hxxps://www[.]mediafire[.]com/folder/e63pftlc5iziq/GameLoad

Analysis

max time kernel
122s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
22-07-2023 11:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/folder/e63pftlc5iziq/GameLoad

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5976	Setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133344972587173307"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3308	chrome.exe
3308	chrome.exe
4336	chrome.exe
4336	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3060	OpenWith.exe
6888	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs

pid	Process
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
6888	7zFM.exe
6888	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3060	OpenWith.exe
3060	OpenWith.exe
3060	OpenWith.exe
3060	OpenWith.exe
3060	OpenWith.exe
3060	OpenWith.exe
3060	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3308 wrote to memory of 2100	3308	chrome.exe	85
PID 3308 wrote to memory of 2100	3308	chrome.exe	85
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4904	3308	chrome.exe	88
PID 3308 wrote to memory of 4344	3308	chrome.exe	87
PID 3308 wrote to memory of 4344	3308	chrome.exe	87
PID 3308 wrote to memory of 5024	3308	chrome.exe	89
PID 3308 wrote to memory of 5024	3308	chrome.exe	89
PID 3308 wrote to memory of 5024	3308	chrome.exe	89
PID 3308 wrote to memory of 5024	3308	chrome.exe	89
PID 3308 wrote to memory of 5024	3308	chrome.exe	89
PID 3308 wrote to memory of 5024	3308	chrome.exe	89
PID 3308 wrote to memory of 5024	3308	chrome.exe	89
PID 3308 wrote to memory of 5024	3308	chrome.exe	89
PID 3308 wrote to memory of 5024	3308	chrome.exe	89
PID 3308 wrote to memory of 5024	3308	chrome.exe	89
PID 3308 wrote to memory of 5024	3308	chrome.exe	89
PID 3308 wrote to memory of 5024	3308	chrome.exe	89
PID 3308 wrote to memory of 5024	3308	chrome.exe	89
PID 3308 wrote to memory of 5024	3308	chrome.exe	89
PID 3308 wrote to memory of 5024	3308	chrome.exe	89
PID 3308 wrote to memory of 5024	3308	chrome.exe	89
PID 3308 wrote to memory of 5024	3308	chrome.exe	89
PID 3308 wrote to memory of 5024	3308	chrome.exe	89
PID 3308 wrote to memory of 5024	3308	chrome.exe	89
PID 3308 wrote to memory of 5024	3308	chrome.exe	89
PID 3308 wrote to memory of 5024	3308	chrome.exe	89
PID 3308 wrote to memory of 5024	3308	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/folder/e63pftlc5iziq/GameLoad
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb8d49758,0x7ffdb8d49768,0x7ffdb8d49778
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:2
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4904 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:8
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4624 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5564 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5740 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5652 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5584 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6228 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6388 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6164 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6536 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6744 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:5800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=7044 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=7184 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7092 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7180 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7380 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7628 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7624 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=8152 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=8124 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=8624 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=9024 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7192 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:8
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8684 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:8
  2⤵
  PID:6040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=1784 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=820 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8628 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8340 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7352 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=3420 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8820 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:6164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7492 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:6172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8100 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:6380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8464 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:6416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9116 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:6424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=9088 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:1
  2⤵
  PID:6408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3760 --field-trial-handle=1924,i,16455452171792076820,11615910042884318428,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4336

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3824

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6100

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3060

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\NinjaLoader.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:6888

C:\Users\Admin\Desktop\Setup.exe
"C:\Users\Admin\Desktop\Setup.exe"
1⤵
- Executes dropped EXE
PID:5976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
f083bcd6a0628fa4aca1d134179c94f7

SHA1
dad1bdfa0fa12bbf89581b0f2349d34d5e48c412

SHA256
598abb8646aa2b6371f79de998960b5bc7a28e195a594ad15d8da9e86995892d

SHA512
33d2a799420f46ee769a83499852bf7a62f4f0887a036a7a1989c096fd977763685c230616429a4840636d0f0cc9eb9f19c415271fade01a10eab5d92d2d3e8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\751cc085-700d-4f3d-8a29-b9e873fe9238.tmp

Filesize
7KB

MD5
25d177a19910864303ab5e63033bb6a8

SHA1
3154e8336cfb4a0deb89a61cc64a23bbc346ef6e

SHA256
caf3788a523b74d8d7259e9d9b9134cdc03da19059b54c0cc0055c3060bbc437

SHA512
a989ceb8c228b1a3fae180c27cd3b5a789404cd0b004b009f67371af69858502315f575d677ba502e74e9b3636dbbfd519a6058e4f8380f83d31c600191b53b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
649dc2313979522327ebe1a399f39782

SHA1
c80f26e67fb429d9545eab4df96d0d9eb8439526

SHA256
b72d11fd761ebe7df4f2a16d4ab4836eec18360e142ad290f05c549a60dfaac6

SHA512
8f537ce292667a2cdf029c6a259b8386e6c8b11791fd0689d42f335204696b5eb607b36f7f89c2addbe5d7f896fa40ad8a1387b0e9477fe812e6ae4163110a8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
34a8042dd4b218d62d515701068bf2db

SHA1
fc47df7e83b03adeca42730ea1ef9d126ca2249a

SHA256
550340977201f13d726f50fc3416dbd9aab8a232f9e7d302c3d15e1b49212bc3

SHA512
8e38390d6860f7ca15db628d2289ec263b42d49f5cdbf53c20fc53d965a9b1833e93bc43aab44723545fe7ee6f504ace62b2985bcd820cabba504a06144a7d3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
dc1586bd88db045d3178b28c3edcce41

SHA1
57a2d6d2f029b1d14c31ce1ae5ec397a0c859a66

SHA256
346e5c26e99294bcfefc994efdcca7b047b54099c351c5bdc42673095484b033

SHA512
26f7a2a858b01d9435529b3502772578a6c24f6d1027fe250e58dcdff1f96fb1b5c857ed851ace6c587801b16754c97ded732171549675b726fe812c29c9adba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
a8d69e19f8b8c9e067cb2b709f35b2ed

SHA1
85e69baf0823585d9f7ed484b59057ce1f30d19f

SHA256
4e67f504a83631a9c15540f923d6956904b5c9feea6a801873677c731cd2e803

SHA512
fc545ddbe1247a63a3aa9b5b17c313b8b2b1d5117f84136769c6ab40cf7bfd4ef5404ada6f546645d7c04d058ba06d56616d75e56610ccc63aba2c13958154c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
65b67fd6fc4d4f81fe084fb358b9445a

SHA1
031410a41917a11bc7eb102a5e8749242653c667

SHA256
16887e9519d87d57b970c8645df98d87a97c45a9e4c18f215f48213ff9de124b

SHA512
ba8a922f439a6815a2be8a8001f4ae81d1d075a54b84a190149c8fd3bf4a3d8db235dcab3f45cce8ff3a7dd2a059999a86624b41c96a8b9ae95a01f68fecb267

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
61b2084777bc3faf5ebd3a9b2b988da5

SHA1
dcc28e8eb9ecdf7eb7016a1c4d1f6e4b47d010fb

SHA256
a547cf44874c05cb0c237c962a0db26e8c2b1135c02496697782dd57cd1fd0fb

SHA512
9b3b35ab440b3058aaf80a7fa259356b85fa6134ab4f544cf71af5dab4c0512b0443016ca1ad8ae7e8b07a44b7f6f60a934bb29b7239f8d891d2ca0aee5abfe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
71c89e4da70198612a8611427c7e5c08

SHA1
cca9731f3b33c602deb08ffcc235a0f5d0aa195d

SHA256
ad2021b890a67f3d75b3efb230f853ddd9164b21cf362c935c2eb6fe89c2a168

SHA512
f42685829e09b917187f28cfc86209c5ddd775396461caccf1b4089c68b632a089daf59a0cccccf8b0875f8a817d14ff0cc9f3927303db5d14ef0d3524667949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
22a9080bd5abc40d8b218bbebfd7c715

SHA1
bd73551b3f55aff8d077d39f28e863b185d51bdd

SHA256
26828eae1e04074cc173ccf25658e63120dc126adac4c02b22e5b9069c40a69a

SHA512
0cd4aab28d8081f9bf067a7189705b775f698ee30244321366694983a418e01963330c5395c40b691ff50ca33f33fe2678ce2134a5669effa0179b19258eab75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ae949ffcfb08029361ad0e479e0d17fa

SHA1
45de9539635d62d0194221d528f5d0f410a7ca5f

SHA256
4c8f26932ffa01719533c76d08d9dc72510eb5ee791eedc03cbdf5a961977746

SHA512
93acac6dc85d6528041e1ad4fe0ef69c8aa0cf3e9ab3829d2251d04493af106159f3d60239716eb847ce79961610dd6dc0b8b11b30756e40d968a4e3782c87fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9df84b3112e6744df462857c71324ddd

SHA1
d6addcca4456fb2b00c0040ac0800eb927d6dbcf

SHA256
56a1a29c1f2a5957bd973853f78ddbfa6392e75ca79a8a00db1b67434fe4ce26

SHA512
ae2b75386157980bd5add4bc929e8ae619cdac7be3bea95613938bc1f90d582abcf1be7ba88e744a1fd3de5e75b1768da8d2237a838a9f561b304d409074458d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
cff96ce3bbd4c7aa949720b489e2fc76

SHA1
ae1309215027218757ff3eb340d3e7efb3b03573

SHA256
4fd1782f9b7177bdf19e51721b78cd806cbe3063eb838aad52becf41834faf5c

SHA512
2f3d2ef57b15d482c04714d78fc950acc2287bf1e77d6577ed61abd4ee25ffb38501ec8a52804c236055a61c93b80dda6bbb639259df45abe2149144232e3eb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
a8ab89bd6475d04bd74b673a7bbbe0d8

SHA1
d9407e275acebfda5d498ea7cdaa6633b58c0257

SHA256
33c96629322aab02fadff7c4662a97ef26a7ca22b10b84c49953b65856a2ee30

SHA512
ee8b0a0aa4dd1f8aaca657e91f2178394491926b952348bc549dd74a8d1fdea160f9d8749dc1b6f031e80d50a766698e5daaafac31871de1b2e596655afe4518

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
7abd05550a56cc60fcad7b8d52562216

SHA1
7dd875fa7ffc1d7048dcabbd661fc2af1e1da53c

SHA256
dcb2717fc8a6cffba788ade83c65dddb0e0b54a670480a3316291eb6c4dba11c

SHA512
71cf6ab795c5fded4490ea3072f7d8d30144db1deec6473a60c693c061dd4f3b927c70ef81ce1792462bab96eadd865a075761c074d72ffe2f5d0bd78f3b1c0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57fcfd.TMP

Filesize
104KB

MD5
cb290f791f78963e0fdddb57499163f6

SHA1
e9d8e7995516f5439d1f4c405c59e2640d8c2b32

SHA256
8ec62a407b6364c934fa3f4c2856801a820d36274a06939a661bdab5029ab57c

SHA512
eb2468af006a226aa2b39e781ce6be1125b1478a34731338ef9b2957dfe53ec9eacbb401fda3a005327f37990a5292e1cc4bdb908c2dfe9396f30ab37a746c3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\af8fd279-c77a-423b-a9fa-e3956b021cbd.tmp

Filesize
110KB

MD5
edb447e4f95da85b82565bf52aed48b7

SHA1
53a6d3e856244b4c80099252446afa2b5c998edd

SHA256
715f6fdefdcc4f446be2844d6ad02d3f4772fa07c3943c325b09143412ca1bc3

SHA512
77973c759f513f45ae8542b1f6fd9ad0d443470e317046f30854a3567a344b865119972f800108b225581cec44437c44f82db254f2f8ef2266a3a637f1120298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Desktop\Setup.exe

Filesize
236.5MB

MD5
618386715ec41e34cb17af68f9238dd5

SHA1
239ad81260207b7c26692dc0b9924cf7eded9831

SHA256
46820a223317de8fd7b315432c0d077ea31670f26e72b9c226645fce778349a2

SHA512
1d9019b5639b5f4259b23f9df9dc850b1f59a5c9cd4f83a8f843f8a2372343ff7644751f750563995510d1b43f49e86766383aa9c9674067334555d02214341d

Download Submit
C:\Users\Admin\Desktop\Setup.exe

Filesize
235.0MB

MD5
42fbeab21559b3b713b6d4dddbacbdce

SHA1
e89f312a6b31de7c3aea2d3dbf1f9e782df594c9

SHA256
36b851c859524565477b1f15fa6dcdcf22d2320c226341c5d25379b2f8c5f40c

SHA512
8b076d9f4959350e4070aa7ac940f514bd2d57da4de1de6985b7e1152321ac54f74bce606044a14b98fa8908b9ec3f2a9016379a856cd549e615cc602c332dd1

Download Submit
C:\Users\Admin\Downloads\NinjaLoader.rar

Filesize
10.4MB

MD5
4ff18782fbab3ccf723538a2a9b529e6

SHA1
7cdcc9ec18f4c414714ef6ef42665dbd59d26b05

SHA256
d1b3791755b06e3d0f74556a93194a25e9a215fe32af7e5a905c53c70f0455a3

SHA512
4abee2af703f1bcb170e8bb8ade3d6e64086e056a3f5cf038894ae0eba185b8bd686f16338637bddc1eb43100aa024d95a070ef5ac268af93e1db019108515b0

Download Submit