hxxp://itch[.]io

Analysis

max time kernel
2699s
max time network
2657s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18/05/2023, 23:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://itch.io

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	ULTRAKILL.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	ULTRAKILL.exe
Key opened	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\HARDWARE\DESCRIPTION\System\CentralProcessor\0	ULTRAKILL.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	ULTRAKILL.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133289337110399063"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4238149048-355649189-894321705-1000\{A4B7AACF-4583-4F1B-90EE-AE5C1E3F39EC}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4976	chrome.exe
4976	chrome.exe
5112	chrome.exe
5112	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2276	ULTRAKILL.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4976 wrote to memory of 3480	4976	chrome.exe	85
PID 4976 wrote to memory of 3480	4976	chrome.exe	85
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 1248	4976	chrome.exe	86
PID 4976 wrote to memory of 4000	4976	chrome.exe	87
PID 4976 wrote to memory of 4000	4976	chrome.exe	87
PID 4976 wrote to memory of 2300	4976	chrome.exe	88
PID 4976 wrote to memory of 2300	4976	chrome.exe	88
PID 4976 wrote to memory of 2300	4976	chrome.exe	88
PID 4976 wrote to memory of 2300	4976	chrome.exe	88
PID 4976 wrote to memory of 2300	4976	chrome.exe	88
PID 4976 wrote to memory of 2300	4976	chrome.exe	88
PID 4976 wrote to memory of 2300	4976	chrome.exe	88
PID 4976 wrote to memory of 2300	4976	chrome.exe	88
PID 4976 wrote to memory of 2300	4976	chrome.exe	88
PID 4976 wrote to memory of 2300	4976	chrome.exe	88
PID 4976 wrote to memory of 2300	4976	chrome.exe	88
PID 4976 wrote to memory of 2300	4976	chrome.exe	88
PID 4976 wrote to memory of 2300	4976	chrome.exe	88
PID 4976 wrote to memory of 2300	4976	chrome.exe	88
PID 4976 wrote to memory of 2300	4976	chrome.exe	88
PID 4976 wrote to memory of 2300	4976	chrome.exe	88
PID 4976 wrote to memory of 2300	4976	chrome.exe	88
PID 4976 wrote to memory of 2300	4976	chrome.exe	88
PID 4976 wrote to memory of 2300	4976	chrome.exe	88
PID 4976 wrote to memory of 2300	4976	chrome.exe	88
PID 4976 wrote to memory of 2300	4976	chrome.exe	88
PID 4976 wrote to memory of 2300	4976	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://itch.io
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffacf3c9758,0x7ffacf3c9768,0x7ffacf3c9778
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:2
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2176 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4628 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:1
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:8
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:8
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5148 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:1
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3404 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4840 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1668 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:8
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:8
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2476 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2868 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5016 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5400 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6028 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:1
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5272 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4732 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3912 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5672 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5952 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6172 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6148 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6500 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:8
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6648 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:8
  2⤵
  PID:688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:8
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6840 --field-trial-handle=1832,i,7393127200912397560,14974056244976730053,131072 /prefetch:8
  2⤵
  PID:4608

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3852

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4296

C:\Users\Admin\Downloads\ULTRAKILLNewDemoPatch1B\ULTRAKILL.exe
"C:\Users\Admin\Downloads\ULTRAKILLNewDemoPatch1B\ULTRAKILL.exe"
1⤵
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:2276
- C:\Users\Admin\Downloads\ULTRAKILLNewDemoPatch1B\UnityCrashHandler64.exe
  "C:\Users\Admin\Downloads\ULTRAKILLNewDemoPatch1B\UnityCrashHandler64.exe" --attach 2276 2013412462592
  2⤵
  PID:4700

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x540 0x3d4
1⤵
PID:4856

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Hakita\ULTRAKILL\Unity\e0f73b9a-d984-4536-a3ea-3457920316d5\Analytics\ArchivedEvents\168446045500002.3e9d37d9\c

Filesize
1B

MD5
c81e728d9d4c2f636f067f89cc14862c

SHA1
da4b9237bacccdf19c0760cab7aec4a8359010b0

SHA256
d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35

SHA512
40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

Download Submit
C:\Users\Admin\AppData\LocalLow\Hakita\ULTRAKILL\Unity\e0f73b9a-d984-4536-a3ea-3457920316d5\Analytics\ArchivedEvents\168446045500002.3e9d37d9\s

Filesize
439B

MD5
2b18611b07575b5e940a5864d0e66ae5

SHA1
6aca082b12ae134a3bf80ab0e10b984178d61823

SHA256
871ab75861d28c90dc918430b5b0adb5a08e8998aecfd3f60289ffeb8b74de1c

SHA512
51ddf097b805f3706721f4e1eb59e6f0e1a4bd98fd46ef421013f2c89eb30c094b674eb2898155a020de47303498e27ea16bc7cb871f08e9722ba93ddf144872

Download Submit
C:\Users\Admin\AppData\LocalLow\Hakita\ULTRAKILL\Unity\e0f73b9a-d984-4536-a3ea-3457920316d5\Analytics\ArchivedEvents\168446135400004.3e9d37d9\c

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6c49098e-4b8c-49d3-9f04-0670a3689416.tmp

Filesize
4KB

MD5
587c438d174c1488361de0b8614df2e2

SHA1
0ab995f6e37abf43e29ae2e36d11192e0e525c78

SHA256
ea8acf4a88f4242e5550b05d60c1973f8797cf9372a9de3e9bca9a07427a1b78

SHA512
b508a56384acbd38d629a7b68c354c2b9803c77deec9f0310c7c29e01af21a184544ca908bea7f7f3f73c774cdf44205c97e6dc7b8603841954bbae0af1836f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
44KB

MD5
6e24243968a8df7bbfff345768f702b1

SHA1
34b916478ad48257c10ef5045b86ddb052218f10

SHA256
9c278ed7711f8446f1ee366f78393215010eb8fe78738c15dcafeec7bb7b219b

SHA512
8a99584ffa8f573243fc537b033f22e0d360d163403f804887497337734c9cffc60fdd1e4a1fd4412f0de8a22a4adac8e2af966096e26d8e36a6d4a976da9a80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
84KB

MD5
bf3ad1cfc7386554bcc97d5a7b7cdb6b

SHA1
2b23667331ce9e62b170df6daa40748cbf98d92c

SHA256
0fc7b34ff2ee2dc14c292ea06a31aec03575872393f510d390c9d2b49f63625b

SHA512
55d71cb0cc89caec2535f5b8575a77e559a1b835d9b815b5bfa6046aa5555adeb4e7edd8177e67441fcc774daee4e46f426f2fa209e533d5bad19bc4d05497e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
20KB

MD5
39307e27138b106e53f1a4af27d63094

SHA1
9c2fbfb3f19bf72a282a101d1c802c287dbb5fab

SHA256
07c09b206faa8934e6b12c518a4f834d8bd5b2bbe92a07a4f169173ab620b464

SHA512
8e48c468cceab8dfb296c62c2fcf4e82adde92fc06e3b14418a4cc08dea5712aaa7f61eb5421b9d5fbc0803b1b8f2b05a344a2e3db7831212af9e2579972bc52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
22KB

MD5
cae0a3bff6c55245d9c41f31ffb59d80

SHA1
ebd40dab223720af9a3f7f6fd8a1d979a50ffa92

SHA256
0373c3d6ccd255a22794c4d134d7072a5eec32cd132571889538389959075abe

SHA512
f0fd812b0c5db1655a224729c1d2f8bca5dbd797f333ddeb4c8779a0c7db7e142f02bbbb209971ba324613bd6c467f2dde4f940c246236752cf47e9c53fc73e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
21KB

MD5
365139c81098a7d1a09be5ad35636cc9

SHA1
1ea3cc8cd2e4af315129ad24f4788e7b5ae48b74

SHA256
a8afb3784cafc474c077c92a5e640ad01bb8b8ddfec1db4908e9291fa3d48ba1

SHA512
1934dff330d81f0b576522350f655bfcfb10d4dea9b23b4a0c7581ade4044d7c8a81e62caf5c3ab1009fc1bf99d083ddfdd2c1a17f748a1566320868db1516eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
22KB

MD5
8edeb5a220fe2ebde6e724ec46a47b01

SHA1
4cda11549a4866dda172d7e9eda415ce3f84fa3c

SHA256
25426e5097ffb53fe93f88b9e6fd457aece2c01ae06c9cc02aa6d0f59e04b7a3

SHA512
279187e4788378c7b27a7d606293622be31423a76a749d9ae03c2b359b91482f937c466b1288545f8d2251b8df306ada2c30ba5d1d186b63946aa42327000118

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
31KB

MD5
dcf2981076fbffa92b40d1d090870093

SHA1
f961e98d12ccb903749375a788c631ecb10143f5

SHA256
719203737b63a0dcc8f38e3e3b74dabe5f82ff2487b4156fa08fe1ed838d8568

SHA512
4c66aa92f35422d463ffb6af067c73b52023e906fd3fe50dc058bf150d818758edd3f859587b32eea6b73ca49f2230ff791d2bb33e4cdad573038625ac02289a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
35KB

MD5
264105689d076a456ffe8f6283c798c8

SHA1
2ff78ba8eb55e037825752182e51df427f1c0ac6

SHA256
c702086e229bac921d4e1e72c8c5ad0da70f660b47234c61171dc682affc0e96

SHA512
82073c7b1717f247a987b903ffc23a85eda0330e674e2346b8c2b7635e41f0ded183becaffafe8f973e1a85b73766c75fd34ace1a74b84776dc58710763de3d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
3da1f974badeb854408e3c79ee4a708d

SHA1
2f5aa432c72aa1fd680ba19d6ee6842b6b772947

SHA256
83cc0c476e36ed0862c43aa03eb741ad9d367d13819353445bdf75b1a9c593c0

SHA512
e762a558f85f7e4c4ab82b68b815ff2785ecafb034c0ae9f567d61470933239bf7b61b879dabe1a49dbf23c30ddef8064219fbaa5026d11afb08d735d9386b0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4c184d58669237902a4844c7a88fd034

SHA1
430ec2b24e138cae8a758dc8f33334afccfece8d

SHA256
40088db60aed58027d0b825a474ee4e68e5066ee2a661be2300ed75945142d58

SHA512
56c017d980830a0fb2e351793bd341c5e0eb9a5c0474646a431432f43bb89b586f3fc9d831f07a64d61ebfa4dcaf77787fe6f774aa31d94892d8afd74d435ef7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
468ec55a950c7308428956ebbd565ad6

SHA1
63e3812acd55c7c623c805cd5e283d54fe2d615f

SHA256
072bc573b78354477024cbb45c54044591b3c042c74539b36eec977263501026

SHA512
b7065d7e8b0e76538e7f447a1b795a2b9852476d74f7a22b35321498df753c03285d0091f11937219d0760ae042ab2e4f158bacc6b239e9a1c9d05bb69f04001

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
6a77685054565bdb53920b4d6a7eec24

SHA1
da477de8b42198e02bc4abc58497d548c9e18f51

SHA256
b3db8c363764ec67e418b9c606b6495fffd655c54d6b9a7a881d5d94c801431a

SHA512
741d1701bdc02c78d32b8e9cf5b5e5f6046777c55c448bd9609df786ea4854503ec8cbdeda9b70fcb9dd20e10ee12b8c3616b81188775555243417394504a7f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
d500606a2b7fe6597ddf4eaee251890d

SHA1
26f1341e89745aa440335162978b0937c00c5c39

SHA256
435b2037a679632b9323b4ef8a3acac4ad22787436ac9674828415fa50cad032

SHA512
61d2abae951fbd5b9ac478edcbfa596dd3572098266d0a77bccc3be0d7b336871a40f1e18b85abe785a92348c729b7655e2ce312ccf7b5dd2323aa4ee8140c9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
27a3e6eda93e28d14d182f984f686794

SHA1
1cd85060dd567158989301292167e31598effeb8

SHA256
5b1091204d0487973098b8708426fb268e874afe66cb637f5ba7fadb250ce927

SHA512
5d035560c2d0a4b97baf99545ecf93cf1d7699a792bf993a152f0e7a050a36eb189d8625de91331743e375553751a6f2f08f9e2b35460af362562c99aba51319

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
0ca005209f4fd5e43dc1ea17bb891b9c

SHA1
ba5fab554723b870653d64f438163eda973f76af

SHA256
5f55d727c10ffcfd4d956212cc59706aff457a5ee1f695af4756203bca689433

SHA512
b8fbf47b5779ac797d78942231e2896b5dce1a8ef64bcaebe2bd221ba4ed09f84ef98f3bfd21c79431445a0a7d4121c657b6139470c904d94e9f8d80a8a26e17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
c6cf0f1bde9a52cc192133bb6680b004

SHA1
794cbe0f79bd7148e719dda4099b6049d9f7419f

SHA256
eb8a4e508dc018096747431fd1c4bcb4afc39eb6d6c1a925b6e79c990b5ce9c2

SHA512
0d986b6d4cdd69d68b6dcffc72cc8331f23c68f998f530950e8d9b9fc88cf6272d32d73ec2ba4165c2ede7b55a049f46ace51e89e86c36447843227ac9a3e3c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d294c92dc2ebbb9d2b6716655b88de2e

SHA1
320dc766ffd0a93b7d9d2d2b22c38416fa78f517

SHA256
d7fcfb94fda702eb42717b6222b0a43faba51edcff4623cf93eba0cf6ce27ca3

SHA512
8955df1a337236ddf8c5f9c4984234a1be1f86e8c3286778c73cdb7c4c935606ffc8e05ba3cafe7d238326163a0d50f36433c09220815f06b6d28987557129b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b6455f90e1a2450677a4d740c8a35a71

SHA1
cb9d25dde85b4a46e88b0a32e172e1cc7dd2a264

SHA256
481378938d1e9eb76cf54a2d4745a222923a9b7377470750489af05d38189d76

SHA512
4a8c5cb36c5f8b9b128d05d9b7d6a90cfcbd7674c0d85124edbf67c91e1ad32623f1d1879d4232d6b3c5d5b734c740c9320501e89c715374013ccca80c3685ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a5d48d1665fd4c0934c24a8e3681e29f

SHA1
b5c8a2bc25c620731aa4aec4f770f17f92a699f9

SHA256
9f631075033e71028a22a8d20ab2535f79de7e10c2c52a846e97684b4d37193c

SHA512
c459577bac6d8033410e22435505dcae6424ced56948501cb6650d603fbf23d1eb0c27f01f8c1e54d48f7270d6a9510685cb1c1671e0e10ede8e193abc792abb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4ce39c307529624275385b442918ab72

SHA1
0a809bfa7d0bd39162431a6d1853b69fc6a323a1

SHA256
12b632fd860550f3ffd988a57536dbd8bbc22f8af2a1c1d926f4db3eab0af761

SHA512
ad8e5e6877184be932f927684b1b88c5f3abbf16abc5fba13c63ad1bcc8110ace43efe9a0c57417ac8d06ba4b7fadf635e3a9e4e5f6ff8b8377b94d56e0aa48f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e439aa027da4f426608e29c36e986ac7

SHA1
78f2ed5d62315807843dcf031402c062d01a309a

SHA256
c459f9ac79746f32287c0821d55e88011e621734d541e4ceee93d539b49bcdf9

SHA512
af7c7ebf99716fa9e1de1df42d7e8374c40c1d32925d5cb4f215da15803b3988f9b12a6f30903d2100c7abb5fde0345887f9489bc60f5463f3fe2ab1256e5925

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7f48a33d32f7e0581d5a9fccd492baf1

SHA1
6755bf5ba478a26796c87ef804cacabeacbc4709

SHA256
02735cf13128e49fbf0af099bcd16d70b8313bd116643c0981ae6b002f5c8e88

SHA512
f4474fcd18a780a3f8b2f9d1405cf59dcdec30274f3774e2863b09b9ffdb62cb2f41b40589dc29568b4d8a1b212201991896b5d6552ab39467a58e195ac4f3eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
e6647cd11b5e50aa40377d370b0ef8a1

SHA1
cd4497cb4add35afab9f2757a20baf6f96b6a964

SHA256
a7928b143fc0738250f39b08aba142164e881d4272217c57be9ee3fe71566d57

SHA512
7e8f1a6a4a0bdf9dfa3942c77ee845cb7491e7995a8431af9cc6cacae7beed1b1b8f395d965a67bd8f670e11e60e92b04f48c74a50e7f9f210d23bd60fcfd859

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
fb9445cfa8aaa2b95e7d0804fe7841fe

SHA1
eb598dfa8ef2d17ac8e02c4b445c3438e51869ed

SHA256
0ca4ec9f41d2d9cb8cc98b63ec622efbd0448c77b801f72dcf711af131dd677e

SHA512
50cbde45df8278168bba9e15a82e67c09f37ad3bf7036839b8e77409ff2aab20ee2c9252b84a6fcd8e3bc91dd2a9239747f1b0e15e8b5e25e0cb0b9e80abf6a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
ea2ebd0fd784c82c3632df05e8d0938c

SHA1
18f0ab85f128063fe8a836ef28d2c2661d89f49b

SHA256
1f5552dcee6df99479e3cb87fa18e79768d530f6ba3f806c3b721e527a0fe784

SHA512
483622b2502937daa7bcb460e9f9730cee72756ac6d581aa41a27c8cb97b7e85386ae27254f4ca111802bd4de461ca4f7769210b6ab5664b637f211e45ddcf9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
54f501f199c5a3bbac80da9e9d0675d3

SHA1
032eabffa93eeb49d7deb3a2b03941e54dc0dfd8

SHA256
093b468c27dfb3b96243c4f15db0890813b2c616b3f3bb12c42939ad8f81c1d7

SHA512
bf08ef05d3f53946a7fe80b3580d97f69728a0eb2e82e50e8ee9ab7be1bd47b3c523b1b7c6569cb5249d72a7842997aeaf68ea76e18e7f70687e239ae6f52562

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
58ee9c750bfefd39c052ab04640189f8

SHA1
ea4dc2445d1a48d242fb963802b6bab5779ef1a7

SHA256
d5990453eca22fb89408d0ae03967fed512c2922672f731b32f1594100319f10

SHA512
62b6bdb00ff1ce707f9f1b4cef1764ad6913b912c8414c646b61204bca64e1115ce145d892f063ac83e257a59fb7c8e89d888e718dae71bd89725cb34f247d86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
7a6d366c9fbdd3b4acdef253e60e2681

SHA1
346cbd7d09a5e15a03cfe5bf4786fca8561b64a6

SHA256
12bd50140a632140d7da9abe823998bf6ae77350d456383dbd78cb9da990d4ad

SHA512
46c324eaf83ba40bf03d27a6c8fe2634c648dfa181470b817c75df7515f758e9ba7d5626fbdb6861c47c4b21264ebfda9268858be9e57c4b2aa9c1683ca27380

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
9870d8b03e37740df3b2eed113565746

SHA1
ffbf66f0349be20436a96c3aa43f6afe33890c76

SHA256
bc1a0674a0ffceca84377b42385aaa4d34926df15afe98394113a1884c7dbbbf

SHA512
591a1c21045d9c3e89287ad1f08323cd53dddb8b7f43d572822ec6fe2eda742694148b0c6058af9e5ee4c7625bb1823fe3e7684a467e472f68e2a372a411f1a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
e88b86426ccd939287515b46f3189ddf

SHA1
04c5784d0d59a43a851304b21ac8828c4f617260

SHA256
4d5d472f714bfd45b40a5eca1db25b6ca3bc5f99063cb9201d84f56871152374

SHA512
e52b603a9ca265573236a19991c25d53e4d82dfc24ee4d732b7a501d7c4f31eb6009465f474d533813b5d0bfad9b6e3429cedadccf2fa4d105ff19b90f703661

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
c3c94d83a5c28c35b1f88e4e77900e94

SHA1
3d0026dbaa82356cfbd35ec9d7c850387cd53d78

SHA256
421493ac85f282458ea13d744e7eb1e14fcbe7ef28e47363d4c60230e9e89b02

SHA512
225aa33965a63e6745f233abe7348eb847c93ba8dc0afb6f1f431cd9d1951273789cc863ccf40a4e39b6a0c294a26f145b7218e942882f4bd30cf095d11be209

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
da5ec24a1e0b284b7f0668a293287c25

SHA1
b7b00f41bbc2b5769a0389c423304edd7007a384

SHA256
f61c44cf9ebf5d58777d969776bdd49e92440fecd4c4cbca01658c1ea647b570

SHA512
ed58ef7e738a2e6a47d1b1ea7f979b4d841f675aa1bc815b8f7a45d1527ba9d79e30f8b37a0aaaef3bd52eca99c9fbdfa6d7e0bbd5ffb53cfaa170315a635e7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5970e30d5b0d8af6f877befdc95acee6

SHA1
7610b57f46a34be5456ea6b51f5051ff68087332

SHA256
9d9f0d283384733cbeb13a952585180a1d7b36fe0be8163a1b5771ddfaf4f0c5

SHA512
6a4c48cffd66f061bda571212298696b403b8ad1a3877913df85424d3377817cc17f273af3a2caffce9e86ff9d2b6322ec7a168c40f906767e7395117101dde2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2fb28f50b17a4cf8d64915f3e2826d1b

SHA1
633da9f881d383f8ccae96333964319e1020c571

SHA256
8ce4a25f711071b8d7c227b9c6052be2add3fb078e048bef17bd98d36de11bd4

SHA512
599475bc47799ef9b60c2070dddcd58245fef27c22d39cae992757e067dc6d10fcc5a0ed192b2ac0254acc82cf72d0cba1d0ed541400157f0beedc973bd092e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8d430a8f683a0e51a079ed825b7f2802

SHA1
c058d45cce2cb02854e18933848d3a197ca78e04

SHA256
5f35804075fc32f2b9073a83f8692e2dd7d950c8d5a34e9e96e62bb004f4a3fb

SHA512
15684a5ca42bd3b93ec75d6e340392e58c5a33340c481757b60de920fa13b59afadbcb2e37c561b4ca6dde65494f7bf1a27fa27b528e4801d2d839bd927fdef5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
e67205024ba0c203d93a2bb9c81c5fc5

SHA1
9193c225a4ea589e824f3079e1458953f26b5a81

SHA256
71b0a4573317f2283fe2cd0eb4db9db0ecdae7fa7555a1d97303124a8efb5f0f

SHA512
838ca23a7d38471247b28e2e31d8ff267874c0919163628cb42e61e6d29e5817f4411457352fbc38aea83e30a5d58dff26e7e1a6b0a09de5fa8057086b692c74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
5f5f110a49016b622635f8d09d40a349

SHA1
62b0e6717fb472ca6084c1eb546222a1b640e5b2

SHA256
e2ebc47340568a721e05da58e79eff005ab3db07bb2280a4eac981bdf2aee580

SHA512
14258b4efdf8e34f125048feb133f34f2e01d17674b7a37db851e3fb2c2bb620d3bad81c84f02287c294e997dd16e670706beb4bd8a32dd1585024bb3a074489

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe570d00.TMP

Filesize
120B

MD5
07655fb25dfb133eb0c8361e3316054e

SHA1
48617b098f29ddbc7c78516b0297138ddfceaed2

SHA256
f1e1e7bb2361c323de2b69fe612f6fdf727ef5dfedcfdd550f3bf28496a10997

SHA512
0461679609cbc0536b89a30e3bd869836a2c73c37d578a963ee3f5e3aeec1d17701c3f9d55f17dbd9cb60cea4a5dbb2543036e124ccec78b4645c03e2ad87b0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ecc9aa9e-d1bd-495f-a9f5-f39180d7a9b3.tmp

Filesize
4KB

MD5
4ad1f99b1cf3c87afa2c14687d44d629

SHA1
8e7d313203869c627184d9c896fd42a30b44d698

SHA256
df80299c6f8c5a07e72e628d221b3a7526c6073027dc6bf337578eff442dbca5

SHA512
f1ccea7bc8515de8f066d404c0532175f743f9a290d2dd32f600f80901fda62bc6eff6913e94aff6915f2936dd90b9094192f170264ca0904ee48b6412e7cca2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
9c0cef1c69856b4c9c038642d96439db

SHA1
69e395f8fbec61e5dd44cfb123ddaa12721fd81d

SHA256
f55972223dd1d7cfd08b6cefca8e2a03e26934a94bc41870fea7740bce99a9cf

SHA512
1d364805f3d3786d3e3b8f7df0f52e9ee81cc593a18fbd9eb9309dd07d4c1401c5552da426d318439b50715c86c9f4b562a0798482e50d1c5ddc8ad7ddcc5bd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
35791abb13f9d4136efa49cec8035347

SHA1
8a520c180e9239ea516a91b725d3906535d3b92d

SHA256
f347ab59631a42ec4af8873c770d4f307b599603350768dd2b815a367c4813f8

SHA512
719c7a6c8cc9b2db21108bbea1634ea0fa1414a7d733a5377dbfbe7dbfd9aaeee1e4f6a339b0054fb2d1f5182e1948bb286d37791a8d34db036a92bea9a12479

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
1040c35289955c40d3a806f3e63e2ef9

SHA1
9578486c7c52d57937b24566c0c5ff5e702f723d

SHA256
c2d2189314ff63e2f960da49b46af685537d3a0eb51d99a64607089540cd7923

SHA512
7be0a3c36f8eeb379c2ad658a0c7323ae41c834217b1db81cd6c9518513198210598baca62a7a199dfab34bc8233e15ee78a0d4cc41ab99bf0314677fe89ddd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
bc7ec9a93ebc93dace7ff886da297392

SHA1
4925226a0740e2265f55c2107b236067874ae10b

SHA256
0e365db78082bb4aa12cad618015b59e6736a7d7642778cb3879e06c64ccefa0

SHA512
8ba4794055cff3901a15dde9cc64be396ec85c6b931fb1e925a72ee9df371e7f756262bec426a2285714d2d04495c4f49a9f5f5c3e772554411645a8dc6873c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
113KB

MD5
4ffb55c169aac7936b94ac5259556ccf

SHA1
79b5cfebdac015e55b3907c20dd92d7621d63cce

SHA256
3e0ae5eb60f11272e30f94ae2e11762d5cb88bd92e43ce13a71d186751dee00f

SHA512
532b5f19aea79798250a603e24abdf0e84872b991040494af865824d1b460580a5d8e13a4eb8fd5571d10f17143cdd64976b087831fa21850d16dbedf53c9113

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
3e63006784b1b5298d1580796a2d71a7

SHA1
1891de2ce379cdf79f692dde6c51f7fca65b5389

SHA256
ab4315bd5d21f1b4647cd1bb2b1a80f7afc3bebc83a79d36dabedeabbcda1e4e

SHA512
d7633a2470769f60143dc479d8d616de2e52a9df67bb77e7521b00cba275adeac82d991a2d82c8d94b7fd7ae4e3009d3dc51c3291ba20a33ab33dc5f4de54b8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
997a19f6593ffecfb9a7e225a1b630ac

SHA1
b01d774c6016f8f6653ac2c771918850624407f5

SHA256
98aa54d557a322026700dd9a7b3c6f53fbcd9b51bdb2027de5f4ddba6adf0fbc

SHA512
3189edd811ad2fbc0fcdea422a7a00c9555ebf2e3fbe596f6aa090374674d0e88c5858296a3d772deb64b6d04faf533580195d5ad520e95514531cf7dd8bd6f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
e810963b92ac05d4396a71ed9c498819

SHA1
109c84124379a575f3537dafc33866d693c5ea0d

SHA256
4d867a983973b0d3dc94f74021566720e17bb836009239878b45385aa02fc2b8

SHA512
57ca1e59fcdc5c07ea60ba47d1255fc2215a66aa8763754abc6607d35f682c23ce410c879eb790a03b802a956dc4551d8ce84259c380563f61722dc669091bba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57b43c.TMP

Filesize
100KB

MD5
cd82ae129a5175976c546d758850146c

SHA1
125b72922105e939ea3602fc8031f04cdf62b784

SHA256
01c484f72bee99872f7db3501b1fe3b278fbd7a9078cfe0ce7a37028cdff49a6

SHA512
3b23aa8286c9606068f89e18ffe521a3691cda23ea5cf011e3bca7c3ce17bf7cde21dea6d504420d211f7ce9f0daebff791b76d4ba04d59aba594cf9b0c2ab8d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/2276-1258-0x000001D4CA670000-0x000001D4CA680000-memory.dmp

Filesize
64KB

Download
memory/2276-1277-0x000001D6A4870000-0x000001D6A4880000-memory.dmp

Filesize
64KB

Download
memory/2276-1220-0x000001D6A4220000-0x000001D6A4230000-memory.dmp

Filesize
64KB

Download
memory/2276-1219-0x000001D6A25B0000-0x000001D6A25C0000-memory.dmp

Filesize
64KB

Download
memory/2276-1217-0x000001D66E520000-0x000001D66E530000-memory.dmp

Filesize
64KB

Download
memory/2276-1216-0x000001D64E2A0000-0x000001D64E2B0000-memory.dmp

Filesize
64KB

Download
memory/2276-1259-0x000001D4CA560000-0x000001D4CA570000-memory.dmp

Filesize
64KB

Download
memory/2276-1260-0x000001D64E2A0000-0x000001D64E2B0000-memory.dmp

Filesize
64KB

Download
memory/2276-1261-0x000001D6A25B0000-0x000001D6A25C0000-memory.dmp

Filesize
64KB

Download
memory/2276-1262-0x000001D6A4220000-0x000001D6A4230000-memory.dmp

Filesize
64KB

Download
memory/2276-1215-0x000001D64E290000-0x000001D64E2A0000-memory.dmp

Filesize
64KB

Download
memory/2276-1272-0x000001D6A1870000-0x000001D6A1880000-memory.dmp

Filesize
64KB

Download
memory/2276-1273-0x000001D6A25A0000-0x000001D6A25B0000-memory.dmp

Filesize
64KB

Download
memory/2276-1274-0x000001D6A4630000-0x000001D6A4640000-memory.dmp

Filesize
64KB

Download
memory/2276-1275-0x000001D6A4850000-0x000001D6A4860000-memory.dmp

Filesize
64KB

Download
memory/2276-1278-0x000001D6A4880000-0x000001D6A4890000-memory.dmp

Filesize
64KB

Download
memory/2276-1279-0x000001D6A4890000-0x000001D6A48A0000-memory.dmp

Filesize
64KB

Download
memory/2276-1218-0x000001D6A1830000-0x000001D6A1840000-memory.dmp

Filesize
64KB

Download
memory/2276-1276-0x000001D6A4860000-0x000001D6A4870000-memory.dmp

Filesize
64KB

Download
memory/2276-1280-0x000001D6A1870000-0x000001D6A1880000-memory.dmp

Filesize
64KB

Download
memory/2276-1281-0x000001D6A25A0000-0x000001D6A25B0000-memory.dmp

Filesize
64KB

Download
memory/2276-1282-0x000001D6A4850000-0x000001D6A4860000-memory.dmp

Filesize
64KB

Download
memory/2276-1283-0x000001D6A4870000-0x000001D6A4880000-memory.dmp

Filesize
64KB

Download
memory/2276-1284-0x000001D6A4880000-0x000001D6A4890000-memory.dmp

Filesize
64KB

Download
memory/2276-1285-0x000001D6A4890000-0x000001D6A48A0000-memory.dmp

Filesize
64KB

Download
memory/2276-1286-0x000001D64D410000-0x000001D64D420000-memory.dmp

Filesize
64KB

Download
memory/2276-1287-0x000001D64D410000-0x000001D64D420000-memory.dmp

Filesize
64KB

Download
memory/2276-1297-0x000001D6A28A0000-0x000001D6A28B0000-memory.dmp

Filesize
64KB

Download
memory/2276-1299-0x000001D6A28B0000-0x000001D6A28C0000-memory.dmp

Filesize
64KB

Download
memory/2276-1300-0x000001D6A28A0000-0x000001D6A28B0000-memory.dmp

Filesize
64KB

Download
memory/2276-1301-0x000001D6A28B0000-0x000001D6A28C0000-memory.dmp

Filesize
64KB

Download
memory/2276-1302-0x000001D6A2980000-0x000001D6A2990000-memory.dmp

Filesize
64KB

Download
memory/2276-1303-0x000001D6A2980000-0x000001D6A2990000-memory.dmp

Filesize
64KB

Download
memory/2276-1214-0x000001D4CA560000-0x000001D4CA570000-memory.dmp

Filesize
64KB

Download
memory/2276-1213-0x000001D4CA670000-0x000001D4CA680000-memory.dmp

Filesize
64KB

Download