5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07

Analysis

max time kernel
140s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
24-05-2022 21:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07.exe
Size

2.6MB
MD5

f94711a2952c01ce9bcaf36817c2b0bc
SHA1

f084c4650bc662f642859e580ec53d2f260dc8b4
SHA256

5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07
SHA512

239aee19e7de6a952b0de7bea4783ad07a11cf8cf635647a7b132c071957fcfc5bd97a8c74bc400be7167a01e4fb37451a0d0c52de94eb9b7341ee62ffd0291d

Score

9^/10

bootkit discovery persistence spyware stealer

Malware Config

Signatures

Nirsoft 4 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\1653428853264.exe	Nirsoft
C:\Users\Admin\AppData\Roaming\1653428853264.exe	Nirsoft
C:\Users\Admin\AppData\Roaming\1653428854795.exe	Nirsoft
C:\Users\Admin\AppData\Roaming\1653428854795.exe	Nirsoft

Executes dropped EXE 5 IoCs

Processes:

Yandex.exeYandex.exeYandex.exe1653428853264.exe1653428854795.exe

pid process

4972 Yandex.exe
1968 Yandex.exe
744 Yandex.exe
2468 1653428853264.exe
4396 1653428854795.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
4972	Yandex.exe
1968	Yandex.exe
744	Yandex.exe
2468	1653428853264.exe
4396	1653428854795.exe

Drops Chrome extension 1 IoCs

Processes:

Yandex.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjdlflcimgohnglcleoaidpepfemkhll\1.0.0.0_0\manifest.json	Yandex.exe

Writes to the Master Boot Record (MBR) 1 TTPs 4 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

Processes:

5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07.exeYandex.exeYandex.exeYandex.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07.exe
File opened for modification	\??\PhysicalDrive0	Yandex.exe
File opened for modification	\??\PhysicalDrive0	Yandex.exe
File opened for modification	\??\PhysicalDrive0	Yandex.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07.exe

pid process

4352 5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07.exe

pid	process
4352	5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07.exe

Suspicious use of SetThreadContext 3 IoCs

Processes:

Yandex.exeYandex.exe

description	pid	process	target process
PID 4972 set thread context of 636	4972	Yandex.exe	firefox.exe
PID 4972 set thread context of 3940	4972	Yandex.exe	firefox.exe
PID 744 set thread context of 2480	744	Yandex.exe	rundll32.exe

Drops file in Windows directory 1 IoCs

Processes:

Yandex.exe

description ioc process

File created C:\Windows\57C765CFDFAC.sys Yandex.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
File created	C:\Windows\57C765CFDFAC.sys	Yandex.exe

Checks SCSI registry key(s) 3 TTPs 18 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Yandex.exeYandex.exeYandex.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc	Yandex.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	Yandex.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	Yandex.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Yandex.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	Yandex.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	Yandex.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Yandex.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\DeviceDesc	Yandex.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Yandex.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Yandex.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\DeviceDesc	Yandex.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	Yandex.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc	Yandex.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	Yandex.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\DeviceDesc	Yandex.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc	Yandex.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Yandex.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Yandex.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

xcopy.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Kills process with taskkill 2 IoCs
evasion

Processes:

taskkill.exetaskkill.exe

pid process

4528 taskkill.exe
2112 taskkill.exe

pid	process
4528	taskkill.exe
2112	taskkill.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\6C0CE2DD0584C47CAC18839F14055F19FA270CDD	5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\6C0CE2DD0584C47CAC18839F14055F19FA270CDD\Blob = 0300000001000000140000006c0ce2dd0584c47cac18839f14055f19fa270cdd2000000001000000500500003082054c30820434a0030201020206016de34cff62300d06092a864886f70d01010b05003081aa313b303906035504030c32436861726c65732050726f78792043412028313920e58d81e69c8820323031392c204445534b544f502d424e41543131552931253023060355040b0c1c68747470733a2f2f636861726c657370726f78792e636f6d2f73736c3111300f060355040a0c08584b3732204c74643111300f06035504070c084175636b6c616e643111300f06035504080c084175636b6c616e64310b3009060355040613024e5a301e170d3030303130313030303030305a170d3438313231353039313533375a3081aa313b303906035504030c32436861726c65732050726f78792043412028313920e58d81e69c8820323031392c204445534b544f502d424e41543131552931253023060355040b0c1c68747470733a2f2f636861726c657370726f78792e636f6d2f73736c3111300f060355040a0c08584b3732204c74643111300f06035504070c084175636b6c616e643111300f06035504080c084175636b6c616e64310b3009060355040613024e5a30820122300d06092a864886f70d01010105000382010f003082010a0282010100ae86c5043ed34d99f44fa3052ea34047a7fbbe33188b1dc2ca645ca3249e85e54b4921d4998fda6a22247c32d9087d742af3bf850803ae8c1e25faad53fb8fd823b7353d9a3ac992bf917f693826c790e53a540b120b6553508ec9585e467d310bd3ef9fb61731deb522eb78f43f824b34be36782db7a8cb162cd22247b14e4c5ae633ed66542354a59971bddc59160ecdc521b4477c93ca9e624e0af00298602300f5dc368819c3cb9f02604636888276b3a498570473b5328b0834f327c34285e333da9207e12f0edbb654c8cf11e3cc7cba17a52cd7cd42c10ae095a2e4eb9d3e3f361488243f0584af40e72d6e6e182149bfb8342384f60f12e14734258d0203010001a382017430820170300f0603551d130101ff040530030101ff3082012c06096086480186f842010d0482011d138201195468697320526f6f74206365727469666963617465207761732067656e65726174656420627920436861726c65732050726f787920666f722053534c2050726f7879696e672e20496620746869732063657274696669636174652069732070617274206f66206120636572746966696361746520636861696e2c2074686973206d65616e73207468617420796f752772652062726f7773696e67207468726f75676820436861726c65732050726f787920776974682053534c2050726f7879696e6720656e61626c656420666f72207468697320776562736974652e20506c656173652073656520687474703a2f2f636861726c657370726f78792e636f6d2f73736c20666f72206d6f726520696e666f726d6174696f6e2e300e0603551d0f0101ff040403020204301d0603551d0e04160414f8d0dc54367cf794020f8b92783a5d8a91251f9f300d06092a864886f70d01010b05000382010100662271eb9d5c744c88382de98ba37320e6312104d04273a92007a8670976d6530e6347d00bbded1319bb6754f36237596095922911e3661a70354f6ba0b797a76258be7adebb8c8dbeeed977760b80271d74b2444d92f6c1337a379b73545b251de5f8812b9625abbbfaedc15f8c6c374b9b26dd0fef035185f5899d8819e689dc6db5f0babbfd637c52b1bec80115b889faeed493d4112d744954ad3abe6607c41a4a2d657ba330ed131fa4e8c25bb28ee181dcef8da91c17bfd30a23c8eae81b152ed85ff938afc32b34ffdaffbdb72d9bb04067bfc87f579eba9637b165ea008ea7408bc8265f33c039bf60f506d245a6b53017afc8e161d70ed5b0d76576	5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07.exe

Runs ping.exe 1 TTPs 4 IoCs

Remote System Discovery
T1018

Processes:

PING.EXEPING.EXEPING.EXEPING.EXE

pid process

4704 PING.EXE
4728 PING.EXE
4364 PING.EXE
3656 PING.EXE

pid	process
4704	PING.EXE
4728	PING.EXE
4364	PING.EXE
3656	PING.EXE

Suspicious behavior: EnumeratesProcesses 22 IoCs

Processes:

1653428853264.exe1653428854795.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exe

pid	process
2468	1653428853264.exe
2468	1653428853264.exe
4396	1653428854795.exe
4396	1653428854795.exe
3812	chrome.exe
3812	chrome.exe
3596	chrome.exe
3596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2716	chrome.exe
2716	chrome.exe
2284	chrome.exe
2284	chrome.exe
4692	chrome.exe
4692	chrome.exe
2980	chrome.exe
2980	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe

Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

656

pid	process
656

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

chrome.exe

pid	process
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

taskkill.exetaskkill.exe

description pid process

Token: SeDebugPrivilege 4528 taskkill.exe
Token: SeDebugPrivilege 2112 taskkill.exe

description	pid	process
Token: SeDebugPrivilege	4528	taskkill.exe
Token: SeDebugPrivilege	2112	taskkill.exe

Suspicious use of FindShellTrayWindow 63 IoCs

Processes:

chrome.exerundll32.exe

pid	process
3596	chrome.exe
3596	chrome.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

rundll32.exe

pid process

2480 rundll32.exe

pid	process
2480	rundll32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07.execmd.exeYandex.exeYandex.execmd.execmd.exeYandex.execmd.exerundll32.exe

description	pid	process	target process
PID 4352 wrote to memory of 4972	4352	5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07.exe	Yandex.exe
PID 4352 wrote to memory of 4972	4352	5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07.exe	Yandex.exe
PID 4352 wrote to memory of 4972	4352	5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07.exe	Yandex.exe
PID 4352 wrote to memory of 1968	4352	5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07.exe	Yandex.exe
PID 4352 wrote to memory of 1968	4352	5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07.exe	Yandex.exe
PID 4352 wrote to memory of 1968	4352	5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07.exe	Yandex.exe
PID 4352 wrote to memory of 744	4352	5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07.exe	Yandex.exe
PID 4352 wrote to memory of 744	4352	5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07.exe	Yandex.exe
PID 4352 wrote to memory of 744	4352	5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07.exe	Yandex.exe
PID 4352 wrote to memory of 1088	4352	5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07.exe	cmd.exe
PID 4352 wrote to memory of 1088	4352	5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07.exe	cmd.exe
PID 4352 wrote to memory of 1088	4352	5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07.exe	cmd.exe
PID 1088 wrote to memory of 4364	1088	cmd.exe	PING.EXE
PID 1088 wrote to memory of 4364	1088	cmd.exe	PING.EXE
PID 1088 wrote to memory of 4364	1088	cmd.exe	PING.EXE
PID 1968 wrote to memory of 4984	1968	Yandex.exe	cmd.exe
PID 1968 wrote to memory of 4984	1968	Yandex.exe	cmd.exe
PID 1968 wrote to memory of 4984	1968	Yandex.exe	cmd.exe
PID 4972 wrote to memory of 636	4972	Yandex.exe	firefox.exe
PID 4972 wrote to memory of 636	4972	Yandex.exe	firefox.exe
PID 4972 wrote to memory of 636	4972	Yandex.exe	firefox.exe
PID 4972 wrote to memory of 636	4972	Yandex.exe	firefox.exe
PID 4972 wrote to memory of 636	4972	Yandex.exe	firefox.exe
PID 4972 wrote to memory of 636	4972	Yandex.exe	firefox.exe
PID 4984 wrote to memory of 4528	4984	cmd.exe	taskkill.exe
PID 4984 wrote to memory of 4528	4984	cmd.exe	taskkill.exe
PID 4984 wrote to memory of 4528	4984	cmd.exe	taskkill.exe
PID 4972 wrote to memory of 2468	4972	Yandex.exe	1653428853264.exe
PID 4972 wrote to memory of 2468	4972	Yandex.exe	1653428853264.exe
PID 4972 wrote to memory of 2468	4972	Yandex.exe	1653428853264.exe
PID 1968 wrote to memory of 992	1968	Yandex.exe	cmd.exe
PID 1968 wrote to memory of 992	1968	Yandex.exe	cmd.exe
PID 1968 wrote to memory of 992	1968	Yandex.exe	cmd.exe
PID 992 wrote to memory of 3656	992	cmd.exe	PING.EXE
PID 992 wrote to memory of 3656	992	cmd.exe	PING.EXE
PID 992 wrote to memory of 3656	992	cmd.exe	PING.EXE
PID 4972 wrote to memory of 3940	4972	Yandex.exe	firefox.exe
PID 4972 wrote to memory of 3940	4972	Yandex.exe	firefox.exe
PID 4972 wrote to memory of 3940	4972	Yandex.exe	firefox.exe
PID 4972 wrote to memory of 3940	4972	Yandex.exe	firefox.exe
PID 4972 wrote to memory of 3940	4972	Yandex.exe	firefox.exe
PID 4972 wrote to memory of 3940	4972	Yandex.exe	firefox.exe
PID 4972 wrote to memory of 4396	4972	Yandex.exe	1653428854795.exe
PID 4972 wrote to memory of 4396	4972	Yandex.exe	1653428854795.exe
PID 4972 wrote to memory of 4396	4972	Yandex.exe	1653428854795.exe
PID 4972 wrote to memory of 3372	4972	Yandex.exe	cmd.exe
PID 4972 wrote to memory of 3372	4972	Yandex.exe	cmd.exe
PID 4972 wrote to memory of 3372	4972	Yandex.exe	cmd.exe
PID 744 wrote to memory of 2480	744	Yandex.exe	rundll32.exe
PID 744 wrote to memory of 2480	744	Yandex.exe	rundll32.exe
PID 744 wrote to memory of 2480	744	Yandex.exe	rundll32.exe
PID 744 wrote to memory of 2480	744	Yandex.exe	rundll32.exe
PID 744 wrote to memory of 2480	744	Yandex.exe	rundll32.exe
PID 744 wrote to memory of 2480	744	Yandex.exe	rundll32.exe
PID 744 wrote to memory of 2480	744	Yandex.exe	rundll32.exe
PID 744 wrote to memory of 2452	744	Yandex.exe	cmd.exe
PID 744 wrote to memory of 2452	744	Yandex.exe	cmd.exe
PID 744 wrote to memory of 2452	744	Yandex.exe	cmd.exe
PID 3372 wrote to memory of 4704	3372	cmd.exe	PING.EXE
PID 3372 wrote to memory of 4704	3372	cmd.exe	PING.EXE
PID 3372 wrote to memory of 4704	3372	cmd.exe	PING.EXE
PID 2480 wrote to memory of 984	2480	rundll32.exe	cmd.exe
PID 2480 wrote to memory of 984	2480	rundll32.exe	cmd.exe
PID 2480 wrote to memory of 984	2480	rundll32.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07.exe
"C:\Users\Admin\AppData\Local\Temp\5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:4352

C:\Users\Admin\AppData\Local\Temp\Yandex.exe
C:\Users\Admin\AppData\Local\Temp\Yandex.exe 0011 user01
2⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of WriteProcessMemory
PID:4972

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
3⤵
PID:636

C:\Users\Admin\AppData\Roaming\1653428853264.exe
"C:\Users\Admin\AppData\Roaming\1653428853264.exe" /sjson "C:\Users\Admin\AppData\Roaming\1653428853264.txt"
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2468

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
3⤵
PID:3940

C:\Users\Admin\AppData\Roaming\1653428854795.exe
"C:\Users\Admin\AppData\Roaming\1653428854795.exe" /sjson "C:\Users\Admin\AppData\Roaming\1653428854795.txt"
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4396

C:\Windows\SysWOW64\cmd.exe
cmd /c ping 127.0.0.1 -n 3 & del "C:\Users\Admin\AppData\Local\Temp\Yandex.exe"
3⤵
- Suspicious use of WriteProcessMemory
PID:3372

C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
4⤵
- Runs ping.exe
PID:4704

C:\Users\Admin\AppData\Local\Temp\Yandex.exe
C:\Users\Admin\AppData\Local\Temp\Yandex.exe 300 user01
2⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetThreadContext
- Checks SCSI registry key(s)
- Suspicious use of WriteProcessMemory
PID:744

C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\system32\rundll32.exe"
3⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2480

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im chrome.exe
4⤵
PID:984

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im chrome.exe
5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2112

C:\Windows\SysWOW64\xcopy.exe
xcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\1653428856311\" /e
4⤵
- Enumerates system info in registry
PID:3632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=0,-5000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\1653428856311" http://www.interestvideo.com/video1.php
4⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:3596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\1653428856311 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\1653428856311\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\1653428856311 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffbe1244f50,0x7ffbe1244f60,0x7ffbe1244f70
5⤵
PID:4128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1620,1567457075421568176,6013998373063249223,131072 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\1653428856311" --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1644 /prefetch:2
5⤵
PID:2932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1620,1567457075421568176,6013998373063249223,131072 --lang=en-US --service-sandbox-type=network --user-data-dir="C:\Users\Admin\AppData\Local\Temp\1653428856311" --mojo-platform-channel-handle=2020 /prefetch:8
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:3812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1620,1567457075421568176,6013998373063249223,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\1653428856311" --mojo-platform-channel-handle=2276 /prefetch:8
5⤵
PID:4080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,1567457075421568176,6013998373063249223,131072 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Temp\1653428856311" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:1
5⤵
PID:4568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,1567457075421568176,6013998373063249223,131072 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Temp\1653428856311" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2948 /prefetch:1
5⤵
PID:4848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,1567457075421568176,6013998373063249223,131072 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Temp\1653428856311" --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
5⤵
PID:2012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,1567457075421568176,6013998373063249223,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Temp\1653428856311" --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1
5⤵
PID:1652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,1567457075421568176,6013998373063249223,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Temp\1653428856311" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
5⤵
PID:3488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,1567457075421568176,6013998373063249223,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\1653428856311" --mojo-platform-channel-handle=4788 /prefetch:8
5⤵
PID:4396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,1567457075421568176,6013998373063249223,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Temp\1653428856311" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
5⤵
PID:1320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,1567457075421568176,6013998373063249223,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Temp\1653428856311" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
5⤵
PID:992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,1567457075421568176,6013998373063249223,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\1653428856311" --mojo-platform-channel-handle=4928 /prefetch:8
5⤵
PID:3872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,1567457075421568176,6013998373063249223,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\1653428856311" --mojo-platform-channel-handle=5476 /prefetch:8
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:2596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,1567457075421568176,6013998373063249223,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\1653428856311" --mojo-platform-channel-handle=5504 /prefetch:8
5⤵
PID:3936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,1567457075421568176,6013998373063249223,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\1653428856311" --mojo-platform-channel-handle=3336 /prefetch:8
5⤵
PID:4980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,1567457075421568176,6013998373063249223,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\1653428856311" --mojo-platform-channel-handle=5412 /prefetch:8
5⤵
PID:3984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,1567457075421568176,6013998373063249223,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Temp\1653428856311" --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
5⤵
PID:4120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,1567457075421568176,6013998373063249223,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\1653428856311" --mojo-platform-channel-handle=5508 /prefetch:8
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:2716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,1567457075421568176,6013998373063249223,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Temp\1653428856311" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2760 /prefetch:1
5⤵
PID:608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,1567457075421568176,6013998373063249223,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\1653428856311" --mojo-platform-channel-handle=5592 /prefetch:8
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:2284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,1567457075421568176,6013998373063249223,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\1653428856311" --mojo-platform-channel-handle=5500 /prefetch:8
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:4692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,1567457075421568176,6013998373063249223,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\1653428856311" --mojo-platform-channel-handle=3296 /prefetch:8
5⤵
PID:220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,1567457075421568176,6013998373063249223,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\1653428856311" --mojo-platform-channel-handle=5400 /prefetch:8
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:2980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,1567457075421568176,6013998373063249223,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\1653428856311" --mojo-platform-channel-handle=5436 /prefetch:8
5⤵
PID:3556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,1567457075421568176,6013998373063249223,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\1653428856311" --mojo-platform-channel-handle=2952 /prefetch:8
5⤵
PID:3828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,1567457075421568176,6013998373063249223,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Temp\1653428856311" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2544 /prefetch:1
5⤵
PID:800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,1567457075421568176,6013998373063249223,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\1653428856311" --mojo-platform-channel-handle=4844 /prefetch:8
5⤵
PID:4188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1620,1567457075421568176,6013998373063249223,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\1653428856311" --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5452 /prefetch:2
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:3780

C:\Windows\SysWOW64\cmd.exe
cmd /c ping 127.0.0.1 -n 3 & del "C:\Users\Admin\AppData\Local\Temp\Yandex.exe"
3⤵
PID:2452

C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
4⤵
- Runs ping.exe
PID:4728

C:\Users\Admin\AppData\Local\Temp\Yandex.exe
C:\Users\Admin\AppData\Local\Temp\Yandex.exe 200 user01
2⤵
- Executes dropped EXE
- Drops Chrome extension
- Writes to the Master Boot Record (MBR)
- Checks SCSI registry key(s)
- Suspicious use of WriteProcessMemory
PID:1968

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im chrome.exe
3⤵
- Suspicious use of WriteProcessMemory
PID:4984

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im chrome.exe
4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4528

C:\Windows\SysWOW64\cmd.exe
cmd /c ping 127.0.0.1 -n 3 & del "C:\Users\Admin\AppData\Local\Temp\Yandex.exe"
3⤵
- Suspicious use of WriteProcessMemory
PID:992

C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
4⤵
- Runs ping.exe
PID:3656

C:\Windows\SysWOW64\cmd.exe
cmd /c ping 127.0.0.1 -n 3 & del "C:\Users\Admin\AppData\Local\Temp\5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:1088

C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
3⤵
- Runs ping.exe
PID:4364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:440

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Remote System Discovery

T1018

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjdlflcimgohnglcleoaidpepfemkhll\1.0.0.0_0\background.js
Filesize
886B

MD5
fedaca056d174270824193d664e50a3f

SHA1
58d0c6e4ec18ab761805aabb8d94f3c4cbe639f5

SHA256
8f538ed9e633d5c9ea3e8fb1354f58b3a5233f1506c9d3d01873c78e3eb88b8d

SHA512
2f1968ede11b9510b43b842705e5ddac4f85a9e2aa6aee542bec80600228ff5a5723246f77c526154eb9a00a87a5c7ddd634447a8f7a97d6da33b94509731dbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjdlflcimgohnglcleoaidpepfemkhll\1.0.0.0_0\d8yI+Hf7rX.js
Filesize
150B

MD5
f639853b8e20e839fb587943fafd2a7f

SHA1
d1a4552a138a76de9c4aadf2ddd3f4903cf8983c

SHA256
a09b3e751ddb62d949c9e378d5bed06f28321f0b08c33bb0f3ecf605a08cc893

SHA512
3446a71f4919cfa241f6e8ff60cd2796231b526807e1d2d37babf1ea75252d06f3af446137971bea6d17a1733e2d96fa871f57ead162237463c8941d4be9368d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjdlflcimgohnglcleoaidpepfemkhll\1.0.0.0_0\icon.png
Filesize
1KB

MD5
50ec61ed703320c8e9ef50c5acfa7eb2

SHA1
35bd91cf8844f9402d60f21172bad14f0ccb1896

SHA256
464fcf2d90bcdb61234d7d547e5e60ddc3868ff330e7ae512745fdae9f295fe1

SHA512
b80e1c41cdc273af6f31982bdb90945a30bc37f8e5d8b0229a476cccbd57e05a54982e2b30cbf00c04481ef2c1b7af297daa7e4659b3f2de62d82bc94b7f7be0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjdlflcimgohnglcleoaidpepfemkhll\1.0.0.0_0\icon48.png
Filesize
2KB

MD5
e35b805293ccd4f74377e9959c35427d

SHA1
9755c6f8bab51bd40bd6a51d73be2570605635d1

SHA256
2bf1d9879b36be03b2f140fad1932bc6aaaaac834082c2cd9e98be6773918ca0

SHA512
6c7d37378aa1e521e73980c431ce5815dedb28d5b7003009b91392303d3bec1ee6f2aae719b766da4209b607cd702fae283e1682d3785eff85e07d5ee81319c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjdlflcimgohnglcleoaidpepfemkhll\1.0.0.0_0\jquery-1.8.3.min.js
Filesize
91KB

MD5
e1288116312e4728f98923c79b034b67

SHA1
8b6babff47b8a9793f37036fd1b1a3ad41d38423

SHA256
ba6eda7945ab8d7e57b34cc5a3dd292fa2e4c60a5ced79236ecf1a9e0f0c2d32

SHA512
bf28a9a446e50639a9592d7651f89511fc4e583e213f20a0dff3a44e1a7d73ceefdb6597db121c7742bde92410a27d83d92e2e86466858a19803e72a168e5656

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjdlflcimgohnglcleoaidpepfemkhll\1.0.0.0_0\manifest.json
Filesize
1KB

MD5
adfc1e9e4374932136f756bb4768a4b6

SHA1
dced9ef02dbf07ac44e973fc919ab3371fad9a75

SHA256
10251c924e18440b43f112b3e7f1cc849b097a98837fcdf2bf6ce09e3ba7a27b

SHA512
b603fe807c17d189344bcb67ba4cca09c4b3499876321ac0a305b9c2bdf2c35a4daf23cf7a36e21cb45c0c68f9d6e6008b81a924f8a8a69814e11fffc8c46034

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjdlflcimgohnglcleoaidpepfemkhll\1.0.0.0_0\popup.html
Filesize
280B

MD5
e93b02d6cffcca037f3ea55dc70ee969

SHA1
db09ed8eb9dbc82119fa1f76b3e36f2722ed2153

SHA256
b057584f5e81b48291e696c061f94b1e88ca52522490816d4bf900817ff822bd

SHA512
f85b5b38ade3efa605e1da27e8680045548e3343804073f9fe0c83e4becfb2eb4a237c8e1c84d43da386cbdddcc45f915bce950ed41d53a8dfdf85af2dfac879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjdlflcimgohnglcleoaidpepfemkhll\1.0.0.0_0\popup.js
Filesize
642B

MD5
2ac02ee5f808bc4deb832fb8e7f6f352

SHA1
05375ef86ff516d91fb9746c0cbc46d2318beb86

SHA256
ddc877c153b3a9cd5ec72fef6314739d58ae885e5eff09aadbb86b41c3d814e6

SHA512
6b86f979e43a35d24baaf5762fc0d183584b62779e4b500eb0c5f73fae36b054a66c5b0620ea34c6ac3c562624bec3db3698520af570bb4ed026d907e03182e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
c79d4e58d8f0374f1ca20be7455c4c55

SHA1
5bf4bdde683483137ef74245602c264efdf77c76

SHA256
a3731f2915fd708ce022516be4f5992a76169433aff264af88bf43524cc72467

SHA512
2c2ec0c412b49fc08058a48f82485f1948e2f12e635de0b6d78102ee68b84ecc82b8e9f70298f4076f6853ad0334c27b6aef546a28f77154f74456cba16d84d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
17KB

MD5
ab1355ffa57a9baccd9acc729a2b1b33

SHA1
5803c384c78b59f5e6f6bd92ac1b292bf8fe0de2

SHA256
a3fef4ce9aeaad508bb2d19fde4424a6739952a42b75b069fcf1ecc23b2f108c

SHA512
00aaa241ba38f1630e501b1d2aedeb98db2da2074aeca696b5fab63e8ba4e05e17a0c8456530734a2f5b2e567ee48e93810b4011511d73969d777e40f5faf328

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\CrashpadMetrics-active.pma
Filesize
1024KB

MD5
03c4f648043a88675a920425d824e1b3

SHA1
b98ce64ab5f7a187d19deb8f24ca4ab5d9720a6d

SHA256
f91dbb7c64b4582f529c968c480d2dce1c8727390482f31e4355a27bb3d9b450

SHA512
2473f21cf8747ec981db18fb42726c767bbcca8dd89fd05ffd2d844206a6e86da672967462ac714e6fb43cc84ac35fffcec7ddc43a9357c1f8ed9d14105e9192

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Crashpad\settings.dat
Filesize
40B

MD5
0548bfd3ab5db778856fc71b079e7844

SHA1
f993b9292d756bb5c33dcba923e0f998f6d91f5d

SHA256
fe3b047bb7b7b81a13db852483d1323ac9dfc8d271bc215fa63758e699f15036

SHA512
ec1538503fd609d185f04dee88d083b8e5b9cf70e3d93f32df03daaeda0256f7a1eeb42cb6b241fae726e07f540b595edc8f98b78f2a532663fe3ffc9920e9fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Default\Cache\index
Filesize
512KB

MD5
bb69fa45fe5a4c8822d78929cbe0d660

SHA1
cfafdc040e357d36d24f7b76f16b71f787a01ce7

SHA256
8978cac1425cbe6c2b1b5614820080f5f76d352cf00c9845b1b6cfbef1937f6d

SHA512
8524d6e63e747573bdd123a0386137e83ac1ab656b3c904239bd11093dd0b0cebf3aa566cea2f9d09e6743f780bee0da6f9a4318a24c1cef1a79a1d6b8ae0578

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Default\Code Cache\js\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Default\Code Cache\wasm\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Default\Favicons
Filesize
20KB

MD5
5688ce73407154729a65e71e4123ab21

SHA1
9a2bb4125d44f996af3ed51a71ee6f8ecd296bd7

SHA256
be1b822e970dfe1a120d248db7000eaf799bd6531929a1308676c70fe1608d60

SHA512
eb6452b23ea36c39d03ead154185616c13583f12f382cb2456beeb1ba6e5febdfd2a6f1064283cf115ad1c517dbf409777cdacb128e00c9d3f401335db355537

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Default\History
Filesize
116KB

MD5
4e2922249bf476fb3067795f2fa5e794

SHA1
d2db6b2759d9e650ae031eb62247d457ccaa57d2

SHA256
c2c17166e7468877d1e80822f8a5f35a7700ac0b68f3b369a1f4154ae4f811e1

SHA512
8e5e12daf11f9f6e73fb30f563c8f2a64bbc7bb9deffe4969e23081ec1c4073cdf6c74e8dbcc65a271142083ad8312ec7d59505c90e718a5228d369f4240e1da

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Default\Local Storage\leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Default\Local Storage\leveldb\LOG
Filesize
144B

MD5
ba300d508c4f06f3aa38aa69e1620637

SHA1
591e71c8e60357e3ae22b12d41d0b26fa57d4d43

SHA256
db4d9202b0d8b69374921ba927356bcc69eaa5a0429e8d815c3e48f2e550b20d

SHA512
6d7a04c53436412f31e49c89a0c1f029775484a1d6a71262869d0ae050adfbccfef543271a2f4b7718980ee18e855a369a7dde031bb458e5c58ac49df2aaff1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Default\Local Storage\leveldb\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Default\Login Data
Filesize
40KB

MD5
b608d407fc15adea97c26936bc6f03f6

SHA1
953e7420801c76393902c0d6bb56148947e41571

SHA256
b281ce54125d4250a80f48fcc02a8eea53f2c35c3b726e2512c3d493da0013bf

SHA512
cc96ddf4bf90d6aaa9d86803cb2aa30cd8e9b295aee1bd5544b88aeab63dc60bb1d4641e846c9771bab51aabbfbcd984c6d3ee83b96f5b65d09c0841d464b9e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Default\Media History
Filesize
140KB

MD5
1ddfe694c682299567c25daee0cf2a04

SHA1
d32bb6199d95989525ce204a859780cca708142c

SHA256
2237a10a071315f272ac9eb9338ce9a83350739537a5cbf0f82bd5ac65e45968

SHA512
a1a09f7e4c919a758c38c8a789feac95dd17f07fc955ca83bd0e4af6ca053f5e205d6f55bcce380f83cbc5bd26e75457ce120fc287c13bd8b73b68e1610d11a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Default\Network Persistent State
Filesize
798B

MD5
88c9b7b9d27f1ed83b985c67e5dccc97

SHA1
27bcddd338cc8b72e4ef1ab29f5571ffd1f76766

SHA256
f1dd3d00308c996197a3a6c1c74444c15e0dbef031c54a6964dadb43aaf4342e

SHA512
060a501522fbb4512975d8e53f5aa61a5ee001beca84fb98e13cfc6ac76f0c482b293cebcf0f9c3533e2d2ec766b0319f236232c7d9087799d7613aa78bdd7a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Default\Preferences
Filesize
6KB

MD5
c79d4e58d8f0374f1ca20be7455c4c55

SHA1
5bf4bdde683483137ef74245602c264efdf77c76

SHA256
a3731f2915fd708ce022516be4f5992a76169433aff264af88bf43524cc72467

SHA512
2c2ec0c412b49fc08058a48f82485f1948e2f12e635de0b6d78102ee68b84ecc82b8e9f70298f4076f6853ad0334c27b6aef546a28f77154f74456cba16d84d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Default\Preferences
Filesize
6KB

MD5
382ed0d6a765e4a4c0219b2d6435b011

SHA1
64de0b31f19e8aaf4c7b84ed43209a6510092620

SHA256
a229b61ec17d3d4b4cf0d1ed85bdfb76807e76a6f86aa0bb45cae121b42f67d1

SHA512
883c08339658c3bc5b03c5ef796ef5b92c3d5d7114ab1da336a315aba0662a6efb161bd43d2560f37adf856e77fe8cb0948b7d9f4ae8f21f7d04a6402ff5abca

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Default\Secure Preferences
Filesize
17KB

MD5
ab1355ffa57a9baccd9acc729a2b1b33

SHA1
5803c384c78b59f5e6f6bd92ac1b292bf8fe0de2

SHA256
a3fef4ce9aeaad508bb2d19fde4424a6739952a42b75b069fcf1ecc23b2f108c

SHA512
00aaa241ba38f1630e501b1d2aedeb98db2da2074aeca696b5fab63e8ba4e05e17a0c8456530734a2f5b2e567ee48e93810b4011511d73969d777e40f5faf328

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Default\Secure Preferences
Filesize
19KB

MD5
3f82e3c9bdf1f5d99cf8939f0a6ce7ed

SHA1
3531c252b550174373c47685d27314db5720581b

SHA256
132a5e22350ba13fd2049cf409357a84219714b751f004fd3341c31da656b9cc

SHA512
a4fba56e54aee5bc89683b3ab7f7e96d0f28a6afd6d6d0816ca0dc261369a37b946c7eb52c61f5c38f95565c5eba83a1d20546c02b688b55c9b5b6f9b45d8819

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Default\Sessions\Tabs_13294453291275454
Filesize
669B

MD5
06f541bc1a5413332f654579baa36e81

SHA1
3aef4009abdebbf43f9779d0775e3de0b3cfe191

SHA256
3cc06c5bd45ae25ac763a7d9944166517dd837580ed9bbddb455fc60f602a88d

SHA512
ccbabd72f7ffec9fea983338191f20a9a936ff904e1e060dc04557d97161142c655fdbdc01905008736ba6d2ecd8d2438d854ab60477ef173d112ac695758d08

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Default\Site Characteristics Database\000003.log
Filesize
40B

MD5
148079685e25097536785f4536af014b

SHA1
c5ff5b1b69487a9dd4d244d11bbafa91708c1a41

SHA256
f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8

SHA512
c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Default\Site Characteristics Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Default\Site Characteristics Database\LOG
Filesize
153B

MD5
4cceff305117b40eb9d7366c4bb73f59

SHA1
82171596e6e5d33bfc2760c1fbfa1f6abc635471

SHA256
6f0edb1fa4539a24ce46629b7f2f2041b7f9649ff651b18df60621b0c46f9691

SHA512
c1e6cde8de633371486e5579defdff1dc4968b9e123e374afc827a340467e83496da848746eb0108847424025b3f8dcd8bec23b7430862873612ca814af70197

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Default\Site Characteristics Database\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Default\Sync Data\LevelDB\000003.log
Filesize
122B

MD5
0d9f70652007603a81c7847dc3cee8da

SHA1
4a7c8341cfd657f31314690bfd9bd8f51030c5b5

SHA256
a705d9d26ed11df2f38e6c25557ccb83916b8598fe92d2ad25868f9ae89844f7

SHA512
27e34f4b5077a9bb58f30d2447c43d2ae877495bda975b33f405d5d08d03a009bf67bd24abcf70838934f17f1ec66ed1b98429ad96997cae68d0f1e0bf9ea4cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Default\Sync Data\LevelDB\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Default\Sync Data\LevelDB\LOG
Filesize
140B

MD5
72006b45fe62be90f601173f3ff7014c

SHA1
d0322485525c25f3311877af0a9de2c0b7b345f8

SHA256
fbc3ee97e46442ee21813d8816f79ad664fc9c1348fbc701fd25dc6c040859df

SHA512
5095a44d9495f5b3cc8fce8ad58c83e9b18fc621d1f9eae6a5ea8a20b2d335d8be851a6aa6c2146556796dd1fd83ff7dc58152fe8dbf1d2a75069ecf6c36295d

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Default\Sync Data\LevelDB\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Default\Top Sites
Filesize
20KB

MD5
9048adc11b40da3679e854f2aaee2813

SHA1
3a5f63f46b6f38dc15e852bc9ec85d17b3bf09d3

SHA256
55f6ab81fe7167e23124f16688da2f74223d2c7b6e3312316f243f129519bc2a

SHA512
421477d5561ba0e55597469b01785c46ed1a3ad36f592db527290705129539c6355fc0477c219c899c253fb95b1213b1e05fef57d4d0e0b74c48a9f2cc0d3e1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Default\TransportSecurity
Filesize
203B

MD5
528916bdb511d7b2423dff755347e01d

SHA1
d6df286c3d21dcbdfb90fdad840a1a3666fd1cb3

SHA256
8996df5f518aaedc9b10409fb952d1858170c5f36fcd0c440d6ced79fc8afac0

SHA512
293450677b7926f44192407334beaa571dc8262f605a9f4d816ffc86c0318a4604360ce77f0af2335e64e854b5574b4a0b3999b4d08ee27073d017b47a4d1745

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Default\Visited Links
Filesize
128KB

MD5
2b6cb860551221736c32c8d28fc13efd

SHA1
3d48447ccad18ef3a6f5bc6b3928b9bbafdfa24e

SHA256
ba46e2e484f3e8c3e44ca33dbdb8933c5741143bd02727b50253acbb2ac0808e

SHA512
3272e9a565c603e38b4bea1d3e81e34614a3cafa1e61621e995661f7ac47a32e770c7c41837c870872751195518fc71baca7391a1a268766208ef5a33bb3cf94

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Default\Web Data
Filesize
88KB

MD5
8ee018331e95a610680a789192a9d362

SHA1
e1fba0ac3f3d8689acf6c2ee26afdfd0c8e02df9

SHA256
94354ea6703c5ef5fa052aeb1d29715587d80300858ebc063a61c02b7e6e9575

SHA512
4b89b5adc77641e497eda7db62a48fee7b4b8dda83bff637cac850645d31deb93aafee5afeb41390e07fd16505a63f418b6cb153a1d35777c483e2d6d3f783b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\GrShaderCache\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\GrShaderCache\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\GrShaderCache\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\GrShaderCache\GPUCache\index
Filesize
256KB

MD5
5173b6ddb8e7fb6849541165d1f833f8

SHA1
ea16ef33db2a425b9ba1c55377b3096ffe404be1

SHA256
a61421dc0193dab2e0ea294c88e150ad0062e1f9f7ece85c908e12af8b909318

SHA512
ea0e2895b8fa8b768e051a3819f020c8ecfa17e61d15efbc629e31128ac12de685ba8fa17ff211540e1aa594b8ee0640cf9023b0edc61c6a602b994ca00d423f

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Last Version
Filesize
13B

MD5
b63048c4e7e52c52053d25da30d9c5ab

SHA1
679a44d402f5ec24605719e06459f5a707989187

SHA256
389caa40ea458e84bc624a9af1e0dec60fa652b2db2b81c09b1dfe22822cc3d1

SHA512
e86c58c5a25e24f21ad79ed526a90c120a09c115f4820663bd2ebbc59e7bb1c4c418267eb77645522aa20b2c1b53fba8e31690db7bae9b21e4eff3db06316359

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\Local State
Filesize
70KB

MD5
f9d0eecf7166835dc9c9a04acef9863f

SHA1
9c4b6127ed3503cc6fb722514684f702626b4688

SHA256
f4cfb19a26ee6c7ff047a47944c151bba92efa013510f9c8bf829370752f954e

SHA512
60854c12c39e4c646873391e11c8124818c58e5ed217cbe6e9b5702d8361ea41323d3ab6a4cf7e78cbe5bdf170fd2ca6ee75e9ec5a3b5e6bb1d281928bafdf64

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\ShaderCache\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\ShaderCache\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\ShaderCache\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\1653428856311\ShaderCache\GPUCache\index
Filesize
256KB

MD5
b040962fa01982784c62d8bf541dba87

SHA1
35c9f8dbc11da54789de442707d3c367bb61baed

SHA256
48f1aedf10cafd090a0a9ec2538c4f56f2cc92bdb4ab05f383f5838bc11cbfc6

SHA512
8633da310386156329855386c84b3ebcae42cbe7b35ef79d4cd50b88492e41a469630aef3b83b3099b455e6a84b3f6f9912aac6f1b3c845d90b470d37725ca9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Yandex.exe
Filesize
2.6MB

MD5
f94711a2952c01ce9bcaf36817c2b0bc

SHA1
f084c4650bc662f642859e580ec53d2f260dc8b4

SHA256
5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07

SHA512
239aee19e7de6a952b0de7bea4783ad07a11cf8cf635647a7b132c071957fcfc5bd97a8c74bc400be7167a01e4fb37451a0d0c52de94eb9b7341ee62ffd0291d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Yandex.exe
Filesize
2.6MB

MD5
f94711a2952c01ce9bcaf36817c2b0bc

SHA1
f084c4650bc662f642859e580ec53d2f260dc8b4

SHA256
5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07

SHA512
239aee19e7de6a952b0de7bea4783ad07a11cf8cf635647a7b132c071957fcfc5bd97a8c74bc400be7167a01e4fb37451a0d0c52de94eb9b7341ee62ffd0291d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Yandex.exe
Filesize
2.6MB

MD5
f94711a2952c01ce9bcaf36817c2b0bc

SHA1
f084c4650bc662f642859e580ec53d2f260dc8b4

SHA256
5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07

SHA512
239aee19e7de6a952b0de7bea4783ad07a11cf8cf635647a7b132c071957fcfc5bd97a8c74bc400be7167a01e4fb37451a0d0c52de94eb9b7341ee62ffd0291d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Yandex.exe
Filesize
2.6MB

MD5
f94711a2952c01ce9bcaf36817c2b0bc

SHA1
f084c4650bc662f642859e580ec53d2f260dc8b4

SHA256
5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07

SHA512
239aee19e7de6a952b0de7bea4783ad07a11cf8cf635647a7b132c071957fcfc5bd97a8c74bc400be7167a01e4fb37451a0d0c52de94eb9b7341ee62ffd0291d

Download Submit
C:\Users\Admin\AppData\Roaming\1653428853264.exe
Filesize
101KB

MD5
ef6f72358cb02551caebe720fbc55f95

SHA1
b5ee276e8d479c270eceb497606bd44ee09ff4b8

SHA256
6562bdcbf775e04d8238c2b52a4e8df5afa1e35d1d33d1e4508cfe040676c1e5

SHA512
ea3f0cf40ed3aa3e43b7a19ed6412027f76f9d2d738e040e6459415aa1e5ef13c29ca830a66430c33e492558f7c5f0cc86e1df9474322f231f8506e49c3a1a90

Download Submit
C:\Users\Admin\AppData\Roaming\1653428853264.exe
Filesize
101KB

MD5
ef6f72358cb02551caebe720fbc55f95

SHA1
b5ee276e8d479c270eceb497606bd44ee09ff4b8

SHA256
6562bdcbf775e04d8238c2b52a4e8df5afa1e35d1d33d1e4508cfe040676c1e5

SHA512
ea3f0cf40ed3aa3e43b7a19ed6412027f76f9d2d738e040e6459415aa1e5ef13c29ca830a66430c33e492558f7c5f0cc86e1df9474322f231f8506e49c3a1a90

Download Submit
C:\Users\Admin\AppData\Roaming\1653428853264.txt
Filesize
6KB

MD5
65e10ca7987460ccb28a3cf3b03e79d9

SHA1
c5c5ea71136e605e9146b1f50a15b3e556d3a34b

SHA256
fe8e213ac357f4dca35a73ab1ee232ff5971c926463a852de857367926d34155

SHA512
d9800cf17eccdd8574cdd53f22007e85644866a0c1fe16354f14444566de21bd8c667a18b9cdc9568a820cd89b4d693e744f1481283fe5bfac68e5b8e31bf202

Download Submit
C:\Users\Admin\AppData\Roaming\1653428854795.exe
Filesize
101KB

MD5
ef6f72358cb02551caebe720fbc55f95

SHA1
b5ee276e8d479c270eceb497606bd44ee09ff4b8

SHA256
6562bdcbf775e04d8238c2b52a4e8df5afa1e35d1d33d1e4508cfe040676c1e5

SHA512
ea3f0cf40ed3aa3e43b7a19ed6412027f76f9d2d738e040e6459415aa1e5ef13c29ca830a66430c33e492558f7c5f0cc86e1df9474322f231f8506e49c3a1a90

Download Submit
C:\Users\Admin\AppData\Roaming\1653428854795.exe
Filesize
101KB

MD5
ef6f72358cb02551caebe720fbc55f95

SHA1
b5ee276e8d479c270eceb497606bd44ee09ff4b8

SHA256
6562bdcbf775e04d8238c2b52a4e8df5afa1e35d1d33d1e4508cfe040676c1e5

SHA512
ea3f0cf40ed3aa3e43b7a19ed6412027f76f9d2d738e040e6459415aa1e5ef13c29ca830a66430c33e492558f7c5f0cc86e1df9474322f231f8506e49c3a1a90

Download Submit
C:\Users\Admin\AppData\Roaming\1653428854795.txt
Filesize
6KB

MD5
65e10ca7987460ccb28a3cf3b03e79d9

SHA1
c5c5ea71136e605e9146b1f50a15b3e556d3a34b

SHA256
fe8e213ac357f4dca35a73ab1ee232ff5971c926463a852de857367926d34155

SHA512
d9800cf17eccdd8574cdd53f22007e85644866a0c1fe16354f14444566de21bd8c667a18b9cdc9568a820cd89b4d693e744f1481283fe5bfac68e5b8e31bf202

Download Submit
\??\pipe\crashpad_3596_YFEWOAUEGEPRJZRW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/744-138-0x0000000000000000-mapping.dmp

Download
memory/744-164-0x0000000002980000-0x0000000002C1E000-memory.dmp

Filesize
2.6MB

Download
memory/984-188-0x0000000000000000-mapping.dmp

Download
memory/992-174-0x0000000000000000-mapping.dmp

Download
memory/1088-140-0x0000000000000000-mapping.dmp

Download
memory/1968-157-0x0000000002D80000-0x000000000301E000-memory.dmp

Filesize
2.6MB

Download
memory/1968-136-0x0000000000000000-mapping.dmp

Download
memory/2112-191-0x0000000000000000-mapping.dmp

Download
memory/2452-182-0x0000000000000000-mapping.dmp

Download
memory/2468-170-0x0000000000000000-mapping.dmp

Download
memory/2480-181-0x0000000000000000-mapping.dmp

Download
memory/2480-183-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/3372-180-0x0000000000000000-mapping.dmp

Download
memory/3632-189-0x0000000000000000-mapping.dmp

Download
memory/3656-175-0x0000000000000000-mapping.dmp

Download
memory/4352-141-0x0000000000400000-0x00000000005A0000-memory.dmp

Filesize
1.6MB

Download
memory/4352-130-0x0000000010000000-0x00000000101CF000-memory.dmp

Filesize
1.8MB

Download
memory/4364-142-0x0000000000000000-mapping.dmp

Download
memory/4396-176-0x0000000000000000-mapping.dmp

Download
memory/4528-169-0x0000000000000000-mapping.dmp

Download
memory/4704-187-0x0000000000000000-mapping.dmp

Download
memory/4728-190-0x0000000000000000-mapping.dmp

Download
memory/4972-156-0x0000000002DF0000-0x000000000308E000-memory.dmp

Filesize
2.6MB

Download
memory/4972-134-0x0000000000000000-mapping.dmp

Download
memory/4984-168-0x0000000000000000-mapping.dmp

Download