9045276

SHA512
a9e6d2f3a6171aba5304674605211ac3650b20a3721b94c400be26c54ce36c5403121588339e135ef63f2ead23b6830fc68d2a883313cc2712bbf7fd32fbeb82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
bff01f73780c18381ad1e9ad6f1b7e59

SHA1
ec069f97d3bd72411fcfcc7f12da0e03e5b36a8d

SHA256
846ef7618aef5aeaaca5c0ca8cdc7302b5e6750dfa924abc707a4597eaf6d325

SHA512
1825def3cd3b23128954d0d4df0f88bbd1945d8589c35a8f9c471f43a50058fb4ffce416c72d6eef473f2e7fe8b4221c1bdb11df426e2a5c2988e29e78081204

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
60e24f8b9b31729e0fe01b66cdb71e8f

SHA1
cafe8b46c7894b84da24c542c59063deed4f2211

SHA256
444b8b14f9b9a4ae6c2ed5546b31cbac040d98be161b006f113b1c632571116f

SHA512
f6f130874b146698d2a5663794f7fb3a7434b27d922a6438fc9513c66f09ae2119cad89d07c01517ca9c207ab0e30fa5938ebd511e21a024d00c1cb1a3a31d81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Start.exe.log

Filesize
1KB

MD5
86254e7829d7e589b36158ff7c4a81fe

SHA1
feec156a5f610ea4b7ad0cfeb102696f227d45c2

SHA256
4ee6cb3306075a294d8856310408c53a067420756b71542468295ce44a2044ca

SHA512
6d66535eb82c6a29603a43ea3a4c85299c7958c3db513b4119e6a05b386f12b8f6402eee4f4a272c893e644f8eb7f0b14025ce9e99017014574245f619f14347

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\b2222506-c4d2-4e35-bfd8-19e1290de6d1.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5S5IT.tmp\Aimbot.tmp

Filesize
3.2MB

MD5
52a53b6e6d1071b7da329a4989c0f132

SHA1
dc3085f2881f72dfee79fb5029eb3599d1c2fbf6

SHA256
dd3ea1c4bf44720555a10f6df36e03da988d94aa848c23c8b0cbd4f61209fec3

SHA512
4d9f0c705f4db461068a12d5cd6208af56163fbc6c995bb9c2455ce631d71294f4b1d04fb31d9166bfef8c0afe154bdc27a01d446f38187799f7a9a513d79196

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-BDN5A.tmp\idp.dll

Filesize
232KB

MD5
55c310c0319260d798757557ab3bf636

SHA1
0892eb7ed31d8bb20a56c6835990749011a2d8de

SHA256
54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed

SHA512
e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Desktop\Aimbot.exe

Filesize
1.8MB

MD5
3c17b4503091acea017bf1120aac1621

SHA1
56004b1a315ea73be0e3b59623bdc0b6b50ef1b3

SHA256
1a6f4df442a229fb063f62592beca4836dc81888b6d6012026cfccfacdc46cb7

SHA512
2e3f8021463f0361293ba7f491dfb7003959cea2de099c60007f8dcedb52a0ca999642aa4826fa67f26d51962c72332044362dac126ff53499e6c54423f6cfa9

Download Submit
C:\Users\Admin\Desktop\New folder\Start.exe

Filesize
301KB

MD5
9a0e31ffbe7ecc3a2a6f968b2a8d5567

SHA1
e88e76fe96616649d2558923afe457ce3b1976ec

SHA256
b371eae7b55688d307b653759c2d4ddfe3672eb7b5567bcfa9c3f75f5c6d6255

SHA512
db64b27997e5305473572ee8a60573032e51fbfbdc48670d9adef8ba23c81e8845d073383299c94f87a0100c74ca0e6968b9f468fc46e31e221a71ad69a32749

Download Submit
C:\Users\Admin\Downloads\Autorisoft.zip

Filesize
17.9MB

MD5
5b879f39e57139ab17300879afa61554

SHA1
a18eab8e257c611f72ea92833584fff0ffaea1f2

SHA256
645e274fec3723d065308f9b16b33392ed7f51fbd5ffc3c00806c2efafb08b65

SHA512
54814430828c204a8b606c000e2efc1fb2586f41c322ebae44d9eba4d297db473d37b520fac02c1bf88407a8a9138a3e7de502e27e32745cd4c96d54c9994ac0

Download Submit
C:\Users\Admin\Downloads\Autorisoft.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/3960-33-0x00000000003C0000-0x000000000049C000-memory.dmp

Filesize
880KB

Download
memory/3960-5-0x00000000003C0000-0x000000000049C000-memory.dmp

Filesize
880KB

Download
memory/3976-1679-0x0000000006860000-0x000000000689C000-memory.dmp

Filesize
240KB

Download
memory/3976-1676-0x0000000006DB0000-0x00000000073C8000-memory.dmp

Filesize
6.1MB

Download
memory/3976-1678-0x0000000006920000-0x0000000006A2A000-memory.dmp

Filesize
1.0MB

Download
memory/3976-1677-0x00000000067F0000-0x0000000006802000-memory.dmp

Filesize
72KB

Download
memory/3976-1662-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3976-1680-0x00000000068A0000-0x00000000068EC000-memory.dmp

Filesize
304KB

Download
memory/3976-1666-0x00000000058E0000-0x0000000005946000-memory.dmp

Filesize
408KB

Download
memory/4292-32-0x0000000000EB0000-0x00000000011F3000-memory.dmp

Filesize
3.3MB

Download
memory/5188-1657-0x0000000005850000-0x0000000005DF6000-memory.dmp

Filesize
5.6MB

Download
memory/5188-1661-0x0000000005450000-0x000000000546E000-memory.dmp

Filesize
120KB

Download
memory/5188-1660-0x0000000005620000-0x0000000005696000-memory.dmp

Filesize
472KB

Download
memory/5188-1659-0x0000000005220000-0x000000000522A000-memory.dmp

Filesize
40KB

Download
memory/5188-1658-0x00000000052A0000-0x0000000005332000-memory.dmp

Filesize
584KB

Download
memory/5188-1656-0x0000000000730000-0x0000000000780000-memory.dmp

Filesize
320KB

Download