hxxp://roblox[.]com

Analysis

max time kernel
632s
max time network
635s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2023, 18:22

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://roblox.com

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	FPSUnlocker.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	FPSUnlocker.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	FPSUnlocker.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	FPSUnlocker.exe

Executes dropped EXE 13 IoCs

pid	Process
1092	FPSUnlocker-Setup-1-3-4.exe
5028	FPSUnlocker.exe
2800	FPSUnlocker.exe
1572	FPSUnlocker.exe
4476	FPSUnlocker.exe
1900	FPSUnlocker Setup 1.5.9.exe
4424	old-uninstaller.exe
1184	FPSUnlocker.exe
60	FPSUnlocker.exe
4108	FPSUnlocker.exe
1460	FPSUnlocker.exe
1060	AutoClicker.exe
3440	FPSUnlocker.exe

Loads dropped DLL 33 IoCs

pid	Process
1092	FPSUnlocker-Setup-1-3-4.exe
1092	FPSUnlocker-Setup-1-3-4.exe
1092	FPSUnlocker-Setup-1-3-4.exe
1092	FPSUnlocker-Setup-1-3-4.exe
1092	FPSUnlocker-Setup-1-3-4.exe
1092	FPSUnlocker-Setup-1-3-4.exe
1092	FPSUnlocker-Setup-1-3-4.exe
1092	FPSUnlocker-Setup-1-3-4.exe
1092	FPSUnlocker-Setup-1-3-4.exe
5028	FPSUnlocker.exe
5028	FPSUnlocker.exe
2800	FPSUnlocker.exe
1572	FPSUnlocker.exe
2800	FPSUnlocker.exe
2800	FPSUnlocker.exe
2800	FPSUnlocker.exe
4476	FPSUnlocker.exe
1900	FPSUnlocker Setup 1.5.9.exe
1900	FPSUnlocker Setup 1.5.9.exe
1900	FPSUnlocker Setup 1.5.9.exe
1900	FPSUnlocker Setup 1.5.9.exe
4424	old-uninstaller.exe
4424	old-uninstaller.exe
1900	FPSUnlocker Setup 1.5.9.exe
1184	FPSUnlocker.exe
1184	FPSUnlocker.exe
60	FPSUnlocker.exe
4108	FPSUnlocker.exe
60	FPSUnlocker.exe
60	FPSUnlocker.exe
60	FPSUnlocker.exe
1460	FPSUnlocker.exe
3440	FPSUnlocker.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	msiexec.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x0007000000023492-2476.dat	autoit_exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\nl.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\he.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hy.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	msiexec.exe
File created	C:\Program Files\7-Zip\7-zip.chm	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	msiexec.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt	msiexec.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	msiexec.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	msiexec.exe
File created	C:\Program Files\7-Zip\7zFM.exe	msiexec.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt	msiexec.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	msiexec.exe
File created	C:\Program Files\7-Zip\7-zip.dll	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	msiexec.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ms.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\descript.ion	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	msiexec.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	msiexec.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File created	C:\Windows\Installer\SourceHash{23170F69-40C1-2702-2201-000001000000}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB436.tmp	msiexec.exe
File created	C:\Windows\Installer\e5f65ff.msi	msiexec.exe
File created	C:\Windows\Installer\e5f65d7.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5f65d7.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000a577c74c521b2f150000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000a577c74c0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3f000000ffffffff000000000700010000680900a577c74c000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000a577c74c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000a577c74c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
1492	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "21"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.roblox.com\ = "21"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\roblox.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B1DED568-D8A6-11ED-ABF7-DAE3AE61CC88}.dat = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "56"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.roblox.com\ = "56"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.roblox.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\roblox.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{B1DED566-D8A6-11ED-ABF7-DAE3AE61CC88} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\roblox.com\Total = "56"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\roblox.com\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\roblox.com\Total = "21"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Modifies data under HKEY_USERS 20 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "218"	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133257182231331211"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe

Modifies registry class 42 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\96F071321C0420722210000010000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0420722210000010000000\SourceList\Media\1 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1529757233-3489015626-3409890339-1000\{2FD3CEAB-9645-4BAC-84FE-7E5458DB0BB2}	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0420722210000010000000\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Directory\shellex\DragDropHandlers\7-Zip	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0420722210000010000000\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0420722210000010000000\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0420722210000010000000\PackageCode = "96F071321C0420722210000020000000"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0420722210000010000000\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0420722210000010000000\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0420722210000010000000\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\96F071321C0420722210000010000000\LanguageFiles = "Complete"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0420722210000010000000\ProductName = "7-Zip 22.01 (x64 edition)"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0420722210000010000000\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0420722210000010000000\SourceList\PackageName = "7z2201-x64.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0420722210000010000000\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Drive\shellex\DragDropHandlers\7-Zip	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\96F071321C0420722210000010000000\Complete	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0420722210000010000000\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0420722210000010000000\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\96F071321C0420720000000040000000\96F071321C0420722210000010000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\7-Zip	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0420722210000010000000\Version = "369164288"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0420722210000010000000\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\96F071321C0420722210000010000000\Program = "Complete"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0420722210000010000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\96F071321C0420720000000040000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0420722210000010000000\SourceList\Net	msiexec.exe

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
228	chrome.exe
228	chrome.exe
5020	chrome.exe
5020	chrome.exe
1092	FPSUnlocker-Setup-1-3-4.exe
1092	FPSUnlocker-Setup-1-3-4.exe
1092	FPSUnlocker-Setup-1-3-4.exe
1092	FPSUnlocker-Setup-1-3-4.exe
1092	FPSUnlocker-Setup-1-3-4.exe
1092	FPSUnlocker-Setup-1-3-4.exe
1092	FPSUnlocker-Setup-1-3-4.exe
4476	FPSUnlocker.exe
4476	FPSUnlocker.exe
1572	FPSUnlocker.exe
1572	FPSUnlocker.exe
5028	FPSUnlocker.exe
5028	FPSUnlocker.exe
1900	FPSUnlocker Setup 1.5.9.exe
1900	FPSUnlocker Setup 1.5.9.exe
1492	tasklist.exe
1492	tasklist.exe
4108	FPSUnlocker.exe
4108	FPSUnlocker.exe
1460	FPSUnlocker.exe
1460	FPSUnlocker.exe
3440	FPSUnlocker.exe
3440	FPSUnlocker.exe
3440	FPSUnlocker.exe
3440	FPSUnlocker.exe
5888	msiexec.exe
5888	msiexec.exe
5888	msiexec.exe
5888	msiexec.exe
5888	msiexec.exe
5888	msiexec.exe
5912	msiexec.exe
5912	msiexec.exe
5912	msiexec.exe
5912	msiexec.exe
5912	msiexec.exe
5912	msiexec.exe
5888	msiexec.exe
5888	msiexec.exe
5888	msiexec.exe
5888	msiexec.exe
5888	msiexec.exe
5888	msiexec.exe
5912	msiexec.exe
5912	msiexec.exe
5912	msiexec.exe
5912	msiexec.exe
5912	msiexec.exe
5912	msiexec.exe
5888	msiexec.exe
5888	msiexec.exe
5888	msiexec.exe
5888	msiexec.exe
5888	msiexec.exe
5888	msiexec.exe
5888	msiexec.exe
5888	msiexec.exe
5888	msiexec.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1060	AutoClicker.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 37 IoCs

pid	Process
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3304	iexplore.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe

Suspicious use of SendNotifyMessage 61 IoCs

pid	Process
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe
1060	AutoClicker.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
3304	iexplore.exe
3304	iexplore.exe
3200	IEXPLORE.EXE
3200	IEXPLORE.EXE
5364	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3304 wrote to memory of 3200	3304	iexplore.exe	83
PID 3304 wrote to memory of 3200	3304	iexplore.exe	83
PID 3304 wrote to memory of 3200	3304	iexplore.exe	83
PID 228 wrote to memory of 4092	228	chrome.exe	97
PID 228 wrote to memory of 4092	228	chrome.exe	97
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 5004	228	chrome.exe	100
PID 228 wrote to memory of 2496	228	chrome.exe	101
PID 228 wrote to memory of 2496	228	chrome.exe	101
PID 228 wrote to memory of 3568	228	chrome.exe	102
PID 228 wrote to memory of 3568	228	chrome.exe	102
PID 228 wrote to memory of 3568	228	chrome.exe	102
PID 228 wrote to memory of 3568	228	chrome.exe	102
PID 228 wrote to memory of 3568	228	chrome.exe	102
PID 228 wrote to memory of 3568	228	chrome.exe	102
PID 228 wrote to memory of 3568	228	chrome.exe	102
PID 228 wrote to memory of 3568	228	chrome.exe	102
PID 228 wrote to memory of 3568	228	chrome.exe	102
PID 228 wrote to memory of 3568	228	chrome.exe	102
PID 228 wrote to memory of 3568	228	chrome.exe	102
PID 228 wrote to memory of 3568	228	chrome.exe	102
PID 228 wrote to memory of 3568	228	chrome.exe	102
PID 228 wrote to memory of 3568	228	chrome.exe	102
PID 228 wrote to memory of 3568	228	chrome.exe	102
PID 228 wrote to memory of 3568	228	chrome.exe	102
PID 228 wrote to memory of 3568	228	chrome.exe	102
PID 228 wrote to memory of 3568	228	chrome.exe	102
PID 228 wrote to memory of 3568	228	chrome.exe	102

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://roblox.com
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3304
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3304 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffada9a9758,0x7ffada9a9768,0x7ffada9a9778
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:2
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:8
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:8
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3164 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3296 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4544 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4672 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4800 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:8
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:8
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5180 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3260 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1652 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3908 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5352 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4456 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:8
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2600 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3308 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5440 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4444 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3800 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4748 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=2588 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5724 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6072 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6244 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:8
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5664 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4628 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5900 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6296 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6092 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6516 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:8
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5476 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6768 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:8
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6532 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=6632 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6656 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=4476 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7208 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:8
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7748 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:8
  2⤵
  PID:728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7632 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:8
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7104 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7948 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:8
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7092 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5908 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:8
  2⤵
  PID:5896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5216 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:8
  2⤵
  PID:5904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:8
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4556 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:8
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6104 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:8
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=3828 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=4760 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4428 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:8
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2344 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:8
  2⤵
  PID:5492
- C:\Users\Admin\Downloads\AutoClicker.exe
  "C:\Users\Admin\Downloads\AutoClicker.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SendNotifyMessage
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3804 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:8
  2⤵
  PID:5604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=6872 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=7392 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=6072 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=7616 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=7728 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=7628 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=7460 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=7092 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=1656 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7924 --field-trial-handle=1824,i,12400881517239976899,16177367492933470951,131072 /prefetch:8
  2⤵
  PID:5664
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\7z2201-x64.msi"
  2⤵
  - Enumerates connected drives
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5912

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4108

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2744

C:\Users\Admin\Downloads\FPSUnlocker-Setup-1-3-4.exe
"C:\Users\Admin\Downloads\FPSUnlocker-Setup-1-3-4.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1092

C:\Users\Admin\AppData\Local\Programs\fpsunlocker\FPSUnlocker.exe
"C:\Users\Admin\AppData\Local\Programs\fpsunlocker\FPSUnlocker.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5028
- C:\Users\Admin\AppData\Local\Programs\fpsunlocker\FPSUnlocker.exe
  "C:\Users\Admin\AppData\Local\Programs\fpsunlocker\FPSUnlocker.exe" --type=gpu-process --field-trial-handle=1612,12037991742100291904,12342941723502576457,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1620 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2800
- C:\Users\Admin\AppData\Local\Programs\fpsunlocker\FPSUnlocker.exe
  "C:\Users\Admin\AppData\Local\Programs\fpsunlocker\FPSUnlocker.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1612,12037991742100291904,12342941723502576457,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2100 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1572
- C:\Users\Admin\AppData\Local\Programs\fpsunlocker\FPSUnlocker.exe
  "C:\Users\Admin\AppData\Local\Programs\fpsunlocker\FPSUnlocker.exe" --type=renderer --field-trial-handle=1612,12037991742100291904,12342941723502576457,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\fpsunlocker\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2292 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4476
- C:\Users\Admin\AppData\Local\fpsunlocker-updater\pending\FPSUnlocker Setup 1.5.9.exe
  "C:\Users\Admin\AppData\Local\fpsunlocker-updater\pending\FPSUnlocker Setup 1.5.9.exe" --updated --force-run
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1900
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq FPSUnlocker.exe" | find "FPSUnlocker.exe"
    3⤵
    PID:1072
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq FPSUnlocker.exe"
      4⤵
      Enumerates processes with tasklist
      Suspicious behavior: EnumeratesProcesses
      PID:1492
  - - C:\Windows\SysWOW64\find.exe
      find "FPSUnlocker.exe"
      4⤵
      PID:4204
- - C:\Users\Admin\AppData\Local\Temp\nspEE94.tmp\old-uninstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\nspEE94.tmp\old-uninstaller.exe" /S /KEEP_APP_DATA /currentuser --keep-shortcuts --updated _?=C:\Users\Admin\AppData\Local\Programs\fpsunlocker
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:184

C:\Users\Admin\AppData\Local\Programs\fpsunlocker\FPSUnlocker.exe
"C:\Users\Admin\AppData\Local\Programs\fpsunlocker\FPSUnlocker.exe" --updated
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:1184
- C:\Users\Admin\AppData\Local\Programs\fpsunlocker\FPSUnlocker.exe
  "C:\Users\Admin\AppData\Local\Programs\fpsunlocker\FPSUnlocker.exe" --type=gpu-process --field-trial-handle=1624,12219213079138102900,14297365788631779281,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1632 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:60
- C:\Users\Admin\AppData\Local\Programs\fpsunlocker\FPSUnlocker.exe
  "C:\Users\Admin\AppData\Local\Programs\fpsunlocker\FPSUnlocker.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1624,12219213079138102900,14297365788631779281,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2128 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4108
- C:\Users\Admin\AppData\Local\Programs\fpsunlocker\FPSUnlocker.exe
  "C:\Users\Admin\AppData\Local\Programs\fpsunlocker\FPSUnlocker.exe" --type=renderer --field-trial-handle=1624,12219213079138102900,14297365788631779281,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\fpsunlocker\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2304 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1460
- C:\Users\Admin\AppData\Local\Programs\fpsunlocker\FPSUnlocker.exe
  "C:\Users\Admin\AppData\Local\Programs\fpsunlocker\FPSUnlocker.exe" --type=gpu-process --field-trial-handle=1624,12219213079138102900,14297365788631779281,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:3440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2092

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Registers COM server for autorun
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5888
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:8

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:5384

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa396b855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5364

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5f65d8.rbs

Filesize
22KB

MD5
6bfff3f28a2dd06923ce8384423ca101

SHA1
9236f5c2c73c900c6806eee22d6cd83ad9998b9b

SHA256
8353880e9aee1d56090fea54fb21ef174c0091721707a594f2d93f8e0f2bdccc

SHA512
b9c653c5dee273e02feb46dc662ffe678fbb60f6346cba104e5bbd28b6e1e23b65c5a6c377a6c1846f4773d146d19699f17741b95c4c1ac37eafa8efd2d39811

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
f2cd0edd88bce607a3349524419fdd00

SHA1
108f80576d4dfaa3d74e92b3acd7134fe062ed2f

SHA256
7952f7d315fcd3d6b6b994938408c864fcaf5a00c847dc8dad0d53403828e7be

SHA512
d98876a7f90e6c5d1827d4480982da919f8bea91c2037694d31105fa73eb45965da97561f3a031af153301c6b15395e3762daa768e83f81573fc470838ffc263

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
7dc632be2a8663f2aa7b257a9bee45bc

SHA1
98a527f2d24ae1a9bdbc4a06f7f67a66868d46ef

SHA256
7a7e0a26682ada1723bb57e00950dbb7159e90c074181b615471edd02eb1f323

SHA512
78c0bb237c5621d2ee4bd4922e3d8b80ba56600c773074df4f90f6f645e29e41610f691a5f21fda98adb21a27a1fb116f8d9071c01e372111082a44c6d429e7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
f569e1d183b84e8078dc456192127536

SHA1
30c537463eed902925300dd07a87d820a713753f

SHA256
287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

SHA512
49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_77D862BC7369903A953BFF6330591309

Filesize
472B

MD5
0752126b5b2bf446dcd6a51d9e2cba09

SHA1
c0619aa8e1edae69c12ceeffd376d11bf3ccf177

SHA256
528cfd30137d278c62746a0780163a3dedec6a4f0a9b96439457dae564d0b0d6

SHA512
e9702eabac09f30fb2272326ef6d71ba04171c569d223bd41ce48c50ca4be434ceda6f740706f934dc3fa4541fc372382df7bf824098d2f1302b6f4a8b7ab20a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
844870de456186e533a9575662b3a31d

SHA1
02957b98dd900651258f726e83f29ed3264352c3

SHA256
0cf9bb7bd84f09012fe4b8b73a9227fa48f23645d8ab5a5961116c55cf86a532

SHA512
f96023a21195cb4693c9fe3f1000cee4e40da33bca73297c6eeaaadca7a6daab954402255113b5c5330b01c37525de7821cfaa46dfa63850e8eb30f56dbd6382

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
b012caa0136344a10b525987f8605d92

SHA1
76ea9994f9655dc11731eb9dc5397ab16b71f42c

SHA256
710576e1b03e3ad49c97d00bae27bf707c449808acff60530dc50d52d51d986d

SHA512
cb9c32fa2f6388e2aa31f8d337616362f24abc6b84ebf328daedb41c9a624a07043fb90d7df9be4526434661138ec75f2638bc779a25ef4ad277f6fad633f6c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
5bb652f45c6e59ced766ed01f922ea06

SHA1
8c81528b4890ee5609cd82a3b790512521ca7318

SHA256
f25552818fa2fa18c084e875e22ebaad045d4aca0d95bb5a5d2fb3d3329c2cf9

SHA512
37bb17b80bd253e5fddc07fdaeb10cd113f017f27ea29827c9a78437477150e1fbe76bef9294ca891685a70ce78a2595e8bcef331547b048aad8f3653969ec78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_77D862BC7369903A953BFF6330591309

Filesize
406B

MD5
295715eb5674c387ab0b6c9d8ed60259

SHA1
5bc2ddd98e599c98c55b4522c1d29f8db16287e7

SHA256
7af06112dfaf35f0920a398a1034c2924c04d3dfd758b70d49aae583037f3db3

SHA512
2fb4fd04beb67d594356b7c9f6addcacbb8b63c6bf4f3b52c057fe6a1e1b8e248f8b0ca95323e88f174c2e33727152cb69ab41beae6ad8a3b4a3128984768bad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\44ef6b0f-73a9-4abc-afde-f4ce2e4bfbcc.tmp

Filesize
9KB

MD5
63f6b3dd1af2766fb8dd5596c05889fa

SHA1
748de14517a29d42e524f98626ae4b77f3d79a0b

SHA256
33eb77f4387fef3acd4705ecfba6a6332a683e13eb784bfb3fc42337c97ba946

SHA512
bfc6c233c54af98853feb7d6944d6e21fc284f43ce6cf53d79c625b924fbe5a9bd52be4052088e2d16bbac0123ab2fb106509b1c069eb4516fb44194e135c2c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
48KB

MD5
66d514f7a4e15967dd615da85477a4fc

SHA1
c5a54d294d0e31d2af5f0aee49e2b762d343899b

SHA256
862beacad0e0cf5c98ac73d8125cefbad0612fe5cd62afd431879347f8b51a4a

SHA512
ac67c6e691a33997cb6c118ccef1f68418b2b18dcb2c31220cb73692f1c7119865c2fb337b2a7c266426d40f8c0d472413ab7996b8a8444e1b300282b4a49569

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
301KB

MD5
dd6e73dcf6044ab9803ae7b1b8c48bdd

SHA1
8938b6e466f2cd5f92f40f91e19fa6bb6ad59493

SHA256
fa6340cc348ba062fc3adc7d198cb5ed0b5070c785fb6f6d5679dd4a26224182

SHA512
fe18d4c8132e9460db64e43e7fc269181acf736b4b9e5207b9162be0e683a6da50fba49573be755fbc799f39ecfb53a8ce56c073e1649b3a6def97f2ce741f08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
64KB

MD5
1067041b8fa46bae06ebeac837cb67ed

SHA1
9a1e51cfe25d04692592f1dc13ce75058db813d3

SHA256
e6f3a928b555e72664e65ac8d3455b7ace51ce76f205975f98daff89b3a5d533

SHA512
d16c71f87ebcdc4553cb5aa4283f84ba02178e80d237a99d56ec416377031af4354582d459abac88df5b06239e3fb4625466b478bbf67ac5f6f001e82fa58882

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
71KB

MD5
a881e6ffdc251e589086bad68993568c

SHA1
795c7d44a6fc0796b756ea29cb23761a5321c376

SHA256
672a511ee1df6551737308253a51e990c2b5f44d751025a5fdf6bdcb401c9841

SHA512
8d4e669c566b37966eae16749f41a16f657fe60922fb6aca36962beb625c0b93dc18ce8b6ee3c6e6b16a2bba4ca0a119dc04fb215b78b1b544c1be54c416023e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
19KB

MD5
2bd5ff47201c524c33545c154446926d

SHA1
edc55cfadd8d17b5c83dd3cdc1e7bbd1ca16e643

SHA256
b72bf5dbd932b317bf034fb0a8d1bf0754d22319c5b16b055ccc71577f5cd3f8

SHA512
a0430c90beec81fa0d54f843c76ddde9dee5d04c7c1f24b7e4ec3cdd63c87698e0cd3bd07aef3d7a2cb1e5ec4d2873ab5c12bd7554891dce5b8c2d60206e47b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
61KB

MD5
f71b0894d35d9dffdcc3db2be42fa0df

SHA1
abfcb6ffe0b38228fcf03fcfd01e5ae7d363d9af

SHA256
bc12e3374035e04abc80bec91a6abccbc6f736c3f91ec29fcc5b715fb1b3dfd2

SHA512
bfb99588b5a33da1d78a2b79d0734029cf16cc85cba2c353361fd1187ea4fe3ad9baf250548edd96980ae07167a1026fae106c2f0fee8792d36479aa3b3350ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
50KB

MD5
6d81cd0d857a5d1728e08c77b9b0ae22

SHA1
3cc0e10ffa948e94df63f20a66f5190224c57d07

SHA256
703521ee76a6b56c41ea6bec08e91e25e64705acfce7abfc2ff9e75c3d92b2b4

SHA512
9d0cea67338db2e97b58f30e25c702aaeaa41ea0f480a5b2b0c8e9d2935e4ae65c10b1186507a5bcd86540c6b333b5856fe0902146e1a9ce57cd4ed0eb67d959

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
613KB

MD5
117a24f8df93cb18f513ca58d426ad41

SHA1
cfc25336c98be31856a0d4a064c9119033a95ea8

SHA256
6914dd9ba2bdc56c2dc31ffa487b61b71240d238445d99d1cfd1ff395dc0692d

SHA512
406bfcf17969f06e17dab79005db344ea3bf6bfde4a0891fd4314aebf7e0f21e49364a7c4c3a160908b9f5d2dba6c93ed481ce32139cb7d17540f0eb84aa8285

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
35KB

MD5
aef13a646c7327cbd4a6d3bcebb034db

SHA1
7d9ee720386efcddc69c6d6f810732f5debfd067

SHA256
e22cf8b805411472bc63a30289ad2fddf603a0d4fb1f7ad6ba5a72511da75412

SHA512
ded8aad01610fd13228905f618dc5f6954fc4a175f4ddafb681bb504b1990d75b6c00d55907f8b25ee8aefbe35fbcd3966dd5de8d69351c83bc725ff554416b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004f

Filesize
107KB

MD5
36fe1a732c58b0925c88e9f5516a5783

SHA1
5c442ceeefb55696f32e57c79899ddf6385f5643

SHA256
257a3b8ba1825a852b21df00c49e77d09fdcbcab5a24c92f671ac004f770b0e9

SHA512
f44dfb9e71ef980dacc6e0d8a3231ffb412eafeb734502bbc11fb919ed6e3ce944f21d97918cf50c52aa049a6306c501167940d2edf941084d81be6a76216c8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000072

Filesize
38KB

MD5
3ff8b67207c290095449e23452788326

SHA1
f520e419d8319861dc3b5a865b65d52333b816bb

SHA256
4eef13649c13175953d790e8098468c25807b9871a23dfa2c96fbd227b0a56a7

SHA512
760b6810dbff09c65e420bca6d3d4a4bcf7dc8d694895217bd420f7fa234fab363cb5a72c5435b02098fece7ffa42ea0d4d601ab2005bafe778b5c0caec8f8f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007e

Filesize
19KB

MD5
ca7fbbfd120e3e329633044190bbf134

SHA1
d17f81e03dd827554ddd207ea081fb46b3415445

SHA256
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

SHA512
ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6e6abc3b7b6ce686de3796986fd2f697

SHA1
fb814d8b67d0eaadf8e98b5bc23284c4a0ca95cc

SHA256
ddd5eb16cf34b5d07b15d445ba5eb9188e523a0e3c0643e88375873d2d476b99

SHA512
3f6192a8bd04ee92247a0c416617b93958d124cadeff0d916d22c9dfb4dd9c34303df225b9bb29821c24da1cdd0ea873cecb3951ded4dbecdf521ced8217cde0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e745b9fc4bca458402c17228de9db160

SHA1
0f6580044dfc3a745dfee2bafdec88f54f4fabd3

SHA256
b23eed83c5c60d95b2654f1d133e334095579a4989b61136c83704ca8fdf2f5e

SHA512
a8146f9c7f2a600523bf7c52391f7c9d7260d4b5de1734327f0c718aaf81ca182a25a62736f950c1b1d8f6861460581b303e743814c773ae678b0652411c4fb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
8591cb2145430846c4778337d7911163

SHA1
f3dfc8cb1390607df7d2e2f003a91460ffce801d

SHA256
67c0ef2597f0d82b1d22b79d8a073581782fd1c1e403e3f43c4a0b6609e10f93

SHA512
0301d488b5cfb139dc70302e3932869929fa10d5bc89137f0d0900f1c19c45d63c63ddaaa8f503b341b8a522f5b2cfe97d1f03b7ee82a4a8cd082d25d75dc06b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
eff52b599a29521e7466b9c2903d4b83

SHA1
da2c5c3e43403dc46193f9fc7e18c6e9ceebd476

SHA256
56616c60c42a1ba7a3255e30444fc5d36084cb52a5a3dbaf80695bb10a004e5e

SHA512
61f3ce8d961b424e0d269d41e6fda0db0dc60d816c9c65df9a1cd2fd501c33a9d0d6a9a8043a067eaada5cf55366bfe857f9f64ee31df8b5b7586f445102b722

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
4a38165ae163ffe44a01782d6b7e3691

SHA1
e9bedc8845ca779d33bfd555d0b3d2ee587a6fd7

SHA256
52140300813a3ff937ae50439d0756680031ead90d1671bf036c1cf6118b7729

SHA512
cfb8fdb747227917dd77f27c70c3466a852fceefe35115fb0918f9f66da7bda95cb65e1e631ee32dc126d90ba39e83f65e458e80dcb1050d70812324c6ae6e41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0d29f6fe37f33d3439333a920c9ea1f4

SHA1
e1bf7a2994f0a36d022446206ef4c89136dff641

SHA256
58837ecd6c8919522241fd4b5514c42078a53637e2f9db6a0e9b2924e29264d7

SHA512
4a4cdc0c4b24136f5e21f91660a3db45c221a513c5ca4e7998f5eecffdb4bd91f96a04b01ffdac5d4f5ec3c0dee381755a0ae9e8c8b3b93f3a21f15bfc9429d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
81982e0a48687d32d28769c108c5a1c6

SHA1
b618b6ec298ab87b98ddd6690092925a3cade7b9

SHA256
aeea6abc634b2983a15e0462e16353d0b671f5a9e82f811af200af0fc337dc28

SHA512
ecc4724076be24d208911bbe58f2f9b6879dc744ca9f2d925e396e93b3bdd28f0c0165dbe2feb8f0990d62a31a8fbf842055f15f912875a803af04d9df5c5d6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
ddf0a99410dd162d64f7cf4cda870a62

SHA1
8c9daf36a89fa7ae7a7ae79bc2f9fae56a9a3cc5

SHA256
ae5ae498ee8a4a1b1e3c242d50e304734bf96bf57d10b548763610e5ca208683

SHA512
1d9b57f5990d273521c1d3aa0e06b5a3c93016171185ca74f79675f18810e4564d23a20cc9cc94f9eb0a6e721f13980c783fa5701e5b8e28f07a404a84222c90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_autoclicker.pro_0.indexeddb.leveldb\000003.log

Filesize
68KB

MD5
0eb68e0a0cd126d7d64d39d1397d1f55

SHA1
42994cb441656d0304ccf0595be18154d2cab190

SHA256
d86e73efb3f4bfde1bb48e092ad76db1bc2cefdfdbdd00c7e4e0a16411a077f0

SHA512
5e57dbfd36c1d2d7912a712b7f795b251976829a4070a2c5793a6fcdd47172a6e732dfe0e1af99063010f882fc44bd264fa51f3b17580ef1bdc4fb9c034d789d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_autoclicker.pro_0.indexeddb.leveldb\LOG.old

Filesize
389B

MD5
7779f806c953277a225985ef8714bd33

SHA1
54438006bae81b1b163138db9382f9eb160e92f0

SHA256
104dc27503f676226990da3d5afda9c0ff863f48e8b8f5627327cdc4563b3258

SHA512
3606b0cbb4fa9ba11a61edfef86c93b56a6d6af0d2bf78878fd5d1b48ca9a905dceb68601a839447db6a65c76180cb96d1f805c69c9098cf6588f891ce720376

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_autoclicker.pro_0.indexeddb.leveldb\LOG.old~RFe5f24a8.TMP

Filesize
349B

MD5
5b0ebf3f77e2aa693f3c16defc73cfaa

SHA1
aba1f08928492920380b3a30ba6feb460b476632

SHA256
fc28374a0c3ac337811886a64321676e8e42354fd9251528cb709f7f4907777b

SHA512
e321f8eafd70abd77e4ee3e6af436df04cb9c54b68b9d1716b8c38f403d78692e0a10123bd0532f2ee5ca9cc2b2f4267ff41eb5e1df0c7786a8991af5155d54b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

Filesize
389B

MD5
595ca063620f673995fa33b24590d7ae

SHA1
3b5fd65f924c0ef40ba588cae30000934ca929ac

SHA256
2ad619c56f0361823fa4d5142e3bbc53980db2f0a149716d2a739f18cba4a534

SHA512
d4f870483c5e48bf36cc3da22f513ce28584e3001dc1cdb33144db21ab8ca5e408f4b398228108ea3de9614851392b4052dd99938c1a8844ec04eb365e023118

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe58a851.TMP

Filesize
349B

MD5
e12ad8ce88a935ba15652383d421fd33

SHA1
d460814e8061732a2f183a83ec6405edcdb2e12b

SHA256
690414d1f9bbb2eaa3dc2d7f4c3da616efe0b795bbfcd0cb1d1eaccf6f7e4e32

SHA512
49ff53b92d6c7ce59169b750537e68b29798c7323617c4bb6b3daede8599171bff1c387b469ce4756b0e6081d16164a6f1cd0628c5ae01f47239b0cf89837908

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\68018c9b-318e-4a1c-981f-ac30b48d288a.tmp

Filesize
4KB

MD5
55a63833799371d653bba8c2bef31f9a

SHA1
6dd30235ac2b7a951612fdee505da18fadd5871b

SHA256
415f3b69a724cd0acd69f6f464fdcd8aba6469974d5597ad0597c2304f388b6f

SHA512
fc7d203e46fbe04105fb25f64ba5eb83423835ecf2c8b473376a630d05dee9379b3c2104efa81ba929ba1e3821fcdee55dfd22be034f6bce727a9fa21ee1094f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\7705893e-e5c8-4b65-a970-bd78e463bce4.tmp

Filesize
2KB

MD5
771094aa9361c042ce5b641586999279

SHA1
0e52f2c9e023fe33dd74f390efad360b39273199

SHA256
4d9e0827396695bdb9ed78ea443a9ddb8c7e708d7eff3061290bf0978a5fd521

SHA512
ac793960ad8584d4df88721d5bcfa30ddfa2f88c3131ce06386ac880a325077d812a594a082a68fa923c21d6c7dfb6d56596cbd9545c3cf486a630c8966ae020

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
1eb5d322cce77812f597839b5604755a

SHA1
33776074d9e548fbd4a322bbe9c38198e77ecd04

SHA256
a06cc77854d8bcbf45190a5a2e455c7563b2cbfb67deeddeef1074eb1f8b025e

SHA512
8a82f4d8cb869a7c951763da58b138c2c501c662c7e018d4178aa81757d5dc938ede6bce6c5d10d224483ef9933cf717910e742e6b3ea35d7ba46183b14f4a64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
de3f336636ed3dde2bbfcb25e0178150

SHA1
52dd75e615adf7d7c5ade6cef41ce35c6dcecb24

SHA256
6e3ccfae3ddeb5283b6ad4321cccb7cecd7d55e7ac9007d8d8dffcf2bd8a5c89

SHA512
55e2db490f6443e297238880c6637d0d01c122f980d630b3f2d1c9c6d4cab481f88ed9c599785158f9b1ad8708367c68fc31a9bcf99d8829cd13e1f368bcc04e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
922f709c627d3dcda6ff9ff086fe2e2b

SHA1
ffb1301efe96990ce91eada082a1d7211d4fbd90

SHA256
c909a4dfa71d3e34c54e9fc73ea7dfc6724ca3c71abc8fbcaee3cbdf8e024dfc

SHA512
45f3b0a973d1f432006a55b084a50320896ce87022e68881a040d67035beb04cdafdb5c012ce0ee6de9045213ddf1439e7ac6cff54522f346c4897db5f3f7ae0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
baf7b18ce47d6b609a4eafdc7272d292

SHA1
0491bac416bd6d3d57ed93726fbe473d3e58a0c2

SHA256
1669308857bd86c3778633de608fa26df4359fbfdbff3f51c6fcce42892bcb6c

SHA512
9c82b9d5a5453d718dff415cc8e922293d809d11197626636e3ac4389614a75541cee65f6fe2505d33381087e851cce2a8cd2f34567165bb97f11f8dc41e36c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
d4e7f84cf26c41b7d5c0518e2a9a82db

SHA1
f28f6511ea3abc85e6329b819d416a2d8178aad4

SHA256
11b99e3c6694ef8ea665edb8e11cc69923faa6e09de431e3d8765b0bc755fc6d

SHA512
6389a475324d7313c4ac13c115ca2a4716394bf02fec94b352e101421833c34b6898a744344687b8931379d2f7f2e34e45eebb263312313fb2b0edb785f9403a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
54474b22fbfbfcb39e4e1f4708bced64

SHA1
35154627a8a39c94adcdc18947edc6c6d827fc4d

SHA256
8ac66f73773f3b6c6f72ff40938a8eda5d72d66ae419536ea7813950feff56c8

SHA512
8a209e74c1c59079fcb46c85e5b5f29aed36976a7fd8d72a2fe028e20b8d8e9cdd78c7122817f5153862053f91219285a0cb06bebca659665884b6051cf2cd3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
8ec46d5549322fb198f66bb2c8dfc344

SHA1
6858964c19fad465d32236011ef1367361d73ab9

SHA256
b8a893e5fcaefc446c691cae30642e8138378ef81aed93d1840d72fd93478340

SHA512
65270257cf79fd1504da82ac7fd950cfde2edfebec0f21b90a7f234bdc9f68d76476b250c50529a19dd574d34e914dcb2961b151d2c019d2c27b5582a8b6c6b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
4922c1e8b9ad4399d76f864de0c4e54c

SHA1
acc6f0bf79aa3f12c119c4595f0ffdea9f7880f9

SHA256
4af53ac47666279f60757f23291a8a45e27f457f57f203768c34d162bd1ac6c0

SHA512
aacf0a2cfe8e5ab7cba8254b63984419e46c0ad5210be6b3b46a29de36862fc76c02c9dcee3b330e620bc92ef41e16b9e4b2e2578445e4fa281a516864ba76ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
631863f8ea2bf2ccef33f29e3285192a

SHA1
0765b16b49e2ba06301eacf7eca936723a130bff

SHA256
2cb3285df200b0e8f5844fe97ddf0105567b8151f598313a879b3df3ba9a09e0

SHA512
3bf1b03113a448e61d49fb60dc8bce46e90cbc4b5f8c8aed65315232df0b8b0d10e6e2d0621a6de2ad54fc84ac5fe7583943acfb83c49d06ad7216b3fee78b49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
48dd42dd8ce96097d6287efb8526073f

SHA1
8cee171da2bce647c2d538a14924a278541a11af

SHA256
dd1836bc032855d5b4c9471d44ee3185b65610c0309b78f92d5c5869dc0208b4

SHA512
646a7894fb5b8eac56194495a78f8e208064ec5f3427b4c771b99ee18bbdda23b08271d70195840d7591d1319cfd133ebf6a348bfb12cf057b1839c9591a413c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b5c50789027c17f52b2542ae5c36b55f

SHA1
cea175a39964bf4fa178c8e947ff9450c122dfd9

SHA256
3408113395de6ab88bfae56b9e76180eca5341ad28b80aa9a37b05b256bacd63

SHA512
f296b5141a9dc4b512aa12531f46ed8fef45b394441e2eeafd076db6632d1bc93220e57a16c24802fd6703fdca0e26b616a7baa1f4a5dfa25588be5c52726490

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ad3bd0d55f002b170aa85a0357680687

SHA1
186352bf56ebe4e0e4c744ff2063c9b4deef0b8c

SHA256
755b6dd3e4a75c12485dc9815c2797d77c61a1edc359feab68a3ce80a7a356ec

SHA512
d1229f27f847c1bc160ed244fb0f975616fc846a53c4484834648121bfc130500756b1dada79a7fd527a51529d7434bacfa3fe9b4c58069ea3f22790d165bd38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
03fbed897d1c1174f63db8443a94cda9

SHA1
655fd63b9abcf3729342b8983589242758e94455

SHA256
c6272b7e522c8487c2ed2eb3479a69cdf5a635fa06b1ea12843cf3123109626f

SHA512
e94a7171e502da3ecaf695ad84351cdfb7d0aa615584f365e9b72050a744e3f92cfdd7548b257b8c79ed16be10641f150f14f5f69bac1e49558a4c34571d1347

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
b8879d4ee8a92af789edfe31d9d2c666

SHA1
ba1406d405d662ce918b2c0233ef2c878f5be576

SHA256
197c8740e476a88e53e572b13a2113b99ed9e1eff0e1063aa928d6fb8ca27a0b

SHA512
93fcb6bbd1e48519b9c11178f4b8f5ab5e75c05bb8637c44a21f4166d67ce769b7867ee9b73bd76655d510d5a54c774ba6f11b280474c3d4be61a2ea8719548f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
ef5580778787005fe5b81896d6eae66b

SHA1
146fca10fa80f56abaf386b04cccb670047cb7cf

SHA256
4eef7180bbe87d8b90dea59a55abf064b331ae496c71ecc5c13c95af694a6a16

SHA512
d8bc917c58cfa94bfe0bbb56c067508aaafdc33eae2b8bc843bcd1e642bb0fc90abf20658b22409d13c9b9f71aa5422f926062ff99730bb994b2373235306e51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e13d8d6314379409f6d5e4f185fdc7bc

SHA1
c9fca4de8a20aae7ff58da06f3821c7504f2ecf6

SHA256
05cc965e2d62120d432c62c83e63b4139f68d1e9b36ba361ee83fddc1dafbbea

SHA512
7fa920ebe2e9445f73c3eebeacde874df7115f391a54e852c528bb57e10eb1be7b0d3bf7ea1d3e37496d4d70472ef0fc89fa4f981d31677492a4e16e647f6f44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6cab6415dac274d46e93299715ad9459

SHA1
1c62bf97faa383df4b2a3dc5c0bb90cefa3ddba9

SHA256
b1b93415a8686f933aa3fb6fea4b909ee69400d78ba07fde21f7ab48469f9ae7

SHA512
a113a894620808b8ce8ca7ea734c088ddd6240c44f9003c12d98346e27b2b2320add91214ce64627eb6979a6fb4c927b4890b56a8bcb09c70954ddb8131170f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
869804aaac305607364a4cd06b159b4e

SHA1
ef406afca193150aeba579b1dccfa58ad0d6581a

SHA256
84daed2348f455a950d806b3cabb4b2727869adaec1343a207b2b94488f1382a

SHA512
cc0ff5e729bba1a850ad4851fcf399cbb85ff1b070256e6ae806f5dfd64d06dfbd0673de85c566d3be74052d267528ea13831650400b588d10dbd348a6239fbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
648fae20d7d27e233d4b5cc1c8f94e4a

SHA1
bceb3eba3156628e42074d950785a445df003b3b

SHA256
9e1ae5da96fb2dbdef734fa6c3fa698c997abeea1260935240043bab454918c0

SHA512
427b5ab124cc9f1f8dad548b9d1ba40aabfae4ac88f26ba7e5b30209f9b88c77b7af95586730019de41bf4a4854ce7eb1a180ee9d251dc026b20b1d1ac7669e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
3a93a3c941f1dffcd39794c9693511f7

SHA1
3d7cd5b492a06dbd983c52c2196f0887b67071a2

SHA256
e674deaca3429f3bb02adf0d247dc23fbd5e1b9b66f05bf219ae95bd1ddf562f

SHA512
776ba133081def173a3f73d3b99b6a16b5d8b77eb58292ad4738f4aba5eedaffccd4394abc368ca17338225a119aabf29f37328541fd8c9d27d50a8628eeaafb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
2a766ea196dff11d897c5c45ca3611a0

SHA1
9ca7bb9426abc3faeeecab6eddc591eee7dc636c

SHA256
afb3fad87552ec1dead7dae7bcee7388164e68ad2ec297a5cb92fd8b82b5c65b

SHA512
754bb6d117e4af353a569bb7cf0be553230e3dabcc4195ef18626cec36cf0e248c9c5e07ec6dea007b27f346c23761c7d6de3eb7edc4203592ff5ea3a06096b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
e2912c1d2d6086050847d1722b935af7

SHA1
e1f5f238f27ca5bf58ded7b7bccb2a7e5db77583

SHA256
a3b51b98a1c00fe3cb59e56d3899955920c61572df92fcb25c6872ab263d8749

SHA512
fe5bb91f31363fc6a14bd4fd6a3140e02dbde364f1f9800e621352d048375d23fee74ff2f66ea16e40a97a6e86a8909320a6d56b4cc14b76d04ee47ca8d14a4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
067d5598b0d30e4b43ee0fb803c806d5

SHA1
896743e0bcf1737d28ac659db0c5dbb81edf8315

SHA256
6e62f483c8692d2242ddfdcd84de4c33d28f4bf00e60afec7fcd37af993d1dc0

SHA512
5338af12f251382f1aba57ca994b36fb170fa2819ca6b860691695e3b2b1762c56ccd04dd9eb28cbdf2dff3636309595c4ebf7de4ea75a3619a25281416b0e19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
d3ed6c4a9e3669e8a51272acc0af4e72

SHA1
89993d3c721cb316a15e9adcc83416138c0aeb15

SHA256
c77165ac93eb312739b30011340efe3a761a9aacd4d305eb287534fb8a0ece8d

SHA512
b5f9f9c85b57a26c914c35b06ef5912b003a45ae1d28d96a480b6542219acdca5fa6e816ba58fcc44740ea2ec67180c2fb7fe8ed81fcb4a3a9bd218b0bfb1547

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3882df90a0fbb399a597bbce226b2a85

SHA1
904f6b66a93a615e0f328310c2a22834050b8f83

SHA256
49cb0b8bc05a6e2dc8078e1b4122b5878b89d77f3e15a87e0b4a848032c8120c

SHA512
a066d2fb2de103ff74010c099c385d994ecc7cb32bbdb2a03289c18271e6b2423e8de11b9e06dc30e7fa857bcb722715160a7a168effaee8bda3551817e1879c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
66b3d92691133a9b4a788b641b7964ab

SHA1
3e38c68bf9aa7603afb098e7ae8e51ba06c6edbf

SHA256
1f6d8597cd3bdbe57e23b92bbd27151fac7410008bad01cada783879fffda373

SHA512
9bb8c074271d4ace10819639239563698494c1f87aab472417a385d4df4162eb8f88d14f51a0f2676204bbddc3239347194bd09f4ab8dc9a2063e775e83c23bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
83ec0106d07837ebfcebf1bc1ce39340

SHA1
c96d1350f3479c98a675b718f3072885cba2f5c5

SHA256
0bda6dc8e2d932bddf592ceb48502ccbab96a123963869fee2641c840e03cc17

SHA512
267b056dc9f182e79b42d52a6cd04dd715d266e850ddac7e68496f21c30972f90a93ab51b07d76f7552a4f980b89923ead78d9cbd58b874b7afcfa150cb8035d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d167f5787da6e687dc2c2a99e7bf19b6

SHA1
55c5c610c852e1f64b5f543bce00dd677cc6664c

SHA256
44794ae308dca9067e1353922e0fd3d515e6e1aed8dfbf27f0b0db492de09cf0

SHA512
1319b039aa9a20c254d36003bbf3bb7a638a45215f5f1063250689f4011addceb0a220f6b3209e377df20c15a597d042208a24bab03ffa2a0285889b93223503

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
553989be7ba1f7d3bff25200da902754

SHA1
dfba0a33d9c09516c4a8a95b61b12a9bf272c3ca

SHA256
bcf66598f37e0d6144d051cbef9800a5a19cfab54b9da51604d9101ab7f3f022

SHA512
47636c8705538a3b833f76852449fe7539e09783b4544234473255adf6d5a9fad658a98d5479ee54728a412d644879800f15866c4bcb2e9b55f2becbe5b91966

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
736d241013ff94bb2cd2e2d5ab915737

SHA1
06607d64f87e3fa2c6b66f0787d90d8dfb7864c5

SHA256
33f56d21d69573b02599eae7382dbe6a408642c404b9af0a5ca3119b7f3d1666

SHA512
fc2a80118d2b85b5c3164e57c8da30ecc8764200a4a9837e27724617a4cee4294f8d003db86906f91a01c74be7e03f1856ea4d5e5253eb903224e72f90221ac2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
15eb33a7f03b462ed06d8cbad896a580

SHA1
788a154ccc25c23189766eee33d12a68412e2800

SHA256
f2c2d5d96cadd255fcf8052c247d766e757f2573b05a9d634ec58c333d9722d6

SHA512
562e57e774ab4eac98838d90e9495a0dd6fddc16af50a936a8b043f5164998fa105ffc30b72ae1d46c819528271d05b1570a0a98bdb9ce50461f2d9ebf838f64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d5588943275bd69dc6e6ad89edb692ac

SHA1
139f05815f694c49e22debadcbf4e572222a652c

SHA256
9e1d95f076019aa65c87884044e2287a7f9474d4858b84755fc231b3db5e3466

SHA512
ec49f05f22d80cdcf350f17c92667f2160cd405f3c7129e7b068704a18f1620b85ade0dde0c0fe71e17ecf8297f645353ac70c431f319f61f25b6c329744f7e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1fc0c353f2670f9ff1d74b9f54aba336

SHA1
693c632c5fae41cc944cb16e7bded2abedacb37c

SHA256
534b3dc66fca04f8235353304896cfa22c049a7d2e9660542a8f9ab9efb8d7ea

SHA512
b3258b125ed2c0d8c68cd0a48b9467623bed2f47f6c14c2ef9eac1412b1db92288e6c32bfd0e072a6bfced48fcaa84888520ec18b820ede4c2c7015056c75957

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
aa4f5c35d61c121976dd3963c8042ccb

SHA1
49e876cb733f55aed3b8c9e8399bbde87acb8fb4

SHA256
cb68eb7bf719e2d075e6f6704dec197edba7759cab1be040f0eb6bb45f2dbc57

SHA512
8f47fe7456c9f6f871408b126ff167ec5bf0e478a387f46b9ad64c06c76c0ec4587e8df952f2469e6346071f5963edb70aed70c13c30a7296fc5d8e5588b72ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a0da89789742cee5f79857c2cde487df

SHA1
bd9d6e05e6568313ef35d3b34ef7eaf8b25406b2

SHA256
6cd2bf494f93f807567172306ed5e7103d0d43ca978039ce23ec7f3c7475e3da

SHA512
de51ff68d829713d7654edd48c4e226c097ab81d17f0a937696e674cb778fe7311ce56b367f04b9c4e5ab74f9a0845fac81c94a33a09fc24396e5e2c4129c0de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
01e4a46e610986e81cfb8a35e5e30c48

SHA1
95a7e8c2bdafe5e36f10da0d1b63297b6bb09e1e

SHA256
076b461f0dea877047052dac6d364a7cba3dd8971dd1bd0c660079ba3231b11c

SHA512
059af0a9f28d3b8a14981f238a815789a7e7a432fedd78697e94d19bb6737571d40642d14de72d25e94ee395bdab29db1320f45560b7e5959e1b9831f6035d4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9d445ce7a976a8ad67da379f9e626dbb

SHA1
4f90c9f9104e627263143a5d1da9f54856e84f12

SHA256
e9045de529f9cfc62e62f200be853cb20a090b6d301868d7b73d45d67436cc6e

SHA512
f74028eddc5b8c300cd9dec2ce30df779dd2038f063fca3b118019675324f8f0b7fa0d52b4eeb3577b0f6b8bf1e46bdef036b7f35c987a4f336549d52beedc33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
74B

MD5
87bd13eedc7b01a1f71192392a44a812

SHA1
b14c0dd59aceb96c9ba8f602df2bc489f60049f9

SHA256
bf94bfe69e25738996d13974073c7f1e5d0fb2959bd8a954eedf7a8a850c0542

SHA512
ced2d7bdb1b2eec86b8b0a9efef4f167d1789f85823f3407bd93535f34a5c38c1e781b1725b62c81f60b75cc5afa3e6fd38fe39defecbe0c45e42da164f1352f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe59dcf8.TMP

Filesize
138B

MD5
fc9d5dd6c99f089ed33b2c2e19fd95cc

SHA1
ef8b21a0a63406b9855c4b577570220408482eb0

SHA256
e88c5bc2007948047542e6358da4d902f273d4e8509e05e456bb5187d32fe70f

SHA512
ccd3d4fc5f41dbc7f0f2f15f6c5af009805f9b62d1b5e6d2c2f099c300cb527857015a68b72d6ff77143d3b5c0a61cca2f8b5d005183b55c5f33775d9a0aa311

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
ecc337f718bb9077527aa3354113b266

SHA1
291f63ada55350d824de2850d9bef8abbcbc60f5

SHA256
71d884ce2b0cef1996df77a7bc416affc2f32f5902dde8ea6b9aae47ba045f2d

SHA512
353902e6522800eae543157991737c889af052374075eccef75e5189cdf3db4811a5f82e312f0b2388686bad5ca02e5e3be27da131692cf39543736e9edcd239

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
3138f04ef267bcbf3fc338d469785288

SHA1
44f293e4f72ed576f190034cfa361032d4aecd4b

SHA256
22f446af3c8d679c7679f01191f68d6afc5c8b2ff4c8548bb97f806a81f7b2f9

SHA512
0a827374a2e4ad46d3ce74679b8d128d8cc662af1d55af1e90d4184176917eb521df6a8cb45c98048091dd1edfe3e89b84ac948ca28b705c064b04eb3613df93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5787dd.TMP

Filesize
120B

MD5
7d9a76e7140a46fd2d15cb405533ecd6

SHA1
56b88d6d320bb50ca993201721123b331c732c61

SHA256
bf54e9cab38631dcd3ec905c2921604b4f3ba0fb83b57ea9a09b222c3f6880eb

SHA512
df54ca7e5cd794f67c06dd1bf682154b612536aee97079a207b0fda51729eab0a3f4ea96f8f8f2be35d41493b05c139094564cffffce95d6333b11d2855db71a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
118KB

MD5
ab89bf62f1b3cab7b709be9bdce7d3f1

SHA1
59c43f2152b5fc0f7f02b62314f4f2f7445cd195

SHA256
13b69af8a368d93a156934974c14db8aa753124665a64e8662dd69bec2ef0611

SHA512
437920cd0686eaf28569db3e8011c55da9f795d62de2cb5ec77e0f0207918dd13197dc55f93b0cf764411b08a0e7dbf2cb8a2e9b372aec95eef4e3aef4ad2729

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
f5b562f64c6362000bb12646c6ab07d0

SHA1
734bb2d96a6663878fead819db60932ee2646326

SHA256
e3ec2e7e129b42d1df01cb149d47bb155bedf27b48246ad95bc4e92c8da37e04

SHA512
d91316625d458b15893e4fb2cf6e9bfb28b3f643474d17576b44b69eac88b71526deabd4523879b5f42f0989d14fc99f78840c8332f1ea0b75e95c9d38f29162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
7a50892d9bc722dfbb5862201529cb2e

SHA1
09a6a64ebdf05f97eaffce015ec452d44e1e23f0

SHA256
517bb39f218b7a42ffc72366668302dff83a7596478c7b599d20a00f57024258

SHA512
3e04e66164148d2835034488131c304f230b81bd28fcc935070bd1f6ce2e88ba7d21763a7921aee1d1b1b701e7fd33c3f6f0934d227b8ee432fe248392d6acb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5c82f3.TMP

Filesize
48B

MD5
c16055951273d8ec2715cc3fcfeaf37d

SHA1
c55664e7749eaa684e008bbee4cce383667d6790

SHA256
454ef0af9829eb1307cb5d24929096a2f686dc36a3b20127065015d4f30c882d

SHA512
048eb9cee0ccc9e0552e3a7281deaef93e160809fd5e09f02e8a802a9fc0a5fa9fa0d47d5e19b387bef21809eb592ab68669d1b1f7949516b7a4fd138c411f73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir228_530505562\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir228_77239177\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir228_77239177\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\efc889d1-a490-4ec7-aa8b-ec79878327b7.tmp

Filesize
6KB

MD5
6d44616b17683ca4edf8f36ae789931f

SHA1
c9ce4de111695c2610d2a00921fff4eab80d9cea

SHA256
8465d8478b87a30dcb295e99098bde86e5946be0aec82da065724cd8c98aeaef

SHA512
2327884a699addeff3a3d9c6062c62c55db5d601fa7ca6278d6005ccf83fc740c5512d2c1f73b2fe66d8742a654f441c8cadc3264eb461d6b634b50cb7c6d447

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
da75296c609f9faadf56e6defe182f2a

SHA1
42cafc905d67ff0ec6a1eafe40590c1f1073d156

SHA256
44feb7d50d4f83c88840f6524772b8631cb71529589cab271be29ca6da429906

SHA512
c61633351fbd9f04c6b1c04c26f8c8512b0f5c6cb649cf19e9e5637d214eea58bc421ede40ef0192a8d922c8820be03bb13c95f012538c762911e7a3cfa243b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
53dc7a9064fcafafb69f075a6feab258

SHA1
7836dd4dc550dd59142e5199b18d84c02dccb2a7

SHA256
fd83b7969e60057ba34d599ff93ed64b46c45106d7c1ad1a4e0490c0cbcc2cb8

SHA512
c0eebc52c761b9f9a77e7e00bed55698506ec3e665fb8f7f4be3b522bce325291953c15154c5425c3a6066ea0d516dba04c2594db2329a02389ec50a105592c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
1485dc667c0551440f851c4e022637bd

SHA1
342f651ba7031e8d79d1b1b4bf70cdd8513802aa

SHA256
99817cd8ba80d05c228e28ede58b07897a0f65188fc1c5103ed1fa88e111d60b

SHA512
52656c14d2208284bd93b66243cb5f74306c8d1992df1ca599afda431983e37cac515db75c566554995ddc7dfde9afedb8cb036237a6a4be193470d9e9f1a673

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
9d3528bee7fa923d988a8eb4aca2da9c

SHA1
b288806d09230e950fe1e5242182d3cc6ec95445

SHA256
640a31ffc98f083c57bb204c3296e3af72e9d7e269ded922d61fd7f8a6869614

SHA512
4168f93356c1f7100aa336a0a77eadc594dab0d1745c303d6e75e4bcb7484fdf76407a603b4d44f63279521f1357d5eb792adee84658a02542f2f88cde7f88fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
bc8c33a33d85de6649a21eb8c65ccbdb

SHA1
f94e4b1d817bef47dd0f2b300026046d4ef35cb7

SHA256
7b97a57094156136e4685ba956b8a846cd7805c13977d4fe68495c44ae5f81cc

SHA512
30ef06e4ca28e151d793f608eba6c2f60ff1006cd93c24046e8c24371b7015d78685e76f285f86ac31fd9a1c0dea1a887c20319bbaad44320c205b9d62772cdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
be0215a87c190a249d3b5583c74c7d51

SHA1
2c1478458b240208c3fec4c3d2ee6dbb231afda1

SHA256
8c94888d2d584291e757d7f6d81c0338b297f8e7b64e404e4d0bc46555a47e71

SHA512
678a84c8b8d6575f2cfe994e737b6c257f21fb1e0176bb51254f8b2e4ea3805d9f56c9da2544c30a6aebb896183b4596f37aa7be03c6d9d8e949c4d10d1606e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
b013c5fc32bc7a2ddd25be8a6c66ccfd

SHA1
29fca10244bd47272fadd3fb0852ac15d13d71d6

SHA256
2e4845256d65ad0f3e10ca875f80c9e548cb1cdd3f5368a86b34ae21041937a6

SHA512
bad6ce59eff74b05b0984d12169cf91d4b7c87249f146ac0441452873a5efb0a324763f4d52ee36a14eb9af572b90162d587a2ae6df902d2bcced06c478d0b80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
b07239e22d9ed3270c065ceef8f617d8

SHA1
546625d0f093c3d2f1afb064b2c854e762027565

SHA256
a7260c815f22712b44fead9f40bfed83b1975802e79407a7e7324dd9bbe13bda

SHA512
733884b5e18f7083c267326a3f618ef549162d84382c5550857d85629aafa6a0fd202f71bed5dd1eb76cfa6c5388f37e2d7fa89377583b37d016d9fca751244b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
e22ffd3467244e339167b0b50b6a8305

SHA1
bf69341ca3b238ce2038bddfc5e92cf28204f9e1

SHA256
088c757aa5b603e2029838899d7fbee18873f06874a6f39d5aa7b44d65ad3d65

SHA512
f0bae0f18da3e9690db7167960081161c5f73066ed6d8cbc6915460f184155eac406642642aac2f725197278939e3eaf6abe9074476c43b313f0ecb3e4974c47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
e6e2a31d8a8fe451ed80119b4546be85

SHA1
f0899d1c98eb3a6aac88b1c892c0743332a2e5f9

SHA256
bc74dd86757d854f807a55e4acd8b00818c4537a1580e2f4ee797f74a9428f89

SHA512
29f3844b91dec90d833c13b583d310d52ff9b4dd406e59aa785a8772375dc57bb1a37a7b9b8ffe293b4d359ea7c7a141e85ee8597e539016dbed9e3c5a84f961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
000f30405b800b06c195a6480c4e7e48

SHA1
2267c39c44a11dec9a2554c5d5b46f3ce248afdd

SHA256
6aabf312a05f2f1f48cc7bb31c59d7cce273acff7c4d21f195e46b72b9f5d208

SHA512
b17f041a2a5432f1799ec0eb80cd821eddbd33be1d8d6803a339c9dd5a5ba92740d4001691cc3bbb1e48859cbfe4e5be727be5b9b443526405812a54f6767c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
efdd56fdbac9051595c284e528437c8a

SHA1
63055a9a353b372d3973aa697973603819e1b35d

SHA256
1b1ec8a1193c987278769344e7f00d6651f058e9e23d74d64ae99b564917f54c

SHA512
3ec0c3b7b9dccbc471b2b9a0189b6d85130d2cde9a71c485a95c5d2313548f9e3caef08991fc6b7f7f703befa4977f4bb672e96b94d029dc7f99e7c4b7bf9bed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
116KB

MD5
f4992af9f1a46ef7ba8f33fcf33e5f07

SHA1
73aa8f56288d173c7a50cff7e19b37d36e0bf535

SHA256
afe9f3c54f55bd47f03b3096668f52f580227595925ef2b0d825ca915d3ec36b

SHA512
2e38b55074fe2c60f86ae10d1e7cd8ca3bb2cd6e108be18d9a73100f33eb6e6cb00406e609878872cc40ed27ff0fd69addac680ccf64d2433ece34a47fc766c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
7136577bb5b341b6cfb9ddd3b548c145

SHA1
afedf782c1ad27088de261998466015acc1b048c

SHA256
43a21696439ca90bfca94c2616dbd0ed83e831d8dda63f10aab310e0be286cd6

SHA512
07dcc82f5a223a18ea9d28f2ceebc0a1f04e7f6a17314ef7038f46ea80e253daad25b377ec6971795769c387db2ce9e204bb32679143dac3cc0d35b7a0aee16e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584cf2.TMP

Filesize
96KB

MD5
5e66d476c375c5c706f5e42896f9623e

SHA1
0dc1bdb71835c005bd6c644e5ff267635bf1d48f

SHA256
e38ff98d8905ef32a645317e1d39fe7154b6fb49b9074ba3aec8c0bc45787c0d

SHA512
8d34e711a1baa49cf380abfb5f010ba5a90a1866c66593f83eb8be7855f7f853ffdd84d5add4e98013d20849b0f5fa9368be73f49237b27ead8a72640f0bc6a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Programs\fpsunlocker\FPSUnlocker.exe

Filesize
129.9MB

MD5
59204fff32b6c66d0dc13dbc3ea1780d

SHA1
7b319be1ea53fc2fe2ba1e9180278a333a8fbeef

SHA256
10d0d17949b3cd1dc5c3e1093f653a12f2c6a35abef57a4b34390782d4f1ae31

SHA512
aaf5a337dda859b6ae67bcb1704b4ac0e8617e795d802ef309220567a75bac260b93a0d07185cbf40a5a788df7f5d56f10006b196af7ffee818a02c57dda692b

Download Submit
C:\Users\Admin\AppData\Local\Programs\fpsunlocker\Uninstall FPSUnlocker.exe

Filesize
237KB

MD5
6ca1cad8a1ef09b99f2c00156039e656

SHA1
bb89037d3bda3529ba02a7fa8ff88c51e049f629

SHA256
c12c81ba3b5bca348e844596b38a600d694a8b4e0680402529f676baf57eb980

SHA512
847492113cc066cba9157141804b44ad4093d6150c00894d5a416bdd57906ed6e51838c63e56c3b99ad3f36207fbd6448d68f336c842b5bc6be5003d9fcf5325

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspEE94.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq411D.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq411D.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq411D.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq411D.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq411D.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq411D.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq411D.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq411D.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq411D.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq411D.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq411D.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq411D.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq411D.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq411D.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\fpsunlocker-updater\installer.exe

Filesize
64.0MB

MD5
f0eafc4a89aacef66cb8f930caa490ae

SHA1
2d56d1295e0dd230aba86f9a4e0ba14f777ffeac

SHA256
1d0a80e177ae66897d641dc0a431b62210ac1b028098ab671a4c89b92e0d3a73

SHA512
40043193562fd3f8ba43d12589d122abde5f2557d3f54ad66ecde0427c35678798e0774d3e71d7566d18cf18c77d8998a1d84e99ac0d365baa5750533e2fd163

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\fpsunlocker\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\fpsunlocker\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\fpsunlocker\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\fpsunlocker\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Roaming\fpsunlocker\Network Persistent State~RFe5bed6a.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\fpsunlocker\Preferences

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\fpsunlocker\Preferences~RFe5bd82c.TMP

Filesize
86B

MD5
d11dedf80b85d8d9be3fec6bb292f64b

SHA1
aab8783454819cd66ddf7871e887abdba138aef3

SHA256
8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67

SHA512
6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

Download Submit
C:\Users\Admin\Downloads\FPSUnlocker-Setup-1-3-4.exe

Filesize
64.0MB

MD5
f0eafc4a89aacef66cb8f930caa490ae

SHA1
2d56d1295e0dd230aba86f9a4e0ba14f777ffeac

SHA256
1d0a80e177ae66897d641dc0a431b62210ac1b028098ab671a4c89b92e0d3a73

SHA512
40043193562fd3f8ba43d12589d122abde5f2557d3f54ad66ecde0427c35678798e0774d3e71d7566d18cf18c77d8998a1d84e99ac0d365baa5750533e2fd163

Download Submit
C:\Users\Admin\Downloads\FPSUnlocker-Setup-1-3-4.exe

Filesize
64.0MB

MD5
f0eafc4a89aacef66cb8f930caa490ae

SHA1
2d56d1295e0dd230aba86f9a4e0ba14f777ffeac

SHA256
1d0a80e177ae66897d641dc0a431b62210ac1b028098ab671a4c89b92e0d3a73

SHA512
40043193562fd3f8ba43d12589d122abde5f2557d3f54ad66ecde0427c35678798e0774d3e71d7566d18cf18c77d8998a1d84e99ac0d365baa5750533e2fd163

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 372093.crdownload

Filesize
1.8MB

MD5
50515f156ae516461e28dd453230d448

SHA1
3209574e09ec235b2613570e6d7d8d5058a64971

SHA256
f4afba646166999d6090b5beddde546450262dc595dddeb62132da70f70d14ca

SHA512
14593ca96d416a2fbb6bbbf8adec51978e6c0fb513882d5442ab5876e28dd79be14ca9dd77acff2d3d329cb7733f7e969e784c57e1f414d00f3c7b9d581638e5

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 852129.crdownload

Filesize
939KB

MD5
27d5a6c9274255cf89b38f28480edcf0

SHA1
88036bf7a8956dd7f7e53ffabb6d29a7508060dc

SHA256
cbe005a1b13a85b5f6bed4fa213e1bb837b222521f8e83ac3879d5bf791d5288

SHA512
46997fde9001405998beca19ee0be329743dc5aee7cda525add25309c795dfee0e5859ef4c4b1bf9e1cdce21f2ac5e90f1f336ee1f0b9e5372581c7f254ec075

Download Submit
memory/60-2253-0x00007FFAFAF90000-0x00007FFAFAF91000-memory.dmp

Filesize
4KB

Download
memory/60-2353-0x00000176BA090000-0x00000176BA7B9000-memory.dmp

Filesize
7.2MB

Download
memory/2800-1996-0x000001A189840000-0x000001A189F69000-memory.dmp

Filesize
7.2MB

Download
memory/2800-1950-0x00007FFAFAF90000-0x00007FFAFAF91000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads