quasar | 9bff660ecc7e30532b88fdaf74b6e753038e6f9f5c025e0d0cbcc39746f5eb12

Analysis

max time kernel
133s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
21/03/2025, 08:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

709KB
MD5

fd6c070bd73e1d309f88673d8d58473c
SHA1

f0484f8b8027dcdfead9b003cfb45d21f2d149d0
SHA256

9bff660ecc7e30532b88fdaf74b6e753038e6f9f5c025e0d0cbcc39746f5eb12
SHA512

e94c82546d067230847ce5f98e9df1b6404557d0c1e408ff75cc9fecf044916be753e77e2b1568fafcfb8cd5bad06be53e9c085b2de1cc6d8a4640db7140cd8d
SSDEEP

12288:Xzp8wFhYlxlRE2RfavhwYQlMyBIXA6uFT2rKB7O5I:Xzp8wFS/lYh++XaT2IO5I

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.5.0

Botnet

Office04

things-therapist.gl.at.ply.gg:55709

Mutex

46695859-704e-4cc6-882e-2e79ebc7fa26

Attributes

encryption_key
5E02B559228DEC6AB6F3A4E76D7B3E6DDA1F950D
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Modded Client Startup
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
behavioral1/memory/3256-1-0x0000000000DC0000-0x0000000000E78000-memory.dmp	family_quasar

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133870202947002078"	chrome.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
1988	chrome.exe
1988	chrome.exe
4744	chrome.exe
4744	chrome.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3256	Client-built.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 2356	1988	chrome.exe	91
PID 1988 wrote to memory of 2356	1988	chrome.exe	91
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 4076	1988	chrome.exe	93
PID 1988 wrote to memory of 4076	1988	chrome.exe	93
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 1512	1988	chrome.exe	92
PID 1988 wrote to memory of 1444	1988	chrome.exe	94
PID 1988 wrote to memory of 1444	1988	chrome.exe	94
PID 1988 wrote to memory of 1444	1988	chrome.exe	94
PID 1988 wrote to memory of 1444	1988	chrome.exe	94
PID 1988 wrote to memory of 1444	1988	chrome.exe	94
PID 1988 wrote to memory of 1444	1988	chrome.exe	94
PID 1988 wrote to memory of 1444	1988	chrome.exe	94
PID 1988 wrote to memory of 1444	1988	chrome.exe	94
PID 1988 wrote to memory of 1444	1988	chrome.exe	94
PID 1988 wrote to memory of 1444	1988	chrome.exe	94
PID 1988 wrote to memory of 1444	1988	chrome.exe	94
PID 1988 wrote to memory of 1444	1988	chrome.exe	94
PID 1988 wrote to memory of 1444	1988	chrome.exe	94
PID 1988 wrote to memory of 1444	1988	chrome.exe	94
PID 1988 wrote to memory of 1444	1988	chrome.exe	94
PID 1988 wrote to memory of 1444	1988	chrome.exe	94
PID 1988 wrote to memory of 1444	1988	chrome.exe	94
PID 1988 wrote to memory of 1444	1988	chrome.exe	94
PID 1988 wrote to memory of 1444	1988	chrome.exe	94
PID 1988 wrote to memory of 1444	1988	chrome.exe	94
PID 1988 wrote to memory of 1444	1988	chrome.exe	94
PID 1988 wrote to memory of 1444	1988	chrome.exe	94
PID 1988 wrote to memory of 1444	1988	chrome.exe	94
PID 1988 wrote to memory of 1444	1988	chrome.exe	94
PID 1988 wrote to memory of 1444	1988	chrome.exe	94
PID 1988 wrote to memory of 1444	1988	chrome.exe	94
PID 1988 wrote to memory of 1444	1988	chrome.exe	94
PID 1988 wrote to memory of 1444	1988	chrome.exe	94
PID 1988 wrote to memory of 1444	1988	chrome.exe	94
PID 1988 wrote to memory of 1444	1988	chrome.exe	94

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xfc,0x124,0x7fff9999dcf8,0x7fff9999dd04,0x7fff9999dd10
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2004,i,5419237400702209613,3759570486194685743,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1640,i,5419237400702209613,3759570486194685743,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2400,i,5419237400702209613,3759570486194685743,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2588 /prefetch:8
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3224,i,5419237400702209613,3759570486194685743,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3252,i,5419237400702209613,3759570486194685743,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4480,i,5419237400702209613,3759570486194685743,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4504 /prefetch:2
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4764,i,5419237400702209613,3759570486194685743,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5400,i,5419237400702209613,3759570486194685743,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5484,i,5419237400702209613,3759570486194685743,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5900,i,5419237400702209613,3759570486194685743,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5964,i,5419237400702209613,3759570486194685743,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=6016,i,5419237400702209613,3759570486194685743,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3324,i,5419237400702209613,3759570486194685743,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3320 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3312,i,5419237400702209613,3759570486194685743,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4916 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3376,i,5419237400702209613,3759570486194685743,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  PID:652

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4952

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff9999dcf8,0x7fff9999dd04,0x7fff9999dd10
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1924,i,7222573835013586558,12925302215757821248,262144 --variations-seed-version=20250320-180804.471000 --mojo-platform-channel-handle=1980 /prefetch:3
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1968,i,7222573835013586558,12925302215757821248,262144 --variations-seed-version=20250320-180804.471000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2316,i,7222573835013586558,12925302215757821248,262144 --variations-seed-version=20250320-180804.471000 --mojo-platform-channel-handle=2476 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,7222573835013586558,12925302215757821248,262144 --variations-seed-version=20250320-180804.471000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,7222573835013586558,12925302215757821248,262144 --variations-seed-version=20250320-180804.471000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4476,i,7222573835013586558,12925302215757821248,262144 --variations-seed-version=20250320-180804.471000 --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5180,i,7222573835013586558,12925302215757821248,262144 --variations-seed-version=20250320-180804.471000 --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5336,i,7222573835013586558,12925302215757821248,262144 --variations-seed-version=20250320-180804.471000 --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5388,i,7222573835013586558,12925302215757821248,262144 --variations-seed-version=20250320-180804.471000 --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5476,i,7222573835013586558,12925302215757821248,262144 --variations-seed-version=20250320-180804.471000 --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3472,i,7222573835013586558,12925302215757821248,262144 --variations-seed-version=20250320-180804.471000 --mojo-platform-channel-handle=2320 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4532,i,7222573835013586558,12925302215757821248,262144 --variations-seed-version=20250320-180804.471000 --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3312,i,7222573835013586558,12925302215757821248,262144 --variations-seed-version=20250320-180804.471000 --mojo-platform-channel-handle=4556 /prefetch:8
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5736,i,7222573835013586558,12925302215757821248,262144 --variations-seed-version=20250320-180804.471000 --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4404,i,7222573835013586558,12925302215757821248,262144 --variations-seed-version=20250320-180804.471000 --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5600,i,7222573835013586558,12925302215757821248,262144 --variations-seed-version=20250320-180804.471000 --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3120

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5108

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
b0366599d64b0fc1adb2a712dcd02ee1

SHA1
b7a1c09ccd2846664cab5f76bd80b8e9f107acb0

SHA256
ae1bddb9e2cc97b0c9cd78ef3cd17553be6e5204677bd67e0b8f7fa27007f189

SHA512
d7de6d48285018f8b709c81ca01688126db7893ce9f48829524ee3122aa6f2200c7f78186b5a558d0b1ecf8157ee78a20064b63b45ab89f7aa0835b8409435d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
e7db135220febbd26a01b6533c672056

SHA1
79061cfb5607327d005e741fa9cba3eab5ec23a5

SHA256
d6f76cec9b0d8b02a4bee869492e47877060b3d5add6bb9938e1255a4ce3b93c

SHA512
f372ac7753ef6e7f8fe39fa1d8dbafced927d43c4d02bc7e3450e93cf70bb15bd4d2f0622e828dede7433fae0a2bb71c3b89c046c4e17827a8032858841d42d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5cb430b3-80cd-4c68-9764-21161a121820.tmp

Filesize
11KB

MD5
25a72d22be4dcaf3aeacdc38e917282e

SHA1
77f02b5c530d198096425342de1d2d31bf3d6795

SHA256
892a3eacfb74134e79183ef081e04c4e6431ca518c8f431f60570230807b6802

SHA512
64acbe48c01bb29855a95a085c9c15cdd2b5dae5521db8ccfe8ea4d0e0fcbfa683509bd4f89d26ee43df0fa6997c76eea183534d69f3c288e913bec01e763229

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7ba29837ef83c655b88c902f2ce192aa

SHA1
29bef18dba7211dac731d4095f748192b96083be

SHA256
6b8b25e83d2e182b5b00f80188647e0e4fb8a82fbc57238d55e6b4794157aebb

SHA512
a45e3d8c4de3267559da6d4cf5b733d268b04ec74eafa87512023aaf16be7c6c29d44ff485ecc59f6e7003ec38e5ec3864611174f31c9d64af8abeb698fc64d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
bf5ff732b07c6edb841d6d96fd8c7f3b

SHA1
cef24c06c250747c4a85ab4f252826c10a4c1edb

SHA256
0fa59d59f715aca2ca435e7a5fef95d00c30d4ec1fa44b01b3f2202ad034ae9a

SHA512
48c7123ad38f7fc63dc447401ebe386229d3d67c813306dec7b3177e05583b973e99529a69aa0eb3fe59b7e5fc812b8b624d2f960dd89e79a6e0d830a7c36715

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
42fd6a7d3d28049945a0643f9ec2d46d

SHA1
1529e76753c0e89e61b593833622e5476e56c390

SHA256
676b3dc244670e017ead2ed7d5a27108103ac86919b3a9ba44d6fcf8270ef843

SHA512
4a609c4fb20dea76369bae61040ded57e9f05e8edd0248cc4a8cfc2465db55ba0d1e1ac5947a7f8625cc227564b91ea6ed9735ec7a1d4a6236d4df18590fadf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
8bf28fcb33d8e65aa62f1d88f0ec0384

SHA1
be71579a923be21c174b4d7fd1ba493a0b4eedcd

SHA256
5caa78ee3a58733d3de24dec78833159648e6187457c20196632b1d3d3864be2

SHA512
0c238bea54eb383a61fc2d4c86e99c22fc56b3346359e5d5cc25d3ebcbc5df9a9507e36bde75d2323a3e476414a32d603909e31089381be761c2fb5f2f695b40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
4a079d6080f0c2545b0a6e50518bcdbc

SHA1
f5be94f5419563d61254beeacf0e0f197ac55e4a

SHA256
46000efddba0f2994d19ca1cc0f99fe57d00e0951da7df30224a8e456faf38e9

SHA512
d9a6a0ab480a34add13ee98f749ba9db109eb9746a1c43b53e0e0d06962d31d28b665a9be73d89c71228ebaaaf0cf4f34945c227cf26f35e140cbd836250a78f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
35KB

MD5
2451d136effd6f32fc772352fe421373

SHA1
a986255421e78ae28977084205b987f27aa1f0dd

SHA256
7f973d0680b2001f6826a5f76e0f0ca98dc9f031ebe43f6983dd54ca3261c334

SHA512
08cc546f15fa8d40be6912ea064ceb56412ed60a26bace6108081faa7300f8a6eafd4ce14f3259cfafb1b6dc369f8f841906a5b3ecf8b7942364308aac149ef8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
63KB

MD5
55df25a7686879a4d246310fd4737a79

SHA1
5933c3ddf1ab92b253d2aaed09b8b04720011ced

SHA256
7fbcff1a8543b5c2e3593434e7762f03fd3fd00fdfdafae0cb8e94720439a15f

SHA512
a912d34b6d24b18e8541053f4158523ff5ddfca2fb8d24dd8a735707dd7355dbbef3dca976f42082d338d8a51b7bb1c2aabe9a6e1f6f5384ca226f8b6c856a68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
38KB

MD5
f53236bc138719b68ccd1c7efb02a276

SHA1
26b7d3eea5d3b12d0b0e173ebf2af50a7d7e56d6

SHA256
787c14f8cc865430c03c96a345044b7c5b8dc8a032511a500d4a42228533acd8

SHA512
5485bc7ccce8ec75f60bca3be846086a4bd4466009c8e22da9cdd16bb1154529af2fb2667cd3a97485cc4f6635fb79ac0fdda4f3e1f39f25f6196f708a92d740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
568c8a394fc99ef20e1f410657462677

SHA1
d8574c1b258885d4f77b3c54602e991303468bbe

SHA256
8e5738c9c77d9a804644de4009ebac677c4bc821de4c1accd9ec5096133ab4c7

SHA512
d4d2a94aca18292ec7e778e912c5a71c498c01f22dbae85ded29bfce2ee26f5fcf23e8c14da864f80d445ce1ab92927f1be0b9e35c316f17b653cd4664a577e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
9907532e57d05c369bab801f650da184

SHA1
9c49b8a8902915722298ef8318764c1207c73aa5

SHA256
151fd802e3983a9b4bdae8076d96f475fb959946ca57dba642196c782fe79668

SHA512
3162cf44f4f8da4ba91cdd493d5129dc47735972d87efc8395a9f78645332b443c22b62dc534ae02d52af30fb5c763c944f4d691b542be543fb131f3c820ecf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
8eeee512fd2232dbba636b14fdd9fff4

SHA1
3fe84faefd348cb902a031366b369a1d59de8ad4

SHA256
0c69991f7fae77df5f1cb9b9cf673dcd4ae53c61f1780a6fa9efdfa8a682d39c

SHA512
c59cd9b78c8087a4ecbcdd3a38844bc5565e2bdd52e46b92247372ec8e113605017ca015645b5429559f67748319df7c9e391f0af7fc7fb2112566c2d335424f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5651c873a788ef53cd0fba901178a7b0

SHA1
6124e4a0ec73650d2c819a07a39c29da1ec14cb3

SHA256
a4565e9df831617961820796e8175478f550931ee2ad103addfb7ce4a9fded8c

SHA512
6bdc9a899aa276381e1e8683b289b7954b422af1b0d7400d213acf84d83ccc157b336a6ea1ac9ed233ea45327e493ead0ee1476808e81d79aaca367d90b3fdad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
849B

MD5
9ea7a83b08f7b5c3feee09c8c4807b17

SHA1
a6c08173485432c3849ed41385f410c1eeadff41

SHA256
a3218671f5c0dd7ffa2bdf206e6173416ca5d220a2da02bda9894e2ba92b5e47

SHA512
728587c0a46976a9ef641a02a814be7cad586e7f14d6fc04a13c00f498f67798177c6b2219df0bb999e8907eb225d40452617db7208a5aa6828c6483c687d788

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2363bca76135676ed19e574c4359366b

SHA1
5e29c57f60d7ce03b12d4350f00fcf91083dd780

SHA256
dad28d8caf20717bf684195b09022cc9e0e8489ea05b5814cc1aedaf90664825

SHA512
314c0668ba867fcdc9efc3d229faadb0aa9cf0dbf4cbe24d4ecd8d48e1171476eab07e9498f80d3a9c9074a5226581f0eef4733d24d343ed1cc8289ba4528f5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
35520005fc89e65137230d165098e5d4

SHA1
a44178d65bea64b32c8f4ba2042cc618b35c1958

SHA256
ccc8219d5a7d47aac2628446be90c18f90b4704aa5d31a21d3520831e0fa7e85

SHA512
6d5046d644c52bb2d3431907ff011904aea1b8d7b80d4cf026f24fd3f119bbadc7022c8a72f5b92ecc2320a373291b0a82c9b97602ea039ddebd8ff6fdb8a85e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f6296a615af19a5eb4c8429bbe85f59d

SHA1
594ac7cede5d058415c3c74ccf74c4903c249ada

SHA256
da8707d00491c17f58109837ec9a4b0ecea459a826bf9320e6c2c22eda0162b4

SHA512
9913a76e2e933f1b26d442c576f45fb452f2dccd052ae1a504dfa0c7585739f1b3f3f421b80218deb023439400d59209c4f5089b0f2cd41dba5188e631260e70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
aa290cf82e56c5cfd035d17401112083

SHA1
030cf909b42612e61f7726e399d43936c1b61020

SHA256
58aca6e6a809915f07d9f8631a0cde529eb147ac891a58346ef13dde765283c2

SHA512
7c4e43bf028ceda6c492ef9c39dd31501e93cbb507c5c000488025bed2e0ee9d89e0cac1ee74bbfd978b653c339f354436068640dfe5bd8a46344638dc0e748f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
2f231330f41768cd3bdb06a1804da9fe

SHA1
993e01cfdb8d31c5e267f5db087fa3a886536ce1

SHA256
307906292e405b72c967a14487ed1267e736665cc16dbca55836ff125680817d

SHA512
e4979e4eba7878a9c75d5002beeb3bd776d8bbd2cf0cbe6b6ce88a0d120cb28686f015aeba7768cff7b92879e59afc85701518721c23aa1a824a2bbbf78c4bdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ab9f3decab7bfdb2725b19881868bf65

SHA1
5421fde7e160805dab7ce83502484901ad933985

SHA256
35bcacc66d7eb6a87dcd64c5fb286d2785da58470625f5a545ec2308d9db91b3

SHA512
5a1b717cf6e0868afa45a5801a4b6a306ca5a5092ea3c4d953a68ec07d075859bc7ebf6535b686d01808f20bc8944cc331179a9777a48b55db6d9c10a310490c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6777f12d101f7fd948debd45c3c36caf

SHA1
e6aa146fd986eda441bdaadc7b34f606be56302c

SHA256
36cb5f3be53f8ba954d497252510a84619d22facf6dd5dd692e2f34cefc05327

SHA512
56abd73aa299df756be58c6dadab00174191f52dfd88b8282d23ca2366f7e7c9b435250538b02c0f43f9c27c5747d900259f56ff01fa53e9ab140f240c0fa399

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
f6fb0a2eb4891508c90cd59fed100590

SHA1
2966c2c2e46098c1fd7409c75fea2dd2346e32e6

SHA256
0e9643276b8b20fc2b4046bdf9223f9e32b36917b8491212537bd31f0b45584d

SHA512
c3d443265767064036fab882f5049aab9314d2b43786bbf67bf88140386775732192eebba83edf2d19b24385f689b08528f0ae9050d1d18a45eb7d0989ee7a1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
578482e59f896736d41ca0a569ff921d

SHA1
f05c9cb4d3bb61ad7903151d9245aebebafec9b9

SHA256
9774aafdcf79bd56b24feb8d59fd595bdbd13815ed3f42cc552237e20ccdbb62

SHA512
493d336c88de39e25e335bf82267aacbe944e9cadccfa7da99bef0e0c47de7802f5ebb1bcc741cc77db2ed425f5a44758592f9c6cc8ddf4c1e997ab4478d9d40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
192B

MD5
0d308e738c9d8b8b40a5ef30f68c5753

SHA1
2636981c5e20fbeb5f57e9c0f4c6ec6d01e085cd

SHA256
07c4bc0a78750fa65b0261aa1a665319f70f1990cf5f409fda0e5fd59049b11b

SHA512
9077ab84a576da45e87e146eb5546fd987ff751348e42084de167f2b48059bd9185734b05952aaf3d4818e5412565b58abaa94b6a9b07322c019147c79c25578

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580b36.TMP

Filesize
48B

MD5
aad762f113cb90bb4dfdbd4e1da9db8c

SHA1
72756aa72dcc0c7290c31db2996218b05149818c

SHA256
385ef07601e8f1b826101d7cd00fffeaf7de6ba5c7624ee8d6f6be8baf0ebac0

SHA512
133d87aa05d7af6907aa2a7e878bf1d9446ba1797b971ba3d025a9698cce1ac6ace5c2a33791c95404546ee19823c4bf06b1bf855934669d52c92b61ab745216

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
8f0f260e730130988040942814941b1a

SHA1
a0391063768b953dbd227cc7d7ee8a26e3d216e9

SHA256
9df759413f9af8d4f8cbb8d21fa9ddf3629527926396d2e217c736d44494ca2d

SHA512
ee770d59aaa7cc9880eb8290ffd940c84fe73402118b1eb3b64534c22e62d5bc33ae5076b3c0951f55d371ed61fb5e012b9ea8408f647d9322dba08c3ba34aa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
e5f0822b2cfc67ce8a7f272b69421476

SHA1
eca5636e7845ac87e79981c9d3ba54734fc6352f

SHA256
4aef3afa08bf9e18a16be30478e5b6778f0518f3ab4adbe450180866d16fc7a4

SHA512
376969ee71f90f3802f7fede556029bbdfb71dbe7f149cac13b1a11a9fd37b76494ae49e94436c14b5bd61133bd3fa9b40f264b86d8a3a380bfcd539a60ff66e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
92df06dc871a29f98fe157ed0dd77930

SHA1
65303b741b849167de5cfe68d10ab0c9cf4cbc5c

SHA256
e95f782976f66366e78842b9133acb1ce957a31c547401e293ca8390422be016

SHA512
8b2a134d0b2e42346af39d91ddbdd15a812c9e9ab7c4560cb6eec3798bcda8235449e2258d332550f3406f9e4276c3c99670e8552c55c1e34afa49c7a4d0447a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
13B

MD5
a4710a30ca124ef24daf2c2462a1da92

SHA1
96958e2fe60d71e08ea922dfd5e69a50e38cc5db

SHA256
7114eaf0a021d2eb098b1e9f56f3500dc4f74ac68a87f5256922e4a4b9fa66b7

SHA512
43878e3bc6479df9e4ebd11092be61a73ab5a1441cd0bc8755edd401d37032c44a7279bab477c01d563ab4fa5d8078c0ba163a9207383538e894e0a7ff5a3e15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
c617fc6b4a0ca7a8b4a90f5a721accfa

SHA1
0f07c77726c0728590df1fb4451f84b6fc6e59b3

SHA256
1b6419bb19eac08dfabbac91e1908774bc926b96cb51f2a104a9955f5f5fe73a

SHA512
0f13e61c7a36e3353a06658e7cb58fcae48689654c6750c88bd77d7adff17298817ebaa210839576c7b1aaa3e3abc20720a00ced133ca42349ed9037c8013ff9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
58f4758c9f55633f27335c46a4a7b676

SHA1
e44ae9afe96350712fc3eaf76dfa9ec296ec2c64

SHA256
e2b6d3c968e02a329a0708ed9b2abb34805837d9af729d4183ce595873ac84ea

SHA512
2e3cede763733f7c5e066c1b7f57108d65752b7904b96660884e994959734d9900375feee3675e05d20ad052da6ae88cf74fa2d9918a1957642d5315b875c456

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
5dad287619047f5ef6afd3ee024c7f0d

SHA1
0b2904da485256ee9b1bcadbefdfb561b6a2ed0e

SHA256
93b382d41fb3eace4c08a397e5fc1185e4ea1a42827a685b7cb40e70a856cd96

SHA512
93cd04df471977a02cfc6e2a3250251891a66df9355872bdf322b0004c5b0606b4732da12e9c5dbf978b5fcc0c0407ded66cf4a6261933d8c38bd75def9238e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_0

Filesize
44KB

MD5
df4ceaaf86b708097412657ddafad8a1

SHA1
04a9baeb67d807a0fe52175664f388bcb5c4aa9c

SHA256
e71934d13fb3793952208f8ef4848fdade1db3807e4cf45ad4e9d1f7eb026c7d

SHA512
170dcfe1268db296da4cc0ca580371cfb9cc990eac21014d971b515c444e1828740485f7a3e7f2f4e1627e3a6bad4f717a442a26b01ce536aaf611a05d9ddefa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
33230a453203beef93dd97f901ad049b

SHA1
3e997d6f1688d29928863c3326856df051ea6e04

SHA256
63c5795a270134bc87066592770fe40d3c7d0268fecc3015e60e9015d7b60141

SHA512
5d791177f8d036beaa2bb35d293d07576c04deef2a3a4e71cfd8173e69bd243b93e98a1f6c6b16e175f0a4e3a8374da0ea27c4919d78d8e75170a49b9c6c6de9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_2

Filesize
1.0MB

MD5
6c5201f337641cee957641132609e2e5

SHA1
2e75f95d6fad7402b6009a034217286518a83ca2

SHA256
77caf148e46bf8848d70ffdfa8a274195fd00e0262ed2dda4efa6932b5d987c3

SHA512
2329a53e0a23bbe62d772365068d1fe266e7e10fc0955036989a803f222bceb595f2383b01719fc2b47e26056a376beda0f7519ba8095b27021b7eb1622e4979

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c8fb52f6-fa8c-4c27-ba54-99291e56c6fd.tmp

Filesize
80KB

MD5
e7439f8af0e243898f8502ad9057cc5f

SHA1
2d5c8a164b9b646ab9921ad6455a1316f53daf0e

SHA256
3bde585787a6bd0b30f842282dfb92b94c164c6e81f432f345117969f6ad897e

SHA512
dc2b61b0e51e93620b1acf554ab6e2f31f4a07ec72d8e7e6c3e3b83f3b3fd045aed88d91b2236c9cb51df041fa95e204836fe866851e49bf0c0693e533833e44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f78233c0-74d9-4e33-918d-b4b5c47ce3fa.tmp

Filesize
80KB

MD5
375052dbdd5f7d70f387e489a2e0c231

SHA1
346febadf53b45af2b11d91aebffc111ab2b53e3

SHA256
f1f569478010034c103d65ae127b30cbfe5326837fc3f27f5bd3290a25ca1efe

SHA512
e95b4850c53864bd9f71c1cf8651b5732bbb613d6fa49c7bc6eed89aece3f5469a67c129f74d538df0eb9f1ed7a59d84531d4e5d538505aa9ff4471c5c4ac33f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-wal

Filesize
108KB

MD5
06358cb939134f8ea5af491cf25b3df8

SHA1
1df35a0e419a9d4ac103a0879de8ceb11c49852a

SHA256
445870c83fee31e17d52a66b6d8dfef1ecbb74978c4326db11a37a97d9e3116b

SHA512
2d339ce6bb35c98515e7aaaebc6e2ea5736a3d71e17b65b82b0967e58d23b6924738fa5b39ae8a9e2b6fbd3a76faf015ebafb0372a624da6084c071295150d3b

Download Submit
C:\Users\Admin\Desktop\BackupUnlock.docx

Filesize
19KB

MD5
05a59afedab3bc4aa87665f3b8d217be

SHA1
71f614cd3a4d44b225d336b949db34127dae4618

SHA256
427c89bdc6d811728d7eb32f0cb58f5140a09007ca708fa68689c1e7e01687d1

SHA512
1c252a95501616cf55b493ec3087833b37c1a7b8f06fc086ba432076f427c50cd1a462257224b95ba6823050fe9caadb898f95e103e1c42a1923f7b11864f264

Download Submit
C:\Users\Admin\Desktop\ConvertApprove.css

Filesize
191KB

MD5
74fdc38d76ff1cd263b4f35c5ac09a3d

SHA1
59ace9b8be278ada90b58bdc837781217d32ae8f

SHA256
38300430977a165c2817b52e6755f7302d591e73b87982705343f3c17289336b

SHA512
96be764eebb935e934a7c203eef0e9265eee3bd008e252bca3015339fc5875c9093872c3bd94f5b4f5e7892bd635db4d76b3d98b4b438f47799d89f6dc65ed95

Download Submit
C:\Users\Admin\Desktop\ConvertFromDeny.scf

Filesize
345KB

MD5
802c68458f412f1bf6115869b50e2343

SHA1
940059bae9611a494a7ae8e90eeb36ec46a43d32

SHA256
d5d75a1b355a158ca8aa99ea23d0e4419b244d8db5f6534c1b3c4575a47fdf22

SHA512
1141aca7760585daed9077cffa57e45cc33bbdd46948ca4b7c9f38909abab20915bab9838f8bee038acd116e0909ccc31df13a9507ab5d6f7163fb399e051c3b

Download Submit
C:\Users\Admin\Desktop\ConvertToMount.docx

Filesize
16KB

MD5
04dc955af767453ea293564a0339a621

SHA1
67abdcb7c8d81ff58f3dbdf92979bda6662d9602

SHA256
9470b55725dd1498773edde245df575133718f43646e6eb765dd684c2f41cf4b

SHA512
21423eaa69619e45002348b3acc8f2f89c44a7d588e1fda91fd874b06138f3acafe51c32587e7b0d412aae0bbd2fb27d88023579563afb9ba16c98791b4bbe74

Download Submit
C:\Users\Admin\Desktop\ConvertToSend.wm

Filesize
166KB

MD5
cc12de57ab51149726b6286cd73cd455

SHA1
a74b5529d8824df964ebf6aa45f2034f3db90db8

SHA256
9655fcd41b92aef677e0be08ab16276a5fd46233ef6c661fe5bce8ac1a80c39c

SHA512
19a8c5c8f4ec04f31924ce4e5ab3029797993fa0fcfffc3e1dccd581d5b54a8668632a1b9a38732544f540df83ba4969bc0b241c2897c737d3e8f0335d90cbe4

Download Submit
C:\Users\Admin\Desktop\DebugRestart.php

Filesize
217KB

MD5
9260f35bb7ac1e886a1efe00f1b579a6

SHA1
f48a223ce1b998bb7cde6d37003653549ea13a35

SHA256
a511b1191d0b5aa53bf221d7d6b72f46158facc00e2f1f027a023b36398388c8

SHA512
ba83c3896fe82aaa20dd101df4db3bc385334c88660371e8a5ecee25558b99c491cd254f224f4fafd76188de90e5ea98ddf8b516147c93ba9a78c91e38e7f5a4

Download Submit
C:\Users\Admin\Desktop\FindDisconnect.tif

Filesize
127KB

MD5
999422e9f2899e93ab689f7129f82fd3

SHA1
79fe707eb73becac5b48f6b1a3749b41c307c0c9

SHA256
8160a9e93681ecef0608351f4cce5ade9b5ed81d5caed77135fb2ad3e494422d

SHA512
ecea1e71ad273b528d05f0f1c49e38c3e53537c6f03f9cb8d184a7d121f1d3b44d5cc638276ad4f945e37aa6cb9a4111722afc0faf6839e36211e97b0a3dd86c

Download Submit
C:\Users\Admin\Desktop\InitializeConvertFrom.jpg

Filesize
294KB

MD5
9c34632b3ad96dc2a1b7ab91b9c45333

SHA1
44a5427fa91033c5347d9707e9cf08919ab27be9

SHA256
1478480bc4c876af9383a6caa1273a1923ad65300aed54d0b14fbcdbce207e7a

SHA512
ba719300c434dbdb0842056832f4f3770515269548b036a0ce6b4b3a2daf0ca6bc2f31b535c861d68bdb7a7ef36faed9da9d4a404fe83c2bd16a8f4ba78153a5

Download Submit
C:\Users\Admin\Desktop\InitializeSync.dwfx

Filesize
243KB

MD5
ae1bec5b6ed60bc5965b78e272f57e75

SHA1
265d31a9c285b148e37b2b323245567457c45523

SHA256
5862770252df463598ea54a55dd7bb4b6be5d5abc3c95d6413f8cf5ff89f2fb2

SHA512
95984ea58147572c220401f1cd08616494d80f03d739e4790f29c7c76401c76b0d5fa175e2518280f122f50a204582d8a5f74b4c271a2b1e02c55799683c5592

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
0d8958ab089ad3ef5a9e8932aed31322

SHA1
960a368248d6d9f30c95c57c4220995bcffa7083

SHA256
27591a148792828c5f186d2b3069b33d95cb4ee64fda90b201025bc2cb842935

SHA512
6f7c0636d63b923c3df029b47c49f86dd1b42cbd39c8f025671d4df3b43722eb595c2b9c6367d0724c7aa7b81fb95fe9c5efea961ac9946df267c6fb6ece7bb9

Download Submit
C:\Users\Admin\Desktop\ProtectConfirm.php

Filesize
204KB

MD5
80f9dc22f088901960edad70b30ea781

SHA1
c20eff9de5f47937ec9a1825841d7ccb2e1c09d0

SHA256
4b7692195a5fc746cd54329741b1ddd6b8e6bf83c2963232495d49f98f3f45d8

SHA512
7168dde6702ca0ab4d7c13d9cfdd7d26618d9ea191bf50713d49e4d4940bec0f84258c6d34d7f67daad32b98d369d7e41ed4f6e2b8345d791437934a9d4d621b

Download Submit
C:\Users\Admin\Desktop\ReceiveRepair.mp4

Filesize
499KB

MD5
fbe6c11923c99d7c26753c7047955ed2

SHA1
b31706048aa58e4c23cc5de16f672d939ab33f2b

SHA256
2dae15155896bf84da8ca8f2f8ab9d08d559e34a5b8677395a7b6401af6e4b7f

SHA512
bc148101a35777bc639ef42762f0f1bf45d69a92d0493dea04d766c0b9204914002483f8b15c25fb5e0dd2abf6fdc1ccad9861527221f8f6301bb6f36184a636

Download Submit
C:\Users\Admin\Desktop\RegisterStop.mhtml

Filesize
332KB

MD5
9ec8f4877653bfada51c1694c4c5eb07

SHA1
f2253b8106dbc4e9970450f81d5364e1b6dbc0e5

SHA256
779c7f75253ee3e2e4cc8251f837a511cf05adeb0bc52a715dbc71a82d531f28

SHA512
349e2715c23ef99fffe4e96a0d77dd2b7b9d580d187d4d072944c87ff9d01bab78e016a46398c9c065471577a58f9a177d85a02fe9a987993072460a966b017e

Download Submit
C:\Users\Admin\Desktop\RenameSwitch.DVR-MS

Filesize
179KB

MD5
25878c2d0794c0b0d2aeb62752809d6a

SHA1
baf50b427f50f73af64f056760f2544a454ee775

SHA256
ff9f726edb6b2d2bb4a4dc3e3105b315c4a8cfa496117b2fbbf9cb9e402afcf4

SHA512
e62e5791a7d777d8f714c32dbaa968f92eb7302eed2cda8ddfec76fd82ebc41351352b5ce52ade5e5ac7269fe7d6329f8dcb6407b450d6509e1c9b4b25434be1

Download Submit
C:\Users\Admin\Desktop\ResumeUse.mp4

Filesize
307KB

MD5
d3f6ff937fcbaadbb7499ed1d6ccf55e

SHA1
69ac61369d3d47a09f71e71dd0ddc1b2f2f1ef7e

SHA256
b1d2beb380b73038a742e55c76db4271d43edb52b0064d8aa64bec0a277cb56d

SHA512
10da8fcf874cd413f561c1bb76a18816b343f4f636bd6991450725dae8ba508153fd768a807e1c33507f0c0670a7eb73b6bc01bc70e47d1bd6954f11142c29fb

Download Submit
C:\Users\Admin\Desktop\SaveEnter.zip

Filesize
281KB

MD5
b67e8aa82bd5e44a42ab77f20450da01

SHA1
2f1a2d64f53b850fff3842fb4c2333c769e374eb

SHA256
2592eb380011cc3e59f0ed9868b63dbf34b2ddc9597dd7041398da28175884e0

SHA512
c7944638d29dcb37af24c7ffb9f592b6bdb0eaae49cfcddfe24123ae08ece5b648138c4008f01628abfefabb0d3bc20eb1e5620455a204488c3a10666836d041

Download Submit
C:\Users\Admin\Desktop\SendClose.3gpp

Filesize
319KB

MD5
f784f325c692a32a15d30b881e0e7fc0

SHA1
0fca007ceda84024d03e96427c88ccdef9262f76

SHA256
cc5af28c44903b684cb82710c27b62952390ecfd038a739fb8f446f0bc6ce95e

SHA512
be77185d40075732ac5abeaee58082e26589edb63698eab2f59539bc4162eb4b363b92493effd0d1041668f7e4b2389b63f924c7c37a76589cab0d1be63ca2bb

Download Submit
C:\Users\Admin\Desktop\SetSubmit.tiff

Filesize
358KB

MD5
aa7c7556a6dd2f862e9e10e7d4a9e873

SHA1
6069da68670c64b37004004a495115d33ef25c2e

SHA256
0c5ba614f09de74f13500339fca7076f5a2350ef4227ab31e94d4361633fe054

SHA512
14a2d58b997109c57162ad5f5cf330e1fbe98419267c0b803e4a57c1883abfa8d3b4495af2eef9d1f5b611500129ee943b73055d6493f0f3cd6d0db722f6fc64

Download Submit
C:\Users\Admin\Desktop\StepSkip.emf

Filesize
255KB

MD5
d71fa7888af9aa24655c58df8968c965

SHA1
9f6c073c06fe921272c875c89d8c772ca15f5098

SHA256
917ce3809b07f0069589904d08490ee6de6dbf661e2ef7076a87eb951a90f8f4

SHA512
35bffe942fee0daf6be10d856203e12d0bee1b769c216a74f1a18f3bb3db9e4df2c18b477664c45dc6bb6f41e481ed7671dfa1f01aad928ac609fd3042b68ead

Download Submit
C:\Users\Admin\Desktop\SubmitSend.vstm

Filesize
153KB

MD5
18d22ce9390e523eea631522563f7141

SHA1
b35221b6ce6d90454162d211226a65c9abe2a642

SHA256
a2148aecb3cb8eab4c8a4bcea6f0300cee8382653bceb78792d80568af87b1eb

SHA512
3d58eb1880818c1d77dc6dcd7d9e7ee0cf188baadb5f8d342cd818ccdca534eb2c836da4fb2eef8f3272f00af8fd32e6da445ba501606b44e98d9bc283d667ff

Download Submit
C:\Users\Admin\Desktop\TracePing.TS

Filesize
230KB

MD5
ed760442a327b4fb063aadc10f9a6e3f

SHA1
881db2b1c4e4a478f05fc7482fffe88dc071bc29

SHA256
b9c7d1c4282ff32ae642c5f6ed1356215dbe948e0f65a3ba91bf0516bd23d0af

SHA512
b4b8c6b472c244e1762c29c48949bf9cc40d6d630a4908b0d973a26aa54724f30b987cbe86b57cce8afe989859974f620d70b3b50a3352c6389ad1fb577374b2

Download Submit
C:\Users\Admin\Desktop\WaitStep.ocx

Filesize
140KB

MD5
718635bb7ca397f5f95c675ea3e2282e

SHA1
c374d71c0df42f7b84a57530145ba55b1e2a393c

SHA256
cc895e6a563c1ea732078470ed6f0c19762445ba6056763b9bfbc18fc397971c

SHA512
7dd3ca670a0c75cc0363034213e332a8e7781a9c750d3be636a62c40bf2f21b16bc52dad194783b24484550813614dc6f9199db1f464deb3ec55704d3b524cf8

Download Submit
C:\Users\Admin\Desktop\WriteMerge.asp

Filesize
268KB

MD5
5090e75356d0a6b78e1764e5ce61c17e

SHA1
7299c96e311c526162894cad21e9a38df3735e8f

SHA256
503536617e67e27f9f06566d665446d305bc4ea234980dbddf290a12678e431e

SHA512
8e2b0332e3250ec444956b9166c1247e9f145bb677bd6a3a6767147eaea3d2526a2305b71ff968b32a16fda0c2d07a102a14eb9bfcae9e50a2d1226b078767f6

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
be106a48d75313f2baf9d53c355dcb9f

SHA1
06be1a155f3b896a8f5a9b49c4dd30890cc6c165

SHA256
dc118857d3d2fc07701eb871c239a68b502e7dae1931088a50442cafacd7954b

SHA512
de003de2dc28f9969a439be634dec3212e60321e5da6705b80af95ff1cde98f9964674decd0020cca628843d221756fbe20af4d53d9ae67aa09992e5701d7469

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1KB

MD5
e1a1ef8b89a9f0e736d2bbdd807d48cf

SHA1
3093c958a2036862a709661133de0f8fc009300e

SHA256
2a40eb2d60b576b0149d72480330667cd0eb41d9eea74e0095a8a9a60d8eb8f0

SHA512
f04770f1fba7d409d5ee9fb6594aa983c44a59cdddb7722a86b48c42bafbd3d71bdfe58e8ba91dfff8fda5db96dba0fdd2cd3b64aa81df878b65834b8fa24b16

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
b36bf95e829d80743d45abdba11f08fc

SHA1
cd686cc5de3069e472bcd521cd658a56883c7132

SHA256
4d5264c2cc056f3b59eaede791a561a8f0710467fe3a3d212769588ae1ca8f1a

SHA512
f836ed8289fc8ef8cc15f383b70de140ccc38e00fcfaffdfa91fe655f86b572c76b1f8bcbede6b3b66a3eab99467c6199093244542312e884cf0bb591389a9b8

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
eafab680c680ac969ef0d29d5e53d541

SHA1
9b2337ff44234dc3d9b7eb71a71de0ed14fd4fdf

SHA256
d1daccd4ac4fe785bc3a4a8b3c0eaa7ab7eb303cdef99be62e69c1bff781b298

SHA512
f59cde760010d84ef7defc4c33d1eca74caa39ee0141e3482460377420c2dcc833f9db06322cd9496a3b800d2d48cf8e5a76396cfac09a203814900f5775d38d

Download Submit
memory/1680-318-0x000002F0673F0000-0x000002F0673F1000-memory.dmp

Filesize
4KB

Download
memory/1680-328-0x000002F0673F0000-0x000002F0673F1000-memory.dmp

Filesize
4KB

Download
memory/1680-324-0x000002F0673F0000-0x000002F0673F1000-memory.dmp

Filesize
4KB

Download
memory/1680-326-0x000002F0673F0000-0x000002F0673F1000-memory.dmp

Filesize
4KB

Download
memory/1680-320-0x000002F0673F0000-0x000002F0673F1000-memory.dmp

Filesize
4KB

Download
memory/1680-319-0x000002F0673F0000-0x000002F0673F1000-memory.dmp

Filesize
4KB

Download
memory/1680-325-0x000002F0673F0000-0x000002F0673F1000-memory.dmp

Filesize
4KB

Download
memory/1680-330-0x000002F0673F0000-0x000002F0673F1000-memory.dmp

Filesize
4KB

Download
memory/1680-329-0x000002F0673F0000-0x000002F0673F1000-memory.dmp

Filesize
4KB

Download
memory/1680-327-0x000002F0673F0000-0x000002F0673F1000-memory.dmp

Filesize
4KB

Download
memory/3256-9-0x00007FFF9F9C3000-0x00007FFF9F9C5000-memory.dmp

Filesize
8KB

Download
memory/3256-252-0x00007FFF9F9C0000-0x00007FFFA0481000-memory.dmp

Filesize
10.8MB

Download
memory/3256-8-0x000000001BEC0000-0x000000001BEFC000-memory.dmp

Filesize
240KB

Download
memory/3256-7-0x0000000003040000-0x0000000003052000-memory.dmp

Filesize
72KB

Download
memory/3256-4-0x000000001BF40000-0x000000001BFF2000-memory.dmp

Filesize
712KB

Download
memory/3256-10-0x00007FFF9F9C0000-0x00007FFFA0481000-memory.dmp

Filesize
10.8MB

Download
memory/3256-3-0x000000001BE30000-0x000000001BE80000-memory.dmp

Filesize
320KB

Download
memory/3256-0-0x00007FFF9F9C3000-0x00007FFF9F9C5000-memory.dmp

Filesize
8KB

Download
memory/3256-2-0x00007FFF9F9C0000-0x00007FFFA0481000-memory.dmp

Filesize
10.8MB

Download
memory/3256-1-0x0000000000DC0000-0x0000000000E78000-memory.dmp

Filesize
736KB

Download