hxxps://o-cs[.]ru/load/sborki_cs_1_6/russkaja_versija_ks_1_6/335-1-0-162

max time kernel
530s
max time network
531s
platform
windows10-1703_x64
resource
win10-20230831-en
resource tags

arch:x64arch:x86image:win10-20230831-enlocale:en-usos:windows10-1703-x64system
submitted
05/10/2023, 15:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://o-cs.ru/load/sborki_cs_1_6/russkaja_versija_ks_1_6/335-1-0-162

Score

10^/10

discovery

Malware Config

Signatures

Suspicious use of NtCreateProcessExOtherParentProcess 2 IoCs

description	pid	Process	procid_target
PID 3416 created 1188	3416	taskmgr.exe	116
PID 3416 created 1188	3416	taskmgr.exe	116

Executes dropped EXE 2 IoCs

pid	Process
928	Crystal-Hack-o-cs.exe
1188	Crystal-Hack-o-cs.tmp

Loads dropped DLL 7 IoCs

pid	Process
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\4183903823\810424605.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\3877292338.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\4183903823\810424605.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\3877292338.pri	taskmgr.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
4956	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133409938742911596"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3708	chrome.exe
3708	chrome.exe
3676	chrome.exe
3676	chrome.exe
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
604	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe
4112	taskmgr.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp
1188	Crystal-Hack-o-cs.tmp

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3708 wrote to memory of 5008	3708	chrome.exe	70
PID 3708 wrote to memory of 5008	3708	chrome.exe	70
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2320	3708	chrome.exe	73
PID 3708 wrote to memory of 2624	3708	chrome.exe	72
PID 3708 wrote to memory of 2624	3708	chrome.exe	72
PID 3708 wrote to memory of 608	3708	chrome.exe	74
PID 3708 wrote to memory of 608	3708	chrome.exe	74
PID 3708 wrote to memory of 608	3708	chrome.exe	74
PID 3708 wrote to memory of 608	3708	chrome.exe	74
PID 3708 wrote to memory of 608	3708	chrome.exe	74
PID 3708 wrote to memory of 608	3708	chrome.exe	74
PID 3708 wrote to memory of 608	3708	chrome.exe	74
PID 3708 wrote to memory of 608	3708	chrome.exe	74
PID 3708 wrote to memory of 608	3708	chrome.exe	74
PID 3708 wrote to memory of 608	3708	chrome.exe	74
PID 3708 wrote to memory of 608	3708	chrome.exe	74
PID 3708 wrote to memory of 608	3708	chrome.exe	74
PID 3708 wrote to memory of 608	3708	chrome.exe	74
PID 3708 wrote to memory of 608	3708	chrome.exe	74
PID 3708 wrote to memory of 608	3708	chrome.exe	74
PID 3708 wrote to memory of 608	3708	chrome.exe	74
PID 3708 wrote to memory of 608	3708	chrome.exe	74
PID 3708 wrote to memory of 608	3708	chrome.exe	74
PID 3708 wrote to memory of 608	3708	chrome.exe	74
PID 3708 wrote to memory of 608	3708	chrome.exe	74
PID 3708 wrote to memory of 608	3708	chrome.exe	74
PID 3708 wrote to memory of 608	3708	chrome.exe	74

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://o-cs.ru/load/sborki_cs_1_6/russkaja_versija_ks_1_6/335-1-0-162
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9ee639758,0x7ff9ee639768,0x7ff9ee639778
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:8
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:2
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:8
  2⤵
  PID:608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:1
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3788 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:8
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4920 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4848 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3548 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5676 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5100 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:8
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5412 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4864 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:8
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6452 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6376 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6284 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:8
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6584 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:8
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6388 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4348 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:8
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=948 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2096 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:8
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1424 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:8
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5916 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 --field-trial-handle=1824,i,16169157836368525893,14929648513809489120,131072 /prefetch:8
  2⤵
  PID:2388

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1388

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3a8
1⤵
PID:2344

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:324

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap26849:78:7zEvent7969
1⤵
PID:4404

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\Nice_cheat.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:604

C:\Users\Admin\Desktop\Crystal-Hack-o-cs.exe
"C:\Users\Admin\Desktop\Crystal-Hack-o-cs.exe"
1⤵
- Executes dropped EXE
PID:928
- C:\Users\Admin\AppData\Local\Temp\is-HCHLT.tmp\Crystal-Hack-o-cs.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-HCHLT.tmp\Crystal-Hack-o-cs.tmp" /SL5="$402BE,9885481,181760,C:\Users\Admin\Desktop\Crystal-Hack-o-cs.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1188
- - C:\Windows\SysWOW64\cmd.exe
    "cmd.exe" /c taskkill /IM hl.exe /f
    3⤵
    PID:4912
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /IM hl.exe /f
      4⤵
      Kills process with taskkill
      PID:4956

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:4112

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:3416

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\4b5dcee94c064e17a34291e0d6b184a2 /t 4020 /p 1188
1⤵
PID:4116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
cfcf7cb24530ae70774ff26b26b1c77b

SHA1
f53b69a2271c0bd7d2070820cf86a3d0cac5a595

SHA256
390f10888b14fce11c8d2ca65e40da88314d5e98a84737ed62d7676fa6e3d0da

SHA512
6edc4c5ae62aba52efdf2d31891b88a8b3d75496f718c19104b6fe5a3f610565c2184d567941fa6c2191e5708be8b4758aaae51201266492f2e3a3917efa6989

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\866733ff-5e5b-46e7-81f1-560540ffed53.tmp

Filesize
6KB

MD5
55475f26d47656bca497b6b9ed6cc09c

SHA1
a7b45e2bee31f72c38d37afd942da482e1f41703

SHA256
aad875f431a24d64aa84c940465352bb61b51dd74c9fcf32930a3061259c4a4e

SHA512
0305dabf81aab0e08d550e1886771ff65b75f6911a4b3265d8a3c4a90c7029cdf0cdbfb2320399fa51896d8f0d6673cd514c9c6baf4a8405da5d302531e1bb48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
69KB

MD5
9f46811227b1522260380087cfbf602c

SHA1
2b894f3d5758b015f96899dd9d35b84474d133e8

SHA256
a789c27565ed74d31f11d436e7ffc8ed94e40453ef46e8e5bbe27b7a1c33e204

SHA512
9f9a2a7f3d6ceb01e332e6e451fae40b81f3683ffda52fd8657c0e91c712fd57951e6f54fe93793609849f25df605d8bae51ca48f939ed5e3ebb66ead83944b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
67dacad66fc1d08efcba32d0ce395c98

SHA1
a60104c26ad8fa2a8f313199c96b1f3a7340543a

SHA256
01d5cf30d8a80838a52902862cddc5e08ec0022465fc0b902c93b5f6541192fa

SHA512
503719ba436b8166d216eadb2b1e19c2d3d261f22143e6bc3df8927cc6480ebdb7049f5f68f2d5dd4b80839ad20fa882a352c46cd64cb387f34be014ae4969c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8697f45e33ba68a3c881aee8adaf8d5d

SHA1
fbbd71e364d14ecc0552806fadfc40e7643ed42d

SHA256
308ecc076666211ce0933bf8850af076b63c3c8d414d56f05ad7ea4d3ba19246

SHA512
c3a6a68fcb9ac2000a28737d989ac86b190cb35d7b529df84412f8115080a00fe3fe61f7a5da65b759ca27febc9f0c9dc292f1ac91530739492a23f35301ae80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d7a4745445e89b5f99502ee5e96174b8

SHA1
23ba6fe15750dc91ef01a9ca54027036d3cd6bd4

SHA256
d09745cb1507efb5b3b860bb03477d5c63347f515f33a42c31bb64bbc43b8b50

SHA512
f0e9227330d698484114089a3ea62eed69cbe74d59f26289cdc3ba121d01af0715c761727ef9de28a85eb885be16a407a907d574d2d7c3b85c22c644647cc938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
df1fecc68b4456b50692747c4e3bd962

SHA1
7f41be7ef0919e66e89c0aaa5b01ca3359d5fc69

SHA256
7bc44a6db515f72f7cedf20300d10bd8aa6873e9b5597510e69d76dcb9fbd3cf

SHA512
1f2906b5e9d5f09f1f64d502941c6a64f2ff5df9ccbc5900681769e873f5baa5ccc54e0d5c2bd95359bef7b34c01783e7a4f6a9ac8dd374359144a747e624495

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
5151531eb325907c5a73800f7d88065b

SHA1
942437d42de70054d1d6717e4427502cf75bff40

SHA256
71b0300acebb5db446e41373fd978845afa0fa42bd0aa8462d1e9b76a1a9c6b1

SHA512
2408fc47521e24ff59266d03e05caf5c7812e6ebf229561290ab398bd0545fd253cd07c879f6cc606571f5307fb8c829a3e00faa9ffec2a3a29420282bf4876b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b3dafeb6b6cdfe2bcb95893ebdf97319

SHA1
d4abd68d738a497c1e9c990ae26cdc31b3e35a03

SHA256
731ccb3a1217e2e7f741ec58a6cbc9d059145735ed01d727f0d7c3d52eee5886

SHA512
aa2090bf0dc5e37f369c3156c0714b546f5a9a6e24d20a9403c90432182c9871dd5ee8730866d07139464653d1cb2526bb0ce86ffe98e815271c48a0aadc8317

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
83870983c8d1574e0008a3b9f5a22804

SHA1
925d3121ab085bb478b35fa33e12134548dcb2ad

SHA256
26f0532f6356ad1a31212f36e56e65eb8a4a4f8279c9ae3c8b998d4a8e58692f

SHA512
fde36b62d6d689f8db737042847aef0573d066d806a8b1c41a9b1a59636318bf790ac6526e638293077b85de90bbc19044196b2ad92e311d36f01207eb9351ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
aa031469d4ea280eb87a6f6a6a9aafac

SHA1
447ba101af83ef55a47f4110d253d3451971a659

SHA256
0ffc51d2d5e4e0a8fc832df4afe001dd23d6aba890269d47c444350d6b780fe6

SHA512
9183bb05f00da4b5d981e1701441689a38ba1c0c917784e047ac015af0528fd8ce9b80afb6f895c56ca725f57c64b36b5ab2d2da8d29b1657dd13471703f105c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
a55f385d48ff5f01195b6ea7b42a1ac0

SHA1
ddadb0e40e6ea4040b1ebade82bad6a4bb9b7f09

SHA256
a28aaa1d19c13110f9bcc172d9a0238a9cb589fc0904d6e4144f209a7f814293

SHA512
dcaa203163877da492fd3ed74f99956b6247a63dd5f21d16bc04613dfd74da7041b3ca0ec3b40f94c3b5aa1be8a911afa2fe9412cfbf8b433e795fd7dba2cd87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
4a9ed7fde6fff5c32f0c677e89169010

SHA1
7bbde876e22666c51cc8f8ae4903b331b968da00

SHA256
c35cabd0b3323c99eb8bb329f5f12771e68ec8c8f0e3441f4340c8b97c9f2911

SHA512
7cf944382ccaaadb7a8c2b3cdf5d218ffc5acd09ebc6e1ef15823ca355ff7279b3b2644de883252105e2e0df09269b38e553aff59445e908c059dd46e04088c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
c7a7bca06a1bacb9dfc75aa41ed142d6

SHA1
c2e26db3db315970f1702d72fdb9e9c69cd53cc2

SHA256
8896efd327aa02116b436e129ebd194b394080a9bf85f73b56126cd25eb4a18e

SHA512
2771c3576d941124d7d297a76872e4ec5c99812b0e397f38b63e3697517d7f97747837bda1086238d1ff70aa93db64f9f8662b7e61ca1eeb67859c38c14867fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
782c2a3db9adff3feb398724af550b81

SHA1
12320fd4d470bbe81adcdd21226f2daf8585d52c

SHA256
d5e62c7d52e72b7a1b8e0b7d12fb4f911b343301b7db36363bcba29508a574e2

SHA512
b0180d081a027744e75e4b7c9c9a722848d9b7b0be080581cd7207022a1f334f300520c4d8deae34b36b871d1bd2efdf3beaff908b7f0189917be97e72baae9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
6e4c5bba90ad1cf4579bd3950fa14978

SHA1
ea297b98bdbb7267535bf8d694f9867aeb252743

SHA256
cb3664014bd1ad7052f13dc0baf16be5ee43b5f2efe58575d385650566d7b57e

SHA512
31adf8c7f45f6dc66a1aaecfc357708162529a4fa71eb94cd4b8eb7942061b623e15fa11fd72eb905cc0d3e1bd88358a007e5c772abd1fda90cbb9496af1d205

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
9896c8fadb73d99d9bbf5b72396b9acb

SHA1
fe7481c01aeda2f43e42fa9a403db356e0b45e05

SHA256
964d6665f7112dca95fc2a73f21c413ca4f875a4f89a3958a0dce361f74c93c4

SHA512
8ae192ab1ba7fe027a5db939a756c51abce1e9c0abed207a15cac45116aa90987fb486875768cd8ad571e71e6df86b1c8f2f169006f12892e4163f0808a962a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
1361ca8bfdd285042585326988ab8939

SHA1
8647d44eb7d8089f4d04372d1b0d6045135e0fb6

SHA256
ab1048bb2a70df16e3d18028c8f2d8763cfde4f58dc299b1196efb05c8693ebb

SHA512
cf71d5c0e1057274c802a966d1fa98f9f64c0e61747f6bb4c418d8b4dcf0ff24d88929d156cec5f5b3bedfd0a90b632b259af2eade156670d68d5f12f5dabf35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
2c6336b47049e400b579e9ad7f59ce48

SHA1
2eef18e7a30ddbe5e94504e6415adcf36bbfce16

SHA256
4cbe574fc758bc2221a45e5fc20b60653947a476364cccb1d4e1a70086f79b2a

SHA512
74bafd3edd97b7569b7b600283f5a92c8e45936a268858a50b2905d1f98139c2878f133b9d4ae13fb633d11aa72859fda2208e4a213adbfb5a8e7b77f5ba6a7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
666a7c964db6bd93f6a7efac4bac068b

SHA1
4d8d5dcb02137471a18da1288c8cc119827937d8

SHA256
a84dfbbbc901bb55babca74b27fc5ccdffa28416bf89e94a0ab29000a0054b7c

SHA512
66f48f4ad6b7d81239828134cfb052fde983c8b868f9d198b12576d7033122a73eab7e13c3411d8828f15b2baec9ecd5a31119c1b775af74ecdfaad66ad1f572

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
d91eb0e07d8396d519274ffae0170f8a

SHA1
7cb4531245a6811531dab5e48f2a21aec259384d

SHA256
5a3ecd8fd2bb9165b6b98a6fa623d362981fe65d9afc9775bddb40a11a565c65

SHA512
89b6c8e96b3ab3635e067e51061ca71c4a1c1c148c4748dfe7adc6b0f4bb67c48dc8a21bc95a598b00ae06fabfd09e7c7e311d5361d52ff3255f797b97c26fc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
481b2e1ace25e291dc934cb8508a4ad1

SHA1
fd3961a4ab4257456dfced07f3850d60384c8697

SHA256
d6f25bec6b1e31955c9ed87b60782a27a0f5c8b0535d2bddd6affb8ef0dc84c9

SHA512
28e87b8448e0d66b7f5bd54ad1bfef84005329026af97c68b1c7488a88beef56619be0e5a87cde3f134c2a4a9b892f885273fc9d7ade178ecc42e73df3475449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
884a924bbcd9ba8712bf4ac9bbb03839

SHA1
611dec39006801541ea81017efde1d959622d9d5

SHA256
2705d08729ae670ef55d79bc0f8128ab3de606ee26daa3dc3c4e1a8fa371c8a0

SHA512
cc4049dc8ce7a25197197e95a063b39f460a5aaf8fd1b5486c04886f962341a2fae27ba1e41c7b3bef2f689cf8281a957aca68d363b4c3f83ff2b67069617c36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
6eeed88b2c5c09c062c112422fe71e12

SHA1
3623ca56e412746d1f5d8eaa63336ac2eed03b36

SHA256
153c6dd460dad71878027d674baf38d0452406cfc650c700e7fb63274aed70d0

SHA512
85f7a5a19944ccf4a3234c20589d60b707df07c5195de08ba47895891c01af0be7cf5718fbe5f7faec5856c03e4d5a3e89b68d92c7daf0d99cf33c90e19ff277

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
81518a6bd1377d941fe948708ee8914f

SHA1
0356adebffdde9256af07f1501ee5099b1104566

SHA256
d76ac3cc577bc1f0c6085018bbfb4a5a81cc94187c344222b5614ea17ca5c651

SHA512
85f13caf41afb7ba8a921e6f19540d18f8907f315aacb23c944987a35d9235c0c2f6c2d0da08e43934c7e9acbbb8bc90743e059e34e90079ed921ecd4e0c381d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7d6b978a70973cc2ffaa528c467cdd52

SHA1
58803fb50431017a719267f4ce284e7b6b236652

SHA256
e85af7d6d45722759567540f1b8255787cb7bb171788f2e422f124a9a94fc379

SHA512
ae20772c02308e9d1f9f4588e92eb2564dc199314a19d03cc5404f24fe18ace6b4c685763bde9a5d898366222c99daf524fcffad5130c39b42d0eb9f602eaf29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
af44c7570d476ce02161b511e428ce17

SHA1
3a5787905f26a00758ff1c76617dd444a1e9b354

SHA256
7b68bbd5f2b34bd5a60f33726edf52c987d6bb7721660922c57c06cf36d3a36e

SHA512
fb9479d6bfa1a51a992cb081452c356fd145e2d3512cad21f5e65b41ee4275b20aa07e979040e0f2b30714e5777fb496cd123cf92006d862910cd9b0bf8dd67d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
91a797beedaa44c11151761fdcef47c6

SHA1
57597e8ef1fc325f91ef2a2cf816d9e9195f98b9

SHA256
907270e6497d69e375ce7f5a0672f130a0d41309a91fb60b50307fd6a36b5c1b

SHA512
b401a9dea5022c002d433a7efecfadf821aa4e595d76be7dbbfef94d04fd563e163a7617e576f652aa0036038dbdecff5c71a6a4651fe61711b76c58b0167159

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ca5b3507bd14232c1ab9872e9884506d

SHA1
54bbde08401ad0073072b59395d21ca77e0a7577

SHA256
a9eaf18b0cf966d55eb0382361721a1ba53318543a5be0ddb5a758b17763cb90

SHA512
f56b41be08370944d3f5e355e27a6da594fb92cf4a28624f271e9662057b42d2d4444f1adc9178a32f2e980f156bbda919c8d685dd04ee1e051e665acc0e2cbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7fe94a5198c75728cf275604b686f607

SHA1
07f4b466bb5150495adb0afa760c84766761917c

SHA256
76a3af2208e6c79b176d87de64ba556a3281ef4dee4bfc10fb29f6110cef622a

SHA512
d6f6c000a9dabc2c719c60c2c87c1e998647e73fc563013bd3950482d9d95aa1c38f81a561d6895b2eb5cdf9e3bb2fbc2c94810b6e8081c2db382b58237321e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6e6f4807dd5e34fa20e0c079c2a0b293

SHA1
de85907276c1cf81c06c4b58436f3394fa6e43e8

SHA256
cbea45dbeda92390072b925d043fd27f98badffcab17f18ad0c85117edad2456

SHA512
b0f743ca910beaba4740f9e9cd5afd7a0b4302f54165ca324dae37b02eb44b77db1afcfbb35d1657ed938457661389d717094d6f4c3761805481bebae35ed6df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
616842a37169fe8edf8afae4e3a8b052

SHA1
5937a06a5216ed82cd1c2964cbdf3700f7c0811f

SHA256
678238c380eb64b308668ede31ce607c7d09ae5bf0a4c4fc72a6363daa841520

SHA512
3272313f017a104aec13222794de0841da2a3fb450121f145ce68da758baf22e07e8c0a99e803be55151f4b6644a587f69da086a84eddd4ae64540caf2b027a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
38d444e5acd11142a5356072b5485732

SHA1
cc04585e39acc5759d94d1631db07495e37751fd

SHA256
60daf3f54e45a31dbc04e2c24d8486a4c95a1b143ce605e4ec0855ae2e215c5d

SHA512
f5b8bb56a1ef7027a436d3efa42fc0c76fc80437b183f4122917661d05966193a8f715d1f516d0665f88be884c846bcb631340426d7ad05f1af96af414d8958e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a1cdb0c78335bc43b14121c4aa7c7a22

SHA1
ffb6e4e7f2b04b3b1784c4dc0f2bec6991ab88ba

SHA256
19b6797fb0679f8c2933584b0d8b5a9ec6b06a1e1066e381baa4db39c579b8c7

SHA512
5eb0f0d45881729dd37bf18dc923e9151fcecabfac4e643d8fa664b689d881194a382b1ec44aba529ca7ea36ba68dd5cb16111190eb33e2d2486308e50c41404

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57d10b.TMP

Filesize
120B

MD5
09b5d59a80c3ce488eceadc58ff29612

SHA1
69ae0c84088ed004146cc225cb3a2c57db7267f5

SHA256
6a7a90440ad6c02130d93d7ef5a699bd78d2b7fe131785ff44d8ab8c87e645ed

SHA512
ae315b4b1132d7beb9a56a65e22b001c37ef1dcec5880eb778b623cab0632801a6f9dd153aa3f5b916b31d54ea25683a564bafd6dc7bb261ce57fc27c183655d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
b708cba4954af59c8ea1b3fa3bc84e03

SHA1
f2070900f7035b126b488a05b5799826aea90ffe

SHA256
f95562fec2b7552595d1d5a2a410703771ef399b53d6462631ccb9627db83aaa

SHA512
fc215735823e5e4c353c8a3d78915d0ebfd0ad374616258d3273285155f5e8f6abb41cbc98c0f1f0f09dbe70711dd3296de8d2a65d60f8993291f991df8155f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
5f1d65bece9f81b06ed5378ac1fba2c8

SHA1
326278cacf9fdc42f40f3ce6c05d550d766322c1

SHA256
d408fb99150d54052c2ba1907e7e8dd6f6c26d1178a81bd04fc6bf71f8b43cba

SHA512
b8324ae37b4c608fd7d0f08b17fa81fb361c34962948982435b155f82be91b0dc2898195bf08978d42d050888d9fac06199b490d8a92e04e660e89d9d1d819ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
e8887c17f976eef72b3d0ca02317a260

SHA1
bbb5e6f6532f7df319d627e86e0632b6a60f0af7

SHA256
1d8b629b554555ffbd6331e9010107ec0aee471498148d048603e1349fc77ea4

SHA512
a4817456555d12ab277c2865ffee4cec7d7103d8800fbc76aa141074e9e138d58bedb874359a05b6f9e1265bebcc06ebb431030b1d17b3daa3fb8dca7fc524c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
7b5cf4f07e55144eafb6093994c3ce52

SHA1
c2b7a1e34d7cd4121b69d3e26a2dc43c41473cac

SHA256
ea01aff3d005fc0fc59f4c6a387ac3c6145df2adc7bff31d2406a7be6e6f75d5

SHA512
069e7152caf5bf0b5b80828a02fedda0617670e39c7237eb8545f3ef6ecdc76f19439d01cd67d76cece28eda38b211023350f306ead5f165d8ecc0e666d6d884

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
5eab928e2a1e1f78233b4b33f3725ee7

SHA1
94f8b7a4662bde28f5dc01b21cceff61cb6ac1e8

SHA256
1f5dfa1b7f00900b308466c4f6ff6d3552bad01af3058aa3080aa44e7d681c11

SHA512
ca2a1674aa7a2732a3454e95ffd3db9fcce84e2a29c4b4c4b5bcd769c2047b6a930499c665fb279a477ef08c1e60af9a9682282f49f21cbacb0c54415b53a9cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
bd41260ccbdc3428f977d972dfe84afb

SHA1
6e37538bb927ed51eeac72b38e4daeeecacbad35

SHA256
863e59111a847ad0e873fb5a3821454ec2501d7f59e320edca5c00cbb1a64e30

SHA512
3a2f1465deeec79195e895f5082222080884b4fed74d9bab272bdd76bd358d6e1155835701c49fd4d59aec43e0269b5a169ad896028e2e5b25cd06d589c8241b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe587819.TMP

Filesize
98KB

MD5
610ed315a302994956ec0d83e63a3d67

SHA1
b90832c69a5773785739cd26d41768f3e6e955b5

SHA256
60a330bce54ba81889a0d61cc367320f948e72cf12937bc0bb0de84665e057db

SHA512
326bad8653029675e1fe1cf5126357dfc9ef890ddd373a24b0e6177aeeda13fd15997380f86cf077514d47410fa7aba81241b967f38d0224bef9319013c05bf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
584bd50962e927dec6546dd03098572e

SHA1
ee34228ecedd350a8bc6f746038587fba2d3f0f0

SHA256
3c1e06315462c6dcf393604ea01b7cbbce846cae3fd9942d6599e1988d1adbf5

SHA512
5b650ed61783253302d863ef7d9fdae92dd0ef6c10963e5a6558e398450ef78efae7d2ad1cad61876927b747cd6db07d3266ce58b7e30a2849b05c87f132985a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\1601268389\3877292338.pri

Filesize
162KB

MD5
0d02b03a068d671348931cc20c048422

SHA1
67b6deacf1303acfcbab0b158157fdc03a02c8d5

SHA256
44f4263d65889ea8f0db3c6e31a956a4664e9200aba2612c9be7016feeb323c0

SHA512
805e7b4fafed39dec5ecc2ede0c65b6e103e6757e0bd43ecdce7c00932f59e3e7a68d2ea0818244dfeb691b022c1ccca590a3f4239f99e1cd8a29ba66daed358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\4183903823\810424605.pri

Filesize
2KB

MD5
a2942665b12ed000cd2ac95adef8e0cc

SHA1
ac194f8d30f659131d1c73af8d44e81eccab7fde

SHA256
bdc5de6c42c523a333c26160d212c62385b03f5ebdae5aa8c5d025ff3f8aa374

SHA512
4e5ba962ba97656974c390b45302d60f4c82d604feb6199d44e80497a40d0b0a9fd119ca17ac184809ca0821ab6813292892c433ed7277f65c275f37a96070b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HCHLT.tmp\Crystal-Hack-o-cs.tmp

Filesize
1.2MB

MD5
2ebea3cfc9bbe49b15bc844b1a941b78

SHA1
e0c4ea5e9d712699cc31018beb7c046ae739c5c3

SHA256
5f3550705e617bdddc4c8e17c112679895a2c6957bc99fe4270cf54f0db44730

SHA512
8db5bb3c9611cb832fede2781272d41894b721135a61a29a401e6abc3c9879548a690cfde7151b20414a54ca0a5564097c7077320b7b08740e280ab2e7718e42

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HCHLT.tmp\Crystal-Hack-o-cs.tmp

Filesize
1.2MB

MD5
2ebea3cfc9bbe49b15bc844b1a941b78

SHA1
e0c4ea5e9d712699cc31018beb7c046ae739c5c3

SHA256
5f3550705e617bdddc4c8e17c112679895a2c6957bc99fe4270cf54f0db44730

SHA512
8db5bb3c9611cb832fede2781272d41894b721135a61a29a401e6abc3c9879548a690cfde7151b20414a54ca0a5564097c7077320b7b08740e280ab2e7718e42

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-IRTFV.tmp\cs2.jpg

Filesize
22KB

MD5
2227c3ab97d858ed67b2c9d48e5fda99

SHA1
6c0189ce96b4dcc26df04e31da913648cdf879f2

SHA256
8f53fe42ad0a8ec4f36f29a662cf13316f3e2760ab3d1e84a71ae7c9d5c4db63

SHA512
d433b2de447e89e38c588f8255f7ec4b39d7db4168e3135c3022cf9f687033a86b96b701fc89eebdb89da640dffcd939404159311cd7591042186c882bf72f2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-IRTFV.tmp\v1.jpg

Filesize
308KB

MD5
a58ac2348aa0b54c9262b5b7c250e233

SHA1
7516eead15f9aea523a3d8733df111f1fadad157

SHA256
8d9335b0f5a8b73f3195b579d3830a42534fd0ed4977025f949817aa230e1c68

SHA512
190d4ad10493361bf6c5262b206033aa9b6172a0b87e0420ef504c6d8d56cbbeb9e37a2fcf561f0cc9064f90bae7a85d0fd79b20aaa65db5cc90b104244228cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-IRTFV.tmp\v2.jpg

Filesize
176KB

MD5
06c5f5a0f1cdad8792dc15a58ae6e7eb

SHA1
c6410087e0f435cacd803d2807673a8107bf9a3b

SHA256
af55b61ff15f9fae9e9c97d77dfa3df2e0efb1e1c100c3a54110f4aa02c4591b

SHA512
9fb1dcbe03b1a883e7e0a55ae0b30ae5f5b4b9a94822b571209cdbbd0427af5f5022b653c0813c549b2d584934cedb9e626dc1677eb8b4f127e4d998bca70e9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-IRTFV.tmp\v3.jpg

Filesize
140KB

MD5
36aa67fe6239732bf868afcc1703a2b1

SHA1
fa0140c634d167736e345ef2211b02aa43c5c972

SHA256
1635fa3864b99077c69c6a58a4979bc2627d5ddacdae606e036d0d80abc4f032

SHA512
ea4f92e92cbf620000d2d2fdff54e87f4a45a7c0596c48a17ad8f70cec15e6e01429281b26ec2cab6bf06b150f00e9668845cacc6e8e33778434726f283dab75

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
7KB

MD5
6a554787ada6efec5894887215a1a32e

SHA1
0b0789453a44a871ba6a2062126b6837f40b8f17

SHA256
534ee6e0f45cfe4ccfb61a49df467989649c17aff493fb3c629f66ddabad292b

SHA512
1660749d1b49f279ce25f787c28eaaa7da0bf8b50a64236a72d56fa32d5f128aab24c163c5c39f47d3e92314d34d13ee0fbeccb3161a30c1242855907a3966c3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
43a0202badc83e38733790277b6b678e

SHA1
736fc4bb1a8551f8b19f0dfa2addddaa9055f8be

SHA256
d9927c1e9d2056288a0a472ad62c0fa467edb16a26934ae72485441f377fd76c

SHA512
774818ee4a370db74394b688afd8977be3bc5d165fa667a0d0600069c11da07113315d71d390aa9ab2b62e6528fa4d34ef9af300ecab9e2e7737655485b059d8

Download Submit
C:\Users\Admin\Desktop\Crystal-Hack-o-cs.exe

Filesize
9.8MB

MD5
d2695991e6692408dec672d1c825b3ae

SHA1
1ea8d9f3933e8fbb6af52d8cb13aad24753a7ab8

SHA256
3d12692a1ad31b470b70c7a6f8d2b75efc571ed08549be8829e8388a1c660e5b

SHA512
66337de70756f90f11a76cd025436a44b577bc3b5fed5971b684be5a05782a8e58ff889da8333abc4ad2d4373bce315e1c89b1c47e597f5e80e57c6ece3bbf2f

Download Submit
C:\Users\Admin\Desktop\Crystal-Hack-o-cs.exe

Filesize
9.8MB

MD5
d2695991e6692408dec672d1c825b3ae

SHA1
1ea8d9f3933e8fbb6af52d8cb13aad24753a7ab8

SHA256
3d12692a1ad31b470b70c7a6f8d2b75efc571ed08549be8829e8388a1c660e5b

SHA512
66337de70756f90f11a76cd025436a44b577bc3b5fed5971b684be5a05782a8e58ff889da8333abc4ad2d4373bce315e1c89b1c47e597f5e80e57c6ece3bbf2f

Download Submit
C:\Users\Admin\Downloads\Counter-Strike-classic.exe

Filesize
199.9MB

MD5
c2ffc44b7791581326bfba4d0a514bdc

SHA1
5ec656412e34e4887b6e6217aa05f8046b0988d4

SHA256
df935d417c0c629bb13c1d64a7d4c5091593efb10385f08890d0b6b762ffe3c5

SHA512
7bd8291095dca401c22dfd15bc6e2e81e262f966674b80d72d157ba1c4646b7565ee1721cda4a62d6b246eb8f6bbb06407f7d9285637821d998cef78ba599044

Download Submit
C:\Users\Admin\Downloads\Nice_cheat (1).rar.crdownload

Filesize
9.7MB

MD5
dd7dd20a06df4bf5c8ebbaeee4fe8221

SHA1
d12614577a654187b3f3dff7816562acc7c800c3

SHA256
ddd6f8bdb4c5a789684471367f96363dc3e0d917321a14105ba857e6a5884f6d

SHA512
691a2524537553f68ad6948ae0127cbfb5d35a8d1a686b9322a6e09b8a378546a9004a66e2af04e1d4e0bade5d24fa028f5da44e90f92bfeb2a1137a15d8014f

Download Submit
\Users\Admin\AppData\Local\Temp\is-IRTFV.tmp\VclStylesInno.dll

Filesize
3.0MB

MD5
58189c372466465c33ab5b40b1336ff1

SHA1
57e4550172673aa0bc02994e7316282ef399f9d8

SHA256
14f577fce9a785dd0d5fbce0f572c90b4822b2e883e9aff530fed4edd7263a03

SHA512
20e2143e4e88e713e950f22f3f0bfe5a362433fd7acecba590607c3c0c6d99c32a48aa85ccfd660d1ebbb787d8e0f38d933304229c726af4d43d5b096e649673

Download Submit
\Users\Admin\AppData\Local\Temp\is-IRTFV.tmp\VclStylesInno.dll

Filesize
3.0MB

MD5
58189c372466465c33ab5b40b1336ff1

SHA1
57e4550172673aa0bc02994e7316282ef399f9d8

SHA256
14f577fce9a785dd0d5fbce0f572c90b4822b2e883e9aff530fed4edd7263a03

SHA512
20e2143e4e88e713e950f22f3f0bfe5a362433fd7acecba590607c3c0c6d99c32a48aa85ccfd660d1ebbb787d8e0f38d933304229c726af4d43d5b096e649673

Download Submit
\Users\Admin\AppData\Local\Temp\is-IRTFV.tmp\botva2.dll

Filesize
41KB

MD5
ef899fa243c07b7b82b3a45f6ec36771

SHA1
4a86313cc8766dcad1c2b00c2b8f9bbe0cf8bbbe

SHA256
da7d0368712ee419952eb2640a65a7f24e39fb7872442ed4d2ee847ec4cfde77

SHA512
3f98b5ad9adfad2111ebd1d8cbab9ae423d624d1668cc64c0bfcdbfedf30c1ce3ea6bc6bcf70f7dd1b01172a4349e7c84fb75d395ee5af73866574c1d734c6e8

Download Submit
\Users\Admin\AppData\Local\Temp\is-IRTFV.tmp\botva2.dll

Filesize
41KB

MD5
ef899fa243c07b7b82b3a45f6ec36771

SHA1
4a86313cc8766dcad1c2b00c2b8f9bbe0cf8bbbe

SHA256
da7d0368712ee419952eb2640a65a7f24e39fb7872442ed4d2ee847ec4cfde77

SHA512
3f98b5ad9adfad2111ebd1d8cbab9ae423d624d1668cc64c0bfcdbfedf30c1ce3ea6bc6bcf70f7dd1b01172a4349e7c84fb75d395ee5af73866574c1d734c6e8

Download Submit
\Users\Admin\AppData\Local\Temp\is-IRTFV.tmp\idp.dll

Filesize
232KB

MD5
55c310c0319260d798757557ab3bf636

SHA1
0892eb7ed31d8bb20a56c6835990749011a2d8de

SHA256
54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed

SHA512
e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57

Download Submit
\Users\Admin\AppData\Local\Temp\is-IRTFV.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
\Users\Admin\AppData\Local\Temp\is-IRTFV.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
memory/928-785-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/928-1737-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/928-876-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1188-818-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/1188-823-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-825-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-824-0x0000000003C20000-0x0000000003C21000-memory.dmp

Filesize
4KB

Download
memory/1188-826-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-827-0x0000000003C30000-0x0000000003C31000-memory.dmp

Filesize
4KB

Download
memory/1188-828-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-829-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-830-0x0000000003C40000-0x0000000003C41000-memory.dmp

Filesize
4KB

Download
memory/1188-831-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-832-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-833-0x0000000003C50000-0x0000000003C51000-memory.dmp

Filesize
4KB

Download
memory/1188-834-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-835-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-836-0x0000000003C60000-0x0000000003C61000-memory.dmp

Filesize
4KB

Download
memory/1188-837-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-838-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-839-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/1188-840-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-841-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-842-0x0000000003C80000-0x0000000003C81000-memory.dmp

Filesize
4KB

Download
memory/1188-843-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-844-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-845-0x0000000003C90000-0x0000000003C91000-memory.dmp

Filesize
4KB

Download
memory/1188-847-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-846-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-849-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-850-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-848-0x0000000003CA0000-0x0000000003CA1000-memory.dmp

Filesize
4KB

Download
memory/1188-851-0x0000000003CB0000-0x0000000003CB1000-memory.dmp

Filesize
4KB

Download
memory/1188-852-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-853-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-854-0x0000000003CC0000-0x0000000003CC1000-memory.dmp

Filesize
4KB

Download
memory/1188-855-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-857-0x0000000003CD0000-0x0000000003CD1000-memory.dmp

Filesize
4KB

Download
memory/1188-858-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-859-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-860-0x0000000003CE0000-0x0000000003CE1000-memory.dmp

Filesize
4KB

Download
memory/1188-856-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-861-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-862-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-863-0x0000000003CF0000-0x0000000003CF1000-memory.dmp

Filesize
4KB

Download
memory/1188-864-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-865-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-875-0x0000000003390000-0x0000000003391000-memory.dmp

Filesize
4KB

Download
memory/1188-822-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-877-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1188-821-0x0000000003400000-0x0000000003401000-memory.dmp

Filesize
4KB

Download
memory/1188-820-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-894-0x0000000005AB0000-0x0000000005AC5000-memory.dmp

Filesize
84KB

Download
memory/1188-819-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-817-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-816-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-815-0x00000000033E0000-0x00000000033E1000-memory.dmp

Filesize
4KB

Download
memory/1188-814-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-923-0x0000000005AD0000-0x0000000005BD0000-memory.dmp

Filesize
1024KB

Download
memory/1188-812-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/1188-813-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-953-0x0000000003390000-0x0000000003391000-memory.dmp

Filesize
4KB

Download
memory/1188-811-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-809-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1188-810-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-808-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-1086-0x0000000005AD0000-0x0000000005BD0000-memory.dmp

Filesize
1024KB

Download
memory/1188-806-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/1188-807-0x0000000004040000-0x0000000004180000-memory.dmp

Filesize
1.2MB

Download
memory/1188-804-0x0000000003D20000-0x000000000403A000-memory.dmp

Filesize
3.1MB

Download
memory/1188-791-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download